IOC_ENABLE(r3, 0x8912, 0x400200)
read$rfkill(r0, 0x0, 0x0)
r4 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000100)={0xa30000, 0x200, 0x5, <r5=>0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98090e, 0x1, [], @value64=0x6}})
ioctl$VT_WAITACTIVE(r5, 0x5607)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000140)={0x4, 0x0, [0x0, 0x0, 0x0, 0x0]})
getsockopt$sock_timeval(r4, 0x1, 0x0, &(0x7f0000000000), &(0x7f0000000040)=0x10)

06:11:16 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:16 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(0x0, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:17 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0xf9, 0x500)

06:11:17 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001224000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:17 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(0x0, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:17 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:17 executing program 3:
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r3, 0xc0044308, &(0x7f0000000200))
ioctl$RTC_VL_READ(r3, 0x80047013, &(0x7f0000000040))
openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x4043, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
read$rfkill(r0, 0x0, 0x0)

06:11:17 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:17 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0xfa, 0x500)

06:11:17 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001324000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:17 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:17 executing program 3:
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x0, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = fcntl$dupfd(r1, 0x0, r2)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r3, 0xc080661a, &(0x7f0000000040)={{0x1, 0x0, @identifier="8a59d4bff287348bfeeb44779920fa2d"}})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
umount2(&(0x7f0000000000)='./file0\x00', 0x8)
read$rfkill(r0, 0x0, 0x0)

06:11:17 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0xfb, 0x500)

06:11:17 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:17 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001424000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:17 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff01800000"], 0xb)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:17 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000000)={0x2})
r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x0, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = fcntl$dupfd(r2, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07)
read$rfkill(r1, 0x0, 0x0)

06:11:17 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0xfc, 0x500)

06:11:18 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001524000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:18 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff01800000"], 0xb)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:18 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:18 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001624000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:18 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0xfd, 0x500)

06:11:18 executing program 3:
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x0, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
read$rfkill(r0, 0x0, 0x0)

06:11:18 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff01800000"], 0xb)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:18 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001724000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:18 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, 0x0, 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:18 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0xfe, 0x500)

06:11:18 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032"], 0x10)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:18 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001824000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:18 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, 0x0, 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:18 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x102, 0x500)

06:11:18 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032"], 0x10)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:19 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001924000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:19 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x103, 0x500)

06:11:19 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, 0x0, 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:19 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032"], 0x10)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:19 executing program 3:
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x0, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = fcntl$dupfd(r1, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
read$rfkill(r0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)=0x401)
r4 = semget$private(0x0, 0x7, 0x0)
semop(r4, &(0x7f0000000000)=[{0x3, 0x40}, {0x0, 0x3}, {}], 0x3)
socket$inet_tcp(0x2, 0x1, 0x0)
semctl$SETALL(r4, 0x0, 0x11, &(0x7f0000003000)=[0x0, 0x0, 0x0, 0x7fff])
r5 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000080)='team_slave_0\x00', 0x10)
r6 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r7 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r7, 0xc0044308, &(0x7f0000000200))
write$dsp(r7, &(0x7f0000000240)="a736626a03a05f4077714fc72741a22608466663eb1b477f8416111e4b5536af0d5fcab7d5ffeb00b19e8f5d304559ef59e7a83727dd9f07b3ddf8a7302d009819262318598e00a42a258527a379f30e98255d5441c1d8174ec004a8033e5c0f40bd273de345d5a6ffc7bc455359d2a12fddfad92daa52ed43872d5514349357c227", 0x82)
ioctl$CAPI_GET_SERIAL(r6, 0xc0044308, &(0x7f0000000200))
r8 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r8, 0xc0044308, &(0x7f0000000200))
ioctl$VHOST_SET_LOG_FD(r8, 0x4004af07, &(0x7f0000000140)=r0)
ioctl$TUNSETSNDBUF(r6, 0x400454d4, &(0x7f0000000100)=0xbe0)
semop(r4, &(0x7f0000000000)=[{0x3, 0x7, 0x1000}, {0x1, 0x4, 0x800}, {0x0, 0x6}, {0x1, 0xf83f}, {0x3, 0x3, 0x2000}, {0x2, 0x2, 0x1000}, {0x3, 0xeb0, 0x1000}, {0x2, 0x0, 0x1000}], 0x8)
ioctl$SIOCGSTAMPNS(r1, 0x8907, &(0x7f0000000180))

06:11:19 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x104, 0x500)

06:11:19 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001a24000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:19 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[], 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:19 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001b24000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:19 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x13)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:19 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x105, 0x500)

06:11:19 executing program 3:
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x0, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = fcntl$dupfd(r1, 0x0, r2)
rt_sigaction(0x28, &(0x7f0000000100)={&(0x7f0000000000)="c4423d92bc40e1105169c4c1fc2efe2e400f34c4418d73f80e760cc462158e17c4c30d6cc800f30f1eda0fa592000000004d0fc70b", 0x8000002, &(0x7f0000000040)="c422f923368f099096821c000000c4233d4aad000000006764f044185b8e66410f565a00c401ff1225f800000067f04000450d2640dca80000000066460ff693e2ec0000c44105d9a2f5742439", {[0x3c0782e5]}}, &(0x7f0000000200)={&(0x7f0000000140)="f2afdbdf44b1afdbcac4e1ed7cb2feefffffc423fd01e10046d9f1cf0f0f56000dc422dd9234e8", 0x0, &(0x7f0000000180)="4115a900000047d808c4e2959094ca79000000363e66410ff66683f365457f003e410f0f15feefffffbb8fc8389ef6fbc4c15457a506000000660f3a22ea9dc4a15711e8"}, 0x8, &(0x7f0000000240))
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
read$rfkill(r0, 0x0, 0x0)

06:11:19 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[], 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:19 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001c24000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:19 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x106, 0x500)

06:11:20 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[], 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:20 executing program 3:
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x1c9000, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
read$rfkill(r0, 0x0, 0x0)

06:11:20 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x13)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:20 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001d24000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:20 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x107, 0x500)

06:11:20 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:20 executing program 3:
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x0, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000100)="725c138317f9524880c68444c95db8403b7e3ce6ad5868f68019e891d025f07bd66f80a0def36ad5b89e69ba82fdba7ec3287f7df243d1a37e559ec5cf9b5d09c144fc9bd5b2a5cda519a9a4f31e5478c43644b9abf267b17fd6bfb468a075c01af6635fdf8832f3ccc929f8000b4da64813889a4f6c952cf14838f10cf3ae1c3abf0f8f7b4c84a4a7dc6e27d133a6b034c6ab12c71d7180b04db58dbd3c04b68f528ddf8361add06c99f7c5e93bcc0f842ac16ee71d3ec59d048292f3f1d1149da431e67ad6d5cca870212991a4afc5ef81aca997feef228c3ee918696001c32a3124262019dabc1c508d2c87bad964fb0970a61a42aff728fc41cd39eb60ed46ead87344196a79673161f19389ec21dd150ca25d99e839abdb5f5110ef3181ae5974a77a72225b4784ad8d4a7dd4679fcab411376ac0e18251f3a92999740bbf2fd705a081b18fbb93683a42fc5b7ba9d39457c63c1afbe6975444016cc1fdb5a3e85999e329484d8abe5d31ab3197f66c422439e902f8eb56c62e8b0233cc0f7937d659d259c8952d107419a4180364c923e5d4f8e05822d7ee3ba937bd64a8f2cc8c575b0d35b592ea5d05e42bf14c168ef19023f9a39d4e8439b97785d3449a2abf8187bb08c015922e663d8a5690b3c69b7b02516b315d030f2705a68e0a3ce34b035cd9a0f9435ced89ef400c694cf949c880a5d2f710d63d10112af0d6246df533a4eacc024a119eba31b35a26e6a45bf34e3350f2f9b1f0de5baa91463d077c35df1f167d1d77b64619f84b1ec27732ce538b452038b91e2cdc572d31b00280d0230ac2eb85ac709edee3cf8637917a039464fb871db312441790ced7bc57ac5118859ac16adb1da1b9adfc7bf28996b102daaa61361c8e8222260807770d2018a4bfbb965411482c4580f7f48ff7291a2a75d71e34f3e01076add9476065f9987ac68672cb7be25afeb0829aedab787fbf0c8c0b754752fd7aa445e8af756d7ac316c66dc6478444071dcde6cd34792b17b3ad51f9079f22145ac4169f4342e700a7f8489f84d542ceb6da55b64fab6974dc8aeeafd11a2a8da6cf5ef72b7caa7551116beed5bf78dc20ae1a97925413716a87d084dd05908c4551ff57cd1f32c91adcc1132343958e219912f3e79f7b2401ac556636e01747dd227c43e8974ba80fa895ad6540d805405336a2571cc37f1b32bf2d52e65bffcc29b95eaad6936e0dcb2ce80f479b31396de3e45eb4463952307620bceb0cd23a5b56f0990308d35d212f0fc4660c578ac6d3bb89448ad886410c8afe3ae2a0513f27cc9497aaccb9306a876f35dc6cf156acdcb72b36b275ac1dc60f7c4e1bfb65258346455ba9075a17cad278fd2f129bb22ad4af577dbc021d33f5d28778d32c471da38e4b85df48da626d21433a18be8e3985173ac859c9d036db2e0c00325fcc2143a70676aa921dd80dd7fe567ff2e5ede8bc9fa418ee5ff0288f36feaf6549445714dbce7a2a9d63b343421ae3d604c5f2482283344c39c4224a493b1d2cd6f63eeafb55c5fbf0b154c0d05754476f768cb117f07a07b86ceb755103f51777a3978ac1ad4c1d7dd1cb0d170f5af2105eba9e25c7beffc5ded9eea245c380abeb6194936550cf4eedd70305051e591ece22685794197d59e82ef0426384bb77d63c5968949a72c7b8fb9c19c570d876b947982b0fc7404e1d99b44d6d3ac91303890843bb4c3617f9e4b136fc187757ae19f747355369903358559b24371a12bf4bec54163853562e7c21180770c7bb3e47beb8c15cfe7dce437e98f0145f1ef3331d91014ecb954c18352cbc82cd4c7799c2671202b607642a0b52a39c67a25a5b6280b66a85b4a7756d9654cc96327dbe822b8f7bcb23a502d5589ddff9764708d949ca7c7cecbe9a6519001572e226a1a85fd8dfb3abc1cc7f4e7626b33e9bf237266901e6f68e2c645172b210af0af8aafb2b351da25bd65c995d605949dd7eec673fa37f12e8216f7cc4dfd673928addb89512a53685ceee4be3289b9c06656d10673cae2bbf2806f683b7bb5ecef2ffd983c7599f1a9e579ce5ee2937208fda0639daf3295d6534e687da1eae72b8cf4295ecc357d4e5f18470586f67f1b222cba4568278549a64ac25ea0bd69b04d6c5da5845dd54695ec26947989450d6f28a71f1c785ec0420ea8a47c03cd61e69d006ad6c92a4c867502822a75092bdf56b6e6d1a80d9dd283a653e4e91770ab2e03db887b9aa7afce6698013b4d60b09070bd7562e91c6450f705b6d33fc5f42a1a2944cb3c7eda6654b5fe29426cea71e096afd8bb999cbd5cd680ba0265892db3e5761d61e1d636201d7fb54061fd4797656d280559e19777c33651f3b26a0709b8cdd4435336baa99f0b6ccb17c86337e9102578b459e469f2a971129b77d5d8b6ef51b16347a0aec9b2e5ff658b4ac26a1452a6b27b666f6d8ff88f1bfb4a1c5389fd1034c0779a907850910064b3593653ab02fd8ebf6a2ca763d895909b6e421b06aa645ddc831e161e112f56d6b5f4c1ffdd9f183233241be51dbe9020151b240e51ea1518d24545bc4c6df62241c3dc5667756ff6368a07a566a8a042abfd8fd4dd82e784d727f500edd635ec918900fb635cc920356313c51fb95c4cb64095524710f5f3624d07a616619f043f06e2998ccfc1a63e818ac5a2de935ba21bf7161b6c4eb6e71340b66fc89d94846c40c084b8cb3b72e980a7912894a63f4427a78822bf7b65675aaac27156f6aec18789bde9a4c6bc00cd3dc6e5adb5f12313dc4240a94146c5268330460dee65f726583477a86ecbdfc4a3958a154dfe24343a001c7c013c74f22dc06de26f445454b87f372c8cc597f7a1794edbfe048399cc07e1e23ce1e3e667ca3f76a70f3934c6f93ad3b617fec3f30d411cef033b9eb3a9c308d69125c79dfe1b6ef3bdb45dc9e4a5287d9674202cd7c9622f811e0959a4b68da70bbd8086b088c55a981415052e83ddb9d387d55ec13b32838225d6e6420938efc4beec58d27ed1f35bd2b8e422891fae97ee40d507fcfe9f7f15c00ce61334d428590693f172255a4273b3f4b3edfff50acc0c68270ae691601ce7db68247721c37414ce0851c90553b4a700b3fc83b6712c4a8a60b6ab712fe38cb3f89850097caa2a0f9aa1678e5c910bdf65defe0617d78f38f8b973c1c3ec04984a1abdd88c4b85151582c1aca36b5c3983f1a3f3d472c6e5d02a74ec280228a80ba5e1c62bc0f4c2c941b203d724a9028061c64c3f9b6508f342054f5dfe8ae63a40db827fcae4c358888bef49178e456615396834111e56a9e9657b5737b17dfea52cc31e0ed4c13d3c8cbb55e4c90c472375f7d3a311592c412423acb32acf797c5050c7f995f68e1801f8884425b4755a3b7c13e0940a1762aef71e8fd10ade37a1e1f3dd9a9d330e2f40635b7c378246097b6e300e6d3c91c4d147c2589187ab62c71d0fdcea4e6ce7882a61084b382154bc84e7493487549e8f55f906fe21b9efe5f388c250fc0fcada78028d1973ca3e9e9b077fdcee2dfd19aa43b7174bb485e529688deef1864e083e14ac9941054620c20ce3163daa2900f0cb02d46c436d195b3f1d9967372123adaf9be691b07cadd6e8fecba86707a336faf0eb4329a30d11562e955f01207b468456cf6de2af9752447e7a4d7dc68a038d419e51e22665ed363eeeb48c48a9dfbbf030b51b21e26b05a04e10192a914eefb0c0ee296067ebba0aeb8892e8336cd18a13fa5d32685f9beca337ab07052416f7cf877e30dca1eb7e821576665cbb7c49b5bff6b53866240a6266952db05e6ca520fe0fed0538eeb6bee5f1fc5cf55cd777155555464ef26e9e2570e079be01574a447111197b71301bb36957ea520eed3977316887c4445dca5deaaf49f0481f632cb89e66e791ab614f13883f8d5e386b053ba990b125c0a4f9e827be1515f014cdc82719a4d6daeb6806af8cb5a7dbc6c0eff9ee35a5c97e5002b841173a63847ee1c9f95800f8996d1ff5544442ca66ca413fbae4909f175ec2d2f4574b1c90da1bbb3be2d75983fd0f1a79e55fc6d58005d5fae8b42c1f19296870bbf853fbe6a6e15da35fd8799fc22d01b5e7f23122b4659ff340c30e3d9de24621e7c7b464c5dfb233345f452bb38a502ca25c6dd4b0e664fdc032286b7af1bd946cea385adcc9c3373ae547aef35083951778ec446407b0a85a37d3001a25a900102c40f365b62d3fe4e8eca6276978bdd3c5cca48fed350a0f8b477e5250667a2319bb6119235c556ed190d87d3b02957c7f91a93623fc96e5fee80313e4cff1e5ffc01677f2c6908e100f11e170521f2d6128462284bbf0ee1b523ff685f585cc95fd70a0d5ed7707f6b57e2aed20539443d74ebd705500c7ddd6c76a299f97fb5a161b40365913628f80adaccb1118f3e46d96203c7d38c5fd972e26101b34e8342318fd1f3139f65d83563a4d161047eee5bc5344c836a21b80e0977563fca6d3456ac5c186e611e6121f6e0928da88b735a7146d21f6a1be9cc2f23d9ddd6e30ae400b26d3ab3caee6a4b424c16984ad9f538cbf24d8e7890550d9849f6345e86705a4cbe36ab345c075f84d827a8a34169e25de15b92c882087ad2c8d8fb5935d4ad55c9f107891a0bde4af0bd2b3e8c9b2165189706fc14825f62d897f3a9d6da1864b5cdb5da4e4da0f60da2cc96d05156bbe31c8ff2c358ff25b2e536677b599573bf03d3109debb97e0e80462f61d2ee928aa21d4d244902d64dd7862f7709fed1467e6ac392cea4fa9b6fdd0665f41c4d0e78ee4177978c55ad0270908b225cd49e15413b1659dddb2c5b310aef51312eb54d6f374ad860e8b544083dc6dc7764c9cc92f4b8890d5ebb9a6c70dad869a80a617853934d4f2626073e7198141524040094025bbabdd6c12fd9443c0b416060f87c75bb8101d24e0b9bd80843644da6284a16118c77ddb3a8765870b1b7b44cf243dc1735e583e6f7a424e98ec6dd8014a1871a3d4120d493fec13780e314a4a5f42910d2baf924378ccfc43a67be998c465a7703b8679c2a0f816e1d1a946f3a71330a4ff0fa870fa491a507adb88fe26b1dbc25cf97b08f229331c35869c360fb88888210bfe6b1b2e1e673652358e090365aac1cb2ffa49f804a0b6b3d9bb5de5843c30df0fab9ced907cc7348b61759ef3295ae91779fd98214ed4ba794acf7f65e16c23d33892490e2fa5f8f0525cdda8f2c8633edef8945b2b1b47cb4d64970602e2ca6583b4f0dd28edbcf3a408a715d6d190137b645844bfb18ddf8915f6d753e1bbf8a10b21c76cbdd3573005d54aa1f26d334528a8a33cd78b0d1114903241b03cd1d7e16aaae1d0ecf23ae11a4fe0d1677118e82177e5ad499fcea308b534a611bfdab7709a53733504e5870e3945b140710bc8166c4fc065a0b2805d6b0849b015ed18895f2c96ad8cb1b6ece3a69d3c92230b2e5fb87648e1422aaed2637f8986fabe95767df19215acbe9169466cd017d11ef3f7d08d87ebb5fdda4b8b90ff54af34e765a636f210b508f2ca6e4b91b93c74f9f2b5e88576546091d4832ba6177ad0754dbaa610baa67bc94e11795d0be7ab98663d08de9312273f2249103d40b741e014eb082fbfb1e99dc3e0529c7153542b502eedcea4728820208e9c3c703a746d1a7a7cfb6f339cc76c75319481abb1aa26ea7f99282e237a82c0b07dc173c905067ab32427d6405028c317abf678aeff08317c518319b01a4f14e333c7f4f001b2b947ed99991ed8b46", 0x1000, r0}, 0x68)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = fcntl$dupfd(r1, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
read$rfkill(r0, 0x0, 0x0)

06:11:20 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x108, 0x500)

06:11:20 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48001e24000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:20 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x13)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:20 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48002124000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:20 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x109, 0x500)

06:11:20 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:20 executing program 3:
pkey_free(0xffffffffffffffff)
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x0, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = fcntl$dupfd(r1, 0x0, r2)
setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, &(0x7f0000000000)=0x9, 0x4)
r4 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x4, 0x80000)
r5 = socket(0x400020000000010, 0x2, 0x0)
write(r5, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
accept$packet(r5, &(0x7f00000011c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001200)=0x14)
recvfrom$packet(r4, &(0x7f0000000100)=""/161, 0xa1, 0x40000000, &(0x7f0000001240)={0x11, 0xf8, r6, 0x1, 0x4, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
read$rfkill(r0, 0x0, 0x0)

06:11:21 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48002224000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:21 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x10a, 0x500)

06:11:21 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e"], 0x14)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:21 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:21 executing program 3:
r0 = open(&(0x7f0000000000)='./file0\x00', 0x1883c0, 0x20)
ioctl$VIDIOC_ENUMOUTPUT(r0, 0xc0485630, &(0x7f0000000040)={0x2, "6f8ef18ed2472e92988f48b0f4bb47d5dd6805e461cad0e154916186b3407f8b", 0x2, 0x4, 0x0, 0x0, 0x4})
r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x0, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
sendmsg$NFT_MSG_GETGEN(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x10, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4004}, 0x10)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = fcntl$dupfd(r2, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
read$rfkill(r1, 0x0, 0x0)

06:11:21 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48002324000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:21 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x10b, 0x500)

06:11:21 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff01800000"], 0xb)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:21 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48002424000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:21 executing program 3:
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x0, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = fcntl$dupfd(r1, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
read$rfkill(r0, 0x0, 0x0)
r4 = socket(0x400020000000010, 0x2, 0x0)
write(r4, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00')
sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00a870", @ANYRES16=r5, @ANYBLOB="200025bd7000fbdbdf25010000000500030001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x400c005}, 0x0)

06:11:21 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x10c, 0x500)

06:11:21 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e"], 0x14)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:21 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff01800000"], 0xb)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:21 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48002524000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:21 executing program 3:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff01800000"], 0xb)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:21 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x10d, 0x500)

06:11:22 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff01800000"], 0xb)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:22 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e"], 0x14)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:22 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x10e, 0x500)

06:11:22 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48002624000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:22 executing program 2:
syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x158, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x3)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000100)={0x0, <r0=>0x0})
r1 = syz_open_procfs(0x0, 0x0)
getpid()
r2 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$void(r2, 0x5450)
getpgid(0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
r4 = fcntl$dupfd(r3, 0x406, 0xffffffffffffffff)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x589400, 0x0)
r6 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000300)='NLBL_CALIPSO\x00')
sendmsg$NLBL_CALIPSO_C_LISTALL(r5, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000440)={&(0x7f00000006c0)={0x54, r6, 0x10, 0x70bc29, 0x25dfdbfc}, 0x16}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$NLBL_CALIPSO_C_REMOVE(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000329bd7000ffdbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x2048807)
sendmsg$NLBL_CALIPSO_C_LISTALL(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r6, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x0)
memfd_create(&(0x7f0000000980)='lotrusted\x1a\x00\xee\xee\x91\xdc\x04>R\xba0Qe\x80\xe3}U\x01\xd0\xa9\xc9\xf1\xc9\x8d&\x90\xf6\x1a\x86\xd8\x02\xda6E\x17\xa9d\xcfcK\xfe\xf4\x99\xb7o\xff\at\xb6C\xef\x068\xcf\xd3\xb6\xbe\x98\x02\xa0\x90\xc8[\v\x93A\x7f\xc6\xa7\xcaEB\xb9\xaeS\x99\x86RI;\x0e\xf0\xcf\x9b\xff\x01\x00\x00\x00\x00\x00\x00\xc9\x85\xe2\xc9\x8bM\x1f\xcd%\x98\x16H\x9f\xbc\xb8\xd4\v', 0x5)
r7 = socket(0x400020000000010, 0x2, 0x0)
write(r7, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
getsockopt$inet_sctp6_SCTP_NODELAY(r7, 0x84, 0x3, &(0x7f0000000080), &(0x7f0000000140)=0x4)
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0)
r9 = getpid()
sched_setscheduler(r9, 0x5, &(0x7f0000000380))
r10 = getpid()
sched_setscheduler(r10, 0x5, &(0x7f0000000380))
r11 = getpid()
sched_setscheduler(r11, 0x5, &(0x7f0000000380))
r12 = getpid()
sched_setscheduler(r12, 0x5, &(0x7f0000000380))
r13 = getpid()
sched_setscheduler(r13, 0x5, &(0x7f0000000380))
clone3(&(0x7f0000000740)={0x880, &(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000580)=<r14=>0x0, {0x6}, &(0x7f00000005c0)=""/167, 0xa7, &(0x7f0000000680)=""/26, &(0x7f0000000700)=[r9, 0xffffffffffffffff, r10, r0, r11, r12, 0x0, r13], 0x8}, 0x50)
r15 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r15, 0xc0044308, &(0x7f0000000200))
perf_event_open(&(0x7f0000000480)={0x3, 0x70, 0x8, 0x1f, 0x1f, 0xd, 0x0, 0x10001, 0x20018, 0x6a65dcdd5324d063, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0xca31, 0x0, @perf_bp={&(0x7f0000000400), 0x8}, 0x62000, 0x7, 0x7, 0x1, 0x8001, 0x1, 0x614}, r14, 0xa, r15, 0xa)
ioctl$FBIOPUTCMAP(0xffffffffffffffff, 0x4611, &(0x7f00000001c0)={0x0, 0x8a22b1c591a5a3f0, 0x0, 0x0, 0x0, 0x0})
bind$netrom(r1, &(0x7f0000000340)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3}, [@null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$FBIOBLANK(r8, 0x4611, 0x0)

06:11:22 executing program 3:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:22 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032"], 0x10)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:22 executing program 2:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:22 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x10f, 0x500)

06:11:22 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48002724000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:22 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000002c0))
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x26f)
r4 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r4}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:22 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032"], 0x10)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:22 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48003024000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:22 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:22 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x110, 0x500)

06:11:22 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032"], 0x10)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:22 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x400000000, 0x0, 0x0, 0x0, 0x2}, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1108}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x3, 0xdf55, 0x8a, 0x80000, 0x7ff, 0x2, 0x9}, 0x1c)
dup3(r3, r0, 0x0)
write$P9_RWALK(r2, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8)
r4 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x5, &(0x7f0000000380))
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = fcntl$dupfd(0xffffffffffffffff, 0x0, r6)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000200)={0x0, <r8=>0x0}, &(0x7f0000000240)=0xc)
syz_mount_image$exfat(&(0x7f0000000180)='exfat\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x3, &(0x7f0000000340)=[{&(0x7f0000000200)="bd510e720b7faf45719fec1993399582dbb7d95520b3131a3cbf53626669afffd34d18ba48889db4623e5fd9d6ec2b1e7303ccd1bac28fd92162b7060f8eefb24e902cafe85974865ded180d5b222ccabf43cd", 0x53, 0xffffffffffffffe0}, {&(0x7f0000000500)="e317c9ee73f8d3c7cc53596c6d6c984b6de898d9c8bc7258cf37a36d3135f5ca21f54bb8bafb76911a3426004cec822f3df149a8b9688f58503a814b7c923c9ab973a7656df39d133dcdd7372e3c395b18a3ba7f1d5ee1c7cc470841bb77d27bc8d6e9a41e83d75bb77b2f7d228d11d57cb3d01e2dd00216b49c66", 0x7b, 0x7}, {&(0x7f0000000600)="4e04b56409b68a2c34bc71d959e3409bf8d9e2f5cefb7d4a942430b6528799e5012c01108bd20e5e1f3e6fb1c3023bb6b27c82009d1d258d80fc084362ffa0c5f33ec027a20ad9dbb82e6bf9be7f5aab8351093396b525b5218a028e04f2f7db8fb6b18327c70105e5eb5d470c7d899ef62ce905c23532458dde1f4321798fd41b9b0c60881bf968e88f499fd8b6494455b011ee5612d17d02b6cebfbaad3bedbf7cd011565d16ad7aef99e0dd16100ceaad0c1e100e0858867e8e49b7265bab9f3d", 0xc2, 0x7}], 0x9b4400, &(0x7f0000000700)={[{@dmask={'dmask', 0x3d, 0x40}}, {@gid={'gid', 0x3d, 0xffffffffffffffff}}, {@namecase='namecase=1'}], [{@subj_role={'subj_role', 0x3d, '/dev/ptmx\x00'}}, {@measure='measure'}, {@measure='measure'}, {@hash='hash'}, {@dont_appraise='dont_appraise'}, {@uid_eq={'uid'}}, {@fowner_gt={'fowner>', r8}}]})
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0xfffffffd, 0x4b, {r5}, {r8}, 0x9, 0x7})
dup2(r2, r4)
r9 = socket(0x400020000000010, 0x2, 0x0)
write(r9, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
getsockopt$netlink(r9, 0x10e, 0x3, &(0x7f0000000400)=""/188, &(0x7f0000000100)=0xbc)

06:11:22 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x14100, 0x0)
r1 = dup2(0xffffffffffffffff, r0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, 0x3, 0x3, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0x8, 0x1000000}}]}, 0x20}, 0x1, 0x0, 0x0, 0x10040800}, 0x800)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5)
ioctl$TCSETXF(r0, 0x5434, &(0x7f0000000040)={0x7, 0x4, [0x400, 0x2bd8, 0xfff, 0x2, 0x3], 0xe0})
ioctl$TCSETS(r0, 0x8924, 0x0)

06:11:23 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48004824000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:23 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x111, 0x500)

06:11:23 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x13)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:23 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x112, 0x500)

06:11:23 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48004c24000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:23 executing program 3:
socket$kcm(0x10, 0x2, 0x10)
r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/mls\x00', 0x0, 0x0)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
setsockopt$CAIFSO_REQ_PARAM(r0, 0x116, 0x80, &(0x7f00000000c0)="595e46e947ea4799e9487defdde804010a0b221b543e85a715654b4eb50e0dd3616e932d772fd661a0254bf35a90b0cecbe355dd74c30cce12f27f16e5445d3ed88e130cfdb66fea2b491af846b9b2e16062e326f0fbc183aaeca3efecbf472886a3b2ef7228064bece06ebf8c7deb19f360ee82f6a08b5cd4dfa776df68c2dc46ac3e183bb7fb570da0015a015b3d3fa0c6445100faeb229185ade016fea0351de270b9", 0xa4)
ioctl$CAPI_GET_SERIAL(r1, 0xc0044308, &(0x7f0000000200))
ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f0000000040))
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x40850)

06:11:23 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x113, 0x500)

06:11:23 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:23 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48006024000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:23 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x13)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:23 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x114, 0x500)

06:11:23 executing program 3:
pipe(0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x10000000000f, 0x0, 0x0)
getpgrp(0x0)
memfd_create(0x0, 0x0)
r1 = syz_open_dev$sndseq(0x0, 0x0, 0x0)
dup2(r1, 0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000580))
pipe(0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000240)='system.posix_acl_access\x00', 0x0, 0x0, 0x1)
syz_open_dev$amidi(&(0x7f0000000340)='/dev/amidi#\x00', 0x9c4, 0x70000)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x89a2, &(0x7f0000000180))
pipe(0x0)
waitid(0x0, 0x0, &(0x7f0000000b00), 0x2, &(0x7f0000000b80))
sendmsg$key(0xffffffffffffffff, 0x0, 0x20004850)
memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0)
syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x82003, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004870000000000000bc700000000000009500faff000000008aa1210b29017b83c8e96e6405f7e93dba4d64b5030b3388b0409a814343f1ae341b74efa745a12f5c0685e5261482e31e0cacc902c97e6145201b062261ef48004d26342c94f56a39359ba56724e4535d80ffbd6848d53382c262869ba15d8f0c2211a2b975eb2b9d08501c56ab5aa0d110c5d197e50ff28b4a3b05489d1d1245cb774879b0871dd61703eefe87d7919c5ea2a361b18cca1a363b2b28add653"], &(0x7f0000000140)='GPL\x00'}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r2, 0xc0, &(0x7f0000000680)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r3}, 0xc)
r4 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048024}, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000600)={{{@in6=@local, @in6=@ipv4={[], [], @dev}}}, {{@in=@empty}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000000540)=0xe8)
r5 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r5, r4, 0x0, 0x0, 0x0, r3}, 0x5c)
r6 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r6, 0xc0044308, &(0x7f0000000200))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0xffffffffffffffff, r6, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0xc)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000600)={r0, 0xffffffffffffffff, 0x0, 0x14, &(0x7f0000000180)='&$vboxnet1security!\x00'}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000100)='\x00'}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
fcntl$setpipe(r7, 0x407, 0x0)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10)
sendto$inet(r7, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10)
r8 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r9 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0)
socket(0x10, 0x2, 0x0)
pwritev(r9, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a3", 0x1}], 0x1, 0x81003)
ioctl$LOOP_CHANGE_FD(r8, 0x4c00, r9)
sendfile(r7, r8, 0x0, 0x102000004)

06:11:23 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xfffffffffffffe83}}, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02020609100000000000004c9e0000000200130002000000000000000000004105000600200000000a00000000000000000500e50008070000001f00000000000009200000000000020001000000000000000002000098a805000500000000000a00000000000000ff1700000000ffff00ba90a27854bb86020000ff00000000b3e6e44468a8bb71384a34542c29513db37b0e15712d698c1949695c1420914e00591abf5f033523ea7b45849bd977b781bae815b53f67378e9b7665c5874388e2c4b5f743ed329627643507a4d6da"], 0x80}}, 0x0)
sendmmsg(r3, &(0x7f0000000180), 0x393, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = socket(0x400020000000010, 0x2, 0x0)
write(r5, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
r6 = syz_genetlink_get_family_id$ipvs(0x0)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000640)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="06002bbd7000000000001000000014000180080006007772720008040b00736970000800040004000000"], 0x30}}, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r5, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)={0xa8, r6, 0x2, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x7ff}]}, @IPVS_CMD_ATTR_DAEMON={0x48, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hsr0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xd71}]}, 0xa8}, 0x1, 0x0, 0x0, 0x80}, 0x4)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="02020409100000000000004c9e0000000200130002000000000000000000004105000600200000000a00000000000000000500e500080700e0000000000000010000200000000000020001000000000000000002000098a805000500000000000a00000000000000ff1700000000000000ba90a27854bb86020000ff00000000bc455982a4e9d4a747273268ca5832c4fead66196cc795b28063cca0bacacc03be8fd23fc1bf63760458abfe303793edde3bf15302a3010f023f712768179ce88ab8b680a27cba381459855dea5f569bfb59b9e4eb508611b6650d2b836f2903095f16565a373e655bd5455dcb6400861dfa22cce6d2f49ad2d6185b944e2689414ad481e9d76e8a15ae728c514dfd5bd88a4720c2e9fdc77a5c3479d7c9c90663b07d0bdc0b70acfdf1dcabbc4a19fdb19622f26e9f0284c167dbfcc6f10622c518d35d0941a2c4aa8b4a2acda385cd1eca294226b40000"], 0x80}}, 0x0)
sendmmsg(r4, &(0x7f0000000180), 0x147, 0x0)

06:11:24 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x115, 0x500)

06:11:24 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48006824000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  423.121472][T15416] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15416 comm=syz-executor.2
06:11:24 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48006c24000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  423.235700][T15433] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15433 comm=syz-executor.2
06:11:24 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x13)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:24 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x116, 0x500)

06:11:24 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48007424000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:25 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:25 executing program 2:
r0 = socket$inet6(0xa, 0x4000000080002, 0x0)
r1 = socket(0x400020000000010, 0x2, 0x0)
write(r1, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$inet(0x2, 0x80001, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r5=>0xffffffffffffffff}, 0x111, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f0000000180)={0xa, 0x4, 0xfa00, {r5}}, 0xc)
setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x7d, &(0x7f0000000140)={r4}, 0x8)
getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000000)={r4, 0x8, 0x5, 0xfffffffa}, &(0x7f0000000080)=0x10)
r6 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/status\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x2400, 0xfff)
socket$packet(0x11, 0x2, 0x300)
connect$inet6(r0, &(0x7f0000005d00)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000040), 0x4)
r7 = socket(0x400020000000010, 0x2, 0x0)
write(r7, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00')
sendmsg$NL80211_CMD_GET_MPATH(r7, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x38, r8, 0x20, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x1, 0x1}}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @link_local}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x38}, 0x1, 0x0, 0x0, 0x84}, 0x0)

06:11:25 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x117, 0x500)

06:11:25 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48007a24000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:25 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x118, 0x500)

06:11:25 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e"], 0x14)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:25 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e4800d524000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:25 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'vlan0\x00', <r2=>0x0})
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(0xffffffffffffffff, 0xc058534b, &(0x7f0000000100)={0x2, 0x9, 0xf589, 0x6, 0x5, 0x4})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@newlink={0x2c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_ADDRESS={0xa, 0x1, @link_local}]}, 0x2c}}, 0x0)

06:11:25 executing program 3:
pipe(0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x10000000000f, 0x0, 0x0)
getpgrp(0x0)
memfd_create(0x0, 0x0)
r1 = syz_open_dev$sndseq(0x0, 0x0, 0x0)
dup2(r1, 0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000580))
pipe(0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000240)='system.posix_acl_access\x00', 0x0, 0x0, 0x1)
syz_open_dev$amidi(&(0x7f0000000340)='/dev/amidi#\x00', 0x9c4, 0x70000)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x89a2, &(0x7f0000000180))
pipe(0x0)
waitid(0x0, 0x0, &(0x7f0000000b00), 0x2, &(0x7f0000000b80))
sendmsg$key(0xffffffffffffffff, 0x0, 0x20004850)
memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0)
syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x82003, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004870000000000000bc700000000000009500faff000000008aa1210b29017b83c8e96e6405f7e93dba4d64b5030b3388b0409a814343f1ae341b74efa745a12f5c0685e5261482e31e0cacc902c97e6145201b062261ef48004d26342c94f56a39359ba56724e4535d80ffbd6848d53382c262869ba15d8f0c2211a2b975eb2b9d08501c56ab5aa0d110c5d197e50ff28b4a3b05489d1d1245cb774879b0871dd61703eefe87d7919c5ea2a361b18cca1a363b2b28add653"], &(0x7f0000000140)='GPL\x00'}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r2, 0xc0, &(0x7f0000000680)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r3}, 0xc)
r4 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048024}, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000600)={{{@in6=@local, @in6=@ipv4={[], [], @dev}}}, {{@in=@empty}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000000540)=0xe8)
r5 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r5, r4, 0x0, 0x0, 0x0, r3}, 0x5c)
r6 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r6, 0xc0044308, &(0x7f0000000200))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0xffffffffffffffff, r6, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0xc)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000600)={r0, 0xffffffffffffffff, 0x0, 0x14, &(0x7f0000000180)='&$vboxnet1security!\x00'}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000100)='\x00'}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
fcntl$setpipe(r7, 0x407, 0x0)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10)
sendto$inet(r7, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10)
r8 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r9 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0)
socket(0x10, 0x2, 0x0)
pwritev(r9, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a3", 0x1}], 0x1, 0x81003)
ioctl$LOOP_CHANGE_FD(r8, 0x4c00, r9)
sendfile(r7, r8, 0x0, 0x102000004)

06:11:25 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000028000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:25 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x119, 0x500)

06:11:25 executing program 2:
pipe(0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x10000000000f, 0x0, 0x0)
getpgrp(0x0)
memfd_create(0x0, 0x0)
r1 = syz_open_dev$sndseq(0x0, 0x0, 0x0)
dup2(r1, 0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000580))
pipe(0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000240)='system.posix_acl_access\x00', 0x0, 0x0, 0x1)
syz_open_dev$amidi(&(0x7f0000000340)='/dev/amidi#\x00', 0x9c4, 0x70000)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x89a2, &(0x7f0000000180))
pipe(0x0)
waitid(0x0, 0x0, &(0x7f0000000b00), 0x2, &(0x7f0000000b80))
sendmsg$key(0xffffffffffffffff, 0x0, 0x20004850)
memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0)
syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x82003, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004870000000000000bc700000000000009500faff000000008aa1210b29017b83c8e96e6405f7e93dba4d64b5030b3388b0409a814343f1ae341b74efa745a12f5c0685e5261482e31e0cacc902c97e6145201b062261ef48004d26342c94f56a39359ba56724e4535d80ffbd6848d53382c262869ba15d8f0c2211a2b975eb2b9d08501c56ab5aa0d110c5d197e50ff28b4a3b05489d1d1245cb774879b0871dd61703eefe87d7919c5ea2a361b18cca1a363b2b28add653"], &(0x7f0000000140)='GPL\x00'}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r2, 0xc0, &(0x7f0000000680)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r3}, 0xc)
r4 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048024}, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000600)={{{@in6=@local, @in6=@ipv4={[], [], @dev}}}, {{@in=@empty}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000000540)=0xe8)
r5 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r5, r4, 0x0, 0x0, 0x0, r3}, 0x5c)
r6 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r6, 0xc0044308, &(0x7f0000000200))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0xffffffffffffffff, r6, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0xc)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000600)={r0, 0xffffffffffffffff, 0x0, 0x14, &(0x7f0000000180)='&$vboxnet1security!\x00'}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000100)='\x00'}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
fcntl$setpipe(r7, 0x407, 0x0)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10)
sendto$inet(r7, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10)
r8 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r9 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0)
socket(0x10, 0x2, 0x0)
pwritev(r9, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a3", 0x1}], 0x1, 0x81003)
ioctl$LOOP_CHANGE_FD(r8, 0x4c00, r9)
sendfile(r7, r8, 0x0, 0x102000004)

06:11:26 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:26 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e"], 0x14)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:26 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x11a, 0x500)

06:11:26 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000035000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:26 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x11b, 0x500)

06:11:26 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e4800003f000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:26 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:26 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e"], 0x14)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:26 executing program 3:
pipe(0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x10000000000f, 0x0, 0x0)
getpgrp(0x0)
memfd_create(0x0, 0x0)
r1 = syz_open_dev$sndseq(0x0, 0x0, 0x0)
dup2(r1, 0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000580))
pipe(0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000240)='system.posix_acl_access\x00', 0x0, 0x0, 0x1)
syz_open_dev$amidi(&(0x7f0000000340)='/dev/amidi#\x00', 0x9c4, 0x70000)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x89a2, &(0x7f0000000180))
pipe(0x0)
waitid(0x0, 0x0, &(0x7f0000000b00), 0x2, &(0x7f0000000b80))
sendmsg$key(0xffffffffffffffff, 0x0, 0x20004850)
memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0)
syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x82003, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004870000000000000bc700000000000009500faff000000008aa1210b29017b83c8e96e6405f7e93dba4d64b5030b3388b0409a814343f1ae341b74efa745a12f5c0685e5261482e31e0cacc902c97e6145201b062261ef48004d26342c94f56a39359ba56724e4535d80ffbd6848d53382c262869ba15d8f0c2211a2b975eb2b9d08501c56ab5aa0d110c5d197e50ff28b4a3b05489d1d1245cb774879b0871dd61703eefe87d7919c5ea2a361b18cca1a363b2b28add653"], &(0x7f0000000140)='GPL\x00'}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r2, 0xc0, &(0x7f0000000680)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r3}, 0xc)
r4 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048024}, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000600)={{{@in6=@local, @in6=@ipv4={[], [], @dev}}}, {{@in=@empty}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000000540)=0xe8)
r5 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r5, r4, 0x0, 0x0, 0x0, r3}, 0x5c)
r6 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r6, 0xc0044308, &(0x7f0000000200))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0xffffffffffffffff, r6, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0xc)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000600)={r0, 0xffffffffffffffff, 0x0, 0x14, &(0x7f0000000180)='&$vboxnet1security!\x00'}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000100)='\x00'}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
fcntl$setpipe(r7, 0x407, 0x0)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10)
sendto$inet(r7, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10)
r8 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r9 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0)
socket(0x10, 0x2, 0x0)
pwritev(r9, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a3", 0x1}], 0x1, 0x81003)
ioctl$LOOP_CHANGE_FD(r8, 0x4c00, r9)
sendfile(r7, r8, 0x0, 0x102000004)

06:11:26 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x11c, 0x500)

06:11:26 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e4800005a000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:26 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/asound/timers\x00', 0x0, 0x0)
accept4$vsock_stream(r0, &(0x7f0000000340)={0x28, 0x0, 0x2710}, 0x10, 0x80000)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
ioprio_get$pid(0x2, r1)
syz_mount_image$tmpfs(&(0x7f0000000540)='tmpfs\x00', &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={[{@mpol={'mpol', 0x3d, {'interleave', '', @void}}}, {@nr_inodes={'nr_inodes'}}]})
r2 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000000)={<r4=>r3})
r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080)='NLBL_MGMT\x00')
sendmsg$NLBL_MGMT_C_LISTDEF(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r5, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}}]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x40000c4)

06:11:26 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x11d, 0x500)

[  425.959152][T15552] tmpfs: Bad value for 'nr_inodes'
[  426.034284][T15552] tmpfs: Bad value for 'nr_inodes'
06:11:27 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:27 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e4800006b000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:27 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x223e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
write$binfmt_misc(r2, &(0x7f0000000080)={'syz1', "e1336e3803c52e204ecfafec9e8a2e405a91dd56afe24731c2c79739616161f2939569f3704a311a319146b543ca"}, 0x32)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10006, 0x80011, r1, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
socket(0x2, 0x803, 0xff)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000100)={&(0x7f0000000040)=[0x0], 0x1})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00')
writev(r3, &(0x7f0000000080), 0x5b)
lstat(0x0, 0x0)
semctl$IPC_SET(0x0, 0x0, 0x1, 0x0)

06:11:27 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:27 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e4800000f000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:27 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x11e, 0x500)

06:11:27 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000028000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:28 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:28 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x11f, 0x500)

06:11:28 executing program 2:
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x0, 0x0)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80006008}, 0xc, &(0x7f0000000080)={&(0x7f0000000b80)=ANY=[@ANYBLOB="4100000000ed00030000000000000000f4f03660ffc04c054294520a0000040800034000000001080009000100085e253a00000000417cf27b408698b6d19d98001cdba07887b19d040af2d0bfc92cc3e2de79feb98feb070000004d202ed1692a1282361ee21681c02e8c45d4ec53f7e147c9edea4aefe15425dd9b70e3f72e30d200"/144], 0x1}}, 0x20000000)
sched_setscheduler(0x0, 0x0, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0)
clone3(&(0x7f0000000580)={0x0, &(0x7f0000000140), &(0x7f00000002c0), 0x0, {0x41}, &(0x7f00000003c0)=""/126, 0x7e, &(0x7f0000000500)=""/42, &(0x7f0000000540)=[0x0], 0x1}, 0x50)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
ptrace$setsig(0x4203, 0xffffffffffffffff, 0x7, &(0x7f0000000440)={0x32, 0xffff, 0x41})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa10000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3b}], 0x3, 0x0, 0x0, 0x3b2)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$can_j1939(0x1d, 0x2, 0x7)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800e000000003000000000000000809e17d8b8c"], 0x0, 0x18}, 0x20)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
getrandom(&(0x7f0000000600)=""/239, 0xef, 0x1)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
gettid()
syz_open_procfs(0x0, &(0x7f0000000140)='net/udp6\x00')

06:11:28 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000035000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:28 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000b44000/0x2000)=nil})
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
mlock2(&(0x7f0000a4f000/0x4000)=nil, 0x4000, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r2, 0xc0044308, &(0x7f0000000200))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000040)={0x0, <r3=>0x0})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, r4)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000200)={0x0, <r6=>0x0}, &(0x7f0000000240)=0xc)
syz_mount_image$exfat(&(0x7f0000000180)='exfat\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x3, &(0x7f0000000340)=[{&(0x7f0000000200)="bd510e720b7faf45719fec1993399582dbb7d95520b3131a3cbf53626669afffd34d18ba48889db4623e5fd9d6ec2b1e7303ccd1bac28fd92162b7060f8eefb24e902cafe85974865ded180d5b222ccabf43cd", 0x53, 0xffffffffffffffe0}, {&(0x7f0000000500)="e317c9ee73f8d3c7cc53596c6d6c984b6de898d9c8bc7258cf37a36d3135f5ca21f54bb8bafb76911a3426004cec822f3df149a8b9688f58503a814b7c923c9ab973a7656df39d133dcdd7372e3c395b18a3ba7f1d5ee1c7cc470841bb77d27bc8d6e9a41e83d75bb77b2f7d228d11d57cb3d01e2dd00216b49c66", 0x7b, 0x7}, {&(0x7f0000000600)="4e04b56409b68a2c34bc71d959e3409bf8d9e2f5cefb7d4a942430b6528799e5012c01108bd20e5e1f3e6fb1c3023bb6b27c82009d1d258d80fc084362ffa0c5f33ec027a20ad9dbb82e6bf9be7f5aab8351093396b525b5218a028e04f2f7db8fb6b18327c70105e5eb5d470c7d899ef62ce905c23532458dde1f4321798fd41b9b0c60881bf968e88f499fd8b6494455b011ee5612d17d02b6cebfbaad3bedbf7cd011565d16ad7aef99e0dd16100ceaad0c1e100e0858867e8e49b7265bab9f3d", 0xc2, 0x7}], 0x9b4400, &(0x7f0000000700)={[{@dmask={'dmask', 0x3d, 0x40}}, {@gid={'gid', 0x3d, 0xffffffffffffffff}}, {@namecase='namecase=1'}], [{@subj_role={'subj_role', 0x3d, '/dev/ptmx\x00'}}, {@measure='measure'}, {@measure='measure'}, {@hash='hash'}, {@dont_appraise='dont_appraise'}, {@uid_eq={'uid'}}, {@fowner_gt={'fowner>', r6}}]})
r7 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r7, 0xc028660f, &(0x7f0000000280))
r8 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0)
r9 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r9, 0xc028660f, &(0x7f0000000280)={0x0, r8})
statx(r9, &(0x7f0000000100)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r11=>0xffffffffffffffff})
r12 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r12, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r13=>0x0}, &(0x7f0000cab000)=0xc)
r14 = getpid()
sendmsg$unix(r11, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r14, 0x0, r13}}}], 0x20}, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x180400, &(0x7f00000003c0)=ANY=[@ANYBLOB="66641d", @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r10, @ANYBLOB=',group_id=', @ANYRESDEC=r13, @ANYBLOB=',default_permissions,allow_other,max_read=0x0000000000000001,default_permissions,default_permissions,max_read=0x0000000000000037,blksize=0x0000000000001200,default_permissions,default_permissions,subj_type=/dev/bsg\x00,context=staff_u,dont_appraise,\x00'])
setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000000c0)={r3, r6, r13}, 0xc)
r15 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00')
sendfile(r0, r15, 0x0, 0x320c)

06:11:28 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x120, 0x500)

06:11:28 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e4800005a000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:28 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x121, 0x500)

06:11:28 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:28 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:28 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e4800006b000505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:28 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x122, 0x500)

06:11:28 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x123, 0x500)

06:11:28 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:29 executing program 2:
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x0, 0x0)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80006008}, 0xc, &(0x7f0000000080)={&(0x7f0000000b80)=ANY=[@ANYBLOB="4100000000ed00030000000000000000f4f03660ffc04c054294520a0000040800034000000001080009000100085e253a00000000417cf27b408698b6d19d98001cdba07887b19d040af2d0bfc92cc3e2de79feb98feb070000004d202ed1692a1282361ee21681c02e8c45d4ec53f7e147c9edea4aefe15425dd9b70e3f72e30d200"/144], 0x1}}, 0x20000000)
sched_setscheduler(0x0, 0x0, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0)
clone3(&(0x7f0000000580)={0x0, &(0x7f0000000140), &(0x7f00000002c0), 0x0, {0x41}, &(0x7f00000003c0)=""/126, 0x7e, &(0x7f0000000500)=""/42, &(0x7f0000000540)=[0x0], 0x1}, 0x50)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
ptrace$setsig(0x4203, 0xffffffffffffffff, 0x7, &(0x7f0000000440)={0x32, 0xffff, 0x41})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa10000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3b}], 0x3, 0x0, 0x0, 0x3b2)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$can_j1939(0x1d, 0x2, 0x7)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800e000000003000000000000000809e17d8b8c"], 0x0, 0x18}, 0x20)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
getrandom(&(0x7f0000000600)=""/239, 0xef, 0x1)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
gettid()
syz_open_procfs(0x0, &(0x7f0000000140)='net/udp6\x00')

06:11:29 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024020505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:29 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9a23}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0xa, 0x2, 0x73)
syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x8, 0x400c2)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r1, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @empty}, 0x3f)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCSIFBR(r2, 0x8941, 0x0)
sendmmsg$inet_sctp(r1, &(0x7f00000003c0), 0x3a301e0909ff6cd, 0x934)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x90000, 0x0)
fsetxattr$security_evm(r3, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000100)=@v2={0x5, 0x2, 0x8, 0x4, 0x69, "c2900d0f7ec4c3b0e244f23bad34cf4855a039419e0552e342d480d6283ff739238588732da5f412ecd7ebb605f162d66c702813372327a418b11bc2bfb6264ac91851e6f3282c7b0db18c2ab85c6b532d3707ca86472095ee524bf799d485422f4a349cdf2b9af74e"}, 0x72, 0x2)
clock_gettime(0x0, &(0x7f0000000180))
openat$ptmx(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
syz_emit_ethernet(0x22, &(0x7f0000000440)=ANY=[@ANYBLOB="0180c2000000ffffffffffff080045000014000000180067907800000000ffffffff"], 0x0)

06:11:29 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x124, 0x500)

[  428.241702][   T27] audit: type=1400 audit(1583993489.236:101): avc:  denied  { ioctl } for  pid=15661 comm="syz-executor.3" path="socket:[61484]" dev="sockfs" ino=61484 ioctlcmd=0x8941 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
06:11:29 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024030505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:29 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x125, 0x500)

06:11:29 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:29 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:29 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024040505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:29 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9a23}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0xa, 0x2, 0x73)
syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x8, 0x400c2)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r1, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @empty}, 0x3f)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCSIFBR(r2, 0x8941, 0x0)
sendmmsg$inet_sctp(r1, &(0x7f00000003c0), 0x3a301e0909ff6cd, 0x934)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x90000, 0x0)
fsetxattr$security_evm(r3, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000100)=@v2={0x5, 0x2, 0x8, 0x4, 0x69, "c2900d0f7ec4c3b0e244f23bad34cf4855a039419e0552e342d480d6283ff739238588732da5f412ecd7ebb605f162d66c702813372327a418b11bc2bfb6264ac91851e6f3282c7b0db18c2ab85c6b532d3707ca86472095ee524bf799d485422f4a349cdf2b9af74e"}, 0x72, 0x2)
clock_gettime(0x0, &(0x7f0000000180))
openat$ptmx(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
syz_emit_ethernet(0x22, &(0x7f0000000440)=ANY=[@ANYBLOB="0180c2000000ffffffffffff080045000014000000180067907800000000ffffffff"], 0x0)

06:11:29 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x126, 0x500)

06:11:30 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x127, 0x500)

06:11:30 executing program 2:
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x0, 0x0)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80006008}, 0xc, &(0x7f0000000080)={&(0x7f0000000b80)=ANY=[@ANYBLOB="4100000000ed00030000000000000000f4f03660ffc04c054294520a0000040800034000000001080009000100085e253a00000000417cf27b408698b6d19d98001cdba07887b19d040af2d0bfc92cc3e2de79feb98feb070000004d202ed1692a1282361ee21681c02e8c45d4ec53f7e147c9edea4aefe15425dd9b70e3f72e30d200"/144], 0x1}}, 0x20000000)
sched_setscheduler(0x0, 0x0, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0)
clone3(&(0x7f0000000580)={0x0, &(0x7f0000000140), &(0x7f00000002c0), 0x0, {0x41}, &(0x7f00000003c0)=""/126, 0x7e, &(0x7f0000000500)=""/42, &(0x7f0000000540)=[0x0], 0x1}, 0x50)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
ptrace$setsig(0x4203, 0xffffffffffffffff, 0x7, &(0x7f0000000440)={0x32, 0xffff, 0x41})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa10000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3b}], 0x3, 0x0, 0x0, 0x3b2)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$can_j1939(0x1d, 0x2, 0x7)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800e000000003000000000000000809e17d8b8c"], 0x0, 0x18}, 0x20)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
getrandom(&(0x7f0000000600)=""/239, 0xef, 0x1)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
gettid()
syz_open_procfs(0x0, &(0x7f0000000140)='net/udp6\x00')

06:11:30 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024050505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:30 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x128, 0x500)

06:11:30 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024060505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:30 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x129, 0x500)

06:11:30 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024070505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:30 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:30 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9a23}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0xa, 0x2, 0x73)
syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x8, 0x400c2)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r1, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @empty}, 0x3f)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCSIFBR(r2, 0x8941, 0x0)
sendmmsg$inet_sctp(r1, &(0x7f00000003c0), 0x3a301e0909ff6cd, 0x934)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x90000, 0x0)
fsetxattr$security_evm(r3, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000100)=@v2={0x5, 0x2, 0x8, 0x4, 0x69, "c2900d0f7ec4c3b0e244f23bad34cf4855a039419e0552e342d480d6283ff739238588732da5f412ecd7ebb605f162d66c702813372327a418b11bc2bfb6264ac91851e6f3282c7b0db18c2ab85c6b532d3707ca86472095ee524bf799d485422f4a349cdf2b9af74e"}, 0x72, 0x2)
clock_gettime(0x0, &(0x7f0000000180))
openat$ptmx(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
syz_emit_ethernet(0x22, &(0x7f0000000440)=ANY=[@ANYBLOB="0180c2000000ffffffffffff080045000014000000180067907800000000ffffffff"], 0x0)

06:11:30 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024080505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:30 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x12a, 0x500)

06:11:30 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:31 executing program 2:
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x0, 0x0)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80006008}, 0xc, &(0x7f0000000080)={&(0x7f0000000b80)=ANY=[@ANYBLOB="4100000000ed00030000000000000000f4f03660ffc04c054294520a0000040800034000000001080009000100085e253a00000000417cf27b408698b6d19d98001cdba07887b19d040af2d0bfc92cc3e2de79feb98feb070000004d202ed1692a1282361ee21681c02e8c45d4ec53f7e147c9edea4aefe15425dd9b70e3f72e30d200"/144], 0x1}}, 0x20000000)
sched_setscheduler(0x0, 0x0, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0)
clone3(&(0x7f0000000580)={0x0, &(0x7f0000000140), &(0x7f00000002c0), 0x0, {0x41}, &(0x7f00000003c0)=""/126, 0x7e, &(0x7f0000000500)=""/42, &(0x7f0000000540)=[0x0], 0x1}, 0x50)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
ptrace$setsig(0x4203, 0xffffffffffffffff, 0x7, &(0x7f0000000440)={0x32, 0xffff, 0x41})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa10000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3b}], 0x3, 0x0, 0x0, 0x3b2)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$can_j1939(0x1d, 0x2, 0x7)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800e000000003000000000000000809e17d8b8c"], 0x0, 0x18}, 0x20)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
getrandom(&(0x7f0000000600)=""/239, 0xef, 0x1)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
gettid()
syz_open_procfs(0x0, &(0x7f0000000140)='net/udp6\x00')

06:11:31 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x12b, 0x500)

06:11:31 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024090505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:31 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x12c, 0x500)

06:11:31 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:31 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x12d, 0x500)

06:11:31 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000240a0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:31 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000240b0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:31 executing program 3:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:31 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x12e, 0x500)

06:11:31 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:32 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:32 executing program 2:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x490080, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r2, 0xc0044308, &(0x7f0000000200))
ioctl$DRM_IOCTL_INFO_BUFS(r2, 0xc0106418, &(0x7f0000000280)={0x2, 0x3, 0x7, 0xfff0, 0x4, 0x100000000})
ioctl$CAPI_GET_SERIAL(r1, 0xc0044308, &(0x7f0000000200))
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xee0e698eb375dafd}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x1405, 0x200, 0x70bd2c, 0x25dfdbfc, "", [{{0x8, 0x1, 0x1}, {0x8, 0x3, 0x3}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x3}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x3}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x2}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000014}, 0x8001)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r1, 0x4008ae48, &(0x7f0000000080)=0x1000)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x0, 0x9, 0x0, 0x0, 0x0, {0x2}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1a}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x80c0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fff408", 0x10, 0x3a, 0x0, @local={0xfe, 0x80, [0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @ndisc_ra={0xc0}}}}}}, 0x0)

06:11:32 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000240c0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:32 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x12f, 0x500)

06:11:32 executing program 2:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000440)=<r0=>0x0)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)
r1 = syz_open_dev$loop(0x0, 0x0, 0x0)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={[], 0x2, 0x3, 0x6, 0x0, 0x0, r0})
ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x7})
lseek(0xffffffffffffffff, 0x0, 0x4)
r2 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
fallocate(r2, 0x0, 0x0, 0x1000ee)

[  431.295435][   T27] audit: type=1400 audit(1583993492.296:102): avc:  denied  { create } for  pid=15810 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1
06:11:32 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x130, 0x500)

06:11:32 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000240d0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  431.366169][   T27] audit: type=1400 audit(1583993492.296:103): avc:  denied  { write } for  pid=15810 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1
06:11:32 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:32 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000240e0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:32 executing program 3:
ptrace$setregs(0xd, 0xffffffffffffffff, 0x4, &(0x7f0000001280)="2d9571628598fdd70da94f204760860938fe830dad8d58f87823ba857420b8f3128f80e13e39c13d958bd31ffbcc00d0c787f00b4b755a86ffab4a1559c4681e5ca6bd1e72fc0ba58936edf350fa0bf55c1e45a2d87789d7025a8e8a2e21d5152dd86433b9f0dee69243e3274c6859176d1c866f6cf9bac11bade7b4adf1c90906badc09f2fae3a09bae8368d7f092f817c7507d8c51527f0f9ff8bfc3a74875ba502c2fa5fa784774e96780bdb8f39c51f737447e26b340a229c4a2e71f19d1608d4f57dd07547e903d110af78cfb5e95a240114d898c8b49897203d9fb5b8c2598bcc5837dd46d5602d96ac8a367ebfad7ef907f8e4c18cfbee645ae5ab08ca8967ae14522665ec2c70a51995438935096872a8fd51b00cab58e06c51ea4916288259119062b63cf9e1b81a79e7be67eaf223844c12e74ffa5934e008c1d4e6f9afc45f90909a34cc299263eb754c7a10d5ceabeebe6ea8835f1855f07fdfd3d1c2559b8f257665c4dcf918196d525ed741b04e107b45015d98c958d305f9011959cf65d155a127ee6743c5deac157b2ac44aec6f4c95887ca7fb67ae3f90c56981dd7d4ceafb39f1ec39e89869651d8ae34ff0867e49950f688830d1be8ef2cad389275eee1ee0f0acc12fd7209b37982a8a89a3cde0d1b139a566b42a08078d4f7b8e840e56ecaa6afebe64e8ca76d2bc9badd26e3424ec3fd37bc010099d6f0e2a166abf9c27cd52ad1370bc195a562d5ce8b6ea1483fb76c6f8ac807177397fc93dc254ed6024d578618b7b88037548daddcc0dd0b62ea4043a67182dff95826637a05a4e79dbbac0ff915cd7dbf016f18dc04ba81254c53a864b141815d126fe182bcc2f393d85538e5e51035fcc12ad3e610ead08a16d244b13a89e7b56e55593ea2454adce9f987618e01271702a0e76bb89b5abdc8fbce01c5091dfd6fcab7aad199538e75becfb185d9562b9b3af54e5da6b10d2ea9f1bf5e9cc32a3de1eeefe74d76dc331ed5ec6633560bb21ca58b2faffc9bf6be7a03c77b106e568b9ba27edd79bc9f7c7247fe3ab847c95283093abff50ec26673922ec446f89a5b6fb4566e572bb543bbefaf9e51910d3461c719ec9cec417712f150dd2222f5bab2d5e0ed318550c164fc86279cbab3a94a1c68b19760745131827344de19f41a102bb02d340e3c5509e60d5d7db7e8e8a5f1c61d74a684005b6aa9a275143ae2b53b43627d482f9dedfc9c459118e53cffb79ebc8da921df1b568a7773bd215244d91173ba6ea6987ae22c200897d7a79a1b6c1745ef6f37f9147fdc70c1144899f1755ce81c57ee3a86558caa2a5a5989a290bb228880fa1dd6ae82167350f5f2e8a6c402feddbf2b8894848a384642c2f6a437635069c9ac064bf744eba7a87abae6422de30f331b65c41e2ebdb304518f6cd665443b55f655410a915065a02652b9ed5f13d160eff928809df52d9a63d798f0be4eb43951d7d89ecafecaa0a950a808fba6b9537584fa0456a4cb9d54efb4ee094520a72da79d06a071b16c918a02d67c3d105f37800f1ab209e3aef8360ef37cf70b73110be7a7346d9a894f51eb899a49d05637662c3e48d8ea086e24dc8ba234b59f28b603b3b929157818250575beda01a8f7d30f0aafc84acf2e04b71dd6a4afe93fec650c1960bd3b229fc054b4009c7f300fe1fc9c71312c259dabf6813470ff52ebc7d7e9bd9a3cdc4564844ffbdeb9e003e7e37ed79d24db03d2774f19d1217065117c39f88e9f80653bee134d49f02b3a07730f478c8f14335640fff6dedd34e16fe21c9d886aaf2329bf65da020a077c2f97352d8b5bee84f86bfa8dbdc3204e95ecabdad61b8a4b240fccf26c8a25b80a2eaa7c1b702bd9ffa5a3f26433563c000b73ad2f6640d2cc2daaa8c292ef2be2554e69c33576cb4af7e43fa483f2664455134c6552634ea5661f313bc762c1a9383942a2fc51693e8775dbc1e34788444e603d929cde4f110e11f3f61a9caedea06d6cd25f9580d79cd5332c322b6a17ed23a3e25afbdf31ec2b12fab9d04c49e3c40249632de8bd34fa3800f7e9d9b15711d654e6686800293fb0d25efcef3158efcff99af47a02f12e71dafa106a7a5aa1a02ae1fded778ce6f5b24c039d861a1310a028bbed7c81dd83844304aa177735238f2580898f3e5d57e519638a6d1a0d77f7110c40df4c48e6d51fe1b6ff450b86227e439548fb6ad74ce84bb5d22024f11c99122e82886035bc199071af4f1a5124962a121b2d89b32680991b5a2ec826b280f6aca83272e5feb9e8303673a6b409e9872fb9a90bb6a0937d1ae7e24b40e6c929fb3e64b5d46b8d9e3a5f733603e24b4cfa713a2d2e2e3667428d9af22cdae68c923d1b54329a24c139b57e111fd964ea975753dae69264b23a85caf70752da9109d3ade337860bc4b7f37d505e8c99b41872577ecb8f385e1618f92ffbdec20b44f4a25ef550fa1400a3ea82044712bff9efc0cc2f1ad1cd1f742922eb6f59e6b50a4d3196dff13869a9a07ad04cc2c87b4231817a03b452e6a6b3e96650b4c32c801073ce5737052b6257d7a7b3d45671c52e47279fb522c89a7e1da9aafd81160d97153bf8bc4e5d320b18b2909dff4e1c96d5aa26e75398e4be96a6e138c980521b2367915b6108fe77cc509161a4206c0e0c74f0053517c86ca0310ff86d809ab336c87ac0e1130792bc215c70144e0b0b56215e9045a86909f052730e254ca0142c92628573684d004822931bb959c0e8c316c58a50a48f03e7d4544f2f358f3c927e6a84caf79098165c59b5293670f2df1ffee8cc6eef2dbff25add02f39fe8323faed6c0a2647936c198bd111d5305955510eca8f2a011575564dd939696c5f4f961453ce50c98cd05466a3917a236602b4fb03d824c6ea2c43379ab85b03c6a8171ed8e043db78a3d4db81dc355c0c1462c532736845126d041a84e5863f3a02121b01f9d233b1e488ba8eaf9a3f48dc788fc59d477451cb9db4c8a7ccffa1959ed2b916b1019e226cb61c259bfb0720881f5e5cf220beec3619ea1836cb4f4e193d1bb345dd3f3c2b0538eb57c058b82b0c576b4332c83d9bb6e9f96d66b40123bef01f5f7835b14e99e20407929c85212fba1ce961527faa38ac7618b32cec1cfadba861735b8f0bddc7ee9de9af23212e79fb2d9dbd8fd2583b1679b25c64aac9d232ce22630a23ea7d8742dcd16617616184e3d57a511a8244f4f38a7373079d2255e70b13030b94f74eaea71ac865d1480c1af039f1fe0d8740cc5856ee637146731009dcc2f5de8911ddc2e08f9bad003a7fd6db369ff58fc1166b4b612404053cb2106566ee301a13e193022baf3eecf94c746278ea1715ef547d58a6cb9c0660374f216687ba4c7ccad50741c0e4012371ff98032da8f8e426a337eca4086204727f9b2a297b81066b1b3db9497b69a56b37b7c9dc0316a9b4d9140843fff23a8c04cdf1477babcbb2dac1567f98f88e6b48e2a3d4db31f725c9d9159ae73039f456265b85c47aa347097a6bec704c582f3b867c8e82b5c199c15626df3f4fba74596fd356e3ad1bd72f14725dbf2468d36d279a4b064f378895a6079e7e97e654f8679382c617e0f38fbbdfdbac976b46157868580e98403277cf0160b280b115ac560f9d5090fe5fea5a56dcf0483575ec090270d60dc31050f6db7d07b736720342e4b2611755017fc09c6fee933f4dc795bba4b769738040d2983002fd3dc2d944b6df9da89002ca701da1df743b27117b64ae12629770918d2e5099d4450efa936ceeaf853e4032b79aa1d68bca4994ecaf44ae611735952d5fc44b653bd91d2c40846ab2a0d90db59c98098d39aeedc05ba6102368bb5460603928afa980096b4f69f0f0cdf23cfa6124e934326ab3426c757fdca16e864793a9083392356e67b171b76e1d91f2898133369a82ed3c970b8a40dd1a828b3048215dde73d1192e76243d0a56da151ad727489b8157a76801cc3f4c3094206bd8cab75508eea19484461ffd2639d1aaf03feabdae5ec32c3867d8771aa0ac5f0510af331657e8f62cecee5d409ff1c71e4cde8c9b0bfc645d66f7661aef74f2d82982447a4a60caa150ac06182aab094869780f083e0cdb42c456de74f869a8e39ef852943503e471433734406a512128cb60d4442bda2123626e709b998b93ebaeb7133deaaefbcadf5ec252ba47b0cc8eb144b1a03b8606579a5a071e31a481389e79c488d0545805e28cfe4dc29631543a4c2199181c88f852d527612a199e7986edb6a1f5ed6be8067647ccac4f910f02bd9ed9fd3833b4986122f6b60acd7125612687bb2dde77360c9fe553e1afe129dc49bcc3bcf34156243010a32aa5be67829fe78e02fdc646d2833a1e8c5849170f7434652e2306fbd196f790087a2f7f9531f7be96831c04f44e49c52ebcb4450806738f8341233c25d5d645f9558ce4b4e183739ff7238ed8599aab44ce84c0fd9a9fc2c912aff8fc488fe9bc7a0afa3914a4840c78a365552e6f42c075e3d72dd8803e06654750fa5491613c9e20729756576ecee39489c3721b6a17f3ca41e650f5706aa08238d252a39cdff0cf7bff078af4f26594003a6cd19e4f5650acd990d60444f27a788a0d8fdae0f6db288f4b2c3c84fb387d81155a28c4bb64f541275b8e95221a592dbbece9fc13dc744e86abf63dbcae77494a20ac4292d70e6f10145806d3fe9a9ec7f455b42ad890c35c43280316e44214166d0b144f9ef299ed4329ea886da2e8411981b235607cb944e29c269fda7519738971113ba0ca02826e8eba20c3f92f76d97a0d500a92b8e91f91f5a77e3d82fffae11d20ae28661c88fb755c266fbf7c8a06741f75d9d9dc3c34471f329d1f361a2ae9ec54c89887e7d0cc74411a7ff5dabe47e12526ed85b1765af34394918a56687f896cad1da342bbcc25eafa94b2e70e3241861ebc30b1c011cb4c8840fcfdbcd54968de842d145637b6cc727522c67a81de4ea3310ea4ca758839aeb8f46eb0f3bc67af7cab255d6fe769a9192a90ee04637278333bd657496470dcbbd7f39da68ac52135feb231fc9556f88e677bc52d7b3140c2e7e068a01cc67b88ec9a8a97186524c26c645fa0fb79b969854076998dc67cb93be32095d29ee3fab4fd5912c1481e0b83321adfeb384b980029843e926101f09a3d9c6d2156d08904dabb29fe79d6dc75acdc85470d926da3931596cb9820b84d9a9be94b92f8f2e98b065ecd36855e0e416a575e1b042406c62295095be9fa90368e63d8793558b9bb097b0c262d3d610544c78e2f797a77c04fce0c7e218ea116d2a2efa4c3543f5e3bccb71273a95bf38ae2b1b448c0c0d6aa26e03391f338b120ceeb2c11a0e46586f065b56c7bb13cab2fbce924035a55ab4f143efef5c419e440f4613d2b2484b8e1dea568d938ac30f7dbad432f5f74d39e7606c438c0f3b4a790a581555ff5cb2b7e280ae1a8ec256b1a85508918b77b816230e47ffe98e95ae9790adec3ae05320e8317a404ca7842a03bbc9fd79ef97cff458694b7897fd78e527185b8ac7c1705a0c02204e234705bbbf5987d6a9ee5f28f4d331fadbff3799921b8caaeb75525ce221dfb77852456fe8b4a0c6b4d3bcf39efca30aa680a31c32487ad87e76e35d36e7c592ef0af27d1a8bc2233b859759eef165cf30aec35bbb2696568ed706c24d43e179c9c3ec95f643fde35c24b4290ec5fe5804a9a155ec37eeaebc0967ba8dc29db197d951ff59c077b92ad68159ca2e23d3797ae7")
ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10)
r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x2, 0xae1d1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0)
socket(0x10, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200047ff, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x240, 0x0, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x660001, 0x0)
lstat(0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58)
sendto$unix(0xffffffffffffffff, &(0x7f0000000180), 0xfeed, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)=""/110, 0x6e}, {&(0x7f0000000200)=""/27, 0x1b}], 0x2}}], 0x1, 0x0, 0x0)

06:11:32 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x131, 0x500)

06:11:32 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000240f0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:33 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:33 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:33 executing program 2:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000440)=<r0=>0x0)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)
r1 = syz_open_dev$loop(0x0, 0x0, 0x0)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={[], 0x2, 0x3, 0x6, 0x0, 0x0, r0})
ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x7})
lseek(0xffffffffffffffff, 0x0, 0x4)
r2 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
fallocate(r2, 0x0, 0x0, 0x1000ee)

06:11:33 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024100505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:33 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x132, 0x500)

06:11:33 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024110505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:33 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x133, 0x500)

06:11:33 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:33 executing program 2:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:33 executing program 3:
ptrace$setregs(0xd, 0xffffffffffffffff, 0x4, &(0x7f0000001280)="2d9571628598fdd70da94f204760860938fe830dad8d58f87823ba857420b8f3128f80e13e39c13d958bd31ffbcc00d0c787f00b4b755a86ffab4a1559c4681e5ca6bd1e72fc0ba58936edf350fa0bf55c1e45a2d87789d7025a8e8a2e21d5152dd86433b9f0dee69243e3274c6859176d1c866f6cf9bac11bade7b4adf1c90906badc09f2fae3a09bae8368d7f092f817c7507d8c51527f0f9ff8bfc3a74875ba502c2fa5fa784774e96780bdb8f39c51f737447e26b340a229c4a2e71f19d1608d4f57dd07547e903d110af78cfb5e95a240114d898c8b49897203d9fb5b8c2598bcc5837dd46d5602d96ac8a367ebfad7ef907f8e4c18cfbee645ae5ab08ca8967ae14522665ec2c70a51995438935096872a8fd51b00cab58e06c51ea4916288259119062b63cf9e1b81a79e7be67eaf223844c12e74ffa5934e008c1d4e6f9afc45f90909a34cc299263eb754c7a10d5ceabeebe6ea8835f1855f07fdfd3d1c2559b8f257665c4dcf918196d525ed741b04e107b45015d98c958d305f9011959cf65d155a127ee6743c5deac157b2ac44aec6f4c95887ca7fb67ae3f90c56981dd7d4ceafb39f1ec39e89869651d8ae34ff0867e49950f688830d1be8ef2cad389275eee1ee0f0acc12fd7209b37982a8a89a3cde0d1b139a566b42a08078d4f7b8e840e56ecaa6afebe64e8ca76d2bc9badd26e3424ec3fd37bc010099d6f0e2a166abf9c27cd52ad1370bc195a562d5ce8b6ea1483fb76c6f8ac807177397fc93dc254ed6024d578618b7b88037548daddcc0dd0b62ea4043a67182dff95826637a05a4e79dbbac0ff915cd7dbf016f18dc04ba81254c53a864b141815d126fe182bcc2f393d85538e5e51035fcc12ad3e610ead08a16d244b13a89e7b56e55593ea2454adce9f987618e01271702a0e76bb89b5abdc8fbce01c5091dfd6fcab7aad199538e75becfb185d9562b9b3af54e5da6b10d2ea9f1bf5e9cc32a3de1eeefe74d76dc331ed5ec6633560bb21ca58b2faffc9bf6be7a03c77b106e568b9ba27edd79bc9f7c7247fe3ab847c95283093abff50ec26673922ec446f89a5b6fb4566e572bb543bbefaf9e51910d3461c719ec9cec417712f150dd2222f5bab2d5e0ed318550c164fc86279cbab3a94a1c68b19760745131827344de19f41a102bb02d340e3c5509e60d5d7db7e8e8a5f1c61d74a684005b6aa9a275143ae2b53b43627d482f9dedfc9c459118e53cffb79ebc8da921df1b568a7773bd215244d91173ba6ea6987ae22c200897d7a79a1b6c1745ef6f37f9147fdc70c1144899f1755ce81c57ee3a86558caa2a5a5989a290bb228880fa1dd6ae82167350f5f2e8a6c402feddbf2b8894848a384642c2f6a437635069c9ac064bf744eba7a87abae6422de30f331b65c41e2ebdb304518f6cd665443b55f655410a915065a02652b9ed5f13d160eff928809df52d9a63d798f0be4eb43951d7d89ecafecaa0a950a808fba6b9537584fa0456a4cb9d54efb4ee094520a72da79d06a071b16c918a02d67c3d105f37800f1ab209e3aef8360ef37cf70b73110be7a7346d9a894f51eb899a49d05637662c3e48d8ea086e24dc8ba234b59f28b603b3b929157818250575beda01a8f7d30f0aafc84acf2e04b71dd6a4afe93fec650c1960bd3b229fc054b4009c7f300fe1fc9c71312c259dabf6813470ff52ebc7d7e9bd9a3cdc4564844ffbdeb9e003e7e37ed79d24db03d2774f19d1217065117c39f88e9f80653bee134d49f02b3a07730f478c8f14335640fff6dedd34e16fe21c9d886aaf2329bf65da020a077c2f97352d8b5bee84f86bfa8dbdc3204e95ecabdad61b8a4b240fccf26c8a25b80a2eaa7c1b702bd9ffa5a3f26433563c000b73ad2f6640d2cc2daaa8c292ef2be2554e69c33576cb4af7e43fa483f2664455134c6552634ea5661f313bc762c1a9383942a2fc51693e8775dbc1e34788444e603d929cde4f110e11f3f61a9caedea06d6cd25f9580d79cd5332c322b6a17ed23a3e25afbdf31ec2b12fab9d04c49e3c40249632de8bd34fa3800f7e9d9b15711d654e6686800293fb0d25efcef3158efcff99af47a02f12e71dafa106a7a5aa1a02ae1fded778ce6f5b24c039d861a1310a028bbed7c81dd83844304aa177735238f2580898f3e5d57e519638a6d1a0d77f7110c40df4c48e6d51fe1b6ff450b86227e439548fb6ad74ce84bb5d22024f11c99122e82886035bc199071af4f1a5124962a121b2d89b32680991b5a2ec826b280f6aca83272e5feb9e8303673a6b409e9872fb9a90bb6a0937d1ae7e24b40e6c929fb3e64b5d46b8d9e3a5f733603e24b4cfa713a2d2e2e3667428d9af22cdae68c923d1b54329a24c139b57e111fd964ea975753dae69264b23a85caf70752da9109d3ade337860bc4b7f37d505e8c99b41872577ecb8f385e1618f92ffbdec20b44f4a25ef550fa1400a3ea82044712bff9efc0cc2f1ad1cd1f742922eb6f59e6b50a4d3196dff13869a9a07ad04cc2c87b4231817a03b452e6a6b3e96650b4c32c801073ce5737052b6257d7a7b3d45671c52e47279fb522c89a7e1da9aafd81160d97153bf8bc4e5d320b18b2909dff4e1c96d5aa26e75398e4be96a6e138c980521b2367915b6108fe77cc509161a4206c0e0c74f0053517c86ca0310ff86d809ab336c87ac0e1130792bc215c70144e0b0b56215e9045a86909f052730e254ca0142c92628573684d004822931bb959c0e8c316c58a50a48f03e7d4544f2f358f3c927e6a84caf79098165c59b5293670f2df1ffee8cc6eef2dbff25add02f39fe8323faed6c0a2647936c198bd111d5305955510eca8f2a011575564dd939696c5f4f961453ce50c98cd05466a3917a236602b4fb03d824c6ea2c43379ab85b03c6a8171ed8e043db78a3d4db81dc355c0c1462c532736845126d041a84e5863f3a02121b01f9d233b1e488ba8eaf9a3f48dc788fc59d477451cb9db4c8a7ccffa1959ed2b916b1019e226cb61c259bfb0720881f5e5cf220beec3619ea1836cb4f4e193d1bb345dd3f3c2b0538eb57c058b82b0c576b4332c83d9bb6e9f96d66b40123bef01f5f7835b14e99e20407929c85212fba1ce961527faa38ac7618b32cec1cfadba861735b8f0bddc7ee9de9af23212e79fb2d9dbd8fd2583b1679b25c64aac9d232ce22630a23ea7d8742dcd16617616184e3d57a511a8244f4f38a7373079d2255e70b13030b94f74eaea71ac865d1480c1af039f1fe0d8740cc5856ee637146731009dcc2f5de8911ddc2e08f9bad003a7fd6db369ff58fc1166b4b612404053cb2106566ee301a13e193022baf3eecf94c746278ea1715ef547d58a6cb9c0660374f216687ba4c7ccad50741c0e4012371ff98032da8f8e426a337eca4086204727f9b2a297b81066b1b3db9497b69a56b37b7c9dc0316a9b4d9140843fff23a8c04cdf1477babcbb2dac1567f98f88e6b48e2a3d4db31f725c9d9159ae73039f456265b85c47aa347097a6bec704c582f3b867c8e82b5c199c15626df3f4fba74596fd356e3ad1bd72f14725dbf2468d36d279a4b064f378895a6079e7e97e654f8679382c617e0f38fbbdfdbac976b46157868580e98403277cf0160b280b115ac560f9d5090fe5fea5a56dcf0483575ec090270d60dc31050f6db7d07b736720342e4b2611755017fc09c6fee933f4dc795bba4b769738040d2983002fd3dc2d944b6df9da89002ca701da1df743b27117b64ae12629770918d2e5099d4450efa936ceeaf853e4032b79aa1d68bca4994ecaf44ae611735952d5fc44b653bd91d2c40846ab2a0d90db59c98098d39aeedc05ba6102368bb5460603928afa980096b4f69f0f0cdf23cfa6124e934326ab3426c757fdca16e864793a9083392356e67b171b76e1d91f2898133369a82ed3c970b8a40dd1a828b3048215dde73d1192e76243d0a56da151ad727489b8157a76801cc3f4c3094206bd8cab75508eea19484461ffd2639d1aaf03feabdae5ec32c3867d8771aa0ac5f0510af331657e8f62cecee5d409ff1c71e4cde8c9b0bfc645d66f7661aef74f2d82982447a4a60caa150ac06182aab094869780f083e0cdb42c456de74f869a8e39ef852943503e471433734406a512128cb60d4442bda2123626e709b998b93ebaeb7133deaaefbcadf5ec252ba47b0cc8eb144b1a03b8606579a5a071e31a481389e79c488d0545805e28cfe4dc29631543a4c2199181c88f852d527612a199e7986edb6a1f5ed6be8067647ccac4f910f02bd9ed9fd3833b4986122f6b60acd7125612687bb2dde77360c9fe553e1afe129dc49bcc3bcf34156243010a32aa5be67829fe78e02fdc646d2833a1e8c5849170f7434652e2306fbd196f790087a2f7f9531f7be96831c04f44e49c52ebcb4450806738f8341233c25d5d645f9558ce4b4e183739ff7238ed8599aab44ce84c0fd9a9fc2c912aff8fc488fe9bc7a0afa3914a4840c78a365552e6f42c075e3d72dd8803e06654750fa5491613c9e20729756576ecee39489c3721b6a17f3ca41e650f5706aa08238d252a39cdff0cf7bff078af4f26594003a6cd19e4f5650acd990d60444f27a788a0d8fdae0f6db288f4b2c3c84fb387d81155a28c4bb64f541275b8e95221a592dbbece9fc13dc744e86abf63dbcae77494a20ac4292d70e6f10145806d3fe9a9ec7f455b42ad890c35c43280316e44214166d0b144f9ef299ed4329ea886da2e8411981b235607cb944e29c269fda7519738971113ba0ca02826e8eba20c3f92f76d97a0d500a92b8e91f91f5a77e3d82fffae11d20ae28661c88fb755c266fbf7c8a06741f75d9d9dc3c34471f329d1f361a2ae9ec54c89887e7d0cc74411a7ff5dabe47e12526ed85b1765af34394918a56687f896cad1da342bbcc25eafa94b2e70e3241861ebc30b1c011cb4c8840fcfdbcd54968de842d145637b6cc727522c67a81de4ea3310ea4ca758839aeb8f46eb0f3bc67af7cab255d6fe769a9192a90ee04637278333bd657496470dcbbd7f39da68ac52135feb231fc9556f88e677bc52d7b3140c2e7e068a01cc67b88ec9a8a97186524c26c645fa0fb79b969854076998dc67cb93be32095d29ee3fab4fd5912c1481e0b83321adfeb384b980029843e926101f09a3d9c6d2156d08904dabb29fe79d6dc75acdc85470d926da3931596cb9820b84d9a9be94b92f8f2e98b065ecd36855e0e416a575e1b042406c62295095be9fa90368e63d8793558b9bb097b0c262d3d610544c78e2f797a77c04fce0c7e218ea116d2a2efa4c3543f5e3bccb71273a95bf38ae2b1b448c0c0d6aa26e03391f338b120ceeb2c11a0e46586f065b56c7bb13cab2fbce924035a55ab4f143efef5c419e440f4613d2b2484b8e1dea568d938ac30f7dbad432f5f74d39e7606c438c0f3b4a790a581555ff5cb2b7e280ae1a8ec256b1a85508918b77b816230e47ffe98e95ae9790adec3ae05320e8317a404ca7842a03bbc9fd79ef97cff458694b7897fd78e527185b8ac7c1705a0c02204e234705bbbf5987d6a9ee5f28f4d331fadbff3799921b8caaeb75525ce221dfb77852456fe8b4a0c6b4d3bcf39efca30aa680a31c32487ad87e76e35d36e7c592ef0af27d1a8bc2233b859759eef165cf30aec35bbb2696568ed706c24d43e179c9c3ec95f643fde35c24b4290ec5fe5804a9a155ec37eeaebc0967ba8dc29db197d951ff59c077b92ad68159ca2e23d3797ae7")
ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10)
r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x2, 0xae1d1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0)
socket(0x10, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200047ff, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x240, 0x0, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x660001, 0x0)
lstat(0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58)
sendto$unix(0xffffffffffffffff, &(0x7f0000000180), 0xfeed, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)=""/110, 0x6e}, {&(0x7f0000000200)=""/27, 0x1b}], 0x2}}], 0x1, 0x0, 0x0)

06:11:33 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x134, 0x500)

06:11:33 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024120505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:34 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:34 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:34 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024130505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:34 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x135, 0x500)

06:11:34 executing program 2:
r0 = socket$kcm(0x2, 0x2, 0x73)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r2, 0xc0044308, &(0x7f0000000200))
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r3, 0xc0044308, &(0x7f0000000280))
ioctl$KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="0400000000000000000000000000000000000000000000000000001b00000000009390444d0e000000000000000000000000000000000000000000000000001364a526b700b2d8574c77b489e6e684de689b0e70c8c4b6def57bee0d12571ca0a345c997a2f9e8e3d2ff07cef85c22c3abad9e63af3ad3e70400"/135])
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10)
connect(r0, &(0x7f0000000000)=@ethernet={0x306, @local}, 0x80)
r4 = socket$inet6(0xa, 0x1, 0x0)
r5 = dup(r4)
ioctl$SIOCSIFHWADDR(r5, 0x8937, &(0x7f0000000000)={'bridge_slave_1\x00', @random="01003a1e2410"})
syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00')
sendmmsg(r0, &(0x7f0000001540), 0x400000000000295, 0x0)

06:11:34 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024140505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:34 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x136, 0x500)

06:11:34 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'macvlan0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r2, @ANYBLOB="ff07000000000000ce31358d2902495f968b5d5fb3a33d5cb488a39c30094885e86518ea51065020ba000000", @ANYRES32, @ANYBLOB="81afc31100000000000000815c286ec7ea30698c801f535a6fdc60604909f36573f3e35447e8a22835a4c3a22668c4884cdc3394c21d3a33d6834aa42520102672ce795b67f3ae7aca00000000000000"], 0x28}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0)
ioctl$USBDEVFS_RESETEP(r5, 0x80045503, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'macvlan0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000001000010400000000000000b000000000", @ANYRES32=r6, @ANYBLOB='\b\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32, @ANYBLOB="e80083e5adb63aec7f5ee70e785393fab6d09df8465163233582ed099301bc6520dc20e35376707785c6540f7d5f5f0c3180f030d52b681875a8bf4b1627bd1603ef9d3e5efaab3b9f612dac6b5d7bc7b63653e51b0eae479a0d18f7f08d8d0900"/110], 0x28}}, 0x0)

06:11:34 executing program 3:
ptrace$setregs(0xd, 0xffffffffffffffff, 0x4, &(0x7f0000001280)="2d9571628598fdd70da94f204760860938fe830dad8d58f87823ba857420b8f3128f80e13e39c13d958bd31ffbcc00d0c787f00b4b755a86ffab4a1559c4681e5ca6bd1e72fc0ba58936edf350fa0bf55c1e45a2d87789d7025a8e8a2e21d5152dd86433b9f0dee69243e3274c6859176d1c866f6cf9bac11bade7b4adf1c90906badc09f2fae3a09bae8368d7f092f817c7507d8c51527f0f9ff8bfc3a74875ba502c2fa5fa784774e96780bdb8f39c51f737447e26b340a229c4a2e71f19d1608d4f57dd07547e903d110af78cfb5e95a240114d898c8b49897203d9fb5b8c2598bcc5837dd46d5602d96ac8a367ebfad7ef907f8e4c18cfbee645ae5ab08ca8967ae14522665ec2c70a51995438935096872a8fd51b00cab58e06c51ea4916288259119062b63cf9e1b81a79e7be67eaf223844c12e74ffa5934e008c1d4e6f9afc45f90909a34cc299263eb754c7a10d5ceabeebe6ea8835f1855f07fdfd3d1c2559b8f257665c4dcf918196d525ed741b04e107b45015d98c958d305f9011959cf65d155a127ee6743c5deac157b2ac44aec6f4c95887ca7fb67ae3f90c56981dd7d4ceafb39f1ec39e89869651d8ae34ff0867e49950f688830d1be8ef2cad389275eee1ee0f0acc12fd7209b37982a8a89a3cde0d1b139a566b42a08078d4f7b8e840e56ecaa6afebe64e8ca76d2bc9badd26e3424ec3fd37bc010099d6f0e2a166abf9c27cd52ad1370bc195a562d5ce8b6ea1483fb76c6f8ac807177397fc93dc254ed6024d578618b7b88037548daddcc0dd0b62ea4043a67182dff95826637a05a4e79dbbac0ff915cd7dbf016f18dc04ba81254c53a864b141815d126fe182bcc2f393d85538e5e51035fcc12ad3e610ead08a16d244b13a89e7b56e55593ea2454adce9f987618e01271702a0e76bb89b5abdc8fbce01c5091dfd6fcab7aad199538e75becfb185d9562b9b3af54e5da6b10d2ea9f1bf5e9cc32a3de1eeefe74d76dc331ed5ec6633560bb21ca58b2faffc9bf6be7a03c77b106e568b9ba27edd79bc9f7c7247fe3ab847c95283093abff50ec26673922ec446f89a5b6fb4566e572bb543bbefaf9e51910d3461c719ec9cec417712f150dd2222f5bab2d5e0ed318550c164fc86279cbab3a94a1c68b19760745131827344de19f41a102bb02d340e3c5509e60d5d7db7e8e8a5f1c61d74a684005b6aa9a275143ae2b53b43627d482f9dedfc9c459118e53cffb79ebc8da921df1b568a7773bd215244d91173ba6ea6987ae22c200897d7a79a1b6c1745ef6f37f9147fdc70c1144899f1755ce81c57ee3a86558caa2a5a5989a290bb228880fa1dd6ae82167350f5f2e8a6c402feddbf2b8894848a384642c2f6a437635069c9ac064bf744eba7a87abae6422de30f331b65c41e2ebdb304518f6cd665443b55f655410a915065a02652b9ed5f13d160eff928809df52d9a63d798f0be4eb43951d7d89ecafecaa0a950a808fba6b9537584fa0456a4cb9d54efb4ee094520a72da79d06a071b16c918a02d67c3d105f37800f1ab209e3aef8360ef37cf70b73110be7a7346d9a894f51eb899a49d05637662c3e48d8ea086e24dc8ba234b59f28b603b3b929157818250575beda01a8f7d30f0aafc84acf2e04b71dd6a4afe93fec650c1960bd3b229fc054b4009c7f300fe1fc9c71312c259dabf6813470ff52ebc7d7e9bd9a3cdc4564844ffbdeb9e003e7e37ed79d24db03d2774f19d1217065117c39f88e9f80653bee134d49f02b3a07730f478c8f14335640fff6dedd34e16fe21c9d886aaf2329bf65da020a077c2f97352d8b5bee84f86bfa8dbdc3204e95ecabdad61b8a4b240fccf26c8a25b80a2eaa7c1b702bd9ffa5a3f26433563c000b73ad2f6640d2cc2daaa8c292ef2be2554e69c33576cb4af7e43fa483f2664455134c6552634ea5661f313bc762c1a9383942a2fc51693e8775dbc1e34788444e603d929cde4f110e11f3f61a9caedea06d6cd25f9580d79cd5332c322b6a17ed23a3e25afbdf31ec2b12fab9d04c49e3c40249632de8bd34fa3800f7e9d9b15711d654e6686800293fb0d25efcef3158efcff99af47a02f12e71dafa106a7a5aa1a02ae1fded778ce6f5b24c039d861a1310a028bbed7c81dd83844304aa177735238f2580898f3e5d57e519638a6d1a0d77f7110c40df4c48e6d51fe1b6ff450b86227e439548fb6ad74ce84bb5d22024f11c99122e82886035bc199071af4f1a5124962a121b2d89b32680991b5a2ec826b280f6aca83272e5feb9e8303673a6b409e9872fb9a90bb6a0937d1ae7e24b40e6c929fb3e64b5d46b8d9e3a5f733603e24b4cfa713a2d2e2e3667428d9af22cdae68c923d1b54329a24c139b57e111fd964ea975753dae69264b23a85caf70752da9109d3ade337860bc4b7f37d505e8c99b41872577ecb8f385e1618f92ffbdec20b44f4a25ef550fa1400a3ea82044712bff9efc0cc2f1ad1cd1f742922eb6f59e6b50a4d3196dff13869a9a07ad04cc2c87b4231817a03b452e6a6b3e96650b4c32c801073ce5737052b6257d7a7b3d45671c52e47279fb522c89a7e1da9aafd81160d97153bf8bc4e5d320b18b2909dff4e1c96d5aa26e75398e4be96a6e138c980521b2367915b6108fe77cc509161a4206c0e0c74f0053517c86ca0310ff86d809ab336c87ac0e1130792bc215c70144e0b0b56215e9045a86909f052730e254ca0142c92628573684d004822931bb959c0e8c316c58a50a48f03e7d4544f2f358f3c927e6a84caf79098165c59b5293670f2df1ffee8cc6eef2dbff25add02f39fe8323faed6c0a2647936c198bd111d5305955510eca8f2a011575564dd939696c5f4f961453ce50c98cd05466a3917a236602b4fb03d824c6ea2c43379ab85b03c6a8171ed8e043db78a3d4db81dc355c0c1462c532736845126d041a84e5863f3a02121b01f9d233b1e488ba8eaf9a3f48dc788fc59d477451cb9db4c8a7ccffa1959ed2b916b1019e226cb61c259bfb0720881f5e5cf220beec3619ea1836cb4f4e193d1bb345dd3f3c2b0538eb57c058b82b0c576b4332c83d9bb6e9f96d66b40123bef01f5f7835b14e99e20407929c85212fba1ce961527faa38ac7618b32cec1cfadba861735b8f0bddc7ee9de9af23212e79fb2d9dbd8fd2583b1679b25c64aac9d232ce22630a23ea7d8742dcd16617616184e3d57a511a8244f4f38a7373079d2255e70b13030b94f74eaea71ac865d1480c1af039f1fe0d8740cc5856ee637146731009dcc2f5de8911ddc2e08f9bad003a7fd6db369ff58fc1166b4b612404053cb2106566ee301a13e193022baf3eecf94c746278ea1715ef547d58a6cb9c0660374f216687ba4c7ccad50741c0e4012371ff98032da8f8e426a337eca4086204727f9b2a297b81066b1b3db9497b69a56b37b7c9dc0316a9b4d9140843fff23a8c04cdf1477babcbb2dac1567f98f88e6b48e2a3d4db31f725c9d9159ae73039f456265b85c47aa347097a6bec704c582f3b867c8e82b5c199c15626df3f4fba74596fd356e3ad1bd72f14725dbf2468d36d279a4b064f378895a6079e7e97e654f8679382c617e0f38fbbdfdbac976b46157868580e98403277cf0160b280b115ac560f9d5090fe5fea5a56dcf0483575ec090270d60dc31050f6db7d07b736720342e4b2611755017fc09c6fee933f4dc795bba4b769738040d2983002fd3dc2d944b6df9da89002ca701da1df743b27117b64ae12629770918d2e5099d4450efa936ceeaf853e4032b79aa1d68bca4994ecaf44ae611735952d5fc44b653bd91d2c40846ab2a0d90db59c98098d39aeedc05ba6102368bb5460603928afa980096b4f69f0f0cdf23cfa6124e934326ab3426c757fdca16e864793a9083392356e67b171b76e1d91f2898133369a82ed3c970b8a40dd1a828b3048215dde73d1192e76243d0a56da151ad727489b8157a76801cc3f4c3094206bd8cab75508eea19484461ffd2639d1aaf03feabdae5ec32c3867d8771aa0ac5f0510af331657e8f62cecee5d409ff1c71e4cde8c9b0bfc645d66f7661aef74f2d82982447a4a60caa150ac06182aab094869780f083e0cdb42c456de74f869a8e39ef852943503e471433734406a512128cb60d4442bda2123626e709b998b93ebaeb7133deaaefbcadf5ec252ba47b0cc8eb144b1a03b8606579a5a071e31a481389e79c488d0545805e28cfe4dc29631543a4c2199181c88f852d527612a199e7986edb6a1f5ed6be8067647ccac4f910f02bd9ed9fd3833b4986122f6b60acd7125612687bb2dde77360c9fe553e1afe129dc49bcc3bcf34156243010a32aa5be67829fe78e02fdc646d2833a1e8c5849170f7434652e2306fbd196f790087a2f7f9531f7be96831c04f44e49c52ebcb4450806738f8341233c25d5d645f9558ce4b4e183739ff7238ed8599aab44ce84c0fd9a9fc2c912aff8fc488fe9bc7a0afa3914a4840c78a365552e6f42c075e3d72dd8803e06654750fa5491613c9e20729756576ecee39489c3721b6a17f3ca41e650f5706aa08238d252a39cdff0cf7bff078af4f26594003a6cd19e4f5650acd990d60444f27a788a0d8fdae0f6db288f4b2c3c84fb387d81155a28c4bb64f541275b8e95221a592dbbece9fc13dc744e86abf63dbcae77494a20ac4292d70e6f10145806d3fe9a9ec7f455b42ad890c35c43280316e44214166d0b144f9ef299ed4329ea886da2e8411981b235607cb944e29c269fda7519738971113ba0ca02826e8eba20c3f92f76d97a0d500a92b8e91f91f5a77e3d82fffae11d20ae28661c88fb755c266fbf7c8a06741f75d9d9dc3c34471f329d1f361a2ae9ec54c89887e7d0cc74411a7ff5dabe47e12526ed85b1765af34394918a56687f896cad1da342bbcc25eafa94b2e70e3241861ebc30b1c011cb4c8840fcfdbcd54968de842d145637b6cc727522c67a81de4ea3310ea4ca758839aeb8f46eb0f3bc67af7cab255d6fe769a9192a90ee04637278333bd657496470dcbbd7f39da68ac52135feb231fc9556f88e677bc52d7b3140c2e7e068a01cc67b88ec9a8a97186524c26c645fa0fb79b969854076998dc67cb93be32095d29ee3fab4fd5912c1481e0b83321adfeb384b980029843e926101f09a3d9c6d2156d08904dabb29fe79d6dc75acdc85470d926da3931596cb9820b84d9a9be94b92f8f2e98b065ecd36855e0e416a575e1b042406c62295095be9fa90368e63d8793558b9bb097b0c262d3d610544c78e2f797a77c04fce0c7e218ea116d2a2efa4c3543f5e3bccb71273a95bf38ae2b1b448c0c0d6aa26e03391f338b120ceeb2c11a0e46586f065b56c7bb13cab2fbce924035a55ab4f143efef5c419e440f4613d2b2484b8e1dea568d938ac30f7dbad432f5f74d39e7606c438c0f3b4a790a581555ff5cb2b7e280ae1a8ec256b1a85508918b77b816230e47ffe98e95ae9790adec3ae05320e8317a404ca7842a03bbc9fd79ef97cff458694b7897fd78e527185b8ac7c1705a0c02204e234705bbbf5987d6a9ee5f28f4d331fadbff3799921b8caaeb75525ce221dfb77852456fe8b4a0c6b4d3bcf39efca30aa680a31c32487ad87e76e35d36e7c592ef0af27d1a8bc2233b859759eef165cf30aec35bbb2696568ed706c24d43e179c9c3ec95f643fde35c24b4290ec5fe5804a9a155ec37eeaebc0967ba8dc29db197d951ff59c077b92ad68159ca2e23d3797ae7")
ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10)
r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x2, 0xae1d1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0)
socket(0x10, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200047ff, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x240, 0x0, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x660001, 0x0)
lstat(0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58)
sendto$unix(0xffffffffffffffff, &(0x7f0000000180), 0xfeed, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)=""/110, 0x6e}, {&(0x7f0000000200)=""/27, 0x1b}], 0x2}}], 0x1, 0x0, 0x0)

06:11:34 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x137, 0x500)

06:11:34 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024150505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  433.758762][T15934] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  433.780128][T15934] device macvlan0 entered promiscuous mode
06:11:34 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x138, 0x500)

[  433.900204][T15937] device macvlan0 left promiscuous mode
[  434.125019][T15934] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  434.217944][T15934] device macvlan0 entered promiscuous mode
06:11:35 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:35 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:35 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x139, 0x500)

06:11:35 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024160505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:35 executing program 2:
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000180))
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00'})
ioctl(r1, 0x8b2b, &(0x7f0000000040))
socket$inet(0x2, 0x0, 0x84)
r2 = socket$inet6(0xa, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0xffff0001}, 0x80)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in=@empty, @in=@remote}}, {{@in=@broadcast}, 0x0, @in=@loopback}}, &(0x7f0000000340)=0xe8)
r3 = socket$inet(0x2, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0xfffffffffffffc6d, 0x0, &(0x7f0000000240)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='ip6_vti0\x00', 0x1000001d0)
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff})
getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, 0x0, &(0x7f0000000540))
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r5, &(0x7f0000000200), 0x38c, 0x0, 0x0)
connect$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r5, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040)=[{r5, 0x2, 0x3000300}], 0x1, 0x0, 0x0, 0x0)
sendmsg$TEAM_CMD_PORT_LIST_GET(r5, &(0x7f000000ab80)={0x0, 0xfffffffffffffd57, 0x0, 0x1, 0x0, 0x0, 0x10000}, 0x40000)
getsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000000700)={{{@in=@multicast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@initdev}, 0x0, @in6=@local}}, &(0x7f00000001c0)=0xe8)
setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@local, @in=@empty, 0x0, 0x6, 0x4e21, 0x0, 0x0, 0x20, 0x80, 0x0, 0x0, r6}, {0x1c993630, 0x0, 0x7, 0x100000000, 0x3, 0xfffffffffffffffc}, {0x6}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x2}, {{@in=@loopback, 0x4d4}, 0x2, @in, 0x3502, 0xa7f8935fca5fa15b, 0x3cef14a422163db1, 0x2, 0x7, 0x200, 0xd2}}, 0xe8)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000280)={{{@in=@empty, @in=@empty, 0x4e22, 0x401, 0x0, 0x8000, 0xa, 0x80, 0x120, 0x0, 0x0, r6}, {0x2, 0x7f800, 0x100000001, 0x100000000, 0x100, 0x0, 0xff}, {0x6, 0x0, 0x0, 0x49f}, 0xe6c, 0x6e6bb9, 0x0, 0x0, 0x1, 0x3}, {{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4d2, 0xff}, 0x1, @in, 0x0, 0x3, 0x0, 0x5, 0x1f, 0xff, 0x800}}, 0xe8)

06:11:35 executing program 3:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="6000000030003f030000000000000000000000004c000100480001000b000100736b626d6f64000034000280240002000300000000000000000000000000000400000000000000fdffffffffffffff000a000200aaaaaaaaaa00000004000600a63f285ca6138b802d03f1e0b92b0000000000000017fa61a1deb013268aff6344fe474383cd7a8636ad4423d400158e055a4162df8558e71dd4627d611694baf6766ee024d5a98925b77cfa6c55d8401eba33daef7cf3b2081873d984c92f1d08348f2ba5ab188a69d42ad1456fe865618ff4cee427f72b6693a2090049593fe041692efa373b7483dc99c1407b559500f8a3e367a0424ca18587c5f4b7bbccc358f48762d89759332c4a0a6def1a21e6fac1ca61d1bba78bc0658b72f5f964e5f40e5c0b8956d9db33caee1293b4a781cb373756765c980519760b1aec48e11ad20a5430000da8cba310fdaa35c3c236a15b3319742f53139d9c9af3bcb4eb1dfadbf78dda9a7245f25a8c5ec7a5221129556e436ed83536fdcd74e30b46457ed1426f28d00b4f884d8cfc31a17c207928e45f7ea787b7be8ffa53a93589d9ef3716e7c19dbc5d9a3b04bd309d359308a1bbc7c0da3f9ad3dd8f3cbc03b35f495b1963787abc745fb14ef262fcc5affebbdc2b8966ab76d9f7abff8fef29fbe3f7ea73bf68dbeeaef88b10a1594174194ce40847d59ea26a6179ee5d466ee65a6e0bc813411fdb298f8c52e80cb392374bd326fb303d8b44b24b4be4c41b4356a5bc33c6f7514cd049a36c6d5e7278a47bd28479e5d697b55f34598621d3b556cf2b1234b405eb5868aac2f3d9d5833914fdd25f343513e317ab4815e45b625594be9eeb612c71a7f7a217fb9c103f2349f0c06b4cb11586491b217090c082f117ea5f8816"], 0x60}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000002200000029bd7000fbdbdf25757d140080e6ff0601000000ea8fa256acad954bf27a8e11dd7a329eb717363e405e90a261a695a350e6875bc89b7dbde291e57b6d098d6e65a4529fb3a3ce0e4c3387a11fed42000000000000000000"], 0x1c}}, 0x8000)
r0 = socket(0x10, 0x80002, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = getpid()
ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$snddsp(r3, &(0x7f0000000200)="e3f8230f8b7379e5278c4e7b2216d393aae78ebf15ecb74c7dd2237191196b391a515de82dc315416249e4be83041438cd0ab9eab490ff78250b6da3f9d8c4ed8b99f3bcff2a9fc4ef96d8c2ab19d829a527a3a6608c6f6de1c583ddc48a32c162c0c4a447628b81e38c994b24ed220b21233788e02484f0105e7e2ceeea33632368f39b7db4795518de458c452da76692c5fed1d50ace2d04", 0x99)
unlinkat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x200)
mq_notify(0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x1ff, &(0x7f00000004c0)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000000), 0x10000}])
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r6 = eventfd(0xfffffc00)
read$eventfd(r6, 0x0, 0x0)
getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, &(0x7f00000000c0))
pipe2$9p(0x0, 0x0)
dup(0xffffffffffffffff)
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0)
r7 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r7, 0xc0044308, &(0x7f0000000200))
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000006c0)={&(0x7f00000003c0)='./file1\x00', r7}, 0x10)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="7a0af8ff00000021bfa100000000000007010000f8ffffffb702000008000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed8a25312a2e2c49e80a32e8cf1cc9a100a9af698393aa0f3c21e9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb545440677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e906f2dbe3e625704f07a72c291848bf4f4d772f3ba678bd651ebdcf4cef80960607484adb08ac35e53360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec28b48b45ef4adb6763289d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad000000000000000999e085ccb79d1470501b848de0b53861842e711914cd1b8db750fd29b40c5d90507a2084292b5d63920cd55eacf0fb1228eacd9450514678422e01c105e87d1a4c2dfd244641c7dd40b08830ff811a023f5bab57c3af5a55bd9ce4998bcb6bbf0be67b3393d6958d2480097fa81fc6ea6e07761d7d700"/406], &(0x7f0000000100)='GPL\x00'}, 0x48)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

06:11:35 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024170505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:35 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x13a, 0x500)

06:11:35 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024180505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:36 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x13b, 0x500)

[  435.024280][T15964] 
[  435.030629][T15964] **********************************************************
[  435.040476][T15964] **   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
[  435.058528][T15964] **                                                      **
[  435.097113][T15964] ** trace_printk() being used. Allocating extra memory.  **
[  435.131599][T15964] **                                                      **
06:11:36 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024190505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  435.154147][T15964] ** This means that this is a DEBUG kernel and it is     **
[  435.177728][T15964] ** unsafe for production use.                           **
[  435.216876][T15964] **                                                      **
[  435.238212][T15964] ** If you see this message and you are not debugging    **
[  435.258502][T15964] ** the kernel, report this immediately to your vendor!  **
06:11:36 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x13c, 0x500)

[  435.266561][T15964] **                                                      **
[  435.280556][T15964] **   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
[  435.298462][T15964] **********************************************************
06:11:36 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(0x0, 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:36 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:36 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000241a0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:36 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x13d, 0x500)

06:11:36 executing program 3:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="6000000030003f030000000000000000000000004c000100480001000b000100736b626d6f64000034000280240002000300000000000000000000000000000400000000000000fdffffffffffffff000a000200aaaaaaaaaa00000004000600a63f285ca6138b802d03f1e0b92b0000000000000017fa61a1deb013268aff6344fe474383cd7a8636ad4423d400158e055a4162df8558e71dd4627d611694baf6766ee024d5a98925b77cfa6c55d8401eba33daef7cf3b2081873d984c92f1d08348f2ba5ab188a69d42ad1456fe865618ff4cee427f72b6693a2090049593fe041692efa373b7483dc99c1407b559500f8a3e367a0424ca18587c5f4b7bbccc358f48762d89759332c4a0a6def1a21e6fac1ca61d1bba78bc0658b72f5f964e5f40e5c0b8956d9db33caee1293b4a781cb373756765c980519760b1aec48e11ad20a5430000da8cba310fdaa35c3c236a15b3319742f53139d9c9af3bcb4eb1dfadbf78dda9a7245f25a8c5ec7a5221129556e436ed83536fdcd74e30b46457ed1426f28d00b4f884d8cfc31a17c207928e45f7ea787b7be8ffa53a93589d9ef3716e7c19dbc5d9a3b04bd309d359308a1bbc7c0da3f9ad3dd8f3cbc03b35f495b1963787abc745fb14ef262fcc5affebbdc2b8966ab76d9f7abff8fef29fbe3f7ea73bf68dbeeaef88b10a1594174194ce40847d59ea26a6179ee5d466ee65a6e0bc813411fdb298f8c52e80cb392374bd326fb303d8b44b24b4be4c41b4356a5bc33c6f7514cd049a36c6d5e7278a47bd28479e5d697b55f34598621d3b556cf2b1234b405eb5868aac2f3d9d5833914fdd25f343513e317ab4815e45b625594be9eeb612c71a7f7a217fb9c103f2349f0c06b4cb11586491b217090c082f117ea5f8816"], 0x60}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000002200000029bd7000fbdbdf25757d140080e6ff0601000000ea8fa256acad954bf27a8e11dd7a329eb717363e405e90a261a695a350e6875bc89b7dbde291e57b6d098d6e65a4529fb3a3ce0e4c3387a11fed42000000000000000000"], 0x1c}}, 0x8000)
r0 = socket(0x10, 0x80002, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = getpid()
ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$snddsp(r3, &(0x7f0000000200)="e3f8230f8b7379e5278c4e7b2216d393aae78ebf15ecb74c7dd2237191196b391a515de82dc315416249e4be83041438cd0ab9eab490ff78250b6da3f9d8c4ed8b99f3bcff2a9fc4ef96d8c2ab19d829a527a3a6608c6f6de1c583ddc48a32c162c0c4a447628b81e38c994b24ed220b21233788e02484f0105e7e2ceeea33632368f39b7db4795518de458c452da76692c5fed1d50ace2d04", 0x99)
unlinkat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x200)
mq_notify(0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x1ff, &(0x7f00000004c0)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000000), 0x10000}])
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r6 = eventfd(0xfffffc00)
read$eventfd(r6, 0x0, 0x0)
getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, &(0x7f00000000c0))
pipe2$9p(0x0, 0x0)
dup(0xffffffffffffffff)
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0)
r7 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r7, 0xc0044308, &(0x7f0000000200))
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000006c0)={&(0x7f00000003c0)='./file1\x00', r7}, 0x10)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="7a0af8ff00000021bfa100000000000007010000f8ffffffb702000008000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed8a25312a2e2c49e80a32e8cf1cc9a100a9af698393aa0f3c21e9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb545440677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e906f2dbe3e625704f07a72c291848bf4f4d772f3ba678bd651ebdcf4cef80960607484adb08ac35e53360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec28b48b45ef4adb6763289d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad000000000000000999e085ccb79d1470501b848de0b53861842e711914cd1b8db750fd29b40c5d90507a2084292b5d63920cd55eacf0fb1228eacd9450514678422e01c105e87d1a4c2dfd244641c7dd40b08830ff811a023f5bab57c3af5a55bd9ce4998bcb6bbf0be67b3393d6958d2480097fa81fc6ea6e07761d7d700"/406], &(0x7f0000000100)='GPL\x00'}, 0x48)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

06:11:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
r4 = socket(0x400020000000010, 0x2, 0x0)
write(r4, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000040)={&(0x7f0000000380)={0xcc, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_ADT={0xac, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0xfffffffffffffeff}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2_TO={0xc, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x400}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x2}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x40}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0xa, 0x1a, 'team0\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x40}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0xcb31b5cf2e1715ca}, 0xc885)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="7c0000fd000c00f2ffff7f000032f2d1", @ANYRES32=r1, @ANYBLOB="00000000ffffffff000000000900010067726564000000004c0002000800050000000000080005000000000038000300050000000000000028ceb860244d6a9b00000000000000000000000000000000000000000000001200000000000069409f6a37faf0deb4eb5e14d6a4d9116970c7a65728520ad99f7e65037e111a675376bed7be4cb725004342a9c2e57bf54074628c2b7334516a3b9861df56a64f4177eb3de127a02a73846b9e4110ebfbeded8bc8f7fe6a0a0ec589c9992b777351cfcec03c2657b4f7ec393add64ea12af6ac6016d387b68c90b1002fa0a31d2264a4515341956639f48aa774eee79160f9c0ebab6002237aa0000"], 0x7c}}, 0x0)
r5 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r5, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0xe, &(0x7f0000000100)}], 0x492492492492642, 0x0)

[  435.735287][T16022] 9pnet: Insufficient options for proto=fd
06:11:36 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(0x0, 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:36 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000241b0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  435.820529][T16030] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3072 sclass=netlink_route_socket pid=16030 comm=syz-executor.2
06:11:36 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x13e, 0x500)

[  435.941443][T16039] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3072 sclass=netlink_route_socket pid=16039 comm=syz-executor.2
06:11:37 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
r3 = fcntl$dupfd(r1, 0x0, r2)
r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r4, 0xc0044308, &(0x7f0000000200))
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000000)=0xffffffff)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000500)=ANY=[], 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x3c1, 0x3, 0x430, 0x0, 0x0, 0x0, 0x0, 0x0, 0x360, 0x360, 0x360, 0x360, 0x360, 0x3, 0x0, {[{{@ipv6={@remote, @mcast2, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x250, 0x278, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'veth1_to_hsr\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x1ab618fe, 0x800}}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x278a0d2977943b20)

[  436.038329][T16045] 9pnet: Insufficient options for proto=fd
06:11:37 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000241c0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:37 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x13f, 0x500)

06:11:37 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(0x0, 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  436.317664][T16060] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  436.432204][T16064] 9pnet: Insufficient options for proto=fd
[  436.485539][T16067] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
06:11:37 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:37 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000241d0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:37 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x140, 0x500)

06:11:37 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x0, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:37 executing program 2:
r0 = socket(0x400020000000010, 0x2, 0x0)
write(r0, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r1, 0xc0044308, &(0x7f0000000200))
ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000000240)={0x3, 0x4, 0x4, 0x40, 0xfffffb56, {0x0, 0x7530}, {0x4, 0x2, 0x1, 0x0, 0x1, 0x0, "cb1e3b3f"}, 0x5, 0x4, @planes=&(0x7f00000000c0)={0x3ff, 0x7, @fd, 0x2}, 0x4})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000100000000008b617b45000000001b61ef39b6aae592cfcd693f5c755d0f1b9ee6a09441fa4fdd9925effd4866394b94b28c2da9d253ac189e67aefd878755697cfa220be9e1b913828eff9ea418e8b043740a6936ac893b2f93cf1cbeaeff5a833704a0332ebcd3cdbc3a62863b2deae53816c2e7033f169cc20028452156c77bbe727571345684fff9ff9c189a2c81a415089f68d07e9a423667", @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800500110001000000"], 0x3}}, 0x0)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x200000, 0x0)
write$9p(r2, &(0x7f0000000140)="ed164e4cb7e358db99cf1836e64f693984969e1e78cd38355fde655f6a1fdfde37baab32b43eafdd6a2891663ce5a3b9cc0b24d52f67792d6b93808dcf1da79d84db0d4c7e442702db03512a23", 0x4d)

06:11:37 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x1)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x101002, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x3, 0x0, 0x248000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_int(r3, &(0x7f0000000940), 0x12)
r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/qat_adf_ctl\x00', 0x1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)=0x5)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_type(r3, &(0x7f0000000140)='threaded\x00', 0xffffff1f)
getsockopt$CAN_RAW_RECV_OWN_MSGS(r2, 0x65, 0x4, &(0x7f0000000100), &(0x7f0000000140)=0x4)
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vga_arbiter\x00', 0x44000, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000340)={<r6=>0x0, 0x8}, &(0x7f0000000380)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000003c0)={r6, 0xffffffdf, 0x30}, &(0x7f0000000400)=0xc)
r7 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000200)={0x4, 0x7fff, 0x1, 'queue1\x00', 0x7ff})
syz_emit_ethernet(0x4e, &(0x7f0000000080)={@local, @random="2fb3c37bbfcb", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00\r\x00', 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x4}]}}}}}}}}, 0x0)

[  436.809583][T16078] 9pnet: Insufficient options for proto=fd
06:11:37 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2a939, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000), &(0x7f0000000080)=0x8)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000001600)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_cpus\x00', 0x26e1, 0x0)
socket$caif_stream(0x25, 0x1, 0x3)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f00000004c0)=0x80, 0x4)
r4 = socket(0x100000000011, 0x0, 0x0)
bind(r4, 0x0, 0x0)
getsockname$packet(r4, &(0x7f0000000100), &(0x7f00000002c0)=0x14)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x420000, 0x0)
ioctl$BLKDISCARD(0xffffffffffffffff, 0x1277, &(0x7f0000000000)=0xa2ea)
r5 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000240)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f0000000300), 0x12)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280)='/dev/nullb0\x00', 0x4400, 0x0)
preadv(r7, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0x1, 0x0)
io_setup(0x0, &(0x7f0000000280))
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0xa, 0x84, 0x4000000000000800, 0x1}, 0x3c)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r8, &(0x7f0000000040), 0x0}, 0x20)
r9 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r9, &(0x7f0000000040), &(0x7f00000001c0)=""/4096}, 0x18)
mount$fuse(0x0, 0x0, &(0x7f0000000140)='fuse\x00', 0x0, &(0x7f0000001480)=ANY=[@ANYRES16=0x0, @ANYRES16=r1, @ANYBLOB="2c726f6f746d6f64653d2930303010303040303030303030302030d93704f230d323226427d7834be7c457ae26856bf2cc57162be03b5442df3d5a5d3b84d9f1a6109626ed6ec2c2d41f040400eb661ae85ceba830c04c5e28bf1d2033fd4c63d100cd6d046b95e98d33085bc846a60d22ccff2ae6507d2333779157502c43fd86b61abddbded60ca5b74a2f661b5de5f01c090f607969eef4c7520f450d1745d2167e335751e1319d58f3"])
io_setup(0x8, &(0x7f0000000280))
syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)

[  436.852238][T16080] QAT: Invalid ioctl
06:11:37 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000241e0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:37 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x0, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:37 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x141, 0x500)

06:11:38 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024210505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  437.134266][T16099] 9pnet: Insufficient options for proto=fd
[  437.152737][   T27] audit: type=1400 audit(1583993498.146:104): avc:  denied  { map } for  pid=16093 comm="syz-executor.2" path="/dev/nullb0" dev="devtmpfs" ino=24083 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=blk_file permissive=1
06:11:38 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x0, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  437.434903][T16110] 9pnet: Insufficient options for proto=fd
[  437.652244][T16089] QAT: Invalid ioctl
06:11:38 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:38 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x142, 0x500)

06:11:38 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024220505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:38 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:38 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, 0x0)
r1 = getpgrp(r0)
setpriority(0x0, r1, 0xffff)
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
geteuid()
syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x3, 0x20140)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x101000, 0x0)
fcntl$getownex(r2, 0x10, &(0x7f0000000180))
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000240)={<r3=>0xffffffffffffffff})
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
fallocate(r4, 0x20, 0x0, 0xfffffeff000)
write$FUSE_ENTRY(r4, &(0x7f00000000c0)={0x90, 0x2f}, 0x90)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r6 = socket$kcm(0x2b, 0x1, 0x0)
write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000080)={0x18, 0x1, 0x0, {0x3}}, 0x18)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ftruncate(r6, 0x0)
fallocate(r5, 0x20, 0x0, 0xfffffeff000)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x10f081, 0x0)

06:11:39 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  438.622888][   T27] audit: type=1400 audit(1583993499.626:105): avc:  denied  { watch } for  pid=10499 comm="udevd" path="/dev/nullb0" dev="devtmpfs" ino=24083 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=blk_file permissive=1
[  438.631041][T16100] syz-executor.2 (16100) used greatest stack depth: 21840 bytes left
06:11:39 executing program 2:
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
r0 = open(&(0x7f0000000000)='./bus/file0\x00', 0x58843, 0xd)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200)
sendfile(r0, r1, 0x0, 0x7fffffff)
r2 = open(&(0x7f00000003c0)='./bus\x00', 0x575001, 0x0)
sendfile(r2, r0, 0x0, 0xffffffff)

06:11:39 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x143, 0x500)

06:11:39 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024230505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:39 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:39 executing program 3:
sched_setscheduler(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x40000000000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newtaction={0xe50, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe3c, 0x1, [@m_pedit={0xe38, 0x1, 0x0, 0x0, {{0xa, 0x1, 'pedit\x00'}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x1}, [{}, {}, {}, {0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6e5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffe}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}}}]}]}, 0xe50}}, 0x0)

06:11:39 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x144, 0x500)

06:11:40 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:40 executing program 3:
sched_setscheduler(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x40000000000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newtaction={0xe50, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe3c, 0x1, [@m_pedit={0xe38, 0x1, 0x0, 0x0, {{0xa, 0x1, 'pedit\x00'}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x1}, [{}, {}, {}, {0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6e5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffe}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}}}]}]}, 0xe50}}, 0x0)

06:11:40 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "37a2ea", 0x8, 0x11, 0x0, @local, @local, {[], {0x4e22, 0x0, 0x8}}}}}}, 0x0)
r2 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
accept(r2, &(0x7f0000000080)=@rc, &(0x7f0000000000)=0x80)

06:11:40 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024240505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:40 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, 0x0, &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:40 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x145, 0x500)

06:11:40 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, 0x0, &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:40 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024250505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:40 executing program 2:
perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffc01, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x153b849f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0xfa6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00')
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b200080000001028e6c467144d2fa833"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r8, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xfff1}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x401}}]}]}}]}, 0x50}}, 0x0)
sendmsg$FOU_CMD_DEL(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x24, r3, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_IFINDEX={0x8, 0xb, r8}, @FOU_ATTR_PEER_V4={0x8, 0x8, @empty}]}, 0x24}}, 0x0)
r9 = dup3(r2, 0xffffffffffffffff, 0x80000)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
r11 = fanotify_init(0x0, 0x0)
r12 = fcntl$dupfd(r11, 0x0, r10)
ioctl$sock_inet_tcp_SIOCINQ(r12, 0x541b, &(0x7f0000000000))
ioctl$TIOCL_GETMOUSEREPORTING(r12, 0x541c, &(0x7f0000000140))
ioctl$KVM_SET_CPUID2(r9, 0x4008ae90, &(0x7f0000000500)=ANY=[])
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x9}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
epoll_pwait(0xffffffffffffffff, &(0x7f00000000c0)=[{}], 0x1, 0xffffffff, &(0x7f0000000100)={[0x2]}, 0x8)
prctl$PR_GET_CHILD_SUBREAPER(0x25)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000000240), 0x8)
arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x7ff)
r13 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8002, 0x0)
write$P9_RSTATu(r13, &(0x7f0000000780)=ANY=[@ANYBLOB, @ANYRES32=0xee00, @ANYRES32=0x0], 0x8)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYRES32=0xee00, @ANYRES32=0x0, @ANYRES32=0x0], 0xc)
r14 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)
pwritev(r14, &(0x7f0000000080)=[{&(0x7f0000003040)="02", 0x1}], 0x1, 0x0)
fallocate(r14, 0x20, 0x0, 0xfffffeff000)
fallocate(r14, 0x0, 0x0, 0x10000101)
write$RDMA_USER_CM_CMD_CREATE_ID(r14, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x13f}}, 0x20)
r15 = syz_open_dev$mice(0x0, 0x0, 0x0)
ioctl$TUNSETFILTEREBPF(r15, 0x800454e1, &(0x7f0000000000))

06:11:40 executing program 3:
r0 = socket$inet(0x15, 0x5, 0x0)
bind$inet(r0, &(0x7f00000002c0)={0x2, 0x2, @local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r3, 0xc0044308, &(0x7f0000000200))
ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000001580)={0x9d0000, 0x7, 0x0, <r4=>0xffffffffffffffff, 0x0, &(0x7f0000001540)={0x990a5f, 0x0, [], @p_u16=&(0x7f0000001500)}})
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r4, 0x8982, &(0x7f00000015c0)={0x2, 'macvlan0\x00', {0x6f}, 0x3})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r5, 0xc0044308, &(0x7f0000000200))
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f00000013c0)={0x4, 0x0, [{0x4, 0x1000, &(0x7f0000000300)=""/4096}, {0x1000, 0xc, &(0x7f00000000c0)=""/12}, {0x2000, 0xc3, &(0x7f0000000100)=""/195}, {0x100000, 0xac, &(0x7f0000001300)=""/172}]})
r6 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r6, 0xc0044308, &(0x7f0000000200))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000001480)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r5, 0xc0182101, &(0x7f0000000240)={r7, 0x0, 0x9})
r8 = dup2(r2, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
sendto$inet(r0, 0x0, 0x0, 0x40, &(0x7f0000000040)={0x2, 0x0, @rand_addr=0x8}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r9=>0xffffffffffffffff})
r10 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200)
dup2(r10, r9)

06:11:40 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x146, 0x500)

06:11:40 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, 0x0, &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  440.204154][   T27] audit: type=1800 audit(1583993501.206:106): pid=16202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.2" name="bus" dev="sda1" ino=16485 res=0
06:11:41 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(0x0, 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:41 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024260505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:41 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x147, 0x500)

06:11:41 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:41 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x53, 0x0, 0x0, 0x0, 0xfffffffffffffde4}}], 0x8000000000001f0, 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
shutdown(r0, 0x0)
r4 = socket(0x400020000000010, 0x2, 0x0)
write(r4, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
r5 = syz_genetlink_get_family_id$ipvs(0x0)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000640)={0x30, r5, 0x0, 0x70bd2b, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0x30}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="00117e31", @ANYRES16=r5, @ANYBLOB="040028bd7000fcdbdf250e0000000800060000020000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000080}, 0x4000000)

06:11:41 executing program 2:
perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffc01, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x153b849f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0xfa6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00')
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b200080000001028e6c467144d2fa833"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r8, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xfff1}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x401}}]}]}}]}, 0x50}}, 0x0)
sendmsg$FOU_CMD_DEL(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x24, r3, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_IFINDEX={0x8, 0xb, r8}, @FOU_ATTR_PEER_V4={0x8, 0x8, @empty}]}, 0x24}}, 0x0)
r9 = dup3(r2, 0xffffffffffffffff, 0x80000)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
r11 = fanotify_init(0x0, 0x0)
r12 = fcntl$dupfd(r11, 0x0, r10)
ioctl$sock_inet_tcp_SIOCINQ(r12, 0x541b, &(0x7f0000000000))
ioctl$TIOCL_GETMOUSEREPORTING(r12, 0x541c, &(0x7f0000000140))
ioctl$KVM_SET_CPUID2(r9, 0x4008ae90, &(0x7f0000000500)=ANY=[])
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x9}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
epoll_pwait(0xffffffffffffffff, &(0x7f00000000c0)=[{}], 0x1, 0xffffffff, &(0x7f0000000100)={[0x2]}, 0x8)
prctl$PR_GET_CHILD_SUBREAPER(0x25)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000000240), 0x8)
arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x7ff)
r13 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8002, 0x0)
write$P9_RSTATu(r13, &(0x7f0000000780)=ANY=[@ANYBLOB, @ANYRES32=0xee00, @ANYRES32=0x0], 0x8)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYRES32=0xee00, @ANYRES32=0x0, @ANYRES32=0x0], 0xc)
r14 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)
pwritev(r14, &(0x7f0000000080)=[{&(0x7f0000003040)="02", 0x1}], 0x1, 0x0)
fallocate(r14, 0x20, 0x0, 0xfffffeff000)
fallocate(r14, 0x0, 0x0, 0x10000101)
write$RDMA_USER_CM_CMD_CREATE_ID(r14, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x13f}}, 0x20)
r15 = syz_open_dev$mice(0x0, 0x0, 0x0)
ioctl$TUNSETFILTEREBPF(r15, 0x800454e1, &(0x7f0000000000))

06:11:41 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:41 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024270505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  440.460535][T16227] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=16227 comm=syz-executor.3
06:11:41 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x148, 0x500)

[  440.536398][T16233] 9pnet: Insufficient options for proto=fd
06:11:41 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(0x0, 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:41 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:41 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024300505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:41 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x149, 0x500)

[  440.831214][T16251] 9pnet: Insufficient options for proto=fd
06:11:41 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(0x0, 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:42 executing program 5:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:42 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024480505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  441.216735][T16274] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=16274 comm=syz-executor.3
[  441.236298][T16273] 9pnet: Insufficient options for proto=fd
06:11:42 executing program 3:
perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffc01, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x153b849f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0xfa6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00')
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b200080000001028e6c467144d2fa833"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r8, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xfff1}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x401}}]}]}}]}, 0x50}}, 0x0)
sendmsg$FOU_CMD_DEL(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x24, r3, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_IFINDEX={0x8, 0xb, r8}, @FOU_ATTR_PEER_V4={0x8, 0x8, @empty}]}, 0x24}}, 0x0)
r9 = dup3(r2, 0xffffffffffffffff, 0x80000)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
r11 = fanotify_init(0x0, 0x0)
r12 = fcntl$dupfd(r11, 0x0, r10)
ioctl$sock_inet_tcp_SIOCINQ(r12, 0x541b, &(0x7f0000000000))
ioctl$TIOCL_GETMOUSEREPORTING(r12, 0x541c, &(0x7f0000000140))
ioctl$KVM_SET_CPUID2(r9, 0x4008ae90, &(0x7f0000000500)=ANY=[])
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x9}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
epoll_pwait(0xffffffffffffffff, &(0x7f00000000c0)=[{}], 0x1, 0xffffffff, &(0x7f0000000100)={[0x2]}, 0x8)
prctl$PR_GET_CHILD_SUBREAPER(0x25)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000000240), 0x8)
arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x7ff)
r13 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8002, 0x0)
write$P9_RSTATu(r13, &(0x7f0000000780)=ANY=[@ANYBLOB, @ANYRES32=0xee00, @ANYRES32=0x0], 0x8)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYRES32=0xee00, @ANYRES32=0x0, @ANYRES32=0x0], 0xc)
r14 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)
pwritev(r14, &(0x7f0000000080)=[{&(0x7f0000003040)="02", 0x1}], 0x1, 0x0)
fallocate(r14, 0x20, 0x0, 0xfffffeff000)
fallocate(r14, 0x0, 0x0, 0x10000101)
write$RDMA_USER_CM_CMD_CREATE_ID(r14, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x13f}}, 0x20)
r15 = syz_open_dev$mice(0x0, 0x0, 0x0)
ioctl$TUNSETFILTEREBPF(r15, 0x800454e1, &(0x7f0000000000))

06:11:42 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x14a, 0x500)

06:11:42 executing program 2:
perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf20000000000000070000000c0000003d0301000000000095000000000000006926000000000000bf67000000000000150700000fff07003506000002000000160600000ee50000bf050000000000001f650000000000006507000002000000070700004c0001000f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000a614084b5dc9000500000000000000950007000000000054779ffdefa2d23da0267c2de00435fd233cc0f0d9b2c3127c46b0f408398d09ee4dc258d726eae098804de25df627a64a7f1dd5b17ed764c33b06598bae66ea38541a7cd29032de94983dfab0e5043daf1b46bef5135c65b2ee62652b07f8a4b6e6155cecc13a5ddfab726eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a459db8e7ada8ee987ccfd20f680b0d02d967398842055dcb4fe9ae61ed7fbab0000000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1, 0x10, &(0x7f0000000000), 0x103}, 0x48)

06:11:42 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x0, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:42 executing program 5:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:42 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000244c0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  441.503473][T16287] 9pnet: Insufficient options for proto=fd
06:11:42 executing program 5:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:42 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x14b, 0x500)

06:11:42 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x0, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:42 executing program 2:
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0)
r0 = creat(0x0, 0x0)
ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
socket(0x0, 0x0, 0xfe)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r1, 0xc0044308, &(0x7f0000000200))
ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000000))
fchdir(0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x1, 0x0, 0xff, 0xffff, 0x5e, 0x0, 0x8}, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffc, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = accept4$unix(r0, &(0x7f0000000180), &(0x7f0000000040)=0x6e, 0x80000)
fcntl$setpipe(r2, 0x407, 0x100000000)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unshare(0x40000000)
setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000000), 0x0)
bind(0xffffffffffffffff, 0x0, 0x0)

06:11:42 executing program 5:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r2}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  441.812500][T16309] 9pnet: Insufficient options for proto=fd
06:11:42 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024600505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  441.978167][T16314] IPVS: ftp: loaded support on port[0] = 21
[  442.064870][T16322] 9pnet: Insufficient options for proto=fd
[  442.408263][T16311] IPVS: ftp: loaded support on port[0] = 21
06:11:43 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x0, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  442.449088][T12001] tipc: TX() has been purged, node left!
06:11:43 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x14c, 0x500)

06:11:43 executing program 3:
r0 = gettid()
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x2a)
write$binfmt_script(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="2302"], 0x2)
prctl$PR_SET_PTRACER(0x59616d61, r0)
r2 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = dup3(0xffffffffffffffff, r2, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0xf9, 0x0, 0x0, 0x8, 0x2000, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, r3, 0x0)
close(r1)
clone(0x24952000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)

06:11:43 executing program 2:
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0)
r0 = creat(0x0, 0x0)
ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
socket(0x0, 0x0, 0xfe)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r1, 0xc0044308, &(0x7f0000000200))
ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000000))
fchdir(0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x1, 0x0, 0xff, 0xffff, 0x5e, 0x0, 0x8}, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffc, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = accept4$unix(r0, &(0x7f0000000180), &(0x7f0000000040)=0x6e, 0x80000)
fcntl$setpipe(r2, 0x407, 0x100000000)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unshare(0x40000000)
setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000000), 0x0)
bind(0xffffffffffffffff, 0x0, 0x0)

06:11:43 executing program 5:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r2}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:43 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024680505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  442.587319][T16339] 9pnet: Insufficient options for proto=fd
06:11:43 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  442.629496][T16341] 9pnet: Insufficient options for proto=fd
06:11:43 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x14d, 0x500)

06:11:43 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000246c0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  442.690739][T16340] IPVS: ftp: loaded support on port[0] = 21
06:11:43 executing program 5:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r2}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:43 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001600)='/dev/autofs\x00', 0x40080, 0x0)
ioctl$SNDRV_PCM_IOCTL_HWSYNC(r2, 0x4122, 0x0)
r3 = eventfd2(0x0, 0x0)
r4 = fcntl$dupfd(r1, 0x0, r3)
ioctl$sock_bt_cmtp_CMTPCONNADD(r4, 0x400443c8, &(0x7f0000001640)={0xffffffffffffffff, 0x8})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$PPPIOCGFLAGS(r4, 0x8004745a, &(0x7f0000000000))
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback, 0xffffffff}, 0x1c)
listen(r0, 0x20000000)
r5 = socket$inet6(0xa, 0x6, 0x0)
r6 = getpgrp(0x0)
perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2, 0x0, 0xffffffff}, r6, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket(0x400020000000010, 0x2, 0x0)
write(r7, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
recvfrom$ax25(r7, &(0x7f0000000480)=""/123, 0x7b, 0x0, &(0x7f0000000500)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x3}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast]}, 0x48)
eventfd2(0x0, 0x0)
r8 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r8, 0xc0044308, &(0x7f0000000200))
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
perf_event_open(&(0x7f00000000c0)={0x3, 0x70, 0x0, 0xff, 0x40, 0x2, 0x0, 0x5, 0x0, 0xa, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000080), 0x2}, 0x0, 0x9, 0x1, 0x9, 0xa, 0x4, 0x2}, r6, 0x0, 0xffffffffffffffff, 0x9)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x20)
connect$inet6(r5, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
accept4(r0, 0x0, 0x0, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="8d010400000000003c0012800e0001006970366772657461700000002800028006000f0008000000080005004f010000040012000500170000000000060003000700000008000a00", @ANYRES32=0x0, @ANYBLOB="078be35ccdafb16b66b452b96f722dab2fdc62e58b0fca882fd1ccdbebb8abd318df13653a78da1adae932ca300f02f639a57e38eaeb665135a00c66eaa15286272677"], 0x64}}, 0x0)
r11 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_stats\x00', 0x0, 0x0)
r12 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00')
sendmsg$TIPC_CMD_SET_LINK_TOL(r11, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x68, r12, 0x400, 0x70bd28, 0x25dfdbff, {{}, {}, {0x4c, 0x18, {0x8001, @link='broadcast-link\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x2000c090}, 0x800)

06:11:44 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024740505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:44 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x14e, 0x500)

06:11:44 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  443.084856][T16365] 9pnet: Insufficient options for proto=fd
[  443.187846][T16364] device ip6gretap1 entered promiscuous mode
06:11:44 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
write(r3, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x2)
fallocate(r3, 0x11, 0x0, 0x10000)
sendfile(r3, r4, 0x0, 0x12000)

06:11:44 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e480000247a0505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:44 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:44 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x14f, 0x500)

06:11:44 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  443.494641][T16387] 9pnet: Insufficient options for proto=fd
06:11:44 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, 0x0, &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:44 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:44 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x150, 0x500)

06:11:44 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024d50505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  443.677981][   T27] audit: type=1800 audit(1583993504.676:107): pid=16396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16513 res=0
06:11:44 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, 0x0, &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  443.806189][T16406] 9pnet: Insufficient options for proto=fd
[  443.815278][   T27] audit: type=1804 audit(1583993504.736:108): pid=16401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/189/file0" dev="sda1" ino=16513 res=1
06:11:44 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x151, 0x500)

06:11:45 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000605d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:45 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:45 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f0000000500)=ANY=[@ANYBLOB]}}, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x2, 'veth0_macvtap\x00', {0x4}, 0xfe9f})
io_setup(0x100000000000c333, &(0x7f0000000180)=<r1=>0x0)
ftruncate(r0, 0x48280)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00')
r5 = syz_genetlink_get_family_id$ipvs(0x0)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000640)={0x30, r5, 0x0, 0x70bd2b, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0x30}}, 0x0)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000480)={&(0x7f0000000580)={0xf4, r5, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x80000001}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x800}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfff}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x3, 0x4}}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2c}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1ff}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffff7}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syz_tun\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa9c3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4048890}, 0x4)
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r4, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = dup(r6)
getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x12)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={@dev, @mcast1, @rand_addr="657261c70996f4e1596272e2ec4688fa", 0x0, 0x0, 0x0, 0x10, 0x0, 0x20c204c6, r8})
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000680)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in6=@mcast2}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8)
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000000c0), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r4, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r9}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x6}, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000240)={{{@in=@multicast1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in6=@empty}, 0x0, @in=@remote}}, &(0x7f0000000080)=0xe8)
sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000340)={0x5c, r4, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @link_local}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x2, 0x3}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r10}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @random="827cf3f6070e"}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x80800)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_submit(r1, 0x20000000000001cb, &(0x7f0000000540)=[&(0x7f00000000c0)={0x2426, 0x2200, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])

06:11:45 executing program 2:
socket$packet(0x11, 0x0, 0x300)
perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8)
r3 = socket$inet(0x2, 0x3, 0x29)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000001440)={0x0, 0x0, 0xfffffffffffffffe}, 0x4)
bind$inet(r3, &(0x7f00000000c0)={0x2, 0x1, @local}, 0x4)
getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
splice(r0, 0x0, r2, 0x0, 0x10005, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
add_key(0x0, 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, 0x0, 0x0, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r5, 0xc0044308, &(0x7f0000000200))
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000040)={0xe, 0x0, 0x81})
keyctl$get_persistent(0x16, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self\x00', 0x89800, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
r8 = fcntl$dupfd(0xffffffffffffffff, 0x0, r7)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000200)={0x0, <r9=>0x0}, &(0x7f0000000240)=0xc)
syz_mount_image$exfat(&(0x7f0000000180)='exfat\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x3, &(0x7f0000000340)=[{&(0x7f0000000200)="bd510e720b7faf45719fec1993399582dbb7d95520b3131a3cbf53626669afffd34d18ba48889db4623e5fd9d6ec2b1e7303ccd1bac28fd92162b7060f8eefb24e902cafe85974865ded180d5b222ccabf43cd", 0x53, 0xffffffffffffffe0}, {&(0x7f0000000500)="e317c9ee73f8d3c7cc53596c6d6c984b6de898d9c8bc7258cf37a36d3135f5ca21f54bb8bafb76911a3426004cec822f3df149a8b9688f58503a814b7c923c9ab973a7656df39d133dcdd7372e3c395b18a3ba7f1d5ee1c7cc470841bb77d27bc8d6e9a41e83d75bb77b2f7d228d11d57cb3d01e2dd00216b49c66", 0x7b, 0x7}, {&(0x7f0000000600)="4e04b56409b68a2c34bc71d959e3409bf8d9e2f5cefb7d4a942430b6528799e5012c01108bd20e5e1f3e6fb1c3023bb6b27c82009d1d258d80fc084362ffa0c5f33ec027a20ad9dbb82e6bf9be7f5aab8351093396b525b5218a028e04f2f7db8fb6b18327c70105e5eb5d470c7d899ef62ce905c23532458dde1f4321798fd41b9b0c60881bf968e88f499fd8b6494455b011ee5612d17d02b6cebfbaad3bedbf7cd011565d16ad7aef99e0dd16100ceaad0c1e100e0858867e8e49b7265bab9f3d", 0xc2, 0x7}], 0x9b4400, &(0x7f0000000700)=ANY=[@ANYBLOB='dmask=00000000000000000000100,gid=', @ANYRESHEX, @ANYBLOB="2c6e616d6563403d2f64657661737572652c6d65617375e6b3e8ded7620225b79af3c8a814aa72652c686647682c646f6e745f61707072616973652c756964", @ANYRESDEC=0x0, @ANYBLOB=',fowner>', @ANYRESDEC=r9, @ANYBLOB=',\x00'])
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
r11 = fcntl$dupfd(0xffffffffffffffff, 0x0, r10)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000200)={0x0, <r12=>0x0}, &(0x7f0000000240)=0xc)
syz_mount_image$exfat(&(0x7f0000000180)='exfat\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x3, &(0x7f0000000340)=[{&(0x7f0000000200)="bd510e720b7faf45719fec1993399582dbb7d95520b3131a3cbf53626669afffd34d18ba48889db4623e5fd9d6ec2b1e7303ccd1bac28fd92162b7060f8eefb24e902cafe85974865ded180d5b222ccabf43cd", 0x53, 0xffffffffffffffe0}, {&(0x7f0000000500)="e317c9ee73f8d3c7cc53596c6d6c984b6de898d9c8bc7258cf37a36d3135f5ca21f54bb8bafb76911a3426004cec822f3df149a8b9688f58503a814b7c923c9ab973a7656df39d133dcdd7372e3c395b18a3ba7f1d5ee1c7cc470841bb77d27bc8d6e9a41e83d75bb77b2f7d228d11d57cb3d01e2dd00216b49c66", 0x7b, 0x7}, {&(0x7f0000000600)="4e04b56409b68a2c34bc71d959e3409bf8d9e2f5cefb7d4a942430b6528799e5012c01108bd20e5e1f3e6fb1c3023bb6b27c82009d1d258d80fc084362ffa0c5f33ec027a20ad9dbb82e6bf9be7f5aab8351093396b525b5218a028e04f2f7db8fb6b18327c70105e5eb5d470c7d899ef62ce905c23532458dde1f4321798fd41b9b0c60881bf968e88f499fd8b6494455b011ee5612d17d02b6cebfbaad3bedbf7cd011565d16ad7aef99e0dd16100ceaad0c1e100e0858867e8e49b7265bab9f3d", 0xc2, 0x7}], 0x9b4400, &(0x7f0000000700)={[{@dmask={'dmask', 0x3d, 0x40}}, {@gid={'gid', 0x3d, 0xffffffffffffffff}}, {@namecase='namecase=1'}], [{@subj_role={'subj_role', 0x3d, '/dev/ptmx\x00'}}, {@measure='measure'}, {@measure='measure'}, {@hash='hash'}, {@dont_appraise='dont_appraise'}, {@uid_eq={'uid'}}, {@fowner_gt={'fowner>', r12}}]})
r13 = socket$inet_tcp(0x2, 0x1, 0x0)
r14 = fcntl$dupfd(0xffffffffffffffff, 0x0, r13)
getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000000200)={0x0, <r15=>0x0}, &(0x7f0000000240)=0xc)
syz_mount_image$exfat(&(0x7f0000000180)='exfat\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x3, &(0x7f0000000340)=[{&(0x7f0000000200)="bd510e720b7faf45719fec1993399582dbb7d95520b3131a3cbf53626669afffd34d18ba48889db4623e5fd9d6ec2b1e7303ccd1bac28fd92162b7060f8eefb24e902cafe85974865ded180d5b222ccabf43cd", 0x53, 0xffffffffffffffe0}, {&(0x7f0000000500)="e317c9ee73f8d3c7cc53596c6d6c984b6de898d9c8bc7258cf37a36d3135f5ca21f54bb8bafb76911a3426004cec822f3df149a8b9688f58503a814b7c923c9ab973a7656df39d133dcdd7372e3c395b18a3ba7f1d5ee1c7cc470841bb77d27bc8d6e9a41e83d75bb77b2f7d228d11d57cb3d01e2dd00216b49c66", 0x7b, 0x7}, {&(0x7f0000000600)="4e04b56409b68a2c34bc71d959e3409bf8d9e2f5cefb7d4a942430b6528799e5012c01108bd20e5e1f3e6fb1c3023bb6b27c82009d1d258d80fc084362ffa0c5f33ec027a20ad9dbb82e6bf9be7f5aab8351093396b525b5218a028e04f2f7db8fb6b18327c70105e5eb5d470c7d899ef62ce905c23532458dde1f4321798fd41b9b0c60881bf968e88f499fd8b6494455b011ee5612d17d02b6cebfbaad3bedbf7cd011565d16ad7aef99e0dd16100ceaad0c1e100e0858867e8e49b7265bab9f3d", 0xc2, 0x7}], 0x9b4400, &(0x7f0000000880)=ANY=[@ANYBLOB='dmask=00000000000000000000100,gid=', @ANYRESHEX, @ANYBLOB="2c6e616d65636173653d312c7375626a5f726f6c653d2f6465762f70746d78002c6d6561737572652c6d6561737572652c686173682c646f6e745f61707072616973652c7569643dfb5d39f276deeb51e7e71ab59d156f2d696e4d644f90f08cba7478b9a3760a800c13a653e604d595360db246c3ae3822fa1c0a4b6f9e5f7a19c603004b810f6992485206412404097f75d658f4a7ce162472395ef055140763014a06b33388ac3b3daaffaa91d0f804280ba48c727a7dc082a8a37fce94916025e70043918b1d3d150c3d11063befbc70eb7a840cb113806eb2c6ea8154645f1279e5dfc569bfe36452911fe89db8032f3bb253c49cdd1517ca0b08a62c5b5e", @ANYRESDEC=0x0, @ANYBLOB=',fowner>', @ANYRESDEC=r15, @ANYBLOB=',\x00'])
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xc2, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@cache_loose='cache=loose'}, {@version_u='version=9p2000.u'}, {@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@nodevmap='nodevmap'}, {@privport='privport'}, {@dfltuid={'dfltuid', 0x3d, r9}}], [{@fsmagic={'fsmagic', 0x3d, 0xff}}, {@euid_lt={'euid<', r12}}, {@euid_gt={'euid>', r15}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}]}})
keyctl$chown(0x4, 0x0, 0x0, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0x0)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)

06:11:45 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)

[  444.238410][T16432] 9pnet: Insufficient options for proto=fd
06:11:45 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x152, 0x500)

06:11:45 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, 0x0, &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:45 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000905d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:45 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x153, 0x500)

06:11:45 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  444.651749][T16451] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  444.692733][T16451] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:11:45 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)

06:11:46 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:46 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x154, 0x500)

06:11:46 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000c05d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:46 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f0000000500)=ANY=[@ANYBLOB]}}, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x2, 'veth0_macvtap\x00', {0x4}, 0xfe9f})
io_setup(0x100000000000c333, &(0x7f0000000180)=<r1=>0x0)
ftruncate(r0, 0x48280)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00')
r5 = syz_genetlink_get_family_id$ipvs(0x0)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000640)={0x30, r5, 0x0, 0x70bd2b, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0x30}}, 0x0)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000480)={&(0x7f0000000580)={0xf4, r5, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x80000001}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x800}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfff}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x3, 0x4}}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2c}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1ff}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffff7}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syz_tun\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa9c3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4048890}, 0x4)
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r4, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = dup(r6)
getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x12)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={@dev, @mcast1, @rand_addr="657261c70996f4e1596272e2ec4688fa", 0x0, 0x0, 0x0, 0x10, 0x0, 0x20c204c6, r8})
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000680)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in6=@mcast2}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8)
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000000c0), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r4, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r9}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x6}, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000240)={{{@in=@multicast1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in6=@empty}, 0x0, @in=@remote}}, &(0x7f0000000080)=0xe8)
sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000340)={0x5c, r4, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @link_local}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x2, 0x3}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r10}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @random="827cf3f6070e"}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x80800)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_submit(r1, 0x20000000000001cb, &(0x7f0000000540)=[&(0x7f00000000c0)={0x2426, 0x2200, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])

06:11:46 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@ipv6_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x5e}]}, 0x24}}, 0x0)

06:11:46 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:46 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000e05d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:46 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)

06:11:46 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x155, 0x500)

06:11:46 executing program 2:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0xfffffffffffffe5f}}, 0x0)
r0 = socket$inet6(0xa, 0x8000008000080003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x4000, &(0x7f00000000c0)={&(0x7f0000002600)=ANY=[@ANYBLOB="2c00000013003586000000030000000007000000", @ANYRES32=r1, @ANYBLOB="02000005000023000c001a0007000000af000400f4b863fcf9b3a8acfba52fc7ca9bb09c55956e7f67914223735a2e6f0e27befafd976cd2149ded4e58ac6eb763d1d3d3747458ac867ba5e9fbe1883888060203f378b0544138c12f193767cdfc18a34ae738ac17393ab8b3005f9e7c63e8b2154cad0200293b18a5cfbf1791a35b8a10a4544283a95cf6e1ca7c0259712f9a66c6fd854af4ce0a0973ac716f43e14b3de110a262bf06f9f7e61e772de361bb2f2475d935c55cd1008390b171"], 0x2c}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x2, 0x0)

06:11:46 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x156, 0x500)

06:11:46 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024002805d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:47 executing program 0:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:47 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024003505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:47 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x157, 0x500)

06:11:47 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/snmp6\x00')
recvmsg$kcm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000080)=""/89, 0x59}, {&(0x7f0000000100)=""/68, 0x44}, {&(0x7f0000000180)=""/137, 0x89}, {&(0x7f0000000240)=""/131, 0x83}, {&(0x7f0000000300)=""/73, 0x49}, {&(0x7f0000000380)=""/18, 0x12}], 0x6}, 0x30062)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000480)=0x11)
ioctl$TIOCL_PASTESEL(r2, 0x5412, &(0x7f0000000000))

06:11:47 executing program 5 (fault-call:8 fault-nth:0):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:47 executing program 0:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  446.554192][T16547] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  446.630668][T16547] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  446.681661][T16550] FAULT_INJECTION: forcing a failure.
[  446.681661][T16550] name failslab, interval 1, probability 0, space 0, times 0
06:11:47 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x158, 0x500)

[  446.780173][T16550] CPU: 1 PID: 16550 Comm: syz-executor.5 Not tainted 5.6.0-rc5-syzkaller #0
[  446.788898][T16550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  446.798959][T16550] Call Trace:
[  446.802277][T16550]  dump_stack+0x188/0x20d
[  446.806630][T16550]  should_fail.cold+0x5/0xa
[  446.811166][T16550]  ? lock_downgrade+0x7f0/0x7f0
[  446.816033][T16550]  ? fault_create_debugfs_attr+0x140/0x140
[  446.821869][T16550]  should_failslab+0x5/0xf
[  446.826299][T16550]  kmem_cache_alloc+0x29b/0x730
[  446.831162][T16550]  ? ksys_write+0x20c/0x250
[  446.835695][T16550]  getname_flags+0xd2/0x5b0
[  446.840242][T16550]  ? vfs_write+0x342/0x5c0
[  446.844681][T16550]  do_sys_openat2+0x3cf/0x740
[  446.849373][T16550]  ? file_open_root+0x3d0/0x3d0
[  446.854233][T16550]  ? __mutex_unlock_slowpath+0xe2/0x660
[  446.859799][T16550]  ? wait_for_completion+0x3c0/0x3c0
[  446.865111][T16550]  do_sys_open+0xc3/0x140
[  446.869449][T16550]  ? filp_open+0x70/0x70
[  446.873695][T16550]  ? ksys_write+0x19f/0x250
06:11:47 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024005a05d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  446.878210][T16550]  ? __ia32_sys_clock_settime+0x260/0x260
[  446.883945][T16550]  ? trace_hardirqs_off_caller+0x55/0x230
[  446.890478][T16550]  do_syscall_64+0xf6/0x7d0
[  446.895022][T16550]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  446.900916][T16550] RIP: 0033:0x45c679
[  446.904815][T16550] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
06:11:47 executing program 2:
perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xbccc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000100)=[@window={0x3, 0x9, 0x1}, @timestamp, @timestamp], 0x3)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc))
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
r2 = socket(0x400020000000010, 0x2, 0x0)
write(r2, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f00000001c0)={<r3=>0x0, @in6={{0xa, 0x4e20, 0x3, @mcast1, 0x627}}, 0x9, 0x4, 0x1, 0x9, 0x401}, &(0x7f0000000140)=0x98)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f00000003c0)={r3, 0x9}, 0x8)
clock_gettime(0x0, &(0x7f00000000c0)={0x0, <r4=>0x0})
r5 = socket$kcm(0x2b, 0x1, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00')
sendmsg$FOU_CMD_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r7, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e24}]}, 0x1c}}, 0x0)
sendmsg$FOU_CMD_GET(r0, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x38, r7, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e20}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x1}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e24}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008004}, 0x401)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl(r5, 0xffffffff80000000, &(0x7f00000002c0)="2f09100fb9423f7988cf552fb9573392e95a608862dc7a149ca8a29eb8977064fdb0ffcefa90e595df6b25c909c1c194f3c001df0f1184f7fcc2d02ac169ef378a00fa6f13cd509bb9616b068435e9cced0bb64af17f9ac78833ac7fcf0d11d804c259c98d6a44c1de6e0b6a3c15a0a53623ceb3fee27781f7a20b52163563c027e90854a024b66d7765150d71dfc4a9f0d67f2510cec45f1c1fa00b48f745aead18eaa8efd4237905d5ed3b346634018257323339558365832bcdcc4f20814ee01da339c5885745f7f5073ff66f1814fa91")
clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r4+10000000}, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

[  446.924861][T16550] RSP: 002b:00007f1bd16e0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  446.933286][T16550] RAX: ffffffffffffffda RBX: 00007f1bd16e16d4 RCX: 000000000045c679
[  446.941292][T16550] RDX: 0000000000000000 RSI: 0000000020000200 RDI: ffffffffffffff9c
[  446.949711][T16550] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[  446.957710][T16550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[  446.965843][T16550] R13: 0000000000000792 R14: 00000000004ca27e R15: 0000000000000000
06:11:48 executing program 3:
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000300), 0x0)
write$tun(r0, &(0x7f00000000c0)=ANY=[], 0x0)
socket$inet(0x2, 0x200000002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000805, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
r3 = dup3(r1, r2, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10)
sendto$inet(r3, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @dev}, 0x10)
sendto$inet(r2, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000025e000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=<r4=>0x0], &(0x7f0000a8a000)=0xc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x70, &(0x7f000059aff8)={r4}, &(0x7f000034f000)=0x2059b000)
io_uring_setup(0x4dc, &(0x7f0000000080)={0x0, 0x0, 0xe, 0x2, 0x286})

06:11:48 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024006b05d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:48 executing program 0:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:48 executing program 5 (fault-call:8 fault-nth:1):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:48 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x159, 0x500)

[  447.322427][T16576] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  447.373987][   T27] audit: type=1400 audit(1583993508.376:109): avc:  denied  { wake_alarm } for  pid=16564 comm="syz-executor.2" capability=35  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1
[  447.413302][T16576] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:11:48 executing program 0:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r2}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:48 executing program 3:
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000300), 0x0)
write$tun(r0, &(0x7f00000000c0)=ANY=[], 0x0)
socket$inet(0x2, 0x200000002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000805, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
r3 = dup3(r1, r2, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10)
sendto$inet(r3, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @dev}, 0x10)
sendto$inet(r2, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000025e000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=<r4=>0x0], &(0x7f0000a8a000)=0xc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x70, &(0x7f000059aff8)={r4}, &(0x7f000034f000)=0x2059b000)
io_uring_setup(0x4dc, &(0x7f0000000080)={0x0, 0x0, 0xe, 0x2, 0x286})

06:11:48 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x15a, 0x500)

[  447.710909][T16576] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  447.774164][T16594] 9pnet: Insufficient options for proto=fd
[  447.805799][T16576] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  447.813843][T16598] FAULT_INJECTION: forcing a failure.
[  447.813843][T16598] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  447.828606][T16598] CPU: 0 PID: 16598 Comm: syz-executor.5 Not tainted 5.6.0-rc5-syzkaller #0
[  447.837284][T16598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  447.847345][T16598] Call Trace:
[  447.850649][T16598]  dump_stack+0x188/0x20d
[  447.854996][T16598]  should_fail.cold+0x5/0xa
[  447.859525][T16598]  ? fault_create_debugfs_attr+0x140/0x140
[  447.865351][T16598]  ? __lock_acquire+0x14bd/0x3ca0
[  447.870394][T16598]  __alloc_pages_nodemask+0x17a/0x820
[  447.875869][T16598]  ? __alloc_pages_slowpath+0x26a0/0x26a0
[  447.881607][T16598]  ? find_held_lock+0x2d/0x110
[  447.886390][T16598]  ? kstrtouint+0x11e/0x180
[  447.890894][T16598]  ? lock_downgrade+0x7f0/0x7f0
[  447.890918][T16598]  cache_grow_begin+0x8c/0xc30
[  447.890937][T16598]  ? cache_alloc_pfmemalloc+0x1e/0x140
[  447.890959][T16598]  kmem_cache_alloc+0x66a/0x730
[  447.890975][T16598]  ? ksys_write+0x20c/0x250
[  447.890999][T16598]  getname_flags+0xd2/0x5b0
[  447.891016][T16598]  ? vfs_write+0x342/0x5c0
[  447.891035][T16598]  do_sys_openat2+0x3cf/0x740
[  447.929596][T16598]  ? file_open_root+0x3d0/0x3d0
[  447.934462][T16598]  ? __mutex_unlock_slowpath+0xe2/0x660
[  447.940053][T16598]  ? wait_for_completion+0x3c0/0x3c0
[  447.945373][T16598]  do_sys_open+0xc3/0x140
[  447.949711][T16598]  ? filp_open+0x70/0x70
[  447.953955][T16598]  ? ksys_write+0x19f/0x250
[  447.958466][T16598]  ? __ia32_sys_clock_settime+0x260/0x260
[  447.964192][T16598]  ? trace_hardirqs_off_caller+0x55/0x230
[  447.970021][T16598]  do_syscall_64+0xf6/0x7d0
[  447.974535][T16598]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  447.980425][T16598] RIP: 0033:0x45c679
[  447.984322][T16598] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  448.004025][T16598] RSP: 002b:00007f1bd16bfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  448.012446][T16598] RAX: ffffffffffffffda RBX: 00007f1bd16c06d4 RCX: 000000000045c679
06:11:49 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000405d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  448.020430][T16598] RDX: 0000000000000000 RSI: 0000000020000200 RDI: ffffffffffffff9c
[  448.028956][T16598] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
[  448.037029][T16598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[  448.045015][T16598] R13: 0000000000000792 R14: 00000000004ca27e R15: 0000000000000001
06:11:49 executing program 0:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r2}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:49 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x15b, 0x500)

06:11:49 executing program 2:
perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xbccc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000100)=[@window={0x3, 0x9, 0x1}, @timestamp, @timestamp], 0x3)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc))
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
r2 = socket(0x400020000000010, 0x2, 0x0)
write(r2, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f00000001c0)={<r3=>0x0, @in6={{0xa, 0x4e20, 0x3, @mcast1, 0x627}}, 0x9, 0x4, 0x1, 0x9, 0x401}, &(0x7f0000000140)=0x98)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f00000003c0)={r3, 0x9}, 0x8)
clock_gettime(0x0, &(0x7f00000000c0)={0x0, <r4=>0x0})
r5 = socket$kcm(0x2b, 0x1, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00')
sendmsg$FOU_CMD_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r7, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e24}]}, 0x1c}}, 0x0)
sendmsg$FOU_CMD_GET(r0, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x38, r7, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e20}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x1}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e24}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008004}, 0x401)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl(r5, 0xffffffff80000000, &(0x7f00000002c0)="2f09100fb9423f7988cf552fb9573392e95a608862dc7a149ca8a29eb8977064fdb0ffcefa90e595df6b25c909c1c194f3c001df0f1184f7fcc2d02ac169ef378a00fa6f13cd509bb9616b068435e9cced0bb64af17f9ac78833ac7fcf0d11d804c259c98d6a44c1de6e0b6a3c15a0a53623ceb3fee27781f7a20b52163563c027e90854a024b66d7765150d71dfc4a9f0d67f2510cec45f1c1fa00b48f745aead18eaa8efd4237905d5ed3b346634018257323339558365832bcdcc4f20814ee01da339c5885745f7f5073ff66f1814fa91")
clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r4+10000000}, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

06:11:49 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000605d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:49 executing program 3:
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000300), 0x0)
write$tun(r0, &(0x7f00000000c0)=ANY=[], 0x0)
socket$inet(0x2, 0x200000002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000805, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
r3 = dup3(r1, r2, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10)
sendto$inet(r3, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @dev}, 0x10)
sendto$inet(r2, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000025e000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=<r4=>0x0], &(0x7f0000a8a000)=0xc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x70, &(0x7f000059aff8)={r4}, &(0x7f000034f000)=0x2059b000)
io_uring_setup(0x4dc, &(0x7f0000000080)={0x0, 0x0, 0xe, 0x2, 0x286})

[  448.351754][T16612] 9pnet: Insufficient options for proto=fd
06:11:49 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x15c, 0x500)

06:11:49 executing program 5 (fault-call:8 fault-nth:2):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:49 executing program 0:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x26f)
r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r2}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:49 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000805d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  448.771137][T16629] 9pnet: Insufficient options for proto=fd
06:11:49 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x15d, 0x500)

06:11:49 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:50 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000905d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:50 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000f80)={0x54, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9effffff}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x54}}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x78, 0x2, 0x4, 0x200000, 0x6, {}, {0x5, 0xc, 0x0, 0x5, 0x0, 0xb0, "8c580054"}, 0xb0, 0x2, @fd, 0x9, 0x0, <r2=>r1})
sendmsg$NFNL_MSG_CTHELPER_GET(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x94, 0x1, 0x9, 0x301, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x4}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1b}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x7}}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x200}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x7fff}}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0xfffffff8}, @NFCTH_TUPLE={0x34, 0x2, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x1a}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x2}]}, 0x94}, 0x1, 0x0, 0x0, 0x4004}, 0x8015)

[  449.092014][T16646] 9pnet: Insufficient options for proto=fd
[  449.105806][T16650] FAULT_INJECTION: forcing a failure.
[  449.105806][T16650] name failslab, interval 1, probability 0, space 0, times 0
06:11:50 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x15e, 0x500)

[  449.161525][T16654] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  449.191396][T16654] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  449.278771][   T27] audit: type=1400 audit(1583993510.276:110): avc:  denied  { ioctl } for  pid=16653 comm="syz-executor.3" path="socket:[64493]" dev="sockfs" ino=64493 ioctlcmd=0x8912 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  449.334039][T16650] CPU: 1 PID: 16650 Comm: syz-executor.5 Not tainted 5.6.0-rc5-syzkaller #0
[  449.342760][T16650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  449.348169][T16645] 9pnet: Insufficient options for proto=fd
[  449.352823][T16650] Call Trace:
[  449.352850][T16650]  dump_stack+0x188/0x20d
[  449.352876][T16650]  should_fail.cold+0x5/0xa
[  449.352907][T16650]  ? lock_downgrade+0x7f0/0x7f0
[  449.352929][T16650]  ? fault_create_debugfs_attr+0x140/0x140
[  449.370906][T16650]  should_failslab+0x5/0xf
[  449.385962][T16650]  kmem_cache_alloc+0x29b/0x730
[  449.390903][T16650]  ? stack_trace_save+0x8c/0xc0
[  449.395805][T16650]  __alloc_file+0x21/0x340
[  449.400237][T16650]  alloc_empty_file+0x6d/0x170
[  449.405018][T16650]  path_openat+0xef/0x32b0
[  449.409512][T16650]  ? __kasan_kmalloc.constprop.0+0xbf/0xd0
[  449.415327][T16650]  ? kmem_cache_alloc+0x11b/0x730
[  449.420353][T16650]  ? getname_flags+0xd2/0x5b0
[  449.425035][T16650]  ? do_sys_openat2+0x3cf/0x740
[  449.429898][T16650]  ? do_sys_open+0xc3/0x140
[  449.434409][T16650]  ? do_syscall_64+0xf6/0x7d0
[  449.439093][T16650]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  449.439687][T16654] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  449.445169][T16650]  ? __lock_acquire+0x14bd/0x3ca0
[  449.445192][T16650]  ? path_mountpoint.isra.0+0x370/0x370
[  449.445214][T16650]  ? __lock_acquire+0x14bd/0x3ca0
[  449.445244][T16650]  do_filp_open+0x192/0x260
[  449.445260][T16650]  ? may_open_dev+0xf0/0xf0
[  449.445279][T16650]  ? __alloc_fd+0x46d/0x600
[  449.453753][T16654] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  449.458387][T16650]  ? lock_downgrade+0x7f0/0x7f0
[  449.458405][T16650]  ? do_raw_spin_lock+0x129/0x2e0
[  449.458438][T16650]  ? _raw_spin_unlock+0x24/0x40
[  449.458459][T16650]  ? __alloc_fd+0x46d/0x600
[  449.492060][T16650]  do_sys_openat2+0x54c/0x740
[  449.492081][T16650]  ? file_open_root+0x3d0/0x3d0
[  449.492099][T16650]  ? __mutex_unlock_slowpath+0xe2/0x660
[  449.492119][T16650]  ? wait_for_completion+0x3c0/0x3c0
[  449.532624][T16650]  do_sys_open+0xc3/0x140
[  449.536957][T16650]  ? filp_open+0x70/0x70
[  449.541210][T16650]  ? ksys_write+0x19f/0x250
[  449.545718][T16650]  ? __ia32_sys_clock_settime+0x260/0x260
[  449.551440][T16650]  ? trace_hardirqs_off_caller+0x55/0x230
[  449.557174][T16650]  do_syscall_64+0xf6/0x7d0
[  449.562036][T16650]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  449.567925][T16650] RIP: 0033:0x45c679
[  449.571818][T16650] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  449.591515][T16650] RSP: 002b:00007f1bd169ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  449.599926][T16650] RAX: ffffffffffffffda RBX: 00007f1bd169f6d4 RCX: 000000000045c679
[  449.607896][T16650] RDX: 0000000000000000 RSI: 0000000020000200 RDI: ffffffffffffff9c
[  449.615867][T16650] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000
[  449.623837][T16650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
06:11:50 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
r1 = perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2f42f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r2, 0xc0044308, &(0x7f0000000200))
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f0000000000))
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000008, 0x50, r3, 0x38011000)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r3)
sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x240, 0x0, 0xffffffffffffffff)

06:11:50 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:50 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000f80)={0x54, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9effffff}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x54}}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x78, 0x2, 0x4, 0x200000, 0x6, {}, {0x5, 0xc, 0x0, 0x5, 0x0, 0xb0, "8c580054"}, 0xb0, 0x2, @fd, 0x9, 0x0, <r2=>r1})
sendmsg$NFNL_MSG_CTHELPER_GET(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x94, 0x1, 0x9, 0x301, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x4}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1b}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x7}}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x200}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x7fff}}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0xfffffff8}, @NFCTH_TUPLE={0x34, 0x2, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x1a}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x2}]}, 0x94}, 0x1, 0x0, 0x0, 0x4004}, 0x8015)

[  449.631815][T16650] R13: 0000000000000792 R14: 00000000004ca27e R15: 0000000000000002
06:11:50 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x15f, 0x500)

[  449.778826][T16671] 9pnet: Insufficient options for proto=fd
06:11:50 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:50 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000c05d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:50 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:51 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000000)={0x0, "c00932ee3c59b6b1acf47adafd686bc27d57c490b71042a3bdb4eea045ece05828edac7d7e4b1cd0831a4e3afec19c3ee1343404c5c27683e373fc89494db9c483e04baa60b3cf5a18300643686238c63d9939ec95168e33d23ee0a59cb21902cba83d602ee3316c934a37cb099ebe8096e8f1283f58261ca21c72026c15a624b2296602e548974833de56c8f41ea6f4075523c0ea58e4e4041cbcbee2ee1ac75598ca316c4b820be2308f2d8a88a02bdc7a4cfb3d14c8d7b467a57e1d6aa165be3f1d7b67aab58cb1cd258d56e0e6772b6c6b043aad67a7ec52e072014b0b2bdba5ea9928091b5d0950067ab3b1104597c418b99f879e185505855f7f6a2081dbaa490821f2d24ba809c6b27436a3b2fc596a545924030da07cad539cbfddd6f7bb79cd62f328ecf8637ccb1d5b8be86a25a34fc1cc2ee4d5b2e4d7f448f2c3f325c3b576082b19457023e1aefb03f8ba39fc3a4c773d4c70e014e361e4c15eec3599013c706b8bddc888a9e77fbd55fafa48fec061c565c63b9e7bbee787bed9ec66b2c173c11e562e9541901374770afb01e26236139c6c52e89098baa106c65dee07ef50ce4c87574e93c11ddb5e1d7e09215e54bb846c192be6d5a4f98bb6907f145d9887da6ab9907e4e93024f1db64e9330f894766d4de1c898dd37e2a9f0f5ff7a7997208201d417a8fcb9b375d5a41f5642cafd4a885ca9988934b5"})
r1 = socket(0x400020000000010, 0x2, 0x0)
write(r1, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
ioctl$SIOCX25SCALLUSERDATA(r1, 0x89e5, &(0x7f0000000280)={0x79, "06b9ad1885e542655d9d6bfd3a9844f6fa18b0e4f79beca5d78257ee5bb6a457ea334d0eb9b38987b4c4cd3cc2ee1e41877e9fedafff5a2cd9fa1bcc7ef0c0296a924a0a0fb5597ace767481c1c156c2b70e3ccf25e0204221305e54cfa88192be0a29f404c7d9d5646b03d836a3f77ff121d204373e59b809913ee49f6ca17a"})
syz_extract_tcp_res(&(0x7f0000000240), 0x0, 0x4)

06:11:51 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x160, 0x500)

[  450.174287][T16688] 9pnet: Insufficient options for proto=fd
06:11:51 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
getpid()
getpid()
openat$ocfs2_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
unshare(0x2a000400)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='cgroup2\x00', 0x0, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x275a, 0x0)
readv(r1, &(0x7f0000000040)=[{&(0x7f0000000200)=""/168, 0xa8}], 0x1)
r2 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b200080000001028e6c467144d2fa833"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r7, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xfff1}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x401}}]}]}}]}, 0x50}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', r7})
openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/create\x00', 0x2, 0x0)

06:11:51 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000e05d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:51 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$P9_RREMOVE(r3, &(0x7f0000000280), 0x1033b)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x10)
ioctl$BLKBSZGET(r4, 0x80081270, &(0x7f0000000140))
sendfile(r1, r2, 0x0, 0x10000)

06:11:51 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)

06:11:51 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x161, 0x500)

06:11:51 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x2, 0x0)

06:11:51 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)

06:11:51 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024001005d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  450.575526][   T27] audit: type=1804 audit(1583993511.576:111): pid=16716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/240/file0/file0" dev="loop3" ino=27 res=1
[  450.656683][   T27] audit: type=1800 audit(1583993511.616:112): pid=16716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=27 res=0
[  450.747096][   T27] audit: type=1804 audit(1583993511.626:113): pid=16706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/240/file0/file0" dev="loop3" ino=27 res=1
06:11:51 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x162, 0x500)

[  450.783146][   T27] audit: type=1804 audit(1583993511.656:114): pid=16706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/240/file0/file0" dev="loop3" ino=27 res=1
06:11:51 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$P9_RREMOVE(r3, &(0x7f0000000280), 0x1033b)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x10)
ioctl$BLKBSZGET(r4, 0x80081270, &(0x7f0000000140))
sendfile(r1, r2, 0x0, 0x10000)

06:11:51 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024002805d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  450.990152][   T27] audit: type=1400 audit(1583993511.706:115): avc:  denied  { associate } for  pid=16697 comm="syz-executor.2" name="cpu.stat" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
06:11:52 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x163, 0x500)

[  451.108896][   T27] audit: type=1804 audit(1583993511.746:116): pid=16706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/240/file0/file0" dev="loop3" ino=27 res=1
[  451.223527][   T27] audit: type=1804 audit(1583993511.776:117): pid=16716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/240/file0/file0" dev="loop3" ino=27 res=1
[  451.270533][   T27] audit: type=1804 audit(1583993511.826:118): pid=16706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/240/file0/file0" dev="loop3" ino=27 res=1
[  451.504674][   T27] audit: type=1804 audit(1583993512.446:119): pid=16736 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/241/file0/file0" dev="loop3" ino=28 res=1
06:11:52 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x164, 0x500)

06:11:52 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024003505d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:52 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)

06:11:52 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$P9_RREMOVE(r3, &(0x7f0000000280), 0x1033b)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x10)
ioctl$BLKBSZGET(r4, 0x80081270, &(0x7f0000000140))
sendfile(r1, r2, 0x0, 0x10000)

06:11:52 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
getpid()
getpid()
openat$ocfs2_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
unshare(0x2a000400)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='cgroup2\x00', 0x0, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x275a, 0x0)
readv(r1, &(0x7f0000000040)=[{&(0x7f0000000200)=""/168, 0xa8}], 0x1)
r2 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b200080000001028e6c467144d2fa833"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r7, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xfff1}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x401}}]}]}}]}, 0x50}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', r7})
openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/create\x00', 0x2, 0x0)

06:11:52 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x3, 0x0)

[  451.861028][T16757] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  451.904432][T16757] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  451.930365][T12001] tipc: TX() has been purged, node left!
06:11:53 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x165, 0x500)

[  452.002328][T12001] tipc: TX() has been purged, node left!
06:11:53 executing program 0 (fault-call:8 fault-nth:0):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:53 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x166, 0x500)

06:11:53 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024005a05d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:53 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$P9_RREMOVE(r3, &(0x7f0000000280), 0x1033b)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x10)
ioctl$BLKBSZGET(r4, 0x80081270, &(0x7f0000000140))
sendfile(r1, r2, 0x0, 0x10000)

06:11:53 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x167, 0x500)

06:11:53 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x4, 0x0)

[  452.683884][T16795] FAULT_INJECTION: forcing a failure.
[  452.683884][T16795] name failslab, interval 1, probability 0, space 0, times 0
[  452.697259][T16795] CPU: 1 PID: 16795 Comm: syz-executor.0 Not tainted 5.6.0-rc5-syzkaller #0
[  452.705950][T16795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  452.715997][T16795] Call Trace:
[  452.719369][T16795]  dump_stack+0x188/0x20d
[  452.723692][T16795]  should_fail.cold+0x5/0xa
[  452.728179][T16795]  ? lock_downgrade+0x7f0/0x7f0
[  452.733017][T16795]  ? fault_create_debugfs_attr+0x140/0x140
[  452.738844][T16795]  should_failslab+0x5/0xf
[  452.743248][T16795]  kmem_cache_alloc+0x29b/0x730
[  452.748088][T16795]  ? ksys_write+0x20c/0x250
[  452.752592][T16795]  getname_flags+0xd2/0x5b0
[  452.757083][T16795]  ? vfs_write+0x342/0x5c0
[  452.761510][T16795]  do_sys_openat2+0x3cf/0x740
[  452.766226][T16795]  ? file_open_root+0x3d0/0x3d0
[  452.771432][T16795]  ? __mutex_unlock_slowpath+0xe2/0x660
[  452.776985][T16795]  ? wait_for_completion+0x3c0/0x3c0
[  452.782276][T16795]  do_sys_open+0xc3/0x140
[  452.786593][T16795]  ? filp_open+0x70/0x70
[  452.790830][T16795]  ? ksys_write+0x19f/0x250
[  452.795318][T16795]  ? __ia32_sys_clock_settime+0x260/0x260
[  452.801022][T16795]  ? trace_hardirqs_off_caller+0x55/0x230
[  452.806756][T16795]  do_syscall_64+0xf6/0x7d0
[  452.811349][T16795]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  452.817222][T16795] RIP: 0033:0x45c679
[  452.821115][T16795] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  452.840701][T16795] RSP: 002b:00007fb325a4cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  452.849096][T16795] RAX: ffffffffffffffda RBX: 00007fb325a4d6d4 RCX: 000000000045c679
[  452.857053][T16795] RDX: 0000000000000000 RSI: 0000000020000200 RDI: ffffffffffffff9c
[  452.865008][T16795] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[  452.872962][T16795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[  452.880915][T16795] R13: 0000000000000792 R14: 00000000004ca27e R15: 0000000000000000
06:11:53 executing program 0 (fault-call:8 fault-nth:1):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:54 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x168, 0x500)

06:11:54 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024006b05d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  453.338814][T16816] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  453.390176][T16816] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  453.434955][T16820] FAULT_INJECTION: forcing a failure.
[  453.434955][T16820] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  453.448232][T16820] CPU: 0 PID: 16820 Comm: syz-executor.0 Not tainted 5.6.0-rc5-syzkaller #0
[  453.457076][T16820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  453.467135][T16820] Call Trace:
[  453.470433][T16820]  dump_stack+0x188/0x20d
[  453.474775][T16820]  should_fail.cold+0x5/0xa
[  453.479290][T16820]  ? fault_create_debugfs_attr+0x140/0x140
[  453.485200][T16820]  ? __lock_acquire+0x14bd/0x3ca0
[  453.490225][T16820]  __alloc_pages_nodemask+0x17a/0x820
[  453.495595][T16820]  ? __alloc_pages_slowpath+0x26a0/0x26a0
[  453.501314][T16820]  ? find_held_lock+0x2d/0x110
[  453.506088][T16820]  ? kstrtouint+0x11e/0x180
[  453.510596][T16820]  ? lock_downgrade+0x7f0/0x7f0
[  453.515680][T16820]  cache_grow_begin+0x8c/0xc30
[  453.520439][T16820]  ? cache_alloc_pfmemalloc+0x1e/0x140
[  453.525908][T16820]  kmem_cache_alloc+0x66a/0x730
[  453.530864][T16820]  ? ksys_write+0x20c/0x250
[  453.535381][T16820]  getname_flags+0xd2/0x5b0
[  453.539892][T16820]  ? vfs_write+0x342/0x5c0
[  453.544316][T16820]  do_sys_openat2+0x3cf/0x740
[  453.548991][T16820]  ? file_open_root+0x3d0/0x3d0
[  453.554106][T16820]  ? __mutex_unlock_slowpath+0xe2/0x660
[  453.559763][T16820]  ? wait_for_completion+0x3c0/0x3c0
[  453.565071][T16820]  do_sys_open+0xc3/0x140
[  453.569394][T16820]  ? filp_open+0x70/0x70
[  453.573891][T16820]  ? ksys_write+0x19f/0x250
[  453.578392][T16820]  ? __ia32_sys_clock_settime+0x260/0x260
[  453.584128][T16820]  ? trace_hardirqs_off_caller+0x55/0x230
[  453.589851][T16820]  do_syscall_64+0xf6/0x7d0
[  453.594364][T16820]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  453.600245][T16820] RIP: 0033:0x45c679
[  453.604126][T16820] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  453.627748][T16820] RSP: 002b:00007fb325a2bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  453.636146][T16820] RAX: ffffffffffffffda RBX: 00007fb325a2c6d4 RCX: 000000000045c679
[  453.644103][T16820] RDX: 0000000000000000 RSI: 0000000020000200 RDI: ffffffffffffff9c
[  453.652056][T16820] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
[  453.660098][T16820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[  453.668052][T16820] R13: 0000000000000792 R14: 00000000004ca27e R15: 0000000000000001
06:11:54 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$P9_RREMOVE(r3, &(0x7f0000000280), 0x1033b)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:11:54 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x169, 0x500)

06:11:54 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00')
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000000000443)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="2403002e", @ANYRES16=0x0, @ANYBLOB="000427bd7000000000000300000008002b00000000000500380000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x4008080)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r2, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x2, 0xaa, 0x0, 0x0, 0x2, 0x6, 0x6a35, 0xcc, 0x40, 0x0, 0x0, 0xd1, 0x38, 0x0, 0x9, 0x124d, 0x1000}, [{0x0, 0x0, 0x0, 0x43d, 0x0, 0x4, 0x5}], "6570da331897013f3292cff42a00d6f47c4d0c150a18209f4bd2d056ad7ff1654d0e33c9ed5296d987afe72384a16df84994af4d37a8013da596915affe4a5f86826a04aacbb", [[], [], [], [], [], []]}, 0x6be)
write$P9_RWALK(r2, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8)
r3 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x10040, 0x0)
dup2(r2, r3)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x501000, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0)={0x0, <r5=>0x0}, &(0x7f0000000300)=0xc)
r6 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000280))
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0)
r8 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r8, 0xc028660f, &(0x7f0000000280)={0x0, r7})
statx(r8, &(0x7f0000000100)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r10=>0xffffffffffffffff})
r11 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000ac0)={0x0, 0x0, <r12=>0x0}, &(0x7f0000cab000)=0xc)
r13 = getpid()
sendmsg$unix(r10, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r13, 0x0, r12}}}], 0x20}, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x180400, &(0x7f0000000b00)=ANY=[@ANYBLOB="51641d", @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r9, @ANYBLOB=',group_id=', @ANYRESDEC=r12, @ANYBLOB="2c64656661756c745f70657245fb7fca696f6e732c616c6c6f775f6fb46865722c6d61785f726561643d3078303030303030303030303030303030312c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303033372c626c6b73697a653d3078303030303030303030303030313230302c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c7375626a5f747970653d2f6465762f627367002c636f6e746578743d73746166665f752c646f6e745f61707072616973652c002af32fd140cddcfc158d70d6a4aed9df5d"])
fchownat(r4, &(0x7f0000000240)='./bus\x00', r5, r12, 0x1000)

06:11:54 executing program 0 (fault-call:8 fault-nth:2):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

06:11:54 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x5, 0x0)

06:11:54 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000504d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:55 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$P9_RREMOVE(r3, &(0x7f0000000280), 0x1033b)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:11:55 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x16a, 0x500)

[  454.006387][T16834] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  454.015165][T16834] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:11:55 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000506d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:55 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x16b, 0x500)

[  454.365226][T16849] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  454.438114][T16851] FAULT_INJECTION: forcing a failure.
[  454.438114][T16851] name failslab, interval 1, probability 0, space 0, times 0
[  454.442756][   T27] kauditd_printk_skb: 15 callbacks suppressed
[  454.442770][   T27] audit: type=1804 audit(1583993515.436:135): pid=16847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/245/file0/file0" dev="loop3" ino=32 res=1
[  454.471369][T16851] CPU: 1 PID: 16851 Comm: syz-executor.0 Not tainted 5.6.0-rc5-syzkaller #0
[  454.493730][T16851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  454.503792][T16851] Call Trace:
[  454.507093][T16851]  dump_stack+0x188/0x20d
[  454.511437][T16851]  should_fail.cold+0x5/0xa
[  454.515946][T16851]  ? lock_downgrade+0x7f0/0x7f0
[  454.520814][T16851]  ? fault_create_debugfs_attr+0x140/0x140
[  454.526646][T16851]  should_failslab+0x5/0xf
[  454.531085][T16851]  kmem_cache_alloc+0x29b/0x730
[  454.536317][T16851]  ? stack_trace_save+0x8c/0xc0
[  454.541184][T16851]  __alloc_file+0x21/0x340
[  454.545614][T16851]  alloc_empty_file+0x6d/0x170
[  454.550394][T16851]  path_openat+0xef/0x32b0
[  454.554826][T16851]  ? __kasan_kmalloc.constprop.0+0xbf/0xd0
[  454.555774][T16849] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  454.560644][T16851]  ? kmem_cache_alloc+0x11b/0x730
[  454.560659][T16851]  ? getname_flags+0xd2/0x5b0
[  454.560673][T16851]  ? do_sys_openat2+0x3cf/0x740
[  454.560685][T16851]  ? do_sys_open+0xc3/0x140
[  454.560700][T16851]  ? do_syscall_64+0xf6/0x7d0
[  454.560714][T16851]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  454.560735][T16851]  ? __lock_acquire+0x14bd/0x3ca0
[  454.605283][T16851]  ? path_mountpoint.isra.0+0x370/0x370
[  454.610854][T16851]  ? __lock_acquire+0x14bd/0x3ca0
[  454.615907][T16851]  do_filp_open+0x192/0x260
[  454.620428][T16851]  ? may_open_dev+0xf0/0xf0
[  454.625057][T16851]  ? __alloc_fd+0x46d/0x600
[  454.629640][T16851]  ? lock_downgrade+0x7f0/0x7f0
[  454.629662][T16851]  ? do_raw_spin_lock+0x129/0x2e0
[  454.639562][T16851]  ? _raw_spin_unlock+0x24/0x40
[  454.644429][T16851]  ? __alloc_fd+0x46d/0x600
[  454.648980][T16851]  do_sys_openat2+0x54c/0x740
[  454.649004][T16851]  ? file_open_root+0x3d0/0x3d0
[  454.649020][T16851]  ? __mutex_unlock_slowpath+0xe2/0x660
[  454.664296][T16851]  ? wait_for_completion+0x3c0/0x3c0
[  454.664328][T16851]  do_sys_open+0xc3/0x140
[  454.664345][T16851]  ? filp_open+0x70/0x70
[  454.664356][T16851]  ? ksys_write+0x19f/0x250
[  454.664375][T16851]  ? __ia32_sys_clock_settime+0x260/0x260
[  454.673544][   T27] audit: type=1800 audit(1583993515.436:136): pid=16847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=32 res=0
[  454.674232][T16851]  ? trace_hardirqs_off_caller+0x55/0x230
06:11:55 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000508d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  454.684357][   T27] audit: type=1804 audit(1583993515.476:137): pid=16847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/245/file0/file0" dev="loop3" ino=32 res=1
[  454.688853][T16851]  do_syscall_64+0xf6/0x7d0
[  454.688877][T16851]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  454.688889][T16851] RIP: 0033:0x45c679
[  454.688905][T16851] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  454.688912][T16851] RSP: 002b:00007fb325a4cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
06:11:55 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00')
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000000000443)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="2403002e", @ANYRES16=0x0, @ANYBLOB="000427bd7000000000000300000008002b00000000000500380000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x4008080)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r2, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x2, 0xaa, 0x0, 0x0, 0x2, 0x6, 0x6a35, 0xcc, 0x40, 0x0, 0x0, 0xd1, 0x38, 0x0, 0x9, 0x124d, 0x1000}, [{0x0, 0x0, 0x0, 0x43d, 0x0, 0x4, 0x5}], "6570da331897013f3292cff42a00d6f47c4d0c150a18209f4bd2d056ad7ff1654d0e33c9ed5296d987afe72384a16df84994af4d37a8013da596915affe4a5f86826a04aacbb", [[], [], [], [], [], []]}, 0x6be)
write$P9_RWALK(r2, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8)
r3 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x10040, 0x0)
dup2(r2, r3)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x501000, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0)={0x0, <r5=>0x0}, &(0x7f0000000300)=0xc)
r6 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000280))
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0)
r8 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r8, 0xc028660f, &(0x7f0000000280)={0x0, r7})
statx(r8, &(0x7f0000000100)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r10=>0xffffffffffffffff})
r11 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000ac0)={0x0, 0x0, <r12=>0x0}, &(0x7f0000cab000)=0xc)
r13 = getpid()
sendmsg$unix(r10, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r13, 0x0, r12}}}], 0x20}, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x180400, &(0x7f0000000b00)=ANY=[@ANYBLOB="51641d", @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r9, @ANYBLOB=',group_id=', @ANYRESDEC=r12, @ANYBLOB="2c64656661756c745f70657245fb7fca696f6e732c616c6c6f775f6fb46865722c6d61785f726561643d3078303030303030303030303030303030312c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303033372c626c6b73697a653d3078303030303030303030303030313230302c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c7375626a5f747970653d2f6465762f627367002c636f6e746578743d73746166665f752c646f6e745f61707072616973652c002af32fd140cddcfc158d70d6a4aed9df5d"])
fchownat(r4, &(0x7f0000000240)='./bus\x00', r5, r12, 0x1000)

[  454.787561][T16851] RAX: ffffffffffffffda RBX: 00007fb325a4d6d4 RCX: 000000000045c679
[  454.787569][T16851] RDX: 0000000000000000 RSI: 0000000020000200 RDI: ffffffffffffff9c
[  454.787582][T16851] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[  454.811731][T16851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
06:11:55 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$P9_RREMOVE(r3, &(0x7f0000000280), 0x1033b)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  454.811742][T16851] R13: 0000000000000792 R14: 00000000004ca27e R15: 0000000000000002
06:11:56 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x16c, 0x500)

[  454.931993][T16865] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  454.932007][T16865] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:11:56 executing program 0 (fault-call:8 fault-nth:3):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  455.163630][   T27] audit: type=1804 audit(1583993516.156:138): pid=16871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/246/file0/file0" dev="loop3" ino=33 res=1
06:11:56 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000509d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  455.306685][   T27] audit: type=1800 audit(1583993516.166:139): pid=16871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=33 res=0
[  455.330495][   T27] audit: type=1804 audit(1583993516.206:140): pid=16871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/246/file0/file0" dev="loop3" ino=33 res=1
[  455.395377][T16881] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  455.431274][T16881] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:11:56 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x6, 0x0)

06:11:56 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$P9_RREMOVE(r3, &(0x7f0000000280), 0x1033b)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:11:56 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x16d, 0x500)

06:11:56 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e4800002400050cd20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:56 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$P9_RREMOVE(r3, &(0x7f0000000280), 0x1033b)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  455.735665][T16895] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  455.767996][T16897] FAULT_INJECTION: forcing a failure.
[  455.767996][T16897] name failslab, interval 1, probability 0, space 0, times 0
[  455.787391][   T27] audit: type=1804 audit(1583993516.786:141): pid=16896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/247/file0/file0" dev="loop3" ino=34 res=1
06:11:56 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x16e, 0x500)

[  455.830840][T16895] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:11:56 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$P9_RREMOVE(r3, &(0x7f0000000280), 0x1033b)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:11:57 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x16f, 0x500)

[  455.943251][T16897] CPU: 0 PID: 16897 Comm: syz-executor.0 Not tainted 5.6.0-rc5-syzkaller #0
[  455.952067][T16897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  455.963174][T16897] Call Trace:
[  455.966484][T16897]  dump_stack+0x188/0x20d
[  455.971373][T16897]  should_fail.cold+0x5/0xa
[  455.971392][T16897]  ? lock_downgrade+0x7f0/0x7f0
[  455.971412][T16897]  ? fault_create_debugfs_attr+0x140/0x140
[  455.971445][T16897]  should_failslab+0x5/0xf
[  455.971460][T16897]  kmem_cache_alloc+0x29b/0x730
06:11:57 executing program 0 (fault-call:8 fault-nth:4):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  455.971481][T16897]  ? kmem_cache_alloc+0x358/0x730
[  455.971509][T16897]  security_file_alloc+0x34/0x160
[  455.971528][T16897]  __alloc_file+0xd8/0x340
[  455.971546][T16897]  alloc_empty_file+0x6d/0x170
06:11:57 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x170, 0x500)

[  455.971567][T16897]  path_openat+0xef/0x32b0
[  455.971582][T16897]  ? __kasan_kmalloc.constprop.0+0xbf/0xd0
06:11:57 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e4800002400050ed20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  455.971596][T16897]  ? kmem_cache_alloc+0x11b/0x730
[  455.971609][T16897]  ? getname_flags+0xd2/0x5b0
[  455.971622][T16897]  ? do_sys_openat2+0x3cf/0x740
06:11:57 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  455.971635][T16897]  ? do_sys_open+0xc3/0x140
[  455.971648][T16897]  ? do_syscall_64+0xf6/0x7d0
[  455.971663][T16897]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  455.971747][T16897]  ? finish_task_switch+0x147/0x750
[  455.971761][T16897]  ? finish_task_switch+0x119/0x750
[  455.971788][T16897]  ? path_mountpoint.isra.0+0x370/0x370
[  455.971825][T16897]  ? __lock_acquire+0x14bd/0x3ca0
[  455.971856][T16897]  do_filp_open+0x192/0x260
[  455.971876][T16897]  ? may_open_dev+0xf0/0xf0
[  455.971892][T16897]  ? __alloc_fd+0x46d/0x600
[  455.971914][T16897]  ? lock_downgrade+0x7f0/0x7f0
[  455.971929][T16897]  ? do_raw_spin_lock+0x129/0x2e0
[  455.971961][T16897]  ? _raw_spin_unlock+0x24/0x40
[  455.971976][T16897]  ? __alloc_fd+0x46d/0x600
[  455.972003][T16897]  do_sys_openat2+0x54c/0x740
[  455.972023][T16897]  ? file_open_root+0x3d0/0x3d0
[  455.972038][T16897]  ? __mutex_unlock_slowpath+0xe2/0x660
[  455.972059][T16897]  ? wait_for_completion+0x3c0/0x3c0
[  455.972084][T16897]  do_sys_open+0xc3/0x140
[  455.972099][T16897]  ? filp_open+0x70/0x70
[  455.972112][T16897]  ? ksys_write+0x19f/0x250
[  455.972129][T16897]  ? __ia32_sys_clock_settime+0x260/0x260
[  455.972147][T16897]  ? trace_hardirqs_off_caller+0x55/0x230
[  455.972174][T16897]  do_syscall_64+0xf6/0x7d0
[  455.972194][T16897]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  455.972206][T16897] RIP: 0033:0x45c679
[  455.972221][T16897] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  455.972229][T16897] RSP: 002b:00007fb325a2bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  455.972244][T16897] RAX: ffffffffffffffda RBX: 00007fb325a2c6d4 RCX: 000000000045c679
[  455.972253][T16897] RDX: 0000000000000000 RSI: 0000000020000200 RDI: ffffffffffffff9c
[  455.972261][T16897] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
[  455.972270][T16897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[  455.972277][T16897] R13: 0000000000000792 R14: 00000000004ca27e R15: 0000000000000003
[  455.992303][   T27] audit: type=1800 audit(1583993516.786:142): pid=16896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=34 res=0
[  455.992334][   T27] audit: type=1804 audit(1583993516.796:143): pid=16896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/247/file0/file0" dev="loop3" ino=34 res=1
[  456.013444][T16912] 9pnet: Insufficient options for proto=fd
[  456.108850][T16895] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  456.117483][T16895] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  456.259359][   T27] audit: type=1804 audit(1583993517.256:144): pid=16920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/248/file0/file0" dev="loop3" ino=36 res=1
[  456.550953][T16929] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  456.830206][T16929] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:11:57 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x7, 0x0)

06:11:57 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00')
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000000000443)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="2403002e", @ANYRES16=0x0, @ANYBLOB="000427bd7000000000000300000008002b00000000000500380000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x4008080)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r2, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x2, 0xaa, 0x0, 0x0, 0x2, 0x6, 0x6a35, 0xcc, 0x40, 0x0, 0x0, 0xd1, 0x38, 0x0, 0x9, 0x124d, 0x1000}, [{0x0, 0x0, 0x0, 0x43d, 0x0, 0x4, 0x5}], "6570da331897013f3292cff42a00d6f47c4d0c150a18209f4bd2d056ad7ff1654d0e33c9ed5296d987afe72384a16df84994af4d37a8013da596915affe4a5f86826a04aacbb", [[], [], [], [], [], []]}, 0x6be)
write$P9_RWALK(r2, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8)
r3 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x10040, 0x0)
dup2(r2, r3)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x501000, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0)={0x0, <r5=>0x0}, &(0x7f0000000300)=0xc)
r6 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000280))
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0)
r8 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r8, 0xc028660f, &(0x7f0000000280)={0x0, r7})
statx(r8, &(0x7f0000000100)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r10=>0xffffffffffffffff})
r11 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000ac0)={0x0, 0x0, <r12=>0x0}, &(0x7f0000cab000)=0xc)
r13 = getpid()
sendmsg$unix(r10, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r13, 0x0, r12}}}], 0x20}, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x180400, &(0x7f0000000b00)=ANY=[@ANYBLOB="51641d", @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r9, @ANYBLOB=',group_id=', @ANYRESDEC=r12, @ANYBLOB="2c64656661756c745f70657245fb7fca696f6e732c616c6c6f775f6fb46865722c6d61785f726561643d3078303030303030303030303030303030312c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303033372c626c6b73697a653d3078303030303030303030303030313230302c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c7375626a5f747970653d2f6465762f627367002c636f6e746578743d73746166665f752c646f6e745f61707072616973652c002af32fd140cddcfc158d70d6a4aed9df5d"])
fchownat(r4, &(0x7f0000000240)='./bus\x00', r5, r12, 0x1000)

06:11:57 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x171, 0x500)

[  457.108653][T16947] FAULT_INJECTION: forcing a failure.
[  457.108653][T16947] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  457.121904][T16947] CPU: 1 PID: 16947 Comm: syz-executor.0 Not tainted 5.6.0-rc5-syzkaller #0
[  457.131384][T16947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  457.141465][T16947] Call Trace:
[  457.144882][T16947]  dump_stack+0x188/0x20d
[  457.149243][T16947]  should_fail.cold+0x5/0xa
06:11:58 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000510d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  457.153760][T16947]  ? fault_create_debugfs_attr+0x140/0x140
[  457.159579][T16947]  ? find_held_lock+0x2d/0x110
[  457.164425][T16947]  ? is_bpf_image_address+0x1a9/0x280
[  457.169839][T16947]  __alloc_pages_nodemask+0x17a/0x820
[  457.169853][T16947]  ? lock_downgrade+0x7f0/0x7f0
[  457.169873][T16947]  ? __alloc_pages_slowpath+0x26a0/0x26a0
[  457.185901][T16947]  cache_grow_begin+0x8c/0xc30
[  457.190688][T16947]  ? cache_alloc_pfmemalloc+0x1e/0x140
[  457.196178][T16947]  __kmalloc+0x6d6/0x7a0
[  457.200506][T16947]  ? tomoyo_realpath_from_path+0xc2/0x620
[  457.206259][T16947]  tomoyo_realpath_from_path+0xc2/0x620
[  457.211829][T16947]  tomoyo_check_open_permission+0x26d/0x370
[  457.217737][T16947]  ? tomoyo_path_number_perm+0x4d0/0x4d0
[  457.223383][T16947]  ? avc_has_perm_noaudit+0x510/0x510
[  457.228854][T16947]  ? inode_has_perm+0x230/0x230
[  457.233726][T16947]  ? do_raw_spin_lock+0x129/0x2e0
[  457.238776][T16947]  ? rwlock_bug.part.0+0x90/0x90
[  457.244156][T16947]  tomoyo_file_open+0x9d/0xc0
[  457.248874][T16947]  security_file_open+0x6a/0x2e0
[  457.253843][T16947]  do_dentry_open+0x349/0x1250
[  457.258631][T16947]  ? security_inode_permission+0xc4/0xf0
[  457.264313][T16947]  ? chown_common+0x550/0x550
[  457.264337][T16947]  ? inode_permission+0xab/0x500
[  457.264366][T16947]  path_openat+0x122a/0x32b0
[  457.264404][T16947]  ? path_mountpoint.isra.0+0x370/0x370
[  457.264431][T16947]  ? __lock_acquire+0x14bd/0x3ca0
[  457.264461][T16947]  do_filp_open+0x192/0x260
[  457.264485][T16947]  ? may_open_dev+0xf0/0xf0
[  457.264512][T16947]  ? do_raw_spin_lock+0x129/0x2e0
[  457.303341][T16947]  ? _raw_spin_unlock+0x24/0x40
[  457.308254][T16947]  ? __alloc_fd+0x46d/0x600
[  457.312799][T16947]  do_sys_openat2+0x54c/0x740
[  457.317510][T16947]  ? file_open_root+0x3d0/0x3d0
[  457.317531][T16947]  ? __mutex_unlock_slowpath+0xe2/0x660
[  457.327931][T16947]  ? wait_for_completion+0x3c0/0x3c0
[  457.327959][T16947]  do_sys_open+0xc3/0x140
[  457.337577][T16947]  ? filp_open+0x70/0x70
[  457.340204][T16949] FS-Cache: Duplicate cookie detected
[  457.341822][T16947]  ? ksys_write+0x19f/0x250
[  457.341842][T16947]  ? __ia32_sys_clock_settime+0x260/0x260
[  457.341863][T16947]  ? trace_hardirqs_off_caller+0x55/0x230
[  457.347221][T16949] FS-Cache: O-cookie c=0000000079d65771 [p=00000000750d8252 fl=222 nc=0 na=1]
[  457.351713][T16947]  do_syscall_64+0xf6/0x7d0
[  457.351735][T16947]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  457.351747][T16947] RIP: 0033:0x45c679
[  457.351760][T16947] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  457.351773][T16947] RSP: 002b:00007fb325a2bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  457.357475][T16949] FS-Cache: O-cookie d=00000000a2c01c2a n=00000000c45a1657
[  457.363181][T16947] RAX: ffffffffffffffda RBX: 00007fb325a2c6d4 RCX: 000000000045c679
[  457.363189][T16947] RDX: 0000000000000000 RSI: 0000000020000200 RDI: ffffffffffffff9c
[  457.363196][T16947] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
[  457.363203][T16947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
06:11:58 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  457.363210][T16947] R13: 0000000000000792 R14: 00000000004ca27e R15: 0000000000000004
[  457.462250][T16949] FS-Cache: O-key=[10] '34323934393832383530'
[  457.468352][T16949] FS-Cache: N-cookie c=0000000018f61a79 [p=00000000750d8252 fl=2 nc=0 na=1]
[  457.477090][T16949] FS-Cache: N-cookie d=00000000a2c01c2a n=00000000d83dcd56
[  457.484341][T16949] FS-Cache: N-key=[10] '34323934393832383530'
06:11:58 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x172, 0x500)

06:11:58 executing program 0 (fault-call:8 fault-nth:5):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  457.542182][T16953] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  457.576562][T16953] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:11:58 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x8, 0x0)

06:11:58 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000528d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:11:58 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00')
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000000000443)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="2403002e", @ANYRES16=0x0, @ANYBLOB="000427bd7000000000000300000008002b00000000000500380000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x4008080)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r2, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x2, 0xaa, 0x0, 0x0, 0x2, 0x6, 0x6a35, 0xcc, 0x40, 0x0, 0x0, 0xd1, 0x38, 0x0, 0x9, 0x124d, 0x1000}, [{0x0, 0x0, 0x0, 0x43d, 0x0, 0x4, 0x5}], "6570da331897013f3292cff42a00d6f47c4d0c150a18209f4bd2d056ad7ff1654d0e33c9ed5296d987afe72384a16df84994af4d37a8013da596915affe4a5f86826a04aacbb", [[], [], [], [], [], []]}, 0x6be)
write$P9_RWALK(r2, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8)
r3 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x10040, 0x0)
dup2(r2, r3)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x501000, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0)={0x0, <r5=>0x0}, &(0x7f0000000300)=0xc)
r6 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000280))
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0)
r8 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r8, 0xc028660f, &(0x7f0000000280)={0x0, r7})
statx(r8, &(0x7f0000000100)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r10=>0xffffffffffffffff})
r11 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000ac0)={0x0, 0x0, <r12=>0x0}, &(0x7f0000cab000)=0xc)
r13 = getpid()
sendmsg$unix(r10, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r13, 0x0, r12}}}], 0x20}, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x180400, &(0x7f0000000b00)=ANY=[@ANYBLOB="51641d", @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r9, @ANYBLOB=',group_id=', @ANYRESDEC=r12, @ANYBLOB="2c64656661756c745f70657245fb7fca696f6e732c616c6c6f775f6fb46865722c6d61785f726561643d3078303030303030303030303030303030312c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303033372c626c6b73697a653d3078303030303030303030303030313230302c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c7375626a5f747970653d2f6465762f627367002c636f6e746578743d73746166665f752c646f6e745f61707072616973652c002af32fd140cddcfc158d70d6a4aed9df5d"])
fchownat(r4, &(0x7f0000000240)='./bus\x00', r5, r12, 0x1000)

06:11:58 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x173, 0x500)

06:11:58 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  458.009206][T16979] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  458.021545][T16979] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  458.105403][T16976] FAULT_INJECTION: forcing a failure.
[  458.105403][T16976] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  458.118652][T16976] CPU: 0 PID: 16976 Comm: syz-executor.0 Not tainted 5.6.0-rc5-syzkaller #0
[  458.127330][T16976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  458.137387][T16976] Call Trace:
[  458.140707][T16976]  dump_stack+0x188/0x20d
[  458.145064][T16976]  should_fail.cold+0x5/0xa
[  458.149590][T16976]  ? fault_create_debugfs_attr+0x140/0x140
[  458.155424][T16976]  ? find_held_lock+0x2d/0x110
[  458.160201][T16976]  ? is_bpf_image_address+0x1a9/0x280
[  458.165604][T16976]  __alloc_pages_nodemask+0x17a/0x820
[  458.170988][T16976]  ? lock_downgrade+0x7f0/0x7f0
[  458.175857][T16976]  ? __alloc_pages_slowpath+0x26a0/0x26a0
[  458.181630][T16976]  cache_grow_begin+0x8c/0xc30
[  458.186413][T16976]  ? cache_alloc_pfmemalloc+0x1e/0x140
[  458.191888][T16976]  __kmalloc+0x6d6/0x7a0
[  458.196141][T16976]  ? tomoyo_realpath_from_path+0xc2/0x620
[  458.201888][T16976]  tomoyo_realpath_from_path+0xc2/0x620
[  458.207461][T16976]  tomoyo_check_open_permission+0x26d/0x370
[  458.213386][T16976]  ? tomoyo_path_number_perm+0x4d0/0x4d0
[  458.219025][T16976]  ? avc_has_perm_noaudit+0x510/0x510
[  458.224453][T16976]  ? inode_has_perm+0x230/0x230
[  458.229320][T16976]  ? do_raw_spin_lock+0x129/0x2e0
[  458.234356][T16976]  ? rwlock_bug.part.0+0x90/0x90
[  458.239317][T16976]  tomoyo_file_open+0x9d/0xc0
[  458.244010][T16976]  security_file_open+0x6a/0x2e0
[  458.249068][T16976]  do_dentry_open+0x349/0x1250
06:11:59 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000535d20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  458.253859][T16976]  ? security_inode_permission+0xc4/0xf0
[  458.259626][T16976]  ? chown_common+0x550/0x550
[  458.264406][T16976]  ? inode_permission+0xab/0x500
[  458.269370][T16976]  path_openat+0x122a/0x32b0
[  458.274600][T16976]  ? path_mountpoint.isra.0+0x370/0x370
[  458.274625][T16976]  ? __lock_acquire+0x14bd/0x3ca0
[  458.274655][T16976]  do_filp_open+0x192/0x260
[  458.274675][T16976]  ? may_open_dev+0xf0/0xf0
[  458.274706][T16976]  ? do_raw_spin_lock+0x129/0x2e0
[  458.274740][T16976]  ? _raw_spin_unlock+0x24/0x40
[  458.274756][T16976]  ? __alloc_fd+0x46d/0x600
[  458.274787][T16976]  do_sys_openat2+0x54c/0x740
[  458.274809][T16976]  ? file_open_root+0x3d0/0x3d0
[  458.274825][T16976]  ? __mutex_unlock_slowpath+0xe2/0x660
[  458.274847][T16976]  ? wait_for_completion+0x3c0/0x3c0
06:11:59 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x174, 0x500)

[  458.274875][T16976]  do_sys_open+0xc3/0x140
[  458.274890][T16976]  ? filp_open+0x70/0x70
[  458.274904][T16976]  ? ksys_write+0x19f/0x250
[  458.274921][T16976]  ? __ia32_sys_clock_settime+0x260/0x260
[  458.274940][T16976]  ? trace_hardirqs_off_caller+0x55/0x230
[  458.274969][T16976]  do_syscall_64+0xf6/0x7d0
06:11:59 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

[  458.274989][T16976]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  458.275000][T16976] RIP: 0033:0x45c679
06:11:59 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e4800002400055ad20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  458.275017][T16976] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
06:11:59 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)

[  458.275025][T16976] RSP: 002b:00007fb325a4cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  458.275039][T16976] RAX: ffffffffffffffda RBX: 00007fb325a4d6d4 RCX: 000000000045c679
[  458.275048][T16976] RDX: 0000000000000000 RSI: 0000000020000200 RDI: ffffffffffffff9c
[  458.275057][T16976] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[  458.275065][T16976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[  458.275073][T16976] R13: 0000000000000792 R14: 00000000004ca27e R15: 0000000000000005
[  458.314994][T16987] 9pnet: Insufficient options for proto=fd
[  458.436520][T16995] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:11:59 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x175, 0x500)

[  458.436534][T16995] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  458.788633][T17005] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  458.851285][T17005] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:11:59 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e4800002400056bd20680648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:00 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x300, 0x0)

06:12:00 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00')
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000000000443)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="2403002e", @ANYRES16=0x0, @ANYBLOB="000427bd7000000000000300000008002b00000000000500380000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x4008080)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r2, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x2, 0xaa, 0x0, 0x0, 0x2, 0x6, 0x6a35, 0xcc, 0x40, 0x0, 0x0, 0xd1, 0x38, 0x0, 0x9, 0x124d, 0x1000}, [{0x0, 0x0, 0x0, 0x43d, 0x0, 0x4, 0x5}], "6570da331897013f3292cff42a00d6f47c4d0c150a18209f4bd2d056ad7ff1654d0e33c9ed5296d987afe72384a16df84994af4d37a8013da596915affe4a5f86826a04aacbb", [[], [], [], [], [], []]}, 0x6be)
write$P9_RWALK(r2, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8)
r3 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x10040, 0x0)
dup2(r2, r3)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x501000, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0)={0x0, <r5=>0x0}, &(0x7f0000000300)=0xc)
r6 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000280))
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0)
r8 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r8, 0xc028660f, &(0x7f0000000280)={0x0, r7})
statx(r8, &(0x7f0000000100)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r10=>0xffffffffffffffff})
r11 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000ac0)={0x0, 0x0, <r12=>0x0}, &(0x7f0000cab000)=0xc)
r13 = getpid()
sendmsg$unix(r10, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r13, 0x0, r12}}}], 0x20}, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x180400, &(0x7f0000000b00)=ANY=[@ANYBLOB="51641d", @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r9, @ANYBLOB=',group_id=', @ANYRESDEC=r12, @ANYBLOB="2c64656661756c745f70657245fb7fca696f6e732c616c6c6f775f6fb46865722c6d61785f726561643d3078303030303030303030303030303030312c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303033372c626c6b73697a653d3078303030303030303030303030313230302c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c7375626a5f747970653d2f6465762f627367002c636f6e746578743d73746166665f752c646f6e745f61707072616973652c002af32fd140cddcfc158d70d6a4aed9df5d"])
fchownat(r4, &(0x7f0000000240)='./bus\x00', r5, r12, 0x1000)

06:12:00 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

06:12:00 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x176, 0x500)

06:12:00 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20280648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  459.528885][T17042] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:12:00 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x177, 0x500)

06:12:00 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x500, 0x0)

06:12:00 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

[  459.587749][T17042] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:00 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x2, 0x0)

06:12:00 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20380648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:01 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x600, 0x0)

06:12:01 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x178, 0x500)

06:12:01 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  460.129088][T17064] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  460.137723][T17064] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  460.273474][   T27] kauditd_printk_skb: 16 callbacks suppressed
[  460.273489][   T27] audit: type=1804 audit(1583993521.276:161): pid=17070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/255/file0/file0" dev="loop3" ino=43 res=1
06:12:01 executing program 2:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x500, 0x0)

06:12:01 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x3, 0x0)

06:12:01 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  460.469205][   T27] audit: type=1800 audit(1583993521.276:162): pid=17070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=43 res=0
[  460.494849][T17064] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  460.559234][T17064] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:01 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x179, 0x500)

[  460.689069][   T27] audit: type=1804 audit(1583993521.296:163): pid=17070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/255/file0/file0" dev="loop3" ino=43 res=1
06:12:01 executing program 2:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x500, 0x0)

06:12:01 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20580648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:02 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x17a, 0x500)

06:12:02 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:02 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x700, 0x0)

[  461.109092][T17101] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  461.183332][T17101] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  461.336796][T17101] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  461.369777][   T27] audit: type=1804 audit(1583993522.366:164): pid=17112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/257/file0/file0" dev="loop3" ino=44 res=1
[  461.399066][T17101] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:02 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x17b, 0x500)

06:12:02 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x4, 0x0)

06:12:02 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

06:12:02 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20780648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  461.577941][T17120] FS-Cache: Duplicate cookie detected
[  461.583469][T17120] FS-Cache: O-cookie c=000000002c05a5d7 [p=00000000750d8252 fl=222 nc=0 na=1]
[  461.592425][T17120] FS-Cache: O-cookie d=00000000a2c01c2a n=00000000dd78e238
[  461.599623][T17120] FS-Cache: O-key=[10] '34323934393833323937'
[  461.606083][T17120] FS-Cache: N-cookie c=00000000a99c7477 [p=00000000750d8252 fl=2 nc=0 na=1]
[  461.614852][T17120] FS-Cache: N-cookie d=00000000a2c01c2a n=00000000b77cfa7d
[  461.622129][T17120] FS-Cache: N-key=[10] '34323934393833323937'
[  461.703525][   T27] audit: type=1800 audit(1583993522.366:165): pid=17112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=44 res=0
06:12:02 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

[  461.878140][T17132] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:12:02 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x17c, 0x500)

[  461.917528][   T27] audit: type=1804 audit(1583993522.396:166): pid=17112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/257/file0/file0" dev="loop3" ino=44 res=1
[  461.946603][T17132] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:03 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

06:12:03 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x3f00, 0x0)

06:12:03 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20880648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:03 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x17d, 0x500)

06:12:03 executing program 2:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x700, 0x0)

06:12:03 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

06:12:03 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x5, 0x0)

06:12:03 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x17e, 0x500)

06:12:03 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20980648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:03 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:03 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x17f, 0x500)

[  462.910100][T17183] validate_nla: 1 callbacks suppressed
[  462.910111][T17183] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  462.941057][T17183] __nla_validate_parse: 1 callbacks suppressed
[  462.941065][T17183] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  463.006794][T17190] 9pnet: Insufficient options for proto=fd
06:12:04 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x180, 0x500)

06:12:04 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

[  463.158692][   T27] audit: type=1804 audit(1583993524.156:167): pid=17194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/261/file0/file0" dev="loop3" ino=49 res=1
[  463.256997][T17183] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  463.316800][   T27] audit: type=1800 audit(1583993524.156:168): pid=17194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=49 res=0
[  463.353627][   T27] audit: type=1804 audit(1583993524.196:169): pid=17194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/261/file0/file0" dev="loop3" ino=49 res=1
[  463.356232][T17183] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:04 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeff, 0x0)

06:12:04 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r0, r1, 0x0, 0x10000)

06:12:04 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20a80648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:04 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x181, 0x500)

06:12:04 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r0, r1, 0x0, 0x10000)

06:12:04 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x6, 0x0)

[  463.685282][T17213] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  463.693798][T17213] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:04 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r0, r1, 0x0, 0x10000)

06:12:04 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x182, 0x500)

06:12:05 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xff00, 0x0)

[  464.044700][T17213] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  464.089394][T17213] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:05 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:05 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:05 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x183, 0x500)

06:12:05 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20b80648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  464.387310][   T27] audit: type=1804 audit(1583993525.386:170): pid=17245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/265/file0/file0" dev="loop3" ino=51 res=1
06:12:05 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x7, 0x0)

06:12:05 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r0, r1, 0x0, 0x10000)

[  464.528048][T17257] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  464.539334][T17257] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:05 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x184, 0x500)

06:12:05 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:05 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfffe, 0x0)

06:12:05 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20c80648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:05 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r0, r1, 0x0, 0x10000)

06:12:05 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x185, 0x500)

[  464.986615][T17281] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  464.999694][T17281] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:06 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x186, 0x500)

06:12:06 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:06 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r0, r1, 0x0, 0x10000)

06:12:06 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20e80648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:06 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x8, 0x0)

06:12:06 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:06 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x187, 0x500)

[  465.625896][T17314] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  465.657201][T17314] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:06 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeffff, 0x0)

[  465.806693][   T27] kauditd_printk_skb: 8 callbacks suppressed
[  465.806709][   T27] audit: type=1804 audit(1583993526.806:179): pid=17309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/211/file0/file0" dev="loop2" ino=54 res=1
[  465.841763][   T27] audit: type=1800 audit(1583993526.806:180): pid=17309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="loop2" ino=54 res=0
06:12:06 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d21080648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:07 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:07 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x188, 0x500)

[  466.097057][T17333] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  466.110227][   T27] audit: type=1804 audit(1583993526.876:181): pid=17309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/211/file0/file0" dev="loop2" ino=54 res=1
06:12:07 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  466.190627][T17333] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:07 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

[  466.308505][   T27] audit: type=1804 audit(1583993527.096:182): pid=17334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/269/file0" dev="sda1" ino=16657 res=1
06:12:07 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x189, 0x500)

06:12:07 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x300, 0x0)

06:12:07 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x1000000, 0x0)

06:12:07 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d21180648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:07 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  466.589270][   T27] audit: type=1800 audit(1583993527.096:183): pid=17334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16657 res=0
[  466.613885][   T27] audit: type=1804 audit(1583993527.106:184): pid=17334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/269/file0" dev="sda1" ino=16657 res=1
06:12:07 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x18a, 0x500)

06:12:07 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

[  466.660758][T17364] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  466.685171][T17364] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  466.829931][   T27] audit: type=1804 audit(1583993527.296:185): pid=17344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/212/file0/file0" dev="loop2" ino=55 res=1
06:12:07 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x18b, 0x500)

06:12:07 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

[  466.858273][   T27] audit: type=1800 audit(1583993527.296:186): pid=17344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="loop2" ino=55 res=0
06:12:07 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  466.964346][T17364] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  467.007060][   T27] audit: type=1804 audit(1583993527.486:187): pid=17353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/270/file0" dev="sda1" ino=16977 res=1
06:12:08 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  467.112002][T17364] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:08 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x18c, 0x500)

[  467.160326][   T27] audit: type=1800 audit(1583993527.486:188): pid=17353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16977 res=0
06:12:08 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x500, 0x0)

06:12:08 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x18d, 0x500)

06:12:08 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x2000000, 0x0)

06:12:08 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d21280648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:08 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:08 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:08 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d21380648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:08 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x18e, 0x500)

06:12:08 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

[  467.939783][T17436] validate_nla: 1 callbacks suppressed
[  467.939792][T17436] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  467.954854][T17436] __nla_validate_parse: 1 callbacks suppressed
[  467.954863][T17436] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:09 executing program 3:
sched_setscheduler(0x0, 0x6, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:09 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x600, 0x0)

[  468.069583][T17436] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  468.115697][T17436] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:09 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x18f, 0x500)

06:12:09 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x3000000, 0x0)

06:12:09 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x190, 0x500)

06:12:09 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:09 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

06:12:09 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x191, 0x500)

06:12:09 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d21480648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:09 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x192, 0x500)

06:12:09 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  468.646060][T17477] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  468.654387][T17477] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:09 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x700, 0x0)

06:12:09 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

06:12:09 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d22880648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:09 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  469.106048][T17511] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  469.114509][T17511] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  469.260824][T17511] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  469.288070][T17511] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:10 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x4000000, 0x0)

06:12:10 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x193, 0x500)

06:12:10 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r0, r1, 0x0, 0x10000)

06:12:10 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:10 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r0, r1, 0x0, 0x10000)

06:12:10 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x3f00, 0x0)

06:12:10 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x194, 0x500)

06:12:10 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d23580648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:10 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:10 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x5000000, 0x0)

[  469.793951][T17545] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  469.836900][T17545] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:10 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r0, r1, 0x0, 0x10000)

06:12:10 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d25a80648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:10 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x195, 0x500)

06:12:11 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  470.108492][T17567] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  470.125854][T17567] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:11 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:11 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeff, 0x0)

06:12:11 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x6000000, 0x0)

06:12:11 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x196, 0x500)

06:12:11 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:11 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d26b80648c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:11 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r0, r1, 0x0, 0x10000)

06:12:11 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:11 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x197, 0x500)

[  470.740709][T17601] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  470.768105][T17601] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:11 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r0, r1, 0x0, 0x10000)

[  470.917648][   T27] kauditd_printk_skb: 38 callbacks suppressed
[  470.917663][   T27] audit: type=1804 audit(1583993531.916:227): pid=17612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/281/file0" dev="sda1" ino=17361 res=1
06:12:12 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xff00, 0x0)

06:12:12 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x198, 0x500)

[  471.049540][T17601] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:12:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  471.164855][   T27] audit: type=1800 audit(1583993531.966:228): pid=17612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17361 res=0
[  471.168612][T17601] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:12 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r0, r1, 0x0, 0x10000)

[  471.305324][T17631] FAT-fs (loop3): bogus number of reserved sectors
[  471.309192][   T27] audit: type=1804 audit(1583993531.966:229): pid=17612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/281/file0" dev="sda1" ino=17361 res=1
[  471.317808][T17631] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:12 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x7000000, 0x0)

06:12:12 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x199, 0x500)

[  471.358842][T17634] FS-Cache: Duplicate cookie detected
[  471.364398][T17634] FS-Cache: O-cookie c=000000006e4560a6 [p=00000000750d8252 fl=222 nc=0 na=1]
[  471.373373][T17634] FS-Cache: O-cookie d=00000000a2c01c2a n=0000000063ea06b0
[  471.380825][T17634] FS-Cache: O-key=[10] '34323934393834323735'
[  471.386969][T17634] FS-Cache: N-cookie c=00000000c4d244bd [p=00000000750d8252 fl=2 nc=0 na=1]
[  471.395742][T17634] FS-Cache: N-cookie d=00000000a2c01c2a n=000000002446857c
[  471.403162][T17634] FS-Cache: N-key=[10] '34323934393834323735'
06:12:12 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d206800a8c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:12 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x19a, 0x500)

[  471.502634][   T27] audit: type=1804 audit(1583993532.416:230): pid=17638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/282/file0/file0" dev="sda1" ino=17360 res=1
06:12:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:12 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfffe, 0x0)

[  471.713760][   T27] audit: type=1800 audit(1583993532.416:231): pid=17638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17360 res=0
[  471.742410][T17651] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  471.781387][T17655] FAT-fs (loop3): bogus number of reserved sectors
[  471.792720][T17655] FAT-fs (loop3): Can't find a valid FAT filesystem
[  471.802432][   T27] audit: type=1804 audit(1583993532.456:232): pid=17638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/282/file0/file0" dev="sda1" ino=17360 res=1
[  471.830682][T17651] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:12 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x19b, 0x500)

06:12:12 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  471.922626][   T27] audit: type=1804 audit(1583993532.926:233): pid=17655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/283/file0/file0" dev="sda1" ino=17365 res=1
06:12:13 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x19c, 0x500)

06:12:13 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  472.137645][   T27] audit: type=1800 audit(1583993532.926:234): pid=17655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17365 res=0
06:12:13 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680238c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:13 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  472.324529][   T27] audit: type=1804 audit(1583993532.926:235): pid=17655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/283/file0/file0" dev="sda1" ino=17365 res=1
06:12:13 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x8000000, 0x0)

06:12:13 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x19d, 0x500)

[  472.470264][T17689] FAT-fs (loop3): bogus number of reserved sectors
[  472.496127][T17689] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:13 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x19e, 0x500)

[  472.557515][   T27] audit: type=1804 audit(1583993533.256:236): pid=17677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/229/file0" dev="sda1" ino=16977 res=1
06:12:13 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:13 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:13 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeffff, 0x0)

06:12:13 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x19f, 0x500)

06:12:13 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680258c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  472.938174][T17715] FAT-fs (loop3): bogus number of reserved sectors
[  472.975790][T17715] FAT-fs (loop3): Can't find a valid FAT filesystem
[  473.048463][T17724] validate_nla: 3 callbacks suppressed
[  473.048473][T17724] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  473.070192][T17724] __nla_validate_parse: 3 callbacks suppressed
[  473.070200][T17724] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:14 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:14 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1a0, 0x500)

06:12:14 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:14 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x3f000000, 0x0)

06:12:14 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d206802a8c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  473.431450][T17741] FAT-fs (loop3): bogus number of reserved sectors
[  473.450163][T17741] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:14 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1a1, 0x500)

06:12:14 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  473.485792][T17749] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  473.500141][T17749] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:14 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x1000000, 0x0)

06:12:14 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:14 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1a2, 0x500)

[  473.809838][T17768] FAT-fs (loop3): bogus number of reserved sectors
[  473.823672][T17768] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:14 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d206802b8c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:15 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1a3, 0x500)

06:12:15 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000380), 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:15 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  474.117652][T17788] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  474.185046][T17788] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:15 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xf6ffffff, 0x0)

[  474.297428][T17796] FAT-fs (loop3): bogus number of reserved sectors
[  474.308073][T17796] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:15 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1a4, 0x500)

06:12:15 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x2000000, 0x0)

06:12:15 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d206802d8c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:15 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000380), 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:15 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1a5, 0x500)

[  474.667524][T17817] FAT-fs (loop3): bogus number of reserved sectors
[  474.676078][T17817] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:15 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  474.781722][T17820] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  474.801114][T17820] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:15 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000380), 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:15 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1a6, 0x500)

06:12:16 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d206802e8c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:16 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeff0000, 0x0)

06:12:16 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1a7, 0x500)

[  475.200082][T17845] FAT-fs (loop3): bogus number of reserved sectors
[  475.206891][T17845] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:16 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:16 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x3000000, 0x0)

[  475.367316][T17854] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:12:16 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  475.423213][T17854] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:16 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680308c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:16 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1a8, 0x500)

[  475.603112][T17873] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  475.641093][T17865] FAT-fs (loop3): bogus number of reserved sectors
[  475.670182][T17865] FAT-fs (loop3): Can't find a valid FAT filesystem
[  475.690169][T17873] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:16 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeffffff, 0x0)

06:12:16 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:16 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1a9, 0x500)

06:12:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:17 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1aa, 0x500)

06:12:17 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680588c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:17 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xff000000, 0x0)

[  476.137525][T17908] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  476.145880][T17908] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  476.172942][   T27] kauditd_printk_skb: 36 callbacks suppressed
[  476.172958][   T27] audit: type=1804 audit(1583993537.176:273): pid=17902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/237/file0/file0" dev="loop2" ino=67 res=1
[  476.193602][T17901] FAT-fs (loop3): bogus number of reserved sectors
06:12:17 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x4000000, 0x0)

[  476.236004][T17901] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:17 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  476.259913][   T27] audit: type=1800 audit(1583993537.216:274): pid=17902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="loop2" ino=67 res=0
06:12:17 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ab, 0x500)

06:12:17 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  476.323322][   T27] audit: type=1804 audit(1583993537.266:275): pid=17912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/292/file0" dev="sda1" ino=17388 res=1
[  476.400732][   T27] audit: type=1800 audit(1583993537.266:276): pid=17912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17388 res=0
06:12:17 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680638c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  476.536441][   T27] audit: type=1804 audit(1583993537.276:277): pid=17909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/292/file0" dev="sda1" ino=17388 res=1
[  476.637224][T17930] FAT-fs (loop3): bogus number of reserved sectors
[  476.643888][T17930] FAT-fs (loop3): Can't find a valid FAT filesystem
[  476.673439][   T27] audit: type=1804 audit(1583993537.676:278): pid=17925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/238/file0/file0" dev="sda1" ino=17360 res=1
06:12:17 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x5000000, 0x0)

06:12:17 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ac, 0x500)

06:12:17 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  476.818120][T17938] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  476.826417][   T27] audit: type=1800 audit(1583993537.706:279): pid=17925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17360 res=0
[  476.854028][T17938] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  476.922380][   T27] audit: type=1804 audit(1583993537.786:280): pid=17939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/293/file0/file0" dev="sda1" ino=17376 res=1
[  476.928873][T17948] 9pnet: Insufficient options for proto=fd
06:12:18 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:18 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ad, 0x500)

06:12:18 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  477.108004][   T27] audit: type=1800 audit(1583993537.786:281): pid=17939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17376 res=0
[  477.108036][   T27] audit: type=1804 audit(1583993537.836:282): pid=17936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/293/file0/file0" dev="sda1" ino=17376 res=1
[  477.378027][T17966] FAT-fs (loop3): bogus number of reserved sectors
06:12:18 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfffffe00, 0x0)

06:12:18 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680698c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:18 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:18 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ae, 0x500)

06:12:18 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x6000000, 0x0)

[  477.461234][T17966] FAT-fs (loop3): Can't find a valid FAT filesystem
[  477.527696][T17980] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  477.552250][T17980] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  477.629725][T17980] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  477.644449][T17980] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:18 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1af, 0x500)

06:12:18 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:18 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:18 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d206806b8c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:19 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1b0, 0x500)

[  478.076867][T18012] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  478.087864][T18012] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  478.100287][T18004] FAT-fs (loop3): bogus number of reserved sectors
[  478.109633][T18004] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:19 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:19 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xffffff7f, 0x0)

06:12:19 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:19 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d206806c8c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:19 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x7000000, 0x0)

06:12:19 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1b1, 0x500)

[  478.517563][T18032] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  478.528279][T18032] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:19 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:19 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d206806f8c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  478.749954][T18036] FAT-fs (loop3): bogus number of reserved sectors
06:12:19 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x8000000, 0x0)

[  478.826543][T18050] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  478.847789][T18050] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  478.910192][T18036] FAT-fs (loop3): Can't find a valid FAT filesystem
[  478.929144][T18046] FAT-fs (loop2): bogus number of reserved sectors
06:12:20 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfffffff6, 0x0)

06:12:20 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1b2, 0x500)

[  478.980194][T18046] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:20 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680708c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:20 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  479.227343][T18073] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:12:20 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1b3, 0x500)

[  479.320714][T18073] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  479.372584][T18081] FAT-fs (loop2): bogus number of reserved sectors
[  479.391656][T18081] FAT-fs (loop2): Can't find a valid FAT filesystem
[  479.398915][T18074] FAT-fs (loop3): bogus number of reserved sectors
[  479.460104][T18074] FAT-fs (loop3): Can't find a valid FAT filesystem
[  479.529243][T18092] FS-Cache: Duplicate cookie detected
[  479.534867][T18092] FS-Cache: O-cookie c=000000006e4560a6 [p=00000000750d8252 fl=222 nc=0 na=1]
[  479.543964][T18092] FS-Cache: O-cookie d=00000000a2c01c2a n=0000000027156233
[  479.551214][T18092] FS-Cache: O-key=[10] '34323934393835303932'
[  479.558277][T18092] FS-Cache: N-cookie c=00000000e520fc47 [p=00000000750d8252 fl=2 nc=0 na=1]
[  479.567019][T18092] FS-Cache: N-cookie d=00000000a2c01c2a n=000000006ec0a727
06:12:20 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1b4, 0x500)

[  479.574282][T18092] FS-Cache: N-key=[10] '34323934393835303932'
06:12:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:20 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680738c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:20 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  479.804674][T18105] FAT-fs (loop2): bogus number of reserved sectors
[  479.877857][T18105] FAT-fs (loop2): Can't find a valid FAT filesystem
[  479.901586][T18113] FAT-fs (loop3): bogus number of reserved sectors
[  479.910328][T18113] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:20 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfffffffe, 0x0)

[  479.926123][T18116] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  479.935942][T18116] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:21 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x3f000000, 0x0)

06:12:21 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680758c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:21 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1b5, 0x500)

[  480.228610][T18131] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  480.261271][T18128] FAT-fs (loop3): bogus number of reserved sectors
[  480.267830][T18128] FAT-fs (loop3): Can't find a valid FAT filesystem
[  480.323234][T18131] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:21 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x1000000000000, 0x0)

06:12:21 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1b6, 0x500)

06:12:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  480.580089][T18146] FAT-fs (loop2): bogus number of reserved sectors
[  480.586715][T18146] FAT-fs (loop2): Can't find a valid FAT filesystem
[  480.679318][T18159] FAT-fs (loop3): invalid media value (0x00)
[  480.690367][T18159] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:21 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680788c63940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:21 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xf6ffffff, 0x0)

06:12:21 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1b7, 0x500)

06:12:21 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  481.026347][T18175] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  481.061317][T18176] FAT-fs (loop2): bogus number of reserved sectors
[  481.070186][T18176] FAT-fs (loop2): Can't find a valid FAT filesystem
[  481.085001][T18181] FAT-fs (loop3): invalid media value (0x00)
[  481.091534][T18181] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  481.126073][T18175] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:22 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1b8, 0x500)

06:12:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  481.398561][T18202] FAT-fs (loop2): bogus number of reserved sectors
[  481.411993][T18202] FAT-fs (loop2): Can't find a valid FAT filesystem
[  481.415444][   T27] kauditd_printk_skb: 41 callbacks suppressed
06:12:22 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeffff00000000, 0x0)

[  481.415459][   T27] audit: type=1804 audit(1583993542.416:324): pid=18204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/302/file0/file0" dev="sda1" ino=17389 res=1
[  481.443097][T18196] FAT-fs (loop3): invalid media value (0x00)
[  481.471357][T18196] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:22 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d2068064c063940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:22 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1b9, 0x500)

06:12:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000380), 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  481.621067][   T27] audit: type=1800 audit(1583993542.416:325): pid=18204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17389 res=0
06:12:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  481.742518][T18216] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:12:22 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeff0000, 0x0)

[  481.776770][   T27] audit: type=1804 audit(1583993542.416:326): pid=18204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/302/file0/file0" dev="sda1" ino=17389 res=1
[  481.822064][T18216] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  481.954996][T18224] FAT-fs (loop3): invalid media value (0x00)
[  481.971756][T18225] FAT-fs (loop2): bogus number of reserved sectors
06:12:23 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ba, 0x500)

[  481.998623][T18224] FAT-fs (loop3): Can't find a valid FAT filesystem
[  482.050593][T18225] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:23 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeffffff, 0x0)

[  482.136756][   T27] audit: type=1804 audit(1583993542.486:327): pid=18207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/249/file0/file0" dev="sda1" ino=16514 res=1
06:12:23 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c0a940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:23 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100000000000000, 0x0)

06:12:23 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  482.237355][   T27] audit: type=1800 audit(1583993542.486:328): pid=18207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16514 res=0
06:12:23 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1bb, 0x500)

06:12:23 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000380), 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  482.405250][T18254] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  482.421348][   T27] audit: type=1804 audit(1583993543.116:329): pid=18232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/303/file0/file0" dev="sda1" ino=17405 res=1
[  482.474649][T18254] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  482.545869][T18260] FAT-fs (loop3): invalid media value (0x00)
[  482.576858][T18260] FAT-fs (loop3): Can't find a valid FAT filesystem
[  482.618033][   T27] audit: type=1800 audit(1583993543.116:330): pid=18232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17405 res=0
[  482.681640][T18267] FAT-fs (loop2): bogus number of reserved sectors
[  482.715542][T18267] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:23 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1bc, 0x500)

[  482.724128][T18254] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:12:23 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x200000000000000, 0x0)

[  482.759357][T18276] FS-Cache: Duplicate cookie detected
[  482.764994][T18276] FS-Cache: O-cookie c=000000005f665cef [p=00000000750d8252 fl=222 nc=0 na=1]
[  482.773949][T18276] FS-Cache: O-cookie d=00000000a2c01c2a n=00000000be760a4e
[  482.781218][T18276] FS-Cache: O-key=[10] '34323934393835343135'
[  482.787354][T18276] FS-Cache: N-cookie c=00000000d0fac9ae [p=00000000750d8252 fl=2 nc=0 na=1]
[  482.796139][T18276] FS-Cache: N-cookie d=00000000a2c01c2a n=000000003b289787
[  482.798424][T18254] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  482.803448][T18276] FS-Cache: N-key=[10] '34323934393835343135'
06:12:23 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:23 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000380), 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  482.905582][   T27] audit: type=1804 audit(1583993543.146:331): pid=18236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/250/file0/file0" dev="sda1" ino=17414 res=1
[  483.031091][   T27] audit: type=1800 audit(1583993543.146:332): pid=18236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17414 res=0
[  483.155827][   T27] audit: type=1804 audit(1583993543.656:333): pid=18269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/304/file0/file0" dev="sda1" ino=17414 res=1
[  483.157736][T18288] FAT-fs (loop3): invalid media value (0x00)
06:12:24 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1bd, 0x500)

06:12:24 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xff000000, 0x0)

[  483.203250][T18290] FAT-fs (loop2): bogus number of reserved sectors
[  483.220877][T18290] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:24 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c23940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  483.265074][T18288] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:24 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  483.421333][T18306] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  483.460322][T18306] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:24 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1be, 0x500)

06:12:24 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:24 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x300000000000000, 0x0)

[  483.759641][T18319] FAT-fs (loop2): bogus number of reserved sectors
[  483.776559][T18319] FAT-fs (loop2): Can't find a valid FAT filesystem
[  483.811704][T18325] FAT-fs (loop3): invalid media value (0x00)
[  483.817804][T18325] FAT-fs (loop3): Can't find a valid FAT filesystem
[  483.827170][T18306] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  483.836752][T18306] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:24 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:24 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1bf, 0x500)

06:12:25 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:25 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c25940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:25 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfffffe00, 0x0)

[  484.109825][T18334] FAT-fs (loop3): invalid media value (0x00)
[  484.123747][T18334] FAT-fs (loop3): Can't find a valid FAT filesystem
[  484.192184][T18341] FAT-fs (loop2): bogus number of reserved sectors
[  484.205981][T18346] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  484.240125][T18346] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  484.249552][T18341] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:25 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  484.375763][T18346] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:12:25 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:25 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1c0, 0x500)

[  484.465417][T18357] FAT-fs (loop3): invalid media value (0x00)
[  484.478302][T18357] FAT-fs (loop3): Can't find a valid FAT filesystem
[  484.482930][T18346] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:25 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  484.575649][T18365] FAT-fs (loop2): bogus number of reserved sectors
[  484.598399][T18365] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:25 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:25 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x400000000000000, 0x0)

06:12:25 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1c1, 0x500)

06:12:25 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xffffff7f, 0x0)

06:12:25 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c2a940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  484.842211][T18380] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  484.851652][T18380] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  484.902228][T18380] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  484.911607][T18380] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:25 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  484.973587][T18377] FAT-fs (loop2): bogus number of reserved sectors
06:12:26 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c2b940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  485.031066][T18377] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:26 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1c2, 0x500)

06:12:26 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  485.228068][T18398] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  485.274355][T18398] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:26 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:26 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfffffff6, 0x0)

06:12:26 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x500000000000000, 0x0)

[  485.497332][T18415] FAT-fs (loop2): bogus number of reserved sectors
[  485.512849][T18415] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:26 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1c3, 0x500)

06:12:26 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c2d940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:26 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:26 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1c4, 0x500)

[  485.792656][T18434] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  485.801009][T18434] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:26 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r0, r1, 0x0, 0x10000)

06:12:27 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c2e940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  486.109423][T18445] FAT-fs (loop2): bogus number of reserved sectors
[  486.172962][T18445] FAT-fs (loop2): Can't find a valid FAT filesystem
[  486.207040][T18457] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  486.232502][T18457] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:27 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1c5, 0x500)

06:12:27 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfffffffe, 0x0)

06:12:27 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:27 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c30940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:27 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1c6, 0x500)

[  486.520557][T18475] FAT-fs (loop2): bogus number of reserved sectors
[  486.542736][T18478] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  486.551280][T18475] FAT-fs (loop2): Can't find a valid FAT filesystem
[  486.568757][T18478] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  486.588347][   T27] kauditd_printk_skb: 28 callbacks suppressed
[  486.588360][   T27] audit: type=1804 audit(1583993547.586:362): pid=18475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/259/file0/file0" dev="sda1" ino=17442 res=1
06:12:27 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x600000000000000, 0x0)

06:12:27 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r0, r1, 0x0, 0x10000)

06:12:27 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:27 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1c7, 0x500)

[  486.770236][   T27] audit: type=1800 audit(1583993547.626:363): pid=18475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17442 res=0
06:12:27 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c58940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:27 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1c8, 0x500)

[  486.979952][T18490] FAT-fs (loop2): bogus number of reserved sectors
[  486.989837][T18490] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r0, r1, 0x0, 0x10000)

[  487.277423][T18514] FAT-fs (loop2): bogus number of reserved sectors
[  487.304798][T18514] FAT-fs (loop2): Can't find a valid FAT filesystem
[  487.372421][   T27] audit: type=1804 audit(1583993548.376:364): pid=18521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/261/file0/file0" dev="sda1" ino=17426 res=1
[  487.442554][   T27] audit: type=1800 audit(1583993548.376:365): pid=18521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17426 res=0
06:12:28 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x1000000000000, 0x0)

06:12:28 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1c9, 0x500)

06:12:28 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c64940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(0x0, 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:28 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x700000000000000, 0x0)

06:12:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(0x0, 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:28 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ca, 0x500)

[  487.729123][T18540] FAT-fs (loop2): invalid media value (0x00)
[  487.735355][T18540] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  487.799934][   T27] audit: type=1804 audit(1583993548.796:366): pid=18540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/262/file0/file0" dev="sda1" ino=17370 res=1
06:12:28 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c69940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  487.960263][   T27] audit: type=1800 audit(1583993548.796:367): pid=18540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17370 res=0
06:12:29 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1cb, 0x500)

06:12:29 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(0x0, 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  488.168698][T18561] FAT-fs (loop2): invalid media value (0x00)
[  488.251659][T18561] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:29 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeffff00000000, 0x0)

06:12:29 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c6b940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:29 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:29 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1cc, 0x500)

[  488.604100][T18582] FAT-fs (loop2): invalid media value (0x00)
[  488.641919][T18582] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:29 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x800000000000000, 0x0)

[  488.657659][   T27] audit: type=1804 audit(1583993549.656:368): pid=18590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/264/file0/file0" dev="sda1" ino=17426 res=1
06:12:29 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  488.688843][   T27] audit: type=1800 audit(1583993549.686:369): pid=18590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17426 res=0
06:12:29 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:29 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1cd, 0x500)

[  488.767589][T18593] validate_nla: 5 callbacks suppressed
[  488.767598][T18593] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  488.817747][T18593] __nla_validate_parse: 5 callbacks suppressed
[  488.817756][T18593] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  488.993589][T18605] FAT-fs (loop2): invalid media value (0x00)
[  489.014395][T18605] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:30 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100000000000000, 0x0)

06:12:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:30 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:30 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ce, 0x500)

06:12:30 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x3f00000000000000, 0x0)

06:12:30 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c6c940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  489.429640][T18624] FAT-fs (loop2): invalid media value (0x00)
[  489.443537][T18624] FAT-fs (loop2): Can't find a valid FAT filesystem
[  489.487937][T18633] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  489.526394][   T27] audit: type=1804 audit(1583993550.526:370): pid=18624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/266/file0/file0" dev="sda1" ino=17458 res=1
[  489.575809][T18633] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  489.591522][   T27] audit: type=1800 audit(1583993550.556:371): pid=18624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17458 res=0
06:12:30 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1cf, 0x500)

[  489.682815][T18644] FAT-fs (loop2): invalid media value (0x00)
[  489.690112][T18644] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:30 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:30 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1d0, 0x500)

06:12:31 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x200000000000000, 0x0)

[  490.090547][T18666] FAT-fs (loop2): invalid media value (0x00)
[  490.096894][T18666] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:31 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1d1, 0x500)

06:12:31 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(0x0, 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:31 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c6f940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:31 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:31 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xf6ffffff00000000, 0x0)

06:12:31 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1d2, 0x500)

[  490.540825][T18692] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  490.550346][T18692] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  490.577452][T18695] FAT-fs (loop2): invalid media value (0x00)
[  490.590619][T18695] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:31 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x300000000000000, 0x0)

06:12:31 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:31 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(0x0, 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:31 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1d3, 0x500)

06:12:32 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c70940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  490.914277][T18710] FAT-fs (loop2): invalid media value (0x00)
[  490.954028][T18710] FAT-fs (loop2): Can't find a valid FAT filesystem
06:12:32 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1d4, 0x500)

06:12:32 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeff000000000000, 0x0)

06:12:32 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1d5, 0x500)

06:12:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  491.251406][T18732] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  491.289458][T18732] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:32 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(0x0, 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:32 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeffffff00000000, 0x0)

06:12:32 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1d6, 0x500)

06:12:32 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x400000000000000, 0x0)

[  491.548711][T18732] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  491.590418][T18732] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:32 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:32 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c73940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:32 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1d7, 0x500)

[  491.996623][   T27] kauditd_printk_skb: 8 callbacks suppressed
[  491.996640][   T27] audit: type=1804 audit(1583993552.996:380): pid=18770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/324/file0/file0" dev="sda1" ino=17469 res=1
[  492.040725][   T27] audit: type=1804 audit(1583993553.036:381): pid=18770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/324/file0/file0" dev="sda1" ino=17469 res=1
[  492.069638][T18771] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:12:33 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xff00000000000000, 0x0)

[  492.163775][T18771] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:33 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:33 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:33 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1d8, 0x500)

[  492.255391][T18771] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  492.291040][T18771] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:33 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c75940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:33 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r0, r1, 0x0, 0x10000)

06:12:33 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x500000000000000, 0x0)

06:12:33 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1d9, 0x500)

[  492.668866][T18804] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  492.678133][   T27] audit: type=1804 audit(1583993553.686:382): pid=18798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/325/file0/file0" dev="loop3" ino=72 res=1
[  492.710928][T18804] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:33 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  492.868234][T18815] FS-Cache: Duplicate cookie detected
[  492.873717][T18815] FS-Cache: O-cookie c=00000000f417f2ea [p=00000000750d8252 fl=222 nc=0 na=1]
[  492.882690][T18815] FS-Cache: O-cookie d=00000000a2c01c2a n=0000000084017711
[  492.889920][T18815] FS-Cache: O-key=[10] '34323934393836343236'
[  492.896103][T18815] FS-Cache: N-cookie c=000000000cbc9abf [p=00000000750d8252 fl=2 nc=0 na=1]
[  492.904858][T18815] FS-Cache: N-cookie d=00000000a2c01c2a n=000000002cbfdf9e
[  492.912157][T18815] FS-Cache: N-key=[10] '34323934393836343236'
06:12:33 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c78940d0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  492.942278][   T27] audit: type=1804 audit(1583993553.686:383): pid=18798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/325/file0/file0" dev="loop3" ino=72 res=1
06:12:34 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r0, r1, 0x0, 0x10000)

[  493.037945][T18822] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  493.107405][T18822] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:34 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1da, 0x500)

06:12:34 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xffffff7f00000000, 0x0)

06:12:34 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(0x0, 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  493.285297][   T27] audit: type=1804 audit(1583993554.286:384): pid=18829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/326/file0/file0" dev="loop3" ino=73 res=1
06:12:34 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r0, r1, 0x0, 0x10000)

06:12:34 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940e0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  493.418954][   T27] audit: type=1804 audit(1583993554.286:385): pid=18829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/326/file0/file0" dev="loop3" ino=73 res=1
06:12:34 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1db, 0x500)

06:12:34 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x600000000000000, 0x0)

[  493.668676][T18856] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  493.692164][T18856] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:34 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(0x0, 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:34 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1dc, 0x500)

06:12:34 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(0x0, 0x10)
sendfile(r1, r2, 0x0, 0x10000)

[  493.934979][   T27] audit: type=1804 audit(1583993554.936:386): pid=18868 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/328/file0" dev="sda1" ino=17426 res=1
06:12:35 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xffffffff00000000, 0x0)

06:12:35 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(0x0, 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:35 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c6394100424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:35 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1dd, 0x500)

[  494.102613][   T27] audit: type=1800 audit(1583993554.936:387): pid=18868 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17426 res=0
06:12:35 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1de, 0x500)

[  494.363721][T18890] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  494.466373][T18890] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:35 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1df, 0x500)

06:12:35 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:35 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(0x0, 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:35 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x700000000000000, 0x0)

06:12:35 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c6394120424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:35 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x2)

06:12:35 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1e0, 0x500)

[  494.829664][   T27] audit: type=1804 audit(1583993555.826:388): pid=18919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/330/file0/file0" dev="sda1" ino=16673 res=1
[  494.926687][T18924] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:12:36 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1e1, 0x500)

06:12:36 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:36 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(0x0, 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  495.076692][   T27] audit: type=1800 audit(1583993555.926:389): pid=18919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16673 res=0
[  495.141692][T18924] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:36 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:36 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1e2, 0x500)

06:12:36 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c6394280424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:36 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x800000000000000, 0x0)

06:12:36 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  495.472210][T18960] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  495.490976][T18960] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:36 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  495.570849][T18960] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  495.580905][T18960] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:36 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x3)

06:12:36 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c6394350424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:36 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:36 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1e3, 0x500)

[  495.849574][T18980] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  495.858571][T18980] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  495.912292][T18980] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  495.922593][T18980] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:37 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63945a0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:37 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

06:12:37 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1e4, 0x500)

[  496.133364][T18994] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  496.158968][T18994] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:37 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x3f00000000000000, 0x0)

06:12:37 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1e5, 0x500)

06:12:37 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

06:12:37 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x4)

[  496.380471][T18994] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  496.404843][T18994] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(0x0, 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:37 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1e6, 0x500)

06:12:37 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63946b0424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:37 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xf6ffffff00000000, 0x0)

06:12:37 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

06:12:37 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1e7, 0x500)

[  496.815100][T19042] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  496.832432][T19042] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:37 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x5)

06:12:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(0x0, 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:38 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0224fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(0x0, 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  497.222369][   T27] kauditd_printk_skb: 13 callbacks suppressed
[  497.222385][   T27] audit: type=1804 audit(1583993558.226:403): pid=19054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/335/file0/file0" dev="sda1" ino=16977 res=1
06:12:38 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1e8, 0x500)

[  497.291025][T19067] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:12:38 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

[  497.360721][T19067] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:38 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1e9, 0x500)

06:12:38 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0324fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  497.433561][   T27] audit: type=1800 audit(1583993558.266:404): pid=19054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16977 res=0
06:12:38 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeff000000000000, 0x0)

06:12:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:38 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0524fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:38 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x6)

[  497.757998][   T27] audit: type=1804 audit(1583993558.756:405): pid=19096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/336/file0/file0" dev="sda1" ino=16577 res=1
06:12:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  497.798125][   T27] audit: type=1800 audit(1583993558.756:406): pid=19096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16577 res=0
06:12:38 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ea, 0x500)

06:12:38 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

[  497.953937][   T27] audit: type=1804 audit(1583993558.756:407): pid=19096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/336/file0/file0" dev="sda1" ino=16577 res=1
[  497.986925][   T27] audit: type=1804 audit(1583993558.846:408): pid=19098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/286/file0/file0" dev="loop2" ino=79 res=1
06:12:39 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0624fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:39 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1eb, 0x500)

[  498.279677][   T27] audit: type=1804 audit(1583993559.276:409): pid=19118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/287/file0/file0" dev="loop2" ino=80 res=1
06:12:39 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0724fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:39 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x7)

06:12:39 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:39 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xfeffffff00000000, 0x0)

06:12:39 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

06:12:39 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0824fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  498.722996][   T27] audit: type=1804 audit(1583993559.726:410): pid=19157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/288/file0/file0" dev="sda1" ino=16530 res=1
06:12:39 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ec, 0x500)

06:12:39 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x0)

[  498.764065][   T27] audit: type=1804 audit(1583993559.756:411): pid=19160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/338/file0/file0" dev="sda1" ino=16577 res=1
[  498.793850][   T27] audit: type=1800 audit(1583993559.756:412): pid=19160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16577 res=0
06:12:39 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

06:12:39 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xff00000000000000, 0x0)

[  498.888644][T19167] 9pnet: Insufficient options for proto=fd
06:12:40 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0924fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:40 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ed, 0x500)

06:12:40 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x8)

06:12:40 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ee, 0x500)

06:12:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

06:12:40 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0a24fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:40 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1ef, 0x500)

06:12:40 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x300)

06:12:40 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x0)

06:12:40 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1f0, 0x500)

06:12:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x10000)

06:12:40 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xffffff7f00000000, 0x0)

06:12:40 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0b24fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:40 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x0)

06:12:40 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x500)

06:12:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

06:12:41 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0c24fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:41 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1f1, 0x500)

06:12:41 executing program 3:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x600000000000000, 0x0)

06:12:41 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0e24fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:41 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1f2, 0x500)

06:12:41 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d1024fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:41 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xffffffff00000000, 0x0)

06:12:41 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1f3, 0x500)

06:12:41 executing program 3:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x600000000000000, 0x0)

06:12:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

06:12:42 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x600)

06:12:42 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d1124fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:42 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1f4, 0x500)

06:12:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

06:12:42 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x0)

06:12:42 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x2)

06:12:42 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d1224fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:42 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1f5, 0x500)

[  501.629803][T19328] FS-Cache: Duplicate cookie detected
[  501.635457][T19328] FS-Cache: O-cookie c=00000000bef3a11c [p=00000000750d8252 fl=222 nc=0 na=1]
[  501.644700][T19328] FS-Cache: O-cookie d=00000000a2c01c2a n=000000000076e947
[  501.651955][T19328] FS-Cache: O-key=[10] '34323934393837333032'
[  501.658066][T19328] FS-Cache: N-cookie c=00000000c0b77087 [p=00000000750d8252 fl=2 nc=0 na=1]
[  501.666795][T19328] FS-Cache: N-cookie d=00000000a2c01c2a n=00000000f7f3661a
[  501.674050][T19328] FS-Cache: N-key=[10] '34323934393837333032'
06:12:42 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1f6, 0x500)

06:12:42 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d1424fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  501.928611][T19344] FAT-fs (loop3): invalid media value (0x00)
06:12:43 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x3)

06:12:43 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x700)

06:12:43 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d2824fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x0)

[  502.070751][T19344] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:43 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1f7, 0x500)

06:12:43 executing program 3:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xffffff7f, 0x0)

06:12:43 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d3524fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:43 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1f8, 0x500)

[  502.493015][   T27] kauditd_printk_skb: 24 callbacks suppressed
[  502.493032][   T27] audit: type=1804 audit(1583993563.496:437): pid=19383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/296/file0/file0" dev="sda1" ino=17329 res=1
06:12:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x0)

06:12:43 executing program 3:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xff000000, 0x0)

[  502.679755][   T27] audit: type=1800 audit(1583993563.496:438): pid=19383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17329 res=0
06:12:43 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x4)

06:12:43 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x3f00)

06:12:43 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d5a24fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:43 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1f9, 0x500)

06:12:44 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  502.932803][   T27] audit: type=1804 audit(1583993563.936:439): pid=19403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/297/file0/file0" dev="loop2" ino=84 res=1
[  503.082536][   T27] audit: type=1800 audit(1583993563.936:440): pid=19403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="loop2" ino=84 res=0
06:12:44 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1fa, 0x500)

06:12:44 executing program 2:
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20000}, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000000)={0x3, 0x32314d59, 0x3, @discrete={0x7, 0x80000000}})
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x40000)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

[  503.227336][   T27] audit: type=1804 audit(1583993564.226:441): pid=19414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/298/file0/file0" dev="loop2" ino=85 res=1
06:12:44 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x5)

06:12:44 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d6b24fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  503.356628][   T27] audit: type=1800 audit(1583993564.226:442): pid=19414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="loop2" ino=85 res=0
06:12:44 executing program 3:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x4)

06:12:44 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1fb, 0x500)

06:12:44 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d040ffc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  503.501072][T19435] 9pnet: Insufficient options for proto=fd
06:12:44 executing program 2:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x7, 0x0)

06:12:44 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeff)

[  503.717104][T19443] validate_nla: 6 callbacks suppressed
[  503.717113][T19443] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  503.740367][T19443] __nla_validate_parse: 6 callbacks suppressed
[  503.740376][T19443] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:44 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1fc, 0x500)

06:12:45 executing program 3:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x7, 0x0)

06:12:45 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0428fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:45 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1fd, 0x500)

06:12:45 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00')
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000000000443)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="2403002e", @ANYRES16=0x0, @ANYBLOB="000427bd7000000000000300000008002b00000000000500380000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x4008080)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r2, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x2, 0xaa, 0x0, 0x0, 0x2, 0x6, 0x6a35, 0xcc, 0x40, 0x0, 0x0, 0xd1, 0x38, 0x0, 0x9, 0x124d, 0x1000}, [{0x0, 0x0, 0x0, 0x43d, 0x0, 0x4, 0x5}], "6570da331897013f3292cff42a00d6f47c4d0c150a18209f4bd2d056ad7ff1654d0e33c9ed5296d987afe72384a16df84994af4d37a8013da596915affe4a5f86826a04aacbb", [[], [], [], [], [], []]}, 0x6be)
write$P9_RWALK(r2, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8)
r3 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x10040, 0x0)
dup2(r2, r3)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x501000, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0)={0x0, <r5=>0x0}, &(0x7f0000000300)=0xc)
r6 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000280))
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0)
r8 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r8, 0xc028660f, &(0x7f0000000280)={0x0, r7})
statx(r8, &(0x7f0000000100)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r10=>0xffffffffffffffff})
r11 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000ac0)={0x0, 0x0, <r12=>0x0}, &(0x7f0000cab000)=0xc)
r13 = getpid()
sendmsg$unix(r10, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r13, 0x0, r12}}}], 0x20}, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x180400, &(0x7f0000000b00)=ANY=[@ANYBLOB="51641d", @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r9, @ANYBLOB=',group_id=', @ANYRESDEC=r12, @ANYBLOB="2c64656661756c745f70657245fb7fca696f6e732c616c6c6f775f6fb46865722c6d61785f726561643d3078303030303030303030303030303030312c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303033372c626c6b73697a653d3078303030303030303030303030313230302c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c7375626a5f747970653d2f6465762f627367002c636f6e746578743d73746166665f752c646f6e745f61707072616973652c002af32fd140cddcfc158d70d6a4aed9df5d"])
fchownat(r4, &(0x7f0000000240)='./bus\x00', r5, r12, 0x1000)

[  504.179276][T19468] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  504.201497][T19468] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  504.335295][T19468] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  504.361437][T19468] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:45 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x6)

06:12:45 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1fe, 0x500)

06:12:45 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0435fc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:45 executing program 3 (fault-call:5 fault-nth:0):
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:45 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x201, 0x500)

06:12:45 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xff00)

[  504.748273][T19491] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  504.815064][T19491] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:46 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x202, 0x500)

06:12:46 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00')
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000000000443)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="2403002e", @ANYRES16=0x0, @ANYBLOB="000427bd7000000000000300000008002b00000000000500380000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x4008080)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r2, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x2, 0xaa, 0x0, 0x0, 0x2, 0x6, 0x6a35, 0xcc, 0x40, 0x0, 0x0, 0xd1, 0x38, 0x0, 0x9, 0x124d, 0x1000}, [{0x0, 0x0, 0x0, 0x43d, 0x0, 0x4, 0x5}], "6570da331897013f3292cff42a00d6f47c4d0c150a18209f4bd2d056ad7ff1654d0e33c9ed5296d987afe72384a16df84994af4d37a8013da596915affe4a5f86826a04aacbb", [[], [], [], [], [], []]}, 0x6be)
write$P9_RWALK(r2, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8)
r3 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x10040, 0x0)
dup2(r2, r3)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x501000, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0)={0x0, <r5=>0x0}, &(0x7f0000000300)=0xc)
r6 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000280))
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0)
r8 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r8, 0xc028660f, &(0x7f0000000280)={0x0, r7})
statx(r8, &(0x7f0000000100)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r10=>0xffffffffffffffff})
r11 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000ac0)={0x0, 0x0, <r12=>0x0}, &(0x7f0000cab000)=0xc)
r13 = getpid()
sendmsg$unix(r10, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r13, 0x0, r12}}}], 0x20}, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x180400, &(0x7f0000000b00)=ANY=[@ANYBLOB="51641d", @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r9, @ANYBLOB=',group_id=', @ANYRESDEC=r12, @ANYBLOB="2c64656661756c745f70657245fb7fca696f6e732c616c6c6f775f6fb46865722c6d61785f726561643d3078303030303030303030303030303030312c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303033372c626c6b73697a653d3078303030303030303030303030313230302c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c7375626a5f747970653d2f6465762f627367002c636f6e746578743d73746166665f752c646f6e745f61707072616973652c002af32fd140cddcfc158d70d6a4aed9df5d"])
fchownat(r4, &(0x7f0000000240)='./bus\x00', r5, r12, 0x1000)

[  505.225555][   T27] audit: type=1804 audit(1583993566.226:443): pid=19513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/349/file0/file0" dev="sda1" ino=17546 res=1
[  505.227543][T19513] FAULT_INJECTION: forcing a failure.
[  505.227543][T19513] name failslab, interval 1, probability 0, space 0, times 0
06:12:46 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x203, 0x500)

06:12:46 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d045afc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  505.366083][T19513] CPU: 0 PID: 19513 Comm: syz-executor.3 Not tainted 5.6.0-rc5-syzkaller #0
[  505.374808][T19513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  505.384958][T19513] Call Trace:
[  505.388257][T19513]  dump_stack+0x188/0x20d
[  505.392617][T19513]  should_fail.cold+0x5/0xa
[  505.397139][T19513]  ? fault_create_debugfs_attr+0x140/0x140
[  505.402978][T19513]  should_failslab+0x5/0xf
[  505.407407][T19513]  kmem_cache_alloc_trace+0x2d0/0x7d0
[  505.412796][T19513]  ? __lock_acquire+0x80b/0x3ca0
[  505.417762][T19513]  alloc_pipe_info+0x10a/0x4f0
[  505.422723][T19513]  splice_direct_to_actor+0x771/0x980
[  505.428140][T19513]  ? __inode_security_revalidate+0xf0/0x140
[  505.434058][T19513]  ? avc_policy_seqno+0x9/0x70
[  505.438841][T19513]  ? generic_pipe_buf_nosteal+0x10/0x10
[  505.444404][T19513]  ? selinux_file_permission+0x92/0x560
[  505.449972][T19513]  ? do_splice_to+0x160/0x160
[  505.454662][T19513]  ? security_file_permission+0x8a/0x370
[  505.455164][   T27] audit: type=1800 audit(1583993566.226:444): pid=19513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17546 res=0
[  505.460348][T19513]  do_splice_direct+0x1a8/0x270
[  505.460367][T19513]  ? splice_direct_to_actor+0x980/0x980
[  505.460394][T19513]  ? __this_cpu_preempt_check+0x28/0x190
[  505.460419][T19513]  do_sendfile+0x549/0xc40
[  505.460447][T19513]  ? do_compat_pwritev64+0x1b0/0x1b0
[  505.460469][T19513]  ? wait_for_completion+0x3c0/0x3c0
[  505.460487][T19513]  ? vfs_write+0x15b/0x5c0
[  505.460509][T19513]  __x64_sys_sendfile64+0x1cc/0x210
[  505.525433][T19513]  ? ksys_write+0x19f/0x250
[  505.529967][T19513]  ? __ia32_sys_sendfile+0x220/0x220
[  505.535264][T19513]  ? __ia32_sys_clock_settime+0x260/0x260
[  505.541004][T19513]  ? trace_hardirqs_off_caller+0x55/0x230
[  505.546757][T19513]  do_syscall_64+0xf6/0x7d0
[  505.551284][T19513]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  505.557183][T19513] RIP: 0033:0x45c679
[  505.561089][T19513] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  505.580704][T19513] RSP: 002b:00007f99a4e0cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  505.589136][T19513] RAX: ffffffffffffffda RBX: 00007f99a4e0d6d4 RCX: 000000000045c679
[  505.597117][T19513] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  505.605110][T19513] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
06:12:46 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x7)

[  505.613096][T19513] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000008
[  505.621078][T19513] R13: 00000000000008d1 R14: 00000000004cb581 R15: 0000000000000000
06:12:46 executing program 3 (fault-call:5 fault-nth:1):
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:46 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x204, 0x500)

[  505.735710][T19529] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  505.770105][T19529] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:46 executing program 2 (fault-call:6 fault-nth:0):
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:47 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfffe)

[  506.006561][   T27] audit: type=1804 audit(1583993567.006:445): pid=19544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/350/file0/file0" dev="sda1" ino=17551 res=1
[  506.037871][T19544] FAULT_INJECTION: forcing a failure.
[  506.037871][T19544] name failslab, interval 1, probability 0, space 0, times 0
[  506.053465][   T27] audit: type=1800 audit(1583993567.036:446): pid=19544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17551 res=0
[  506.077613][T19544] CPU: 1 PID: 19544 Comm: syz-executor.3 Not tainted 5.6.0-rc5-syzkaller #0
[  506.086309][T19544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  506.096398][T19544] Call Trace:
[  506.099715][T19544]  dump_stack+0x188/0x20d
[  506.104193][T19544]  should_fail.cold+0x5/0xa
[  506.108725][T19544]  ? fault_create_debugfs_attr+0x140/0x140
[  506.114578][T19544]  should_failslab+0x5/0xf
[  506.119020][T19544]  __kmalloc+0x2d9/0x7a0
[  506.123286][T19544]  ? kmem_cache_alloc_trace+0x390/0x7d0
[  506.128844][T19544]  ? alloc_pipe_info+0x1e0/0x4f0
[  506.133911][T19544]  ? __lock_acquire+0x80b/0x3ca0
[  506.138871][T19544]  alloc_pipe_info+0x1e0/0x4f0
[  506.143671][T19544]  splice_direct_to_actor+0x771/0x980
[  506.149178][T19544]  ? __inode_security_revalidate+0xf0/0x140
[  506.155113][T19544]  ? avc_policy_seqno+0x9/0x70
[  506.159905][T19544]  ? generic_pipe_buf_nosteal+0x10/0x10
[  506.165476][T19544]  ? selinux_file_permission+0x92/0x560
[  506.171577][T19544]  ? do_splice_to+0x160/0x160
[  506.176281][T19544]  ? security_file_permission+0x8a/0x370
[  506.179813][T19545] FAULT_INJECTION: forcing a failure.
[  506.179813][T19545] name failslab, interval 1, probability 0, space 0, times 0
[  506.182093][T19544]  do_splice_direct+0x1a8/0x270
[  506.182115][T19544]  ? splice_direct_to_actor+0x980/0x980
[  506.182147][T19544]  ? __this_cpu_preempt_check+0x28/0x190
[  506.182173][T19544]  do_sendfile+0x549/0xc40
[  506.182208][T19544]  ? do_compat_pwritev64+0x1b0/0x1b0
[  506.182229][T19544]  ? wait_for_completion+0x3c0/0x3c0
[  506.227309][T19544]  ? vfs_write+0x15b/0x5c0
[  506.227331][T19544]  __x64_sys_sendfile64+0x1cc/0x210
[  506.227351][T19544]  ? ksys_write+0x19f/0x250
[  506.227371][T19544]  ? __ia32_sys_sendfile+0x220/0x220
[  506.246961][T19544]  ? __ia32_sys_clock_settime+0x260/0x260
[  506.248614][T19550] 9pnet: Insufficient options for proto=fd
[  506.252699][T19544]  ? trace_hardirqs_off_caller+0x55/0x230
[  506.252730][T19544]  do_syscall_64+0xf6/0x7d0
[  506.252754][T19544]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  506.252765][T19544] RIP: 0033:0x45c679
[  506.252780][T19544] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  506.252787][T19544] RSP: 002b:00007f99a4e0cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
06:12:47 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d046bfc6004000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  506.307474][T19544] RAX: ffffffffffffffda RBX: 00007f99a4e0d6d4 RCX: 000000000045c679
[  506.315461][T19544] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  506.323445][T19544] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
[  506.331692][T19544] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000008
[  506.339675][T19544] R13: 00000000000008d1 R14: 00000000004cb581 R15: 0000000000000001
[  506.364697][T19554] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  506.374637][T19554] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  506.378489][T19545] CPU: 0 PID: 19545 Comm: syz-executor.2 Not tainted 5.6.0-rc5-syzkaller #0
[  506.392866][T19545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  506.402926][T19545] Call Trace:
[  506.402949][T19545]  dump_stack+0x188/0x20d
[  506.402973][T19545]  should_fail.cold+0x5/0xa
[  506.402992][T19545]  ? fault_create_debugfs_attr+0x140/0x140
[  506.403021][T19545]  should_failslab+0x5/0xf
[  506.403040][T19545]  kmem_cache_alloc_trace+0x2d0/0x7d0
[  506.429867][T19554] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  506.430731][T19545]  ? __lock_acquire+0x80b/0x3ca0
[  506.430756][T19545]  alloc_pipe_info+0x10a/0x4f0
[  506.430780][T19545]  splice_direct_to_actor+0x771/0x980
[  506.430801][T19545]  ? __inode_security_revalidate+0xf0/0x140
[  506.430821][T19545]  ? avc_policy_seqno+0x9/0x70
[  506.440578][T19554] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
[  506.443821][T19545]  ? generic_pipe_buf_nosteal+0x10/0x10
[  506.443835][T19545]  ? selinux_file_permission+0x92/0x560
[  506.443857][T19545]  ? do_splice_to+0x160/0x160
[  506.474134][T19545]  ? security_file_permission+0x8a/0x370
[  506.474167][T19545]  do_splice_direct+0x1a8/0x270
[  506.474186][T19545]  ? splice_direct_to_actor+0x980/0x980
[  506.474213][T19545]  ? __this_cpu_preempt_check+0x28/0x190
[  506.474242][T19545]  do_sendfile+0x549/0xc40
[  506.516761][T19545]  ? do_compat_pwritev64+0x1b0/0x1b0
[  506.522067][T19545]  ? wait_for_completion+0x3c0/0x3c0
[  506.527379][T19545]  ? vfs_write+0x15b/0x5c0
[  506.531819][T19545]  __x64_sys_sendfile64+0x1cc/0x210
[  506.537031][T19545]  ? ksys_write+0x19f/0x250
[  506.542069][T19545]  ? __ia32_sys_sendfile+0x220/0x220
[  506.547366][T19545]  ? __ia32_sys_clock_settime+0x260/0x260
[  506.553103][T19545]  ? trace_hardirqs_off_caller+0x55/0x230
[  506.558858][T19545]  do_syscall_64+0xf6/0x7d0
[  506.563477][T19545]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  506.569383][T19545] RIP: 0033:0x45c679
[  506.573293][T19545] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  506.592906][T19545] RSP: 002b:00007f14c5d80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  506.603348][T19545] RAX: ffffffffffffffda RBX: 00007f14c5d816d4 RCX: 000000000045c679
06:12:47 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc0a04000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  506.611339][T19545] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  506.619325][T19545] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[  506.627318][T19545] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000007
[  506.635302][T19545] R13: 00000000000008d1 R14: 00000000004cb581 R15: 0000000000000000
06:12:47 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x8)

06:12:47 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x205, 0x500)

06:12:47 executing program 3 (fault-call:5 fault-nth:2):
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  506.712669][T19563] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  506.817385][T19563] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:47 executing program 2 (fault-call:6 fault-nth:1):
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:48 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x206, 0x500)

06:12:48 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc2504000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  507.180920][T19593] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  507.206019][T19593] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:48 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6b04000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  507.313960][T19602] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  507.322999][T19602] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:48 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6002000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:48 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x207, 0x500)

06:12:48 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeffff)

06:12:48 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:48 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x300)

06:12:48 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6003000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:48 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x208, 0x500)

06:12:48 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x500)

[  508.066916][   T27] kauditd_printk_skb: 5 callbacks suppressed
[  508.066932][   T27] audit: type=1804 audit(1583993569.066:452): pid=19625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/305/file0/file0" dev="sda1" ino=17562 res=1
06:12:49 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000140)={0x0, <r1=>0x0})
ptrace$setopts(0x4206, r1, 0x3ff, 0x100000)
fchdir(r0)
r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0)
ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000040)={0x4, 0xfff})
r3 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r4 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r3, r4, 0x0, 0x10000)

06:12:49 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x209, 0x500)

06:12:49 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6005000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  508.233044][   T27] audit: type=1800 audit(1583993569.166:453): pid=19625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17562 res=0
06:12:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10004)

[  508.275086][   T27] audit: type=1804 audit(1583993569.206:454): pid=19625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/305/file0/file0" dev="sda1" ino=17562 res=1
06:12:49 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000000)

[  508.486296][   T27] audit: type=1804 audit(1583993569.486:455): pid=19649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/353/file0/file0" dev="loop3" ino=88 res=1
06:12:49 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x20a, 0x500)

[  508.641284][   T27] audit: type=1800 audit(1583993569.486:456): pid=19649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=88 res=0
06:12:49 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)
ioctl$VT_WAITACTIVE(r1, 0x5607)

06:12:49 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6006000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10010)

[  508.719807][   T27] audit: type=1804 audit(1583993569.606:457): pid=19661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/306/file0/file0" dev="loop2" ino=89 res=1
06:12:49 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x20b, 0x500)

06:12:50 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x600)

[  508.982303][   T27] audit: type=1800 audit(1583993569.606:458): pid=19661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="loop2" ino=89 res=0
[  509.041880][   T27] audit: type=1804 audit(1583993569.636:459): pid=19661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/306/file0/file0" dev="loop2" ino=89 res=1
[  509.070815][   T27] audit: type=1804 audit(1583993569.716:460): pid=19661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/306/file0/file0" dev="loop2" ino=89 res=1
06:12:50 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6007000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:50 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x20c, 0x500)

[  509.227101][   T27] audit: type=1804 audit(1583993570.226:461): pid=19688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/354/file0/file0" dev="sda1" ino=17575 res=1
06:12:50 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6008000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:50 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r0, r1, 0x0, 0x10000)
r2 = socket(0x400020000000010, 0x2, 0x0)
write(r2, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000040)={&(0x7f0000000140)={0x50, 0x1405, 0x800, 0x70bd27, 0x25dfdbff, "", [{{0x8, 0x1, 0x1}, {0x8}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x1}}, {{0x8}, {0x8, 0x3, 0x1}}, {{0x8, 0x1, 0x1}, {0x8}}]}, 0x50}}, 0xc000)

06:12:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x1ff0f)

06:12:50 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x2000000)

06:12:50 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x20d, 0x500)

06:12:50 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6009000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  509.691018][T19721] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5125 sclass=netlink_route_socket pid=19721 comm=syz-executor.3
06:12:50 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x700)

06:12:50 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = socket(0x27, 0xa, 0x20)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x2000)=nil, 0x2000}, &(0x7f0000000040)=0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:12:50 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc600a000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:51 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x20e, 0x500)

06:12:51 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000140)="eb3c906d6b66732e666174000204010002000270fff8b267ef157b1b2a718a8ab518c9961cc7151b67d692fafdeb220ddd9570b37b236014f22d0c3631b4b7812a6e28b9845ac6680002e7d786dce078f27df4a967dff21166076a1fab067fa07b28e0c512efbbfde113dafdcd29ae4f449c8738ce269f41939a6cf9b21ba342adb13cf778bd8777ffa4289c6d9b0376d4184f8c154cb27ee7799262ba60bc91369d83797dff5af72de28b9555e28c2c313ca0", 0xb3, 0x82}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:51 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x3000000)

06:12:51 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc600b000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:51 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x3000000)

06:12:51 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x20f, 0x500)

06:12:51 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc600c000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  510.519611][T19775] FAT-fs (loop3): bogus number of reserved sectors
06:12:51 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x210, 0x500)

06:12:51 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc600e000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  510.591873][T19775] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:51 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x3f00)

06:12:51 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6010000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:51 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x6000000)

[  510.860094][T19775] FAT-fs (loop3): bogus number of reserved sectors
[  510.866844][T19775] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:51 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x211, 0x500)

06:12:52 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000140)='./file0\x00', 0x3, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c66732e666174000204010002000270fff8", 0x13, 0x3}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = socket(0x400020000000010, 0x2, 0x0)
write(r3, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0xa0, &(0x7f00000003c0)=[@in6={0xa, 0x4e23, 0x0, @remote}, @in={0x2, 0x4e23, @empty}, @in6={0xa, 0x4e21, 0x4, @rand_addr="1ace60cc5b1b2461a3b31778e8660d51", 0x8}, @in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e24, @loopback}, @in6={0xa, 0x4e22, 0x9, @empty}, @in6={0xa, 0x4e23, 0x8, @mcast1}]}, &(0x7f0000000040)=0x10)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000000c0)={r4, 0x4}, &(0x7f0000000240)=0x8)
sendfile(r1, r2, 0x0, 0x10000)

06:12:52 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6011000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:52 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x4000000)

06:12:52 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6012000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  511.380337][T19834] FAT-fs (loop3): bogus number of reserved sectors
[  511.386903][T19834] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:52 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x212, 0x500)

06:12:52 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0xffffffff000)

06:12:52 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeff)

06:12:52 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6014000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:52 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x213, 0x500)

[  511.683417][T19834] FAT-fs (loop3): bogus number of reserved sectors
[  511.716992][T19834] FAT-fs (loop3): Can't find a valid FAT filesystem
06:12:52 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6028000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:52 executing program 3:
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r0, 0xc0044308, &(0x7f0000000200))
ioctl$RTC_PLL_GET(r0, 0x80207011, &(0x7f0000000000))
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r2, r3, 0x0, 0x10000)

06:12:53 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x214, 0x500)

06:12:53 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x5000000)

06:12:53 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xff00)

06:12:53 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r3 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
recvfrom(r3, &(0x7f0000000700)=""/235, 0xeb, 0x40000000, &(0x7f0000000800)=@llc={0x1a, 0x306, 0x0, 0x1, 0x80, 0x1, @broadcast}, 0x80)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xf, &(0x7f00000003c0)="3810440e2846becde7f8f04410b135eef2726f767b3a296aa7faebb1134dbcba6153d6492d8ce66f5b63bd11bc8d8237ffe4f66e03de3b25c9e15fa03b4aa651d28c334fc7b0b52f04ef2c300ff4ca5017a3b295ab9ac9c1f7ae7f024a91482d714e6a81071bb944f908d6501eeebae580dc77e57fae2c9510cdd2c0ff4c4931170bbdf45ad95c7ccb069c53e1fe21bef087225be31d820542979aaa5a769c76e62b897dd3ff0b73b0277f39d96ad5ed5faa71373eeede64cab0e9e1044e88c346d8f56787c2f56ddab40e1c7baa8ea82ee9c7d6c941e1ffe5455276e510e4de49b1ae3c92875e288e6c", 0xea)
sendfile(r1, r2, 0x0, 0x10000)
r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r4, 0xc0044308, &(0x7f0000000200))
r5 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000280))
socket$inet_udplite(0x2, 0x2, 0x88)
socket$inet(0x2, 0x80000, 0x1)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0)
r7 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r7, 0xc028660f, &(0x7f0000000280)={0x0, r6})
statx(r7, &(0x7f0000000100)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
r9 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nvram\x00', 0x80001, 0x0)
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r9, 0x4008af23, &(0x7f0000000180)={0x1, 0x7fff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r10=>0xffffffffffffffff})
r11 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r12=>0x0}, &(0x7f0000cab000)=0xc)
r13 = getpid()
sendmsg$unix(r10, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r13, 0x0, r12}}}], 0x20}, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x180400, &(0x7f00000003c0)=ANY=[@ANYBLOB="66641d", @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r8, @ANYBLOB=',group_id=', @ANYRESDEC=r12, @ANYBLOB=',default_permissions,allow_other,max_read=0x0000000000000001,default_permissions,default_permissions,max_read=0x0000000000000037,blksize=0x0000000000001200,default_permissions,default_permissions,subj_type=/dev/bsg\x00,context=staff_u,dont_appraise,\x00'])
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0xb04010, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id'}, 0x2c, {'group_id', 0x3d, r12}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1000}}, {@max_read={'max_read', 0x3d, 0x5}}, {@default_permissions='default_permissions'}, {@max_read={'max_read', 0x3d, 0x6}}, {@blksize={'blksize', 0x3d, 0x400}}, {@blksize={'blksize'}}, {@allow_other='allow_other'}], [{@dont_appraise='dont_appraise'}, {@permit_directio='permit_directio'}, {@func={'func', 0x3d, 'MMAP_CHECK'}}]}})

06:12:53 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x215, 0x500)

06:12:53 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfffe)

06:12:53 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x216, 0x500)

06:12:53 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x6000000)

06:12:53 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000000000)=0xfe)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f00000003c0)=""/222)
sendfile(r1, r2, 0x0, 0x10000)

06:12:53 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6035000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:53 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x217, 0x500)

06:12:53 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r3 = accept4$inet6(r1, &(0x7f0000000000), &(0x7f0000000040)=0x1c, 0x80000)
getsockopt$IP_SET_OP_GET_FNAME(r3, 0x1, 0x53, &(0x7f0000000140)={0x8, 0x7, 0x0, 'syz1\x00'}, &(0x7f0000000180)=0x2c)
sendfile(r1, r2, 0x0, 0x10000)

06:12:54 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc605a000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:54 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x218, 0x500)

[  513.204254][   T27] kauditd_printk_skb: 28 callbacks suppressed
[  513.204269][   T27] audit: type=1800 audit(1583993574.206:490): pid=19951 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17588 res=0
06:12:54 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = socket(0x400020000000010, 0x2, 0x0)
write(r2, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@mcast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@local}, 0x0, @in=@broadcast}}, &(0x7f0000000140)=0xe8)
stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
r5 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r6=>0x0}, &(0x7f0000000300)=0xc)
mount$fuseblk(&(0x7f0000000000)='/dev/loop0\x00', &(0x7f0000000040)='./file0/file0\x00', &(0x7f00000000c0)='fuseblk\x00', 0x40, &(0x7f0000000580)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x400}}, {@allow_other='allow_other'}], [{@func={'func', 0x3d, 'FILE_CHECK'}}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@uid_gt={'uid>', r6}}, {@smackfsroot={'smackfsroot', 0x3d, 'vfat\x00'}}, {@smackfsdef={'smackfsdef', 0x3d, 'selfbdevmime_type\'self'}}, {@fsuuid={'fsuuid', 0x3d, {[0x33, 0x39, 0x30, 0x31, 0x64, 0x32, 0x66, 0x36], 0x2d, [0x33, 0x63, 0x34, 0x33], 0x2d, [0x6, 0x36, 0x34, 0x63], 0x2d, [0x35, 0x38, 0x33, 0x38], 0x2d, [0x33, 0x36, 0x63, 0x36, 0x31, 0x38, 0x32, 0x30]}}}, {@smackfstransmute={'smackfstransmute'}}, {@dont_hash='dont_hash'}]}})
r7 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r7, 0x0, 0x10000)

06:12:54 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc606b000e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:54 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x7000000)

[  513.348358][   T27] audit: type=1804 audit(1583993574.346:491): pid=19955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/313/file0/file0" dev="sda1" ino=17009 res=1
[  513.547739][   T27] audit: type=1800 audit(1583993574.346:492): pid=19955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17009 res=0
[  513.571793][   T27] audit: type=1804 audit(1583993574.346:493): pid=19955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/313/file0/file0" dev="sda1" ino=17009 res=1
06:12:54 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeffff)

06:12:54 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc601a480e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:54 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
recvfrom$l2tp6(r0, &(0x7f0000000000)=""/115, 0x73, 0x42, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x20)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:12:54 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x219, 0x500)

[  513.630132][   T27] audit: type=1804 audit(1583993574.346:494): pid=19955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/313/file0/file0" dev="sda1" ino=17009 res=1
06:12:54 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60005a0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  513.824066][   T27] audit: type=1804 audit(1583993574.746:495): pid=19975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/361/file0" dev="sda1" ino=16641 res=1
[  513.890961][   T27] audit: type=1800 audit(1583993574.746:496): pid=19975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16641 res=0
06:12:54 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x8000000)

[  513.948327][T19998] __nla_validate_parse: 3 callbacks suppressed
[  513.948338][T19998] netlink: 18458 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:55 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60006b0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:55 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x21a, 0x500)

06:12:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000180)='./file0/file0\x00', 0x3070c5, 0x1aa)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)
move_mount(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', r2, &(0x7f0000000040)='./file0\x00', 0x4)

[  514.194355][   T27] audit: type=1804 audit(1583993574.936:497): pid=19997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/314/file0/file0" dev="sda1" ino=16487 res=1
[  514.260628][T20012] netlink: 18458 bytes leftover after parsing attributes in process `syz-executor.4'.
[  514.271297][   T27] audit: type=1800 audit(1583993574.936:498): pid=19997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16487 res=0
06:12:55 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x21b, 0x500)

06:12:55 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040003400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  514.446490][   T27] audit: type=1804 audit(1583993574.946:499): pid=19997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/314/file0/file0" dev="sda1" ino=16487 res=1
06:12:55 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000000)

[  514.665234][T20032] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  514.676798][T20032] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:55 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x21c, 0x500)

06:12:55 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040005400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x5e1c03, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
llistxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000580)=""/4096, 0x1000)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r3 = socket(0x400020000000010, 0x2, 0x0)
write(r3, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
r4 = socket$rds(0x15, 0x5, 0x0)
ioctl$sock_proto_private(r4, 0x89eb, &(0x7f0000000140)="21d925db734577f7447f870e67df6c149671459319b1af310f7b3e7f993b985fad6d8bc0f575528b856c1653002cb0c9f8d97b886ca1a959b50222dcd2ec2bc72469372b1897767298b40e902573a5dee3b1c6b985eff4378dac667304ed940215b80e60fc17834d9e3c566ef6e1452c60bca87c1af84b2bd6afd2d9008218afc3ec324bcb76811ba016baff95b9363f1e8a0061711b645de7d57c592f995e06699ff7be9b091ab5e0f364bbf68d413bc3d63c46d670a3cafd0e2103c3c10f69")
ioctl$sock_ax25_SIOCDELRT(r3, 0x890c, &(0x7f0000000000)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x8, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
sendfile(r1, r2, 0x0, 0x10000)
r5 = socket$kcm(0x2b, 0x1, 0x0)
r6 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/enforce\x00', 0x0, 0x0)
recvfrom$l2tp(r6, &(0x7f0000000300)=""/118, 0x76, 0x1, &(0x7f00000003c0)={0x2, 0x0, @remote}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
fdatasync(r5)

06:12:55 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x3f000000)

[  514.964977][T20044] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
[  515.004836][T20044] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
06:12:56 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040006400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:56 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x21d, 0x500)

[  515.202540][T20055] netlink: 'syz-executor.4': attribute type 6 has an invalid length.
[  515.227881][T20055] netlink: 'syz-executor.4': attribute type 6 has an invalid length.
06:12:56 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040007400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r1, 0xc0044308, &(0x7f0000000200))
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r1, 0x80184132, &(0x7f0000000300))
fchdir(r0)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r4, 0xc0044308, &(0x7f0000000200))
unlinkat(r4, &(0x7f00000001c0)='./file0\x00', 0x0)
r5 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r2, r3, 0x0, 0x10000)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)={&(0x7f0000000140)='./file0\x00', r5}, 0x10)
r6 = socket(0x400020000000010, 0x2, 0x0)
write(r6, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00')
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r7, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = dup(r8)
getpeername$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x12)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={@dev, @mcast1, @rand_addr="657261c70996f4e1596272e2ec4688fa", 0x0, 0x0, 0x0, 0x10, 0x0, 0x20c204c6, r10})
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000340)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0}}, {{@in6=@mcast2}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8)
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000000c0), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r7, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r10}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r11}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x6}, 0x4000)
sendmsg$NL80211_CMD_REQ_SET_REG(r6, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x1c, r7, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000000)={'IDLETIMER\x00'}, &(0x7f0000000040)=0x1e)
setsockopt$inet6_opts(r4, 0x29, 0x39, &(0x7f00000003c0)=ANY=[@ANYBLOB="0c07000000000000040100072800000003080501007f000000000000000300000000000000050000000000000000000000000000000502fff90072615a04b0520bea650100c20400000007000100831ec3"], 0x48)

06:12:56 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x21e, 0x500)

06:12:56 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x2000000)

06:12:56 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xf6ffffff)

06:12:56 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040009400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)
r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0)
r5 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r6 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
sendmmsg(r4, &(0x7f0000001740)=[{{&(0x7f0000000300)=@ipx={0x4, 0x0, 0x59d, "660ee6c7b745", 0x2}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000580)="c07e39817dc7f8fd6cc512b6ee824bd54c17712f8f5988d901502748b16426e171dfad42544c8d7bbf97f55165b68ec0171722248cfe4cbb69b95de584dc1df5f0bdcce4d21c80b846b2937d3b1986c149eb89298fc4161eab3861205c2b8bbbad170fdd0e5767c08b26ab3bf6c7975644532625bcf4309141f4b57e69a30455ec5fcc06f8d0502e09d48d9f45a60ca9e993f7626f6f4570d335d4e2a8536ee0af3a7210c003c3ef38027faa6d0ff937e1fe1d12b577c1aafe4178e67ea96be75f916d146cef353fc012ea291a9c80fb612d10a4eeedfa869cd9ee366fdc73d2dd8a9618b667a15a4fa2beb7d544ab224e32a8bc588959ea3c658f37eb7c91df0b43b4df92867bcebca278e211e975bf6a19d854468bb32b364080760109eef04fd6e811030ddd66931b3cadccf8e1ffebc6b7dfa30d3bca05b63eb25a854ea4a385c8a75e9a054a2c286e030371595fc9d8397922b1d2ebdb7d7d1bbcd1552ac127466a77c157a88e725433c4d0db4536c38c4ce23b10d0437e89fee3e3da68bfb2531fddc1b65d7d45c5d759f6c27a23cf66ee9f1bd0fd348f5bd313d63d5b9362d14a6e164f441d07647f8eadc25fcc5b199896a6c3c0d3c3e12e069627fd695d006634eab8e381ee80cc06df91db2aa4c8ddf930bf896b3b06e983f42d3a8786f33e23cc23f38d3fba473b65f953cbd4f4a0e99e60c76d9a5ae82fb24e1488bdd14f89321063e2cb6339414bbb12e653f28338a3fc87d6225d550cfdcd3b0a032376766e4225f060d80d3bfbaf8c94dd93fa3a6bd4ce74b2dc5ec2a0e9104c96f5e3d275a1a55d0815442d275d5d0bb16c905ea305216c171b845c8d221ade0359b6401aaf3fb1ee336c9d07a7a1413256d5c3009a59f9b5ba0598eab24d25e306e19970b7d06738d0efb572a3f280e1d6e01e2a7d1f16da2b4ab376ecb238efb3380a1fd416afc70d96ec999887471c8b610e8535fb7c7f28c1ab19696f77db3828effe664fe77efed8f69eed6b508f82bc5a647cf9d8366cea700b347d3bf7abc0ad495fc95df8db4c8f8f9d17cd7ee963ae693df6286121629aa945a98e3de5b5a3ad8e99caed44c7f828ea2f12a5d087c74bdd0ea55bb1e1e3ac321ba353685e726de3bd9ac04b78f28df92f691aa7126371f5deffdf9647e9aece8d162bf54961dbc624713269b1a36dc23842f4524d6d2c5fdd0bed4001c1bf0668a1c091fe16da72c1c3e4f92d6ed24c8d33b757a042f446e57f316534768cf7f6782a445ae2a1662e74356286fd79ea9e13ddc3aaefd43abc86a6ea2a74041746774988347a2375aa4885de2ebc0dd6b58a7169d6e9dc0baf932de3c96842c459ae8d870222662dc36ed1b2ec92865fa03304281b6300cfaacd707de1bcd107ac1ea4af607e11c1f93f9e0dc6e13286574da1e64adb7e469358b9ccee22cceb31799fc9587afeae5afe8de1af105c091204a7d57c5b676d615cab1c4b5e2025548d130b04717f2f5efd2627b7c075885dc06c31618f32f74ef9a0aacf6c20c780b65d59cadf8764821db926d2ade30299610bcbdfe8c2a334becb1b9864f1824bf51444dc807e8f42a86e27814c7dd1edbc9343c9a2136249e42139062b3c0d5790562dce0e841a3746583ea03026188cd40b247fc6b66fdae051932527e78a363408c1961f907a98c59ceb1751d16222f8e4dae7d88044e1c2640a3abcdf27b5b8e428aaf1981bbd9ec69a80d110e3068b05624a03bcbf267828d74bd744d3858439e5c18b1bd136e29d6032545fc3878ef484cd8bfc31d8d46ae8c13dcde4be4700daf06aaf94f65b6550b888ba54324e0500d8ddb0f92ad9264e8cc879cc80ed3dd0c57bc2b654e05b8412e94c8b76e410d06669ed7907946a1097c3f5f3c3556b2ddeabeefb5447d4ed395e0a3795ff9fc107341c7d8de33e1bc17bf38d90d747c06f8c765b6d21039213c14f2195f0c69b0c285d8c359d5a500b2e7e98754025f2b63686d1fc0930992b93246b76723769913f03631917dda0284efeb32eb8c955865b8ddbe00c4a023793ea1fcc2b87562ec37f6e8585059dadd6583a03e289e3f0c24a4108c5bc91780c096c5a6c10846a9e377e9bee03fb110cc9075b30d06045ec69eb345bdbafd4c4c1e3e76247e3d596c5d757ddccc8d5366ba63bd11729fff000a7795db298a5ce13826f30b1d6c3cd765f28243e2fb8fa4c1302bfd508233e0a7367fc8c13e01328190085155833c64a6c83c55d3d40e4f0f8a91a93714e772be7b8a5a230f1ca494d40653bb6095df282540e13c30f06493cb134c8f73b05e2767c1ac5ee2b1e85059238adc41bd6fad8b8193d4ef033e7a3aea8fccb0d8b57bc8a5bc5121180b7db58e2718781e82dd4ca9db4ff064c5ba421d3cb024818a38681d23eaf4d0c5198153984a93e49fec19aac27e36729153515e17064d6ac53c117f4ad87e92aa845f797265285042493262affc2bcb41a60fdb199de93efb86fc5f42da32c372555db67554f27fc5c43cc85ef01d7bc4ef818ef23de0366105e9cf3c8e419a6998e9f1fabff017f35e169dd67ed5484f5c83b53585bc75ce933feefbebf00c9de539f0822200be0fd31ec90d3d7ea25e7ad9e396bd6e34e97814e21269091a0a778879e9f60fc4ba903bb228e636dbeae0795413f2b21b9f1e9deba5ecc4bca5a7b8ab735a0d4ebff0d4fa36852b7a5eb06f2cf08733fde8c4fb9139d50383cbf5d88bf786334fb045f51f46b5dd506747b31c40f503270e4821c9e8aed5d1083f0a4c094d33664963069bfedff2b4099e16f5cfaf335b5a56be39d3e3ba5b74aab25dc7d7c8c3339885f7144b8b668c21e861c89dd890bd5219d56c42b55e01f90d2351a2b1e9753d186a29456f22bea530ea5bddcaab4d73d5016882694c1dc1b239f4552a182d495e4a19175bb72e19c7028029cc14cc13da7256ee0fa5df14f344cd8c3faffdb842201ebcfccc9d03a847068670c75cb318cc840a89cab08ce0fe61d406da926ef5e1be9fbc7fc47e34a9fc79e51fcf222616eba333181411e38461803f998181a0d1de917c798de5d3b60bf58dfde5f6709dbb64965dfbfeb8b07283c398a4a0f141651de34283569781b30c7da60e2bc04f3255d271e54b4e06c7b18ad25f3399030619af3a74d35256cb7d0d919da124b2eae191db0452c1a1d2115c92f8e5d8520ec2f6f8c5af95422a78a08e4f0c3e3258355396d441b01f7a40bc6b6e09fbe5155ca77b08541649e376243c21dd4a4c451e16244c3ff8d924efb25a97571e978faf04faaf6f2fd94031cfff444eb8a91287ba064b7d933977b88a0e6dfe768a6e72b9514bdee00ce2b6bb3b36fa0784fa51707f11faca1d9bf906369b897b77cca1764eba420be33c420a67d08c3e326ff03a1608ae602f59ec91e86de5b00c95c0fb826497d7190a1e05fe2cb1709ccdceae0a5eb7d665d80cb38dd104cf7dcb3a16f4d8c5d24f6de0c8bd10b99313aa7e27edca1bd07187c2c1283649ede9357931cd626e9f51f989cd19f0ed1f3effcad644e23d7ec5a0d8bbcd9262ab6b48065be09b637fc229060f4557e47712271246c2ee9e3b8cc85db850c4341b74f82585cade875df1048d77baa39fc3e493fb3dbfaa12901f9716ec7daf3879492c47c21fc26335c888684b1ca15590e28b39fa79a551cce7a119050387ca35dce4adee363833df6bd74049376077d3d2cd13d0bb5a590231bf949020684f6420da59843f1452e515eb66a443aa609ae3fa35ed94107c7c0048566a37a13ec64749cbb7583fdfb0f05926015dfc485816eaa576da9767eca49539cdf3b67ed19f59ba9b4b1df6fedcfc48d40040e9c1538844f4d781c9c4342374bb5b1c069b41a356edfc6bfeb5ccfb6cd2904a6c60d99c688145ef55e2f0e229135eab91beedd06c34542ac5e38acb2ed6a1c4030066cfde6457df4423f245fc9eb3e65935dc201a64da29762fee894603c68c94834ddadaa77b062c9e15b29f6fc6fe3ca2ca0e3335a2830c696b8ca4b88a1ec3eb642abe22d672840507d9e4fb33f289a79fb57222b0294a93f7504197440fb60c8e124834c277e84359ac83bbb7315c6cf93f748ee91f60a2e5b7e3d0b20da29bb94ee08dc07f1d3c0a05adc13baab9081a92ff309d034045cc420845ae7669d7e8def3c1f2d5c30938a8d3346f5c62d2b699a3f6c2b98774df5b5064f4fdbe03dbe0ca29ad35e8149ad5f28f6f99bc619df4fe93bf199dad00762ddc9be74a390b41dd7ce6aacc2e1fb98d5540860a68f6aa97faf5edc66eed1ee82740001c3e7cbc7e76931c012bcb877ebca7a69380cb90e6d34d2da19391e30ea9bf6d796ce04a57f82ee5f9f7a7b15a7e4a007a8db8c70ca819d9958e97af8fa950b40d7b9294d48817e001c20a4448724aecca2f237a869ebe39e2463e0de92a5328699bdea1fc45015e54d76c4518a25b881b3af4b3a8031359c5e947e7144e5f470540f0e46d2438fbaf804a0ca4517fea76fbb7f101004023b4e5b47240ba72913bab83448d68d5fec027e6d5571bdd78ac46cc86cd29fa26b52ee088e20a94d720459fda6a6f511bbbc92463fb80dd4451eede3565094e001b0e00018a3629d024a05bc3e292b42b959df566d0558dcaad9182c6f935bcb66bbc7735baeb4198de21539c1162926dca6b0426ecdbedbee1ab883747b9949a1aee18146b8efd9177e7091095be5506e1d5b706ae69c5c5f8cb10473844542dabc6f31493fab8a661441a214842876fcc9660c0c2de44f262fb4c0ed938b2ddc38c8d391afa365ded20ff01dede6df26de49c2aac9d00bc6e45cbe916d66e877e4360b248df2ee00b6915df5b13093fe7eb9bd746db3c9be9df4f341a0fb735650b1cfeb52e7043d5eb166613d772c438bccf996d84bcfc38db50f5774d922092b788386c9b1b93753a5904cb9fa1e26a0edb7434a94bf13429750459537eb1cea1710844bd8e8fd00b2dbeb335786b3c2503adc2b5e0e2d83f335af48f95f46151e00dbc8ecbf79286708698ec0b8fcf94654a6a1a37b46b94baf792d41c19d299b6549bd1d9abb2cd9c5260f4ff7cbeb5b40a93db18b9f305ebf7a444d7e2b3f25be4d33a51100ef40cfdc41eff204bbb707069e470c31f67eeb21c4e304dceb9b548e802ee6130efa7ba857c44b3f99f140be5b2a0c9deb8c1e5d51bfc1f85ffd7aad46c0a8a294e9023e135cc688f15f4bb2082efa96dc420127774fc9ebe7f9b1b80978f4a078c6423bc31efb9076f4f5561000b3a72f955ad04d211551a66caa8b3c0bd1698178d5d4a889be6f7ff0ca0dac82336ce79edf107dee977cbb1f5efc293e05132250de238825f1e4218ae1569b4a8057b87fc3ebef3592d40f097546835571c8e5b83c0c3da7e662c483737198a07783e5f1d4db08312b0aeb02d4744fee1680a0b6f2556f3ffc7d3070db1d569162b8a80f3015bbf051a7abeb74e30bdab3d6a5ec9de9a58606d80a9593c4a6104feb181caf62370d55aecb2e12b5bbb7d4ee463040014beabfab8d2e09224d5b1d01cb926ff741a065f9201a37f9ae34418b0d7c957942a22edf54cf67614aa21f3453995c8784553682f722a88a5e93950ed87f57864fed4c9351f305de9d599f235438b4d5c6f0fb33594986a5fa75df85b61fb347b72c48f49a6917745b47d1b5c63f09423a9000a2a58a1557009b83eafd4494914010ed15367993ccaff2fda20816927f1efc7b4295f076343d9f87de091fe101621c791ea008a04d915318fe7ef50fb0e55fb012da48", 0x1000}, {&(0x7f00000003c0)="51d8ca29753d8dd52658ccf7a2451e090f025818f1fc878c5b5ce69540f426f53e8f62", 0x23}, {&(0x7f0000000400)="636d41a314f8e6c7a0411a0837c9db9ce5e205cd1cf60b705cb1658a785220853e23ef0a4ff41fd5b45936fe8e39f6aa6d420c88e947f277c73fe71649da91b97f47396b505561c374aa3ad472eacdf7dac7c1cd6d04121d9b065ba20f7423759e76765af13aff2946d16ac48b8dc3a11c6954ca372ea582850d836cae1ed0e00b99123095249908e1cf0613cb12d47c05077825a7f115175d3504e9669fc87d1c9f0119f202f03d1d86fa325f2dff6b0be109fbd50ee7329d45a49375694a52559e198cf1378a468734f046b67363ef2e23786e208b4b93dc5963bc997754cab739a4ce3002a455b7bf56bec0680985ba7c6ca314eb569e6e5d0e", 0xfb}], 0x3, &(0x7f0000001580)=[{0xa8, 0x107, 0x4, "9070769547e22f70eb990015b31e6d2c4bf5b3e2eeef05e7d98cc86792a06a7c09fc28e9706926fc8e704ffaf551c99424a270b79f452c4b19ad3f8ab8592210ce58a19fbf590aa6746f98e1173cc944cf4f5e10795f87b69d61ce99d80298d6c3ab5646bb2b2486acaccc2525204db5e4fea6590bbbcdc5ec0629ff576538c7cfe02a8438408ec822abff0b51af5c93b71611922047a7"}, {0x110, 0x88, 0x20000000, "4f0272d5841015aa7b9bb11b090bdf8586bbf82d9c4dc813c6cff6e4c7e7ad1d201946994de53bbd3040fc1476fdd626aba65b6b6d0889a2c0ef232b1982d9809705483a4673bb17fc56524240bc04fc9bc6cb6982d98d7e224e615ab12b3b3b75328128c1d46de7abd430f7549f67c430d207121eb6bbbebbbe9e0db261e4feb5cd393ddb41daaba79f5ad5f313e6a7b4d1b5c81bf29796e89d33a5c8cf9041b4d874092620f94e48060ce7040b43546d14b613acd9fd036986e95896da54fb6c99a22eeb90e373f4872935ce99dcb163a99cb61b1944f5010e1afd359301653b07f98f12474adcff06b7f7735fc9fa0e0f5b175061b272d13ef2"}], 0x1b8}}], 0x1, 0x8080)
r7 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
r8 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
clock_gettime(0x0, &(0x7f0000000180)={<r9=>0x0, <r10=>0x0})
ioctl$KVM_TRANSLATE(r4, 0xc018ae85, &(0x7f0000000280)={0x10000, 0x3000, 0x4, 0x2, 0x40})
ppoll(&(0x7f0000000140)=[{r4, 0x20ec}, {r5, 0xc424}, {r3, 0x8043}, {r6, 0x80b8}, {r7, 0x4}, {r8, 0x1}], 0x6, &(0x7f00000001c0)={r9, r10+10000000}, &(0x7f0000000240)={[0x3]}, 0x8)

06:12:56 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x21f, 0x500)

[  515.689599][T20082] netlink: 'syz-executor.4': attribute type 9 has an invalid length.
[  515.791751][T20082] netlink: 'syz-executor.4': attribute type 9 has an invalid length.
06:12:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)
ioctl$VIDIOC_DQEVENT(r3, 0x80885659, &(0x7f0000000140)={0x0, @src_change})
r4 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
fallocate(r4, 0x17, 0x7, 0x8)

06:12:56 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004000a400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:57 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x220, 0x500)

06:12:57 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x3000000)

[  516.150696][T20108] netlink: 'syz-executor.4': attribute type 10 has an invalid length.
[  516.217936][T20108] netlink: 'syz-executor.4': attribute type 10 has an invalid length.
06:12:57 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004000b400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:57 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x221, 0x500)

06:12:57 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x4000000)

06:12:57 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeff0000)

06:12:57 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x101082, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000040)={0x0, 0x2}, &(0x7f0000000140)=0x8)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x404041, 0x0)
r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r2, r3, 0x0, 0x10000)

06:12:57 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004000c400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:57 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x222, 0x500)

[  516.830358][T20139] netlink: 'syz-executor.4': attribute type 12 has an invalid length.
06:12:57 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x2200, 0x0)
setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, &(0x7f0000000040)=[{0x3, 0x3, {0x0, 0x0, 0x3}, {0x2, 0x0, 0x1}, 0xfe, 0xfe}], 0x20)
r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r2, r3, 0x0, 0x10000)

06:12:58 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004000d400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:58 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x223, 0x500)

06:12:58 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x5000000)

[  517.152252][T20159] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:12:58 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeffffff)

06:12:58 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x224, 0x500)

06:12:58 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004020e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:58 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x225, 0x500)

06:12:58 executing program 2:
r0 = syz_open_dev$vcsu(&(0x7f0000000140)='/dev/vcsu#\x00', 0x5c24, 0x10d001)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00')
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MON_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x14, r1, 0x70f, 0x0, 0x0, {0x7}}, 0x14}}, 0x0)
sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000580)={0x1a0, r1, 0x200, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2aa4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x72b}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff9}]}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x846}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_LINK={0x4c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x88c3}]}]}, @TIPC_NLA_MEDIA={0xcc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x96}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4e6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x42}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}]}, @TIPC_NLA_PUBL={0x4}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r3 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='vcan0\x00', 0x10)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ashmem\x00', 0x40, 0x0)
r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r6 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
sendfile(r5, r6, 0x0, 0x10000)
creat(&(0x7f0000000000)='./file0\x00', 0x0)

06:12:58 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004030e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:58 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x6000000)

06:12:58 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xff000000)

06:12:59 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x226, 0x500)

06:12:59 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004040e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:59 executing program 2:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x40, 0x0)
ioctl$HDIO_GETGEO(r0, 0x301, &(0x7f0000000180))
syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e002, 0x1, &(0x7f0000000380)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16, 0x1}], 0x42800, 0x0)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r1, 0xc0044308, &(0x7f0000000200))
ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000100))
r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r2)
r3 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r4 = open$dir(&(0x7f0000000380)='./file0\x00', 0x80000000006862c1, 0x113)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r3, r4, 0x0, 0x10000)

06:12:59 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004050e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:59 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x227, 0x500)

06:12:59 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfffffe00)

06:12:59 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004060e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  518.653112][   T27] kauditd_printk_skb: 24 callbacks suppressed
[  518.653128][   T27] audit: type=1804 audit(1583993579.656:524): pid=20221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/323/file0/file0" dev="sda1" ino=17604 res=1
06:12:59 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x7000000)

06:12:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x41615781, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sloppy_tcp\x00', 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$inet(0x2, 0x80001, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x7d, &(0x7f0000000140)={r5}, 0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000040)={0x1000, 0x4, 0x200, 0x0, 0x3, 0x0, 0x545, 0x10001, r5}, 0x20)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x10000)

06:12:59 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004070e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:12:59 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x228, 0x500)

06:13:00 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004080e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:00 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x229, 0x500)

[  519.327728][   T27] audit: type=1804 audit(1583993580.326:525): pid=20262 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/324/file0/file0" dev="sda1" ino=17620 res=1
06:13:00 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x46, 0x0, &(0x7f0000000380), 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$HDIO_GETGEO(r1, 0x301, &(0x7f0000000000))
sendfile(r1, r2, 0x0, 0x10000)

06:13:00 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004090e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:00 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xffffff7f)

06:13:00 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x8000000)

06:13:00 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x22a, 0x500)

[  519.674076][T20274] FAT-fs (loop2): bogus number of reserved sectors
[  519.700837][T20274] FAT-fs (loop2): Can't find a valid FAT filesystem
[  519.745484][   T27] audit: type=1804 audit(1583993580.746:526): pid=20279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/325/file0/file0" dev="sda1" ino=17555 res=1
06:13:00 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040a0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  519.876582][   T27] audit: type=1800 audit(1583993580.746:527): pid=20279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17555 res=0
06:13:00 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x22b, 0x500)

[  520.033040][T20274] FAT-fs (loop2): bogus number of reserved sectors
[  520.142706][T20274] FAT-fs (loop2): Can't find a valid FAT filesystem
[  520.174343][   T27] audit: type=1804 audit(1583993580.746:528): pid=20279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/325/file0/file0" dev="sda1" ino=17555 res=1
06:13:01 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = socket(0x400020000000010, 0x2, 0x0)
write(r1, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000000)={<r2=>0x0, 0xfffe, 0x2}, &(0x7f0000000040)=0x8)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x6, @local, 0x589}, 0x1c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={r2, @in={{0x2, 0x4e22, @broadcast}}, 0x4d5, 0x290e, 0x800, 0x5, 0x89, 0x3, 0x7f}, 0x9c)
r3 = syz_open_dev$amidi(&(0x7f0000000240)='/dev/amidi#\x00', 0x1, 0x10000)
ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000340)={0xa30000, 0x80, 0x8000, r3, 0x0, &(0x7f0000000300)={0x9a0906, 0x10001, [], @p_u16=&(0x7f0000000280)=0x20}})
r4 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r5 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r4, r5, 0x0, 0x10000)

06:13:01 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x22c, 0x500)

06:13:01 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040b0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  520.340404][   T27] audit: type=1804 audit(1583993581.046:529): pid=20279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/325/file0/file0" dev="sda1" ino=17555 res=1
06:13:01 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x3f000000)

06:13:01 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000380), 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r3 = socket(0x400020000000010, 0x2, 0x0)
write(r3, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000000040)=0x4f1b, 0x4)
sendfile(r1, r2, 0x0, 0x10000)

[  520.520105][   T27] audit: type=1804 audit(1583993581.496:530): pid=20309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/326/file0/file0" dev="loop2" ino=98 res=1
06:13:01 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040c0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:01 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfffffff6)

[  520.671936][   T27] audit: type=1800 audit(1583993581.496:531): pid=20309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="loop2" ino=98 res=0
06:13:01 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x22d, 0x500)

[  520.810147][   T27] audit: type=1804 audit(1583993581.496:532): pid=20309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/326/file0/file0" dev="loop2" ino=98 res=1
[  520.861937][T20322] FAT-fs (loop2): bogus number of reserved sectors
06:13:01 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x22e, 0x500)

06:13:02 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040d0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  520.977736][T20322] FAT-fs (loop2): Can't find a valid FAT filesystem
[  521.087105][   T27] audit: type=1804 audit(1583993581.506:533): pid=20313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/326/file0/file0" dev="loop2" ino=98 res=1
[  521.129722][T20322] FAT-fs (loop2): bogus number of reserved sectors
[  521.145311][T20322] FAT-fs (loop2): Can't find a valid FAT filesystem
06:13:02 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040e0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:02 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xf6ffffff)

06:13:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r3, 0xc0044308, &(0x7f0000000200))
r4 = openat(r3, &(0x7f0000000000)='./file0\x00', 0x80280, 0x10)
ioctl$SOUND_MIXER_INFO(r4, 0x805c4d65, &(0x7f0000000140))

06:13:02 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x22f, 0x500)

06:13:02 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfffffffe)

06:13:02 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040f0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:02 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x230, 0x500)

06:13:02 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x231, 0x500)

06:13:02 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004100e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7, 0x4, &(0x7f0000000300)=[{&(0x7f0000000180), 0x0, 0x9}, {&(0x7f00000001c0)="1dfb8e585d6ea4b9ce9018ab9bbfe1a73be8175be28995559c53a1f959584b791f19bbf56c008bd79d186f657c49232e5f0c2feaa996", 0x36, 0x2}, {&(0x7f0000000240)="d10cf04e89f1244243e722f2d0f8d990b9c0ef05922052a94b501d29c8b70877f050b6e4b7e03eb970d9e57b1d82eba9c59c51fc392da0ea02765e7eea1d6046aac354", 0x43, 0x62a9}, {&(0x7f00000003c0)="8cedba5cfc1dad9b334b6dd47dd259e54c7863731d4c42a7685c7f8698e2aa5c9cb82a45160bd82679560fe6e096cf80035f262d3c6d9be69ef8a3100adb469d7524ddca833dacf8aee7af2381abb8ea5967f6aa5eec1957ff729f8e786ba4a4d79010f8f6cb052af465d9be4d623051e81b93e8326f98d48cfe1d7062c102a67df8f955b814d0944209731d3c07ad13e4b47ce61f8ad19f85385821345494c7be65904eba1337e06d5c132a605d4ca7daf638db888e49354b7eb334b118381711", 0xc1}], 0x9c881, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r2, 0xc0044308, &(0x7f0000000200))
ioctl$DRM_IOCTL_GET_CAP(r2, 0xc010640c, &(0x7f00000005c0)={0x1})
r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x40000, 0x0)
r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r4, 0xc0044308, &(0x7f0000000200))
r5 = pidfd_getfd(r4, r1, 0x0)
ioctl$VIDIOC_TRY_ENCODER_CMD(r5, 0xc028564e, &(0x7f0000000100)={0x1, 0x1, [0x6, 0x2, 0x931, 0x9, 0x4, 0x2, 0xa50, 0x1ff]})
ioctl$RNDZAPENTCNT(r3, 0x5204, &(0x7f0000000040)=0x4)
r6 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r6, 0x0, 0x10000)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0)='TIPCv2\x00')
sendmsg$TIPC_NL_NODE_GET(r1, &(0x7f0000000580)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x24, r7, 0x10, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x81}]}, @TIPC_NLA_PUBL={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4040)

06:13:03 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x232, 0x500)

06:13:03 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004110e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:03 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000000000000)

06:13:03 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeff0000)

06:13:03 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x233, 0x500)

06:13:03 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004120e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:03 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x234, 0x500)

06:13:03 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004130e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:03 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeffffff)

06:13:03 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = fcntl$dupfd(r0, 0x406, r1)
sendmsg$sock(r2, &(0x7f0000000240)={&(0x7f0000000000)=@vsock={0x28, 0x0, 0xffffb1df, @host}, 0x80, &(0x7f0000000140)=[{&(0x7f00000003c0)="d208817eab10bddf7a429c147775d2d6508200380a9e47ad500fb0236539b353e950cd629be5b88105e072e1f9d8364997490bd3b0973c5647cbba5db8e68a8375d4e5793cc0cb45c3b1195fb0960bf634a1e0fdaed75b4b0357767b9e831e6e2abc473fe29fbfd34287f0214f3eeac6f91949c7ad66f6b65146b1f0850ebfd961053c63f1ccbe718649a900e16cbc49237ce0ed419ce2e73dc9594028285470174ed3cf5aed2feaad5e0b461eb6cd165d629b142beb226dae5f485f00a53b50d9e757c1766e3231e51a644a5518ab4c23950ce43785f7b81924221ae7f5943e9989e7", 0xe3}], 0x1, &(0x7f0000000180)=[@mark={{0x14, 0x1, 0x24, 0x9}}, @mark={{0x14}}, @mark={{0x14, 0x1, 0x24, 0x4}}], 0x48}, 0x1)
r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r3)
r4 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x60)
r5 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r4, r5, 0x0, 0x10000)

06:13:03 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x235, 0x500)

06:13:04 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004140e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:04 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeffff00000000)

06:13:04 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x236, 0x500)

06:13:04 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004150e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:04 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x237, 0x500)

06:13:04 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x100000000000000)

06:13:04 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004160e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:04 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xff000000)

06:13:04 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x238, 0x500)

06:13:04 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004170e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:05 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x239, 0x500)

06:13:05 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfffffe00)

06:13:05 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004180e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:05 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x200000000000000)

06:13:05 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004190e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:05 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x23a, 0x500)

06:13:05 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60041a0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:05 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x23b, 0x500)

06:13:05 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x300000000000000)

06:13:05 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xffffff7f)

06:13:05 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60041b0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:06 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x23c, 0x500)

06:13:06 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60041c0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:06 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x400000000000000)

06:13:06 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x23d, 0x500)

06:13:06 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60041d0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:06 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfffffff6)

06:13:06 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x23e, 0x500)

06:13:06 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60041e0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:06 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x23f, 0x500)

06:13:06 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x500000000000000)

06:13:06 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400)='devlink\x00')
r2 = getpid()
sched_setscheduler(r2, 0x5, &(0x7f0000000380))
r3 = getpgrp(0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000640)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000600)={&(0x7f0000000440)={0xac, r1, 0x300, 0x70bd29, 0x25dfdbfb, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0xac}, 0x1, 0x0, 0x0, 0x10000}, 0x4)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r4)
r5 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r6 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x18)
ioctl$SNDRV_PCM_IOCTL_DELAY(r4, 0x80084121, &(0x7f0000000040))
sendfile(r5, r6, 0x0, 0x10000)
r7 = socket$netlink(0x10, 0x3, 0x10)
r8 = socket(0x27, 0xa326486fc09b94b3, 0x6)
r9 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r9, &(0x7f0000000140)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}}, 0x24)
sendmmsg(r9, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x10, 0x110, 0x1}], 0x10}}], 0x1, 0x0)
r10 = socket(0x8, 0x5, 0x0)
getpeername(r10, &(0x7f0000000500)=@pppol2tp={0x18, 0x1, {0x0, <r11=>0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f0000000580)=0x80)
r12 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000700)='NLBL_UNLBL\x00')
sendmsg$NLBL_UNLABEL_C_STATICADD(r11, &(0x7f00000007c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x70400c90}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=r12, @ANYBLOB="100025bd70010900002503"], 0x3}, 0x1, 0x0, 0x0, 0x20004400}, 0xb0f12da7ed8caacf)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r9, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r12, 0x4, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @rand_addr=0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x44001)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r8, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4080010}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r12, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40801}, 0x4000a000)
sendmsg$NLBL_UNLABEL_C_LIST(r7, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x98, r12, 0x4, 0x70bd27, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast2}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @local}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:file_context_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @dev={0xfe, 0x80, [], 0xd}}]}, 0x98}, 0x1, 0x0, 0x0, 0x40808}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_ACCEPT(r4, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x70, r12, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr="0ac7c66d3a2f3bbdeee453de3df0088d"}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:audisp_exec_t:s0\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x4845}, 0x40000)

06:13:06 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004210e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:07 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x240, 0x500)

06:13:07 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfffffffe)

[  526.142296][   T27] kauditd_printk_skb: 12 callbacks suppressed
[  526.142313][   T27] audit: type=1804 audit(1583993587.146:546): pid=20574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/331/file0/file0" dev="sda1" ino=16625 res=1
06:13:07 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x600000000000000)

[  526.319235][   T27] audit: type=1800 audit(1583993587.186:547): pid=20574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16625 res=0
06:13:07 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x241, 0x500)

06:13:07 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004220e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  526.471033][   T27] audit: type=1804 audit(1583993587.206:548): pid=20574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/331/file0/file0" dev="sda1" ino=16625 res=1
06:13:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
syz_init_net_socket$nl_rdma(0xffffffffffffffff, 0x3, 0x14)
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r3, 0xc0044308, &(0x7f0000000200))
ioctl$SCSI_IOCTL_DOORUNLOCK(r3, 0x5381)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r4 = socket(0x400020000000010, 0x2, 0x0)
write(r4, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
recvfrom$phonet(r4, &(0x7f0000000680)=""/231, 0xe7, 0x1, &(0x7f0000000000)={0x23, 0x3, 0xf7, 0x6}, 0x10)
sendfile(r1, r2, 0x0, 0x10000)

06:13:07 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000000000000)

06:13:07 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004230e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:07 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x242, 0x500)

[  526.706934][   T27] audit: type=1804 audit(1583993587.356:549): pid=20574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/331/file0/file0" dev="sda1" ino=16625 res=1
[  526.804178][   T27] audit: type=1804 audit(1583993587.806:550): pid=20614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/332/file0/file0" dev="sda1" ino=16641 res=1
06:13:07 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x700000000000000)

06:13:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8040, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  527.014780][   T27] audit: type=1800 audit(1583993587.866:551): pid=20614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16641 res=0
06:13:08 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004240e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:08 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x243, 0x500)

[  527.156408][   T27] audit: type=1804 audit(1583993587.866:552): pid=20618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/332/file0/file0" dev="sda1" ino=16641 res=1
06:13:08 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004250e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  527.361561][   T27] audit: type=1800 audit(1583993587.946:553): pid=20618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16641 res=0
06:13:08 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x244, 0x500)

06:13:08 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004260e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x440000, 0x0)
getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f0000000180)=""/51, &(0x7f00000001c0)=0x33)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00')
sendfile(r2, r3, 0x0, 0x10000)
r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r4, 0xc0044308, &(0x7f0000000200))
r5 = getegid()
ioctl$TUNSETGROUP(r4, 0x400454ce, r5)

[  527.560227][   T27] audit: type=1804 audit(1583993587.976:554): pid=20614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/332/file0/file0" dev="sda1" ino=16641 res=1
06:13:08 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x245, 0x500)

[  527.735964][   T27] audit: type=1804 audit(1583993588.316:555): pid=20635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/333/file0/file0" dev="sda1" ino=16801 res=1
06:13:09 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeffff00000000)

06:13:09 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004270e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x82080, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000340)={<r3=>0x0}, &(0x7f00000004c0)=0xc)
r4 = socket(0x400020000000010, 0x2, 0x0)
write(r4, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000580)={{{@in=@multicast1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@remote}, 0x0, @in6=@mcast1}}, &(0x7f0000000500)=0xe8)
r6 = getgid()
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r8 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
r9 = syz_open_dev$sndctrl(&(0x7f0000000680)='/dev/snd/controlC#\x00', 0x1f, 0x402c01)
r10 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200)
r11 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r11, 0xc0044308, &(0x7f0000000200))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r11, 0xc0502100, &(0x7f00000006c0)={0x0, <r12=>0x0})
r13 = getegid()
r14 = getpid()
sched_setscheduler(r14, 0x5, &(0x7f0000000380))
stat(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, <r15=>0x0})
r16 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r16, 0xc028660f, &(0x7f0000000280))
r17 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0)
r18 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r18, 0xc028660f, &(0x7f0000000280)={0x0, r17})
statx(r18, &(0x7f0000000100)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r19=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r20=>0xffffffffffffffff})
r21 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r21, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r22=>0x0}, &(0x7f0000cab000)=0xc)
r23 = getpid()
sendmsg$unix(r20, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r23, 0x0, r22}}}], 0x20}, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x180400, &(0x7f0000000a00)=ANY=[@ANYBLOB="66641d", @ANYRESHEX=r16, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r19, @ANYBLOB=',group_id=', @ANYRESDEC=r22, @ANYBLOB="2c64656661756c745f7065726d697373696f6e732c616c6c6f775f6f746865722c6d61785f726561643d3078303030010030303030303030303030312c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303033372c626c6b73697a653d3078303030303030303030303030313230302c64656661756c745f7065726d697373696f6e732c64656661756c745f7065726d697373696f6e732c7375626a5f7479f0653d2f6465762f627367002c636f6e746578743d73746166665f752c646f6e745f61707072616973652c00f7df6db5977883d9c6ddaf81cf2e89e1eebb4f352c4f35aeceb6b68c"])
sendmsg$unix(r1, &(0x7f00000008c0)={&(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000240)="6da07800612ef7ea138e9cf03b07582b4530ed77962b8cdee58ec9526ec51c8c632aa47849c1d0a5b31c0740a2716c72fb5e1bb86987d1352a319776f6245c4eb0fd4db20e33d05da6d40751ca7ed9defc8d49b366411eb58c014dcf705a01d99681b48a3fb144a721a9a7a2e30e34c48fcf8f248b9adfc2c3ac32e55897ba6bdb267bc363f2f1b208e10380545354038386a53f0b25b5e710176c4005a7a124ac38e10104d7c41016972909c872b3fe322d1d1caecf47d289a5f9f8587125c87e6d98b26e217f1de4c24774a791afcec64b8360f1907af321f0978646649b79", 0xe0}, {&(0x7f00000003c0)="047ea778f222ed1a2aae7d2fe41f4f90d84c18e1c63af7ebe1f4c8a4cbf7fa95045f079a475495704370d2ba9722490443f7b92647b8b169ea2b8fab497cf328268aef4f4c64975463ef028bcb68ff1ff1dd58f8533b5150993170dcef1579fbf05bee5ac470d8b3e7b9a60c8d7309edab4295a55e65261a15d3b9b8e37fed2e79ade7495b6f63cec8237181a5aac8f28092da277f933f4f2f4f864ac3e4ed5627986695e1ce2e7c490c5bb84681eedffed3f9a6d31d55acc075afc2c622c5a0c13643fab59dba66650f3a", 0xcb}, {&(0x7f0000000000)="f913707d19cc5175c048", 0xa}], 0x3, &(0x7f0000000800)=[@cred={{0x1c, 0x1, 0x2, {r3, r5, r6}}}, @rights={{0x28, 0x1, 0x1, [r7, r2, r8, r2, r9, r10]}}, @cred={{0x1c, 0x1, 0x2, {r12, 0xee01, r13}}}, @cred={{0x1c, 0x1, 0x2, {r14, r15, r22}}}], 0x88, 0x800}, 0x50)
sendfile(r1, r2, 0x0, 0x10000)

06:13:09 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x246, 0x500)

06:13:09 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x800000000000000)

06:13:09 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004300e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:09 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x247, 0x500)

06:13:09 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004480e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
dup3(r2, r1, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x3f8, 0x10, 0x70bd2b, 0x25dfdbfe, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x50}, 0x20000800)
r3 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$kcm(0x2b, 0x1, 0x0)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00')
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MON_GET(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x14, r5, 0x70f, 0x0, 0x0, {0x7}}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000580)={0x3dc, r5, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x5c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x93e6}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x401}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x440c}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}]}, @TIPC_NLA_BEARER={0xa0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @multicast1}}, {0x14, 0x2, @in={0x2, 0x4e20, @local}}}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xcb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_BEARER_NAME={0x12, 0x1, @l2={'ib', 0x3a, 'veth1_vlan\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x200}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'eth', 0x3a, 'vxcan1\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_MEDIA={0x110, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_NET={0x6c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7fff}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x10001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x401}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x81}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7f}]}, @TIPC_NLA_MEDIA={0x11c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffe00}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x860}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3d000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}]}]}]}, 0x3dc}, 0x1, 0x0, 0x0, 0x40016}, 0x800)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendfile(r0, r2, 0x0, 0x9)

06:13:09 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x248, 0x500)

06:13:09 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60044c0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  528.874419][T20720] netlink: 18458 bytes leftover after parsing attributes in process `syz-executor.4'.
06:13:09 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x3f00000000000000)

06:13:09 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x100000000000000)

06:13:09 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x249, 0x500)

06:13:10 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xf6ffffff00000000)

06:13:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fallocate(r1, 0x14, 0x0, 0x905)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r2, r3, 0x0, 0x10000)

06:13:10 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004600e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:10 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x24a, 0x500)

[  529.371266][T20742] netlink: 18458 bytes leftover after parsing attributes in process `syz-executor.4'.
06:13:10 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x24b, 0x500)

[  529.602065][T20742] netlink: 18458 bytes leftover after parsing attributes in process `syz-executor.4'.
06:13:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r2 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000280))
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0)
r4 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000280)={0x0, r3})
statx(r4, &(0x7f0000000100)='./file0\x00', 0x0, 0x20, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r6=>0xffffffffffffffff})
r7 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
r9 = getpid()
sendmsg$unix(r6, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r9, 0x0, r8}}}], 0x20}, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x180400, &(0x7f00000003c0)=ANY=[@ANYBLOB="66641d", @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r8, @ANYBLOB=',default_permissions,allow_other,max_read=0x0000000000000001,default_permissions,default_permissions,max_read=0x0000000000000037,blksize=0x0000000000001200,default_permissions,default_permissions,subj_type=/dev/bsg\x00,context=staff_u,dont_appraise,\x00'])
lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x1, &(0x7f0000000580)=ANY=[@ANYBLOB="7472616e733d756e69782c63616368653d6d6d61702c76657273696f6e3d3970323030302c07000000004c6b3c51e12ab2fced76db000000", @ANYRESHEX=r8, @ANYBLOB=',subj_type=:%(\\,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fowner>', @ANYRESDEC=r10, @ANYBLOB=',subj_type=-,!,rootcontext=sysadm_u,obj_role=,\x00'])
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r0, r1, 0x0, 0x10000)

06:13:10 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x200000000000000)

06:13:10 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x24c, 0x500)

06:13:10 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004680e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:11 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeff000000000000)

[  530.051879][T20776] netlink: 18458 bytes leftover after parsing attributes in process `syz-executor.4'.
[  530.054568][T20769] 9pnet: p9_fd_create_unix (20769): problem connecting socket: ./file0: -111
06:13:11 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x24d, 0x500)

06:13:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0xaaaace5, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c907f00000000000000000204010002000270fff8", 0x16, 0x375}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
ftruncate(r2, 0x6)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:13:11 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60046c0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:11 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = socket(0x400020000000010, 0x2, 0x0)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r1, 0xc0044308, &(0x7f0000000200))
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000240)={0xa4ea, <r2=>0x0, 0x2, 0x8352})
ioctl$DRM_IOCTL_AGP_FREE(r1, 0x40206435, &(0x7f0000000280)={0x2, r2, 0x10001, 0x200})
write(r0, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
recvfrom$rose(r0, &(0x7f0000000180)=""/7, 0x7, 0x0, &(0x7f00000001c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x2, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @null]}, 0x40)
r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/qat_adf_ctl\x00', 0x40000, 0x0)
r4 = shmat(0x0, &(0x7f0000ff3000/0x3000)=nil, 0x4000)
shmdt(r4)
r5 = shmat(0x0, &(0x7f0000ff3000/0x3000)=nil, 0x4000)
shmdt(r5)
shmdt(r5)
fchdir(r3)
timer_create(0x1, &(0x7f0000000300)={0x0, 0x10, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000340)=<r6=>0x0)
timer_getoverrun(r6)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
r8 = openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x200, 0x12e)
setsockopt$packet_fanout(r8, 0x107, 0x12, &(0x7f0000000580)={0x40, 0x2, 0x3000}, 0x4)
r9 = socket$inet(0x2, 0x80001, 0x0)
ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_CONTEXT(r7, 0x84, 0x7d, &(0x7f0000000140)={r10}, 0x8)
getsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000000)={<r11=>r10, 0x3f, 0x2, 0x2}, &(0x7f0000000040)=0x10)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f00000000c0)={r11, 0x7b}, 0x8)
r12 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r13 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendmsg$IPSET_CMD_SAVE(r12, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x28, 0x8, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x44081}, 0x4000)
sendfile(r12, r13, 0x0, 0x10000)

06:13:11 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x24e, 0x500)

[  530.429709][T20796] netlink: 18458 bytes leftover after parsing attributes in process `syz-executor.4'.
06:13:11 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x1, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x40, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)

06:13:11 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x24f, 0x500)

06:13:11 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x300000000000000)

06:13:11 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004740e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  530.890115][T20815] FAT-fs (loop3): bogus number of reserved sectors
[  530.910113][T20820] netlink: 18458 bytes leftover after parsing attributes in process `syz-executor.4'.
06:13:11 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x250, 0x500)

[  530.962751][T20815] FAT-fs (loop3): Can't find a valid FAT filesystem
06:13:12 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xfeffffff00000000)

06:13:12 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60047a0e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  531.138038][T20815] FAT-fs (loop3): bogus number of reserved sectors
[  531.161683][T20815] FAT-fs (loop3): Can't find a valid FAT filesystem
[  531.259464][T20837] netlink: 18458 bytes leftover after parsing attributes in process `syz-executor.4'.
06:13:12 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x251, 0x500)

[  531.503548][   T27] kauditd_printk_skb: 23 callbacks suppressed
[  531.503563][   T27] audit: type=1804 audit(1583993592.506:579): pid=20846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/339/file0" dev="sda1" ino=16849 res=1
06:13:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x8800)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, r3)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000200)={0x0, <r5=>0x0}, &(0x7f0000000240)=0xc)
syz_mount_image$exfat(&(0x7f0000000180)='exfat\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x3, &(0x7f0000000340)=[{&(0x7f00000003c0)="bd510e720b7faf45719fec1974399582dbb7d95520b3131a3cbf53626669afb4623e5fd9d6ea2b1e7303ccd1bac28fd92172b7060f8eefb24e900004000000000000180d5b222ccabf43cd00000000000000005e954cdba1c98565c2a5b050d07b5051eff1190e00c62b", 0x6a, 0xffffffffffffffe0}, {&(0x7f0000000500)="e317c9ee73f8d3c7cc53596c6d6c984b6de898d9c8bc7258cf37a36d3135f5ca21f54bb8bafb76911a3426004cec822f3df149a8b9688f58503a814b7c923c9ab973a7656df39d133dcdd7372e3c395b18a3ba7f1d5ee1c7cc470841bb77d27bc8d6e9a41e83d75bb77b2f7d228d11d57cb3d01e2dd00216b49c66", 0x7b, 0x7}, {&(0x7f0000000600)="4e04b56409b68a2c34bc71d959e3409bf8d9e2f5cefb7d4a942430b6528799e5012c01108bd20e5e1f3e6fb1c3023bb6b27c82009d1d258d80fc084362ffa0c5f33ec027a20ad9dbb82e6bf9be7f5aab8351093396b525b5218a028e04f2f7db8fb6b18327c70105e5eb5d470c7d899ef62ce905c23532458dde1f4321798fd41b9b0c60881bf968e88f499fd8b6494455b011ee5612d17d02b6cebfbaad3bedbf7cd011565d16ad7aef99e0dd16100ceaad0c1e100e0858867e8e49b7265bab9f3d", 0xc2, 0x7}], 0x9b4400, &(0x7f0000000700)={[{@dmask={'dmask', 0x3d, 0x400000040}}, {@gid={'gid', 0x3d, 0xffffffffffffffff}}, {@namecase='namecase=1'}], [{@subj_role={'subj_role', 0x3d, '/dev/ptmx\x00'}}, {@measure='measure'}, {@measure='measure'}, {@hash='hash'}, {@dont_appraise='dont_appraise'}, {@uid_eq={'uid'}}, {@fowner_gt={'fowner>', r5}}]})
fsetxattr$security_capability(r2, &(0x7f0000000040)='security.capability\x00', &(0x7f0000000140)=@v3={0x3000000, [{0x400, 0x480}, {0x4, 0x4}], r5}, 0x18, 0x1)
r6 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
bind$vsock_stream(r1, &(0x7f0000000280)={0x28, 0x0, 0xffffffff, @local}, 0x10)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r6, 0x0, 0x10000)

06:13:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r1, r2, 0x0, 0x10000)
r3 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
dup2(r3, r4)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)="96369e1c8279dab6ae4157bffc728648a3389e7c7987438b28c3727f322fb74551d7d72f39278eef8255fbe5a1830d553917974120efc3501274feac1ae338176d117b93ef030bcbfdb1caa34ea45f35442a6222bf1c5fe63b0eeca669007199579d701b445d92154316b9796b7d4a91053034d0fcf8b679767b21c7627bd5eba51465d2a6a9c53106ecd9a61946be162191c02828a7c34b41c49dbe44640df2487179da56acab864bd69effa6d4242f8ae7e35c951fee4fdf", 0xb9}, {&(0x7f0000000000)="60f9b3a48b6f7cc658d92e3d0c7ee411117b413076a44f4fc4ef005eaf5d6f3ee1490206ef796188924ce69021573f82fce57b6a180e6555298de2c839d2d546e44e1ed4520d4506c6fcab8d2cb40e24f725d39106742731b96209db7b62aea391c3a71c9f51056ad4", 0x69}, {&(0x7f0000000240)="ebf3a6d177e8b7871ad8f07b0fbf168b220fd752cf83c5700d5cf9831db0be97ae1791c2aa124a0abcd24ae7d9d1e075819696a549eb17a6312402ac4294fda13ae6fd6d909a98bd97355d6a827c608024e367f533b39a73cfbedebc46be335f", 0x60}, {&(0x7f00000003c0)="b8190bdf1ad86f73995e6169050b5a2d8b14520a658f608e217d50962c2704330415ae9d240fea20003d48c47d72dd8aac8b4d268d8ccc7e260859c56a1ccd77dade4ec2f086431a1d27995896ed3c34a7a212125da97f982c85479890cac5e2e9009a80dca9ccc80355ad586d705156c9fa56b579c9e8f8fcb31f12c788340afe04b4088348ed3da9dc5aa999093ade6d77ec39ed01be138e9b6c02945849b511d81254ca0fbcc36eabcf5d8ff03b7aaf8c494cd6d3bdfa11b42bf53ee32040510bdf532533d74e8074889e91e7b29b7a60f7cce140", 0xd6}], 0x4)

06:13:12 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004d50e400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:12 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xff00000000000000)

06:13:12 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x400000000000000)

06:13:12 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x252, 0x500)

[  531.877964][T20861] netlink: 18458 bytes leftover after parsing attributes in process `syz-executor.4'.
[  531.942166][T20874] FS-Cache: Duplicate cookie detected
[  531.947630][T20874] FS-Cache: O-cookie c=00000000d0c6d937 [p=00000000750d8252 fl=222 nc=0 na=1]
[  531.947641][T20874] FS-Cache: O-cookie d=00000000a2c01c2a n=000000006f34c91c
[  531.947647][T20874] FS-Cache: O-key=[10] '34323934393930333334'
06:13:13 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x253, 0x500)

[  531.947687][T20874] FS-Cache: N-cookie c=00000000b1570dab [p=00000000750d8252 fl=2 nc=0 na=1]
[  531.947696][T20874] FS-Cache: N-cookie d=00000000a2c01c2a n=00000000d7e16f29
[  531.947702][T20874] FS-Cache: N-key=[10] '34323934393930333334'
06:13:13 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
ioctl$VIDIOC_G_STD(0xffffffffffffffff, 0x80085617, &(0x7f0000000280))
r0 = socket(0x400020000000010, 0x2, 0x0)
write(r0, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000300), &(0x7f0000000340)=0x4)
r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'osx.', 'vfat\x00'}, &(0x7f0000000140)=""/123, 0x7b)
r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
mount$9p_rdma(&(0x7f00000000c0)='127.0.0.1\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='9p\x00', 0x418400, &(0x7f00000003c0)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@timeout={'timeout', 0x3d, 0x1}}, {@timeout={'timeout', 0x3d, 0x5}}, {@common=@cache_loose='cache=loose'}, {@rq={'rq', 0x3d, 0x3}}, {@timeout={'timeout', 0x3d, 0x400}}, {@common=@cache_none='cache=none'}, {@timeout={'timeout', 0x3d, 0x2}}, {@common=@privport='privport'}], [{@obj_role={'obj_role', 0x3d, 'cgroup'}}]}})
sendfile(r2, r3, 0x0, 0x10000)

[  532.025308][   T27] audit: type=1804 audit(1583993593.026:580): pid=20864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/340/file0/file0" dev="sda1" ino=17313 res=1
06:13:13 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x254, 0x500)

06:13:13 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040018400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  532.027754][   T27] audit: type=1800 audit(1583993593.026:581): pid=20869 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=17233 res=0
[  532.028082][   T27] audit: type=1800 audit(1583993593.026:582): pid=20864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17313 res=0
[  532.031916][   T27] audit: type=1804 audit(1583993593.036:583): pid=20864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/340/file0/file0" dev="sda1" ino=17313 res=1
[  532.098728][T20861] netlink: 18458 bytes leftover after parsing attributes in process `syz-executor.4'.
[  532.424932][T20895] validate_nla: 2 callbacks suppressed
06:13:13 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x255, 0x500)

06:13:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000180)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000100)="eb3c906d6b65732e666174000204010002000270fff8", 0xfffffffffffffdc9}], 0x801000, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
accept4$inet6(r0, 0x0, &(0x7f0000000000), 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fchdir(r1)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r2, r3, 0x0, 0x10000)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000040)={0x80, 0x80, 0x3, 0x0, 0x6, 0x30, 0x4, 0x80, 0x5, 0x9, 0xe5, 0x14, 0x0, 0x0, 0x8, 0x4, 0x9, 0x1, 0xc3, [], 0x1b, 0x2})

[  532.425145][T20895] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  532.487281][   T27] audit: type=1804 audit(1583993593.486:584): pid=20897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir876640370/syzkaller.oFqTIb/340/file0/file0" dev="sda1" ino=17313 res=1
[  532.519175][T20895] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:13:13 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x500000000000000)

[  532.605343][   T27] audit: type=1804 audit(1583993593.606:585): pid=20898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/365/file0/file0" dev="sda1" ino=16769 res=1
[  532.714523][   T27] audit: type=1800 audit(1583993593.606:586): pid=20898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16769 res=0
06:13:13 executing program 3:
r0 = socket(0x400020000000010, 0x2, 0x0)
write(r0, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000)=0x20, 0x4)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
sendfile(r2, r3, 0x0, 0x10000)

06:13:13 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x256, 0x500)

[  532.815208][T20895] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:13:13 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xffffff7f00000000)

06:13:14 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040028400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  533.093922][   T27] audit: type=1804 audit(1583993594.096:587): pid=20924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir192691011/syzkaller.izOrJC/366/file0/file0" dev="loop3" ino=103 res=1
06:13:14 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x257, 0x500)

[  533.202447][   T27] audit: type=1800 audit(1583993594.126:588): pid=20924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=103 res=0
[  533.347552][T20938] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:13:14 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x258, 0x500)

06:13:14 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040035400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:14 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0xffffffff00000000)

06:13:14 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x600000000000000)

[  533.739236][T20955] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
06:13:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000040)={0x9a0000, 0xffff, 0x401, 0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x9d0901, 0x2, [], @value=0x7f}})
r2 = accept4$x25(0xffffffffffffffff, &(0x7f0000000180)={0x9, @remote}, &(0x7f00000001c0)=0x12, 0x80c00)
r3 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x80000001, 0x8202)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8982, &(0x7f0000000240)={0x6, 'vlan1\x00', {0x1}, 0x9})
fchdir(r3)
r4 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x4)
r5 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r4, r5, 0x0, 0x10000)
r6 = socket(0x400020000000010, 0x2, 0x0)
write(r6, &(0x7f0000a1cf6c)="1f00000070000d0000000000fc07ff1b070404002000000007000100018439", 0x1f)
setsockopt$inet6_IPV6_ADDRFORM(r6, 0x29, 0x1, &(0x7f0000000280), 0x4)

06:13:14 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004005a400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:14 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x259, 0x500)

[  534.085774][T20976] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  534.095007][T20976] __nla_validate_parse: 3 callbacks suppressed
[  534.095015][T20976] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:13:15 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x700000000000000)

06:13:15 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc60040063400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

06:13:15 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x25a, 0x500)

06:13:15 executing program 5:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
mount(&(0x7f0000000300)=ANY=[@ANYBLOB="2f6465762f6d6430005fac00236d129aad2807"], &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)='exfat\x00', 0x8008c0, &(0x7f00000002c0)='\x00')
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000400)={0x0, 0x655df5d9})
getpeername$netrom(r3, &(0x7f0000000380)={{0x3, @netrom}, [@remote, @netrom, @netrom, @default, @netrom, @remote, @remote, @rose]}, &(0x7f0000000180)=0x48)

[  534.366433][T20985] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  534.384169][T20985] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:13:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000380), 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r1, r2, 0x0, 0x10000)

[  534.526171][T20991] FAT-fs (loop2): bogus number of reserved sectors
[  534.541930][T20991] FAT-fs (loop2): Can't find a valid FAT filesystem
06:13:15 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000001380)='/proc/locks\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x64e716d1}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
preadv(r0, &(0x7f00000017c0), 0x25b, 0x500)

[  534.602472][T20985] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  534.617222][T20985] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.4'.
06:13:15 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000680)='./file0\x00', 0x58d402, 0x1)
fchdir(r0)
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f00000000c0)={0xffffffffffffff8b, 0x5, 0x2, 0xe0e0e0e0})
r1 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x521802, 0x0)
r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$CAPI_GET_SERIAL(r4, 0xc0044308, &(0x7f0000000200))
ioctl$TIOCMGET(r4, 0x5415, &(0x7f0000000300))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000280)='SMC_PNETID\x00')
r7 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)=ANY=[]}, 0x1, 0x0, 0x0, 0x4040}, 0x0)
chmod(&(0x7f0000000640)='./file0\x00', 0x62)
sendmsg$SMC_PNETID_ADD(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="100025bd700f02e7f897eda7f30600fbdbdf25020000001f00030073797a31000000001400020076657468305f746f33627269646765e80800790073797a4b00000000140002007465616d5f736c6176655f310000000005000412b90002000000209795bf4595b87a39e87e1400020069703667726574000300030000000000"], 0x70}, 0x1, 0x0, 0x0, 0x40044}, 0x800)
sendfile(r1, r2, 0x0, 0x10000)
mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="2f6465762fff3c2a213a392f770b9b030fd06ee6744765baf0989f41d84d8f069324bbf4dcdaa95f78c8e909802cb0ce940ccc53476233dab941ab9c725dbf7d4df1dd1d4143185307fbf6019071ae690d1985b45dc1c14e476b3ea0837f85543f18c62177453052bb82aea2d83e6e1027ba011512282fc4"], &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='nfsd\x00', 0x40000, &(0x7f00000004c0)='}\x00')
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
fstat(r3, &(0x7f00000003c0))
setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)

[  534.706309][T20991] FAT-fs (loop2): bogus number of reserved sectors
[  534.770318][T20991] FAT-fs (loop2): Can't find a valid FAT filesystem
06:13:15 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000024000505d20680648c63940d0424fc6004006b400a001600063582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  534.828358][T21009] [EXFAT] trying to mount...
06:13:15 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x800000000000000)

06:13:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x2, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16, 0xfffffffffffffffd}, {&(0x7f00000003c0)="d8ac61f3a9b178a088478722e8e3063e15554f7f4c7f88201d82e1de54c9e6fdd5549438d5255c69f549dd3663100377ac414fb0ffd73674f2368a4add6eff156c857e2309d0ebed43f7c8a9e5c81c36cb49482ba8e04da1be508d1c7f5f3a95dae3d73433bef6b5d47faccc3d9ce5ac78c3013328957fa866948e62f614cb6a5a95c5af20da2edcd16126e2e3e1526c2c11d037519e18cac0c912b8d76e29f60bee88ecec69c9bdd3863354f330467774c84323adea2bbd15255e7b237daa11a35c892c4ccea783b5e2e26ebc346152d38c3fa30fca2ac2ceaae93e3a90fc6a0b", 0xe1, 0x1f}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
sendmsg$NFT_MSG_GETSET(r2, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x28, 0xa, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
ioctl$CAPI_GET_SERIAL(r1, 0xc0044308, &(0x7f0000000200))
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
r3 = open(&(0x7f0000000080)='./file0\x00', 0x1070c5, 0x0)
r4 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000300)={'syz'}, &(0x7f00000008c0)="d8", 0x1, 0xfffffffffffffffe)
ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000780)="7d9f45833cea67aae8db2f4b94722407b3b95a490f78f70fe9ec73e3a0a220e86490246ef43829708ac8bafd462eb2e9eb7851bd9330dfa78408ebd8adf4c7e483e8660746849275bbba86a1f126064f202426778877c1979664189f6f7e8a824510d97e0d73dedaee4e446c041a51ad2120a14e46398927163045751cad80e8058280851e526609957c89969246394e973c9f10f50190d4afca444784dd46bbf75bdd5060c01fca3dc101aad50242bd1723f2218f1e136a1c171ed5cbaa6c307048efceb32511838d4f3b2b64ad699bfc0a0021aef48215b56bd058a9cc200f82f44560")
keyctl$describe(0x6, r4, 0x0, 0x0)
keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000000)={r4, 0xc9, 0xf7}, &(0x7f0000000140)={'enc=', 'raw', ' hash=', {'nhpoly1305-neon\x00'}}, &(0x7f0000000580)="9726a4313465621e239de0af7aee094c353874a351d0fbe1fec8daa760fa1add7c86be44a825704dfe0bf77895ac6cc45e3ed4242f947b25f42a944695968a94663176430968c2ce817966708ae5b7a6629686d5cefd7831e0e958ed999c91cdda7aded44e1ad434a2b5c6d6266e15cfde2eb9bb2a3f956d15a130be98927023185e3861f450e753d1d088cd55a06c452b250a8f6b82bb9d50b203cd4e612d8e1f162e50abfe9e4e42b07cd81296256f8200f565d0ebd2bdd8ab881acd4770aef366067c7d79810213", &(0x7f0000000680)=""/247)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000880)='TIPC\x00')
sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000980)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x30, r5, 0x100, 0x70bd26, 0x25dfdbfd, {{}, {}, {0x14, 0x18, {0xffff, @bearer=@udp='udp:syz0\x00'}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x8001}, 0x801)
r6 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$sock_TIOCOUTQ(r6, 0x5411, &(0x7f00000009c0))
r7 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
sendfile(r3, r7, 0x0, 0x10000)

[  534.911378][T21009] ------------[ cut here ]------------
[  534.956673][T21009] [EXFAT] No bh, device seems wrong or to be ejected.
[  534.977493][T21009] WARNING: CPU: 0 PID: 21009 at drivers/staging/exfat/exfat_blkdev.c:62 exfat_bdev_read+0x24a/0x2b0
[  534.988286][T21009] Kernel panic - not syncing: panic_on_warn set ...
[  534.994899][T21009] CPU: 0 PID: 21009 Comm: syz-executor.5 Not tainted 5.6.0-rc5-syzkaller #0
[  535.003605][T21009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  535.013657][T21009] Call Trace:
[  535.016946][T21009]  dump_stack+0x188/0x20d
[  535.021268][T21009]  ? exfat_bdev_read+0x170/0x2b0
[  535.026261][T21009]  panic+0x2e3/0x75c
[  535.030260][T21009]  ? add_taint.cold+0x16/0x16
[  535.035010][T21009]  ? __probe_kernel_read+0x188/0x1d0
[  535.040305][T21009]  ? __warn.cold+0x14/0x35
[  535.044740][T21009]  ? exfat_bdev_read+0x24a/0x2b0
[  535.049669][T21009]  __warn.cold+0x2f/0x35
[  535.053909][T21009]  ? exfat_bdev_read+0x24a/0x2b0
[  535.059407][T21009]  report_bug+0x27b/0x2f0
[  535.063828][T21009]  do_error_trap+0x12b/0x220
[  535.068429][T21009]  ? exfat_bdev_read+0x24a/0x2b0
[  535.073388][T21009]  do_invalid_op+0x32/0x40
[  535.077810][T21009]  ? exfat_bdev_read+0x24a/0x2b0
[  535.082805][T21009]  invalid_op+0x23/0x30
[  535.086957][T21009] RIP: 0010:exfat_bdev_read+0x24a/0x2b0
[  535.092487][T21009] Code: 00 00 31 ff 41 bc fb ff ff ff 89 de e8 5f 0d 9e fb 85 db 0f 85 5d ff ff ff e8 e2 0b 9e fb 48 c7 c7 60 1f ad 88 e8 3e 1c 70 fb <0f> 0b e9 45 ff ff ff e8 8a c9 da fb e9 ad fe ff ff e8 60 c9 da fb
[  535.112093][T21009] RSP: 0018:ffffc9001738fb38 EFLAGS: 00010286
[  535.118142][T21009] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  535.126118][T21009] RDX: 00000000000392cd RSI: ffffffff815bf531 RDI: fffff52002e71f59
[  535.134096][T21009] RBP: ffffc9001738fc70 R08: ffff888092b02340 R09: ffffed1015cc6659
[  535.142059][T21009] R10: ffffed1015cc6658 R11: ffff8880ae6332c7 R12: 00000000fffffffb
[  535.150016][T21009] R13: ffff888048cc0000 R14: 0000000000000001 R15: 0000000000000000
[  535.158064][T21009]  ? vprintk_func+0x81/0x17e
[  535.162654][T21009]  ? exfat_bdev_read+0x24a/0x2b0
[  535.167579][T21009]  sector_read+0x13a/0x1e0
[  535.171986][T21009]  exfat_fill_super.cold+0x2e4/0x895
[  535.177282][T21009]  ? exfat_read_root+0x8f0/0x8f0
[  535.182203][T21009]  ? snprintf+0xbb/0xf0
[  535.186361][T21009]  ? wait_for_completion+0x3c0/0x3c0
[  535.191675][T21009]  ? set_blocksize+0x24f/0x2c0
[  535.196434][T21009]  mount_bdev+0x305/0x3c0
[  535.200749][T21009]  ? exfat_read_root+0x8f0/0x8f0
[  535.205669][T21009]  ? exfat_remount+0x50/0x50
[  535.210242][T21009]  legacy_get_tree+0x105/0x220
[  535.214988][T21009]  ? ns_capable_common+0xe2/0x100
[  535.220867][T21009]  vfs_get_tree+0x89/0x2f0
[  535.225269][T21009]  do_mount+0x1306/0x1a60
[  535.229586][T21009]  ? copy_mount_string+0x40/0x40
[  535.234517][T21009]  ? _copy_from_user+0x123/0x190
[  535.239447][T21009]  __x64_sys_mount+0x18f/0x230
[  535.247597][T21009]  do_syscall_64+0xf6/0x7d0
[  535.252106][T21009]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  535.257979][T21009] RIP: 0033:0x45c679
[  535.261869][T21009] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  535.281501][T21009] RSP: 002b:00007f1bd16e0c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  535.289921][T21009] RAX: ffffffffffffffda RBX: 00007f1bd16e16d4 RCX: 000000000045c679
[  535.297888][T21009] RDX: 0000000020000280 RSI: 00000000200001c0 RDI: 0000000020000300
[  535.305859][T21009] RBP: 000000000076bf00 R08: 00000000200002c0 R09: 0000000000000000
[  535.313829][T21009] R10: 00000000008008c0 R11: 0000000000000246 R12: 00000000ffffffff
[  535.321788][T21009] R13: 000000000000074a R14: 00000000004c9f51 R15: 000000000076bf0c
[  535.331372][T21009] Kernel Offset: disabled
[  535.335811][T21009] Rebooting in 86400 seconds..