syzkaller login: [ 33.535693] sshd (244) used greatest stack depth: 24752 bytes left Warning: Permanently added '[localhost]:6203' (ECDSA) to the list of known hosts. 2022/07/11 14:02:28 fuzzer started 2022/07/11 14:02:28 dialing manager at localhost:42827 [ 35.519532] cgroup: Unknown subsys name 'net' [ 35.619621] cgroup: Unknown subsys name 'rlimit' 2022/07/11 14:02:41 syscalls: 2217 2022/07/11 14:02:41 code coverage: enabled 2022/07/11 14:02:41 comparison tracing: enabled 2022/07/11 14:02:41 extra coverage: enabled 2022/07/11 14:02:41 setuid sandbox: enabled 2022/07/11 14:02:41 namespace sandbox: enabled 2022/07/11 14:02:41 Android sandbox: enabled 2022/07/11 14:02:41 fault injection: enabled 2022/07/11 14:02:41 leak checking: enabled 2022/07/11 14:02:41 net packet injection: enabled 2022/07/11 14:02:41 net device setup: enabled 2022/07/11 14:02:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/07/11 14:02:41 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/07/11 14:02:41 USB emulation: enabled 2022/07/11 14:02:41 hci packet injection: enabled 2022/07/11 14:02:41 wifi device emulation: enabled 2022/07/11 14:02:41 802.15.4 emulation: enabled 2022/07/11 14:02:41 fetching corpus: 0, signal 0/2000 (executing program) 2022/07/11 14:02:41 fetching corpus: 26, signal 26531/29761 (executing program) 2022/07/11 14:02:42 fetching corpus: 76, signal 46342/50331 (executing program) 2022/07/11 14:02:42 fetching corpus: 126, signal 58965/63527 (executing program) 2022/07/11 14:02:42 fetching corpus: 176, signal 65098/70408 (executing program) 2022/07/11 14:02:42 fetching corpus: 226, signal 74546/80153 (executing program) 2022/07/11 14:02:42 fetching corpus: 276, signal 81560/87427 (executing program) 2022/07/11 14:02:43 fetching corpus: 326, signal 85012/91339 (executing program) 2022/07/11 14:02:43 fetching corpus: 376, signal 89901/96331 (executing program) 2022/07/11 14:02:43 fetching corpus: 426, signal 94114/100629 (executing program) 2022/07/11 14:02:43 fetching corpus: 476, signal 97424/104053 (executing program) 2022/07/11 14:02:43 fetching corpus: 526, signal 101621/108088 (executing program) 2022/07/11 14:02:43 fetching corpus: 576, signal 105815/111977 (executing program) 2022/07/11 14:02:44 fetching corpus: 626, signal 110640/116195 (executing program) 2022/07/11 14:02:44 fetching corpus: 676, signal 114013/119197 (executing program) 2022/07/11 14:02:44 fetching corpus: 726, signal 118142/122761 (executing program) 2022/07/11 14:02:44 fetching corpus: 776, signal 120890/125106 (executing program) 2022/07/11 14:02:44 fetching corpus: 826, signal 122942/126849 (executing program) 2022/07/11 14:02:45 fetching corpus: 875, signal 125118/128668 (executing program) 2022/07/11 14:02:45 fetching corpus: 925, signal 127187/130310 (executing program) 2022/07/11 14:02:45 fetching corpus: 975, signal 129556/132097 (executing program) 2022/07/11 14:02:45 fetching corpus: 1025, signal 132159/133979 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/134781 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/134854 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/134920 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135003 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135092 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135169 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135250 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135327 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135390 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135461 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135520 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135586 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135671 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135741 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135823 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135898 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/135960 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/136029 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/136108 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/136172 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/136245 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/136310 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/136363 (executing program) 2022/07/11 14:02:45 fetching corpus: 1045, signal 133261/136440 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/136502 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/136571 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/136656 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/136736 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/136799 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/136860 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/136940 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137011 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137086 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137159 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137228 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137288 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137359 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137425 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137489 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137563 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137622 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137710 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137786 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137855 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/137948 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/138022 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/138055 (executing program) 2022/07/11 14:02:46 fetching corpus: 1045, signal 133261/138055 (executing program) 2022/07/11 14:02:48 starting 8 fuzzer processes 14:02:48 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000000)={0xdcf}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xd) 14:02:48 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x39b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) pread64(r0, 0x0, 0x0, 0x0) 14:02:48 executing program 2: prctl$PR_GET_TSC(0x19, &(0x7f0000000000)) prctl$PR_GET_TSC(0x25, &(0x7f0000000040)) [ 54.860289] audit: type=1400 audit(1657548168.685:6): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 14:02:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000000)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @typed={0xc, 0x28, 0x0, 0x0, @u64}]}, 0x2c}], 0x1}, 0x0) 14:02:48 executing program 4: openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\x00') sendfile(r1, r0, 0x0, 0x409afb) 14:02:48 executing program 5: mkdir(&(0x7f0000003b80)='./file0\x00', 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="100003000000000020"], 0x2c, 0x0) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) 14:02:48 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setfsgid(0x0) 14:02:48 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x401c5820, &(0x7f0000000240)={0x0, 0xfffffffffffffffb}) [ 56.117135] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 56.118719] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 56.120608] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 56.123751] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.125475] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 56.127702] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 56.176546] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 56.179421] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 56.180568] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 56.183532] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 56.184715] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 56.185006] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 56.201989] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 56.203222] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 56.209494] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 56.211290] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 56.212667] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 56.212986] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 56.260403] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 56.263085] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 56.265443] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 56.286947] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 56.292044] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 56.293448] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 58.204398] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 58.205286] Bluetooth: hci0: command 0x0409 tx timeout [ 58.267899] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 58.268114] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 58.269497] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 58.331824] Bluetooth: hci3: command 0x0409 tx timeout [ 58.332270] Bluetooth: hci2: command 0x0409 tx timeout [ 58.332835] Bluetooth: hci7: command 0x0409 tx timeout [ 60.251884] Bluetooth: hci0: command 0x041b tx timeout [ 60.379839] Bluetooth: hci7: command 0x041b tx timeout [ 60.380654] Bluetooth: hci2: command 0x041b tx timeout [ 60.381650] Bluetooth: hci3: command 0x041b tx timeout [ 60.844363] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 60.857598] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 60.862174] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 60.866317] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 60.868507] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 60.870472] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 61.031297] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 61.040583] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 61.045596] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 61.055597] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 61.071173] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 61.074174] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 61.111610] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 61.113467] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 61.114696] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 61.117479] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 61.119012] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 61.120148] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 62.299841] Bluetooth: hci0: command 0x040f tx timeout [ 62.427945] Bluetooth: hci3: command 0x040f tx timeout [ 62.429829] Bluetooth: hci2: command 0x040f tx timeout [ 62.430587] Bluetooth: hci7: command 0x040f tx timeout [ 62.939887] Bluetooth: hci1: command 0x0409 tx timeout [ 63.131897] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 63.133109] Bluetooth: hci4: command 0x0409 tx timeout [ 63.195818] Bluetooth: hci5: command 0x0409 tx timeout [ 64.348147] Bluetooth: hci0: command 0x0419 tx timeout [ 64.475852] Bluetooth: hci7: command 0x0419 tx timeout [ 64.476649] Bluetooth: hci2: command 0x0419 tx timeout [ 64.477634] Bluetooth: hci3: command 0x0419 tx timeout [ 64.987899] Bluetooth: hci1: command 0x041b tx timeout [ 65.179899] Bluetooth: hci4: command 0x041b tx timeout [ 65.243885] Bluetooth: hci5: command 0x041b tx timeout [ 65.462989] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 65.476689] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 65.484118] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 65.491241] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 65.492894] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 65.493821] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.035902] Bluetooth: hci1: command 0x040f tx timeout [ 67.227826] Bluetooth: hci4: command 0x040f tx timeout [ 67.291821] Bluetooth: hci5: command 0x040f tx timeout [ 67.548250] Bluetooth: hci6: command 0x0409 tx timeout [ 69.083988] Bluetooth: hci1: command 0x0419 tx timeout [ 69.275977] Bluetooth: hci4: command 0x0419 tx timeout [ 69.339957] Bluetooth: hci5: command 0x0419 tx timeout [ 69.595952] Bluetooth: hci6: command 0x041b tx timeout [ 71.644251] Bluetooth: hci6: command 0x040f tx timeout [ 73.691992] Bluetooth: hci6: command 0x0419 tx timeout [ 100.573975] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.574619] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.576119] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 100.695186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.695813] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.697274] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 100.838827] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.839404] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.841558] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 100.990432] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.991108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.992554] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 101.420579] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.421319] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.422870] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 101.621603] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.622249] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.623534] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 14:03:35 executing program 2: prctl$PR_GET_TSC(0x19, &(0x7f0000000000)) prctl$PR_GET_TSC(0x25, &(0x7f0000000040)) 14:03:35 executing program 2: prctl$PR_GET_TSC(0x19, &(0x7f0000000000)) prctl$PR_GET_TSC(0x25, &(0x7f0000000040)) 14:03:35 executing program 2: prctl$PR_GET_TSC(0x19, &(0x7f0000000000)) prctl$PR_GET_TSC(0x25, &(0x7f0000000040)) 14:03:35 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setfsgid(0x0) 14:03:36 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setfsgid(0x0) 14:03:36 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setfsgid(0x0) 14:03:36 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setfsgid(0x0) 14:03:36 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setfsgid(0x0) [ 102.690760] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.692116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.695300] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 102.839621] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.841000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.843410] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 104.032571] netlink: 'syz-executor.3': attribute type 40 has an invalid length. [ 106.582858] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.583508] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.585212] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 106.629410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.630507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.632381] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 106.975144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.975744] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.979634] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 107.063000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.063683] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.065011] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 107.482026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.482714] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.486129] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 107.519009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.519657] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.521282] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 107.938034] ------------[ cut here ]------------ [ 107.938548] WARNING: CPU: 0 PID: 3924 at lib/iov_iter.c:1026 iov_iter_pipe+0x23c/0x2b0 [ 107.939807] Modules linked in: [ 107.940071] CPU: 0 PID: 3924 Comm: syz-executor.4 Not tainted 5.19.0-rc6-next-20220711 #1 [ 107.940679] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 107.941684] RIP: 0010:iov_iter_pipe+0x23c/0x2b0 [ 107.942545] Code: 83 c0 03 38 d0 7c 04 84 d2 75 30 44 89 63 24 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 fb 04 3f ff 0f 0b e8 f4 04 3f ff <0f> 0b e9 ac fe ff ff e8 48 40 71 ff e9 1b fe ff ff e8 ae 40 71 ff [ 107.944325] RSP: 0018:ffff888039e079d8 EFLAGS: 00010212 [ 107.944721] RAX: 0000000000001ecf RBX: ffff888039e07a68 RCX: ffffc9000700b000 [ 107.945279] RDX: 0000000000040000 RSI: ffffffff8205786c RDI: 0000000000000004 [ 107.945850] RBP: ffff88803e5f4c00 R08: 0000000000000004 R09: 0000000000000010 [ 107.946403] R10: 0000000000000010 R11: 0000000000000001 R12: 0000000000000010 [ 107.946954] R13: 0000000000000000 R14: 0000000000000010 R15: 0000000000000010 [ 107.947497] FS: 00007f6987460700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 107.948115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.948561] CR2: 0000001b2d822000 CR3: 000000000ed9c000 CR4: 0000000000350ef0 [ 107.949114] Call Trace: [ 107.949317] [ 107.949506] generic_file_splice_read+0x95/0x4d0 [ 107.949899] ? lock_is_held_type+0xd7/0x130 [ 107.950237] ? add_to_pipe+0x3b0/0x3b0 [ 107.950547] ? inode_security+0x105/0x130 [ 107.950888] ? fsnotify_perm.part.0+0x221/0x610 [ 107.951261] ? security_file_permission+0xb1/0xd0 [ 107.951644] ? add_to_pipe+0x3b0/0x3b0 [ 107.951973] do_splice_to+0x1bc/0x240 [ 107.952277] ? direct_splice_actor+0x117/0x170 [ 107.952639] splice_direct_to_actor+0x2ac/0x8c0 [ 107.953023] ? pipe_to_sendpage+0x380/0x380 [ 107.953372] ? pipe_to_user+0x170/0x170 [ 107.953676] ? security_file_permission+0xb1/0xd0 [ 107.954063] do_splice_direct+0x1b8/0x280 [ 107.954399] ? splice_direct_to_actor+0x8c0/0x8c0 [ 107.954818] ? lock_is_held_type+0xd7/0x130 [ 107.955168] do_sendfile+0xb19/0x1270 [ 107.955460] ? __ia32_compat_sys_preadv64+0x2e0/0x2e0 [ 107.955867] ? xfd_validate_state+0x59/0x180 [ 107.956205] ? restore_fpregs_from_fpstate+0xbd/0x1c0 [ 107.956595] __x64_sys_sendfile64+0x1cd/0x210 [ 107.956946] ? __ia32_compat_sys_sendfile64+0x210/0x210 [ 107.957361] ? syscall_enter_from_user_mode+0x1d/0x50 [ 107.957742] ? syscall_enter_from_user_mode+0x1d/0x50 [ 107.958148] do_syscall_64+0x3b/0x90 [ 107.958430] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 107.958819] RIP: 0033:0x7f6989eeab19 [ 107.959095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 107.960415] RSP: 002b:00007f6987460188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 107.960970] RAX: ffffffffffffffda RBX: 00007f6989ffdf60 RCX: 00007f6989eeab19 [ 107.961497] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 107.962035] RBP: 00007f6989f44f6d R08: 0000000000000000 R09: 0000000000000000 [ 107.962544] R10: 0000000000409afb R11: 0000000000000246 R12: 0000000000000000 [ 107.963071] R13: 00007fff8cf9ab0f R14: 00007f6987460300 R15: 0000000000022000 [ 107.963594] [ 107.963792] irq event stamp: 1835 [ 107.964056] hardirqs last enabled at (1847): [] __up_console_sem+0x78/0x80 [ 107.964671] hardirqs last disabled at (1856): [] __up_console_sem+0x5d/0x80 [ 107.965305] softirqs last enabled at (1248): [] __irq_exit_rcu+0x113/0x170 [ 107.965945] softirqs last disabled at (703): [] __irq_exit_rcu+0x113/0x170 [ 107.966548] ---[ end trace 0000000000000000 ]--- [ 109.931094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.932323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.935337] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 109.956331] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.957021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.958354] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 14:03:44 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000000)={0xdcf}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xd) 14:03:44 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x39b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) pread64(r0, 0x0, 0x0, 0x0) 14:03:44 executing program 6: prctl$PR_GET_TSC(0x19, &(0x7f0000000000)) prctl$PR_GET_TSC(0x25, &(0x7f0000000040)) 14:03:44 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x401c5820, &(0x7f0000000240)={0x0, 0xfffffffffffffffb}) 14:03:44 executing program 4: openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\x00') sendfile(r1, r0, 0x0, 0x409afb) 14:03:44 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setfsgid(0x0) 14:03:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000000)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @typed={0xc, 0x28, 0x0, 0x0, @u64}]}, 0x2c}], 0x1}, 0x0) 14:03:44 executing program 5: mkdir(&(0x7f0000003b80)='./file0\x00', 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="100003000000000020"], 0x2c, 0x0) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) [ 110.394759] netlink: 'syz-executor.3': attribute type 40 has an invalid length. [ 110.405383] ------------[ cut here ]------------ [ 110.405828] WARNING: CPU: 1 PID: 3991 at lib/iov_iter.c:1026 iov_iter_pipe+0x23c/0x2b0 [ 110.406486] Modules linked in: [ 110.406745] CPU: 1 PID: 3991 Comm: syz-executor.4 Tainted: G W 5.19.0-rc6-next-20220711 #1 [ 110.407585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 110.408467] RIP: 0010:iov_iter_pipe+0x23c/0x2b0 [ 110.408869] Code: 83 c0 03 38 d0 7c 04 84 d2 75 30 44 89 63 24 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 fb 04 3f ff 0f 0b e8 f4 04 3f ff <0f> 0b e9 ac fe ff ff e8 48 40 71 ff e9 1b fe ff ff e8 ae 40 71 ff [ 110.410298] RSP: 0018:ffff88803eb079d8 EFLAGS: 00010212 [ 110.410720] RAX: 0000000000000633 RBX: ffff88803eb07a68 RCX: ffffc9000700b000 [ 110.411311] RDX: 0000000000040000 RSI: ffffffff8205786c RDI: 0000000000000004 [ 110.411888] RBP: ffff88803cb39000 R08: 0000000000000004 R09: 0000000000000010 [ 110.412455] R10: 0000000000000010 R11: 0000000000000001 R12: 0000000000000010 [ 110.413028] R13: 0000000000000000 R14: 0000000000000010 R15: 0000000000000010 [ 110.413599] FS: 00007f6987460700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 110.414246] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.414699] CR2: 00007f07c1ad0f64 CR3: 0000000017a92000 CR4: 0000000000350ee0 [ 110.415285] Call Trace: [ 110.415493] [ 110.415685] generic_file_splice_read+0x95/0x4d0 [ 110.416095] ? lock_is_held_type+0xd7/0x130 [ 110.416451] ? add_to_pipe+0x3b0/0x3b0 [ 110.416798] ? inode_security+0x105/0x130 [ 110.417145] ? fsnotify_perm.part.0+0x221/0x610 [ 110.417529] ? security_file_permission+0xb1/0xd0 [ 110.417944] ? add_to_pipe+0x3b0/0x3b0 [ 110.418269] do_splice_to+0x1bc/0x240 [ 110.418582] ? direct_splice_actor+0x117/0x170 [ 110.418975] splice_direct_to_actor+0x2ac/0x8c0 [ 110.419365] ? pipe_to_sendpage+0x380/0x380 [ 110.419712] ? pipe_to_user+0x170/0x170 [ 110.420066] ? security_file_permission+0xb1/0xd0 [ 110.420457] do_splice_direct+0x1b8/0x280 [ 110.420810] ? splice_direct_to_actor+0x8c0/0x8c0 [ 110.421212] ? lock_is_held_type+0xd7/0x130 [ 110.421572] do_sendfile+0xb19/0x1270 [ 110.421914] ? __ia32_compat_sys_preadv64+0x2e0/0x2e0 [ 110.422327] ? xfd_validate_state+0x59/0x180 [ 110.422685] ? restore_fpregs_from_fpstate+0xbd/0x1c0 [ 110.423119] __x64_sys_sendfile64+0x1cd/0x210 [ 110.423489] ? __ia32_compat_sys_sendfile64+0x210/0x210 [ 110.423921] ? syscall_enter_from_user_mode+0x1d/0x50 [ 110.424333] ? syscall_enter_from_user_mode+0x1d/0x50 [ 110.424735] do_syscall_64+0x3b/0x90 [ 110.425061] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 110.425477] RIP: 0033:0x7f6989eeab19 [ 110.425799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.427227] RSP: 002b:00007f6987460188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 110.427855] RAX: ffffffffffffffda RBX: 00007f6989ffdf60 RCX: 00007f6989eeab19 [ 110.428415] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 110.428996] RBP: 00007f6989f44f6d R08: 0000000000000000 R09: 0000000000000000 [ 110.429551] R10: 0000000000409afb R11: 0000000000000246 R12: 0000000000000000 [ 110.430134] R13: 00007fff8cf9ab0f R14: 00007f6987460300 R15: 0000000000022000 [ 110.430702] [ 110.430921] irq event stamp: 1261 [ 110.431191] hardirqs last enabled at (1271): [] __up_console_sem+0x78/0x80 [ 110.431891] hardirqs last disabled at (1282): [] __up_console_sem+0x5d/0x80 [ 110.432574] softirqs last enabled at (704): [] __irq_exit_rcu+0x113/0x170 [ 110.433260] softirqs last disabled at (669): [] __irq_exit_rcu+0x113/0x170 [ 110.433965] ---[ end trace 0000000000000000 ]--- 14:03:44 executing program 6: prctl$PR_GET_TSC(0x19, &(0x7f0000000000)) prctl$PR_GET_TSC(0x25, &(0x7f0000000040)) 14:03:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000000)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @typed={0xc, 0x28, 0x0, 0x0, @u64}]}, 0x2c}], 0x1}, 0x0) [ 110.503936] netlink: 'syz-executor.3': attribute type 40 has an invalid length. 14:03:44 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x401c5820, &(0x7f0000000240)={0x0, 0xfffffffffffffffb}) 14:03:44 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000000)={0xdcf}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xd) 14:03:44 executing program 5: mkdir(&(0x7f0000003b80)='./file0\x00', 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="100003000000000020"], 0x2c, 0x0) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) 14:03:44 executing program 4: openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\x00') sendfile(r1, r0, 0x0, 0x409afb) 14:03:44 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x39b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) pread64(r0, 0x0, 0x0, 0x0) 14:03:44 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000000)={0xdcf}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xd) 14:03:44 executing program 6: prctl$PR_GET_TSC(0x19, &(0x7f0000000000)) prctl$PR_GET_TSC(0x25, &(0x7f0000000040)) 14:03:44 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x401c5820, &(0x7f0000000240)={0x0, 0xfffffffffffffffb}) 14:03:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000000)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @typed={0xc, 0x28, 0x0, 0x0, @u64}]}, 0x2c}], 0x1}, 0x0) [ 110.580683] netlink: 'syz-executor.3': attribute type 40 has an invalid length. 14:03:44 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000000)={0xdcf}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xd) [ 110.622267] ------------[ cut here ]------------ [ 110.622716] WARNING: CPU: 1 PID: 4015 at lib/iov_iter.c:1026 iov_iter_pipe+0x23c/0x2b0 [ 110.623404] Modules linked in: [ 110.623674] CPU: 1 PID: 4015 Comm: syz-executor.4 Tainted: G W 5.19.0-rc6-next-20220711 #1 [ 110.624426] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 110.625326] RIP: 0010:iov_iter_pipe+0x23c/0x2b0 [ 110.625715] Code: 83 c0 03 38 d0 7c 04 84 d2 75 30 44 89 63 24 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 fb 04 3f ff 0f 0b e8 f4 04 3f ff <0f> 0b e9 ac fe ff ff e8 48 40 71 ff e9 1b fe ff ff e8 ae 40 71 ff [ 110.627121] RSP: 0018:ffff88803efdf9d8 EFLAGS: 00010216 [ 110.627539] RAX: 000000000000061e RBX: ffff88803efdfa68 RCX: ffffc9000700b000 [ 110.628104] RDX: 0000000000040000 RSI: ffffffff8205786c RDI: 0000000000000004 [ 110.628658] RBP: ffff88803cb3b400 R08: 0000000000000004 R09: 0000000000000010 [ 110.629235] R10: 0000000000000010 R11: 0000000000000001 R12: 0000000000000010 [ 110.629827] R13: 0000000000000000 R14: 0000000000000010 R15: 0000000000000010 [ 110.630398] FS: 00007f6987460700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 110.631074] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.631532] CR2: 00007ffd83fadfd8 CR3: 0000000017a36000 CR4: 0000000000350ee0 [ 110.632105] Call Trace: [ 110.632314] [ 110.632501] generic_file_splice_read+0x95/0x4d0 [ 110.632921] ? lock_is_held_type+0xd7/0x130 [ 110.633265] ? add_to_pipe+0x3b0/0x3b0 [ 110.633606] ? inode_security+0x105/0x130 [ 110.633969] ? fsnotify_perm.part.0+0x221/0x610 [ 110.634353] ? security_file_permission+0xb1/0xd0 [ 110.634745] ? add_to_pipe+0x3b0/0x3b0 [ 110.635099] do_splice_to+0x1bc/0x240 [ 110.635417] ? direct_splice_actor+0x117/0x170 [ 110.635812] splice_direct_to_actor+0x2ac/0x8c0 [ 110.636209] ? pipe_to_sendpage+0x380/0x380 [ 110.636566] ? pipe_to_user+0x170/0x170 [ 110.636920] ? security_file_permission+0xb1/0xd0 [ 110.637320] do_splice_direct+0x1b8/0x280 [ 110.637678] ? splice_direct_to_actor+0x8c0/0x8c0 [ 110.638097] ? lock_is_held_type+0xd7/0x130 [ 110.638449] do_sendfile+0xb19/0x1270 [ 110.638794] ? __ia32_compat_sys_preadv64+0x2e0/0x2e0 [ 110.639221] ? xfd_validate_state+0x59/0x180 [ 110.639768] ? restore_fpregs_from_fpstate+0xbd/0x1c0 [ 110.640226] __x64_sys_sendfile64+0x1cd/0x210 [ 110.640620] ? __ia32_compat_sys_sendfile64+0x210/0x210 [ 110.641085] ? syscall_enter_from_user_mode+0x1d/0x50 [ 110.641530] ? syscall_enter_from_user_mode+0x1d/0x50 [ 110.641929] do_syscall_64+0x3b/0x90 [ 110.642280] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 110.642647] RIP: 0033:0x7f6989eeab19 [ 110.642934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.644185] RSP: 002b:00007f6987460188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 110.644706] RAX: ffffffffffffffda RBX: 00007f6989ffdf60 RCX: 00007f6989eeab19 [ 110.645215] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 110.645711] RBP: 00007f6989f44f6d R08: 0000000000000000 R09: 0000000000000000 [ 110.646216] R10: 0000000000409afb R11: 0000000000000246 R12: 0000000000000000 [ 110.646702] R13: 00007fff8cf9ab0f R14: 00007f6987460300 R15: 0000000000022000 [ 110.647233] [ 110.647408] irq event stamp: 1207 [ 110.647652] hardirqs last enabled at (1217): [] __up_console_sem+0x78/0x80 [ 110.648373] hardirqs last disabled at (1228): [] __up_console_sem+0x5d/0x80 [ 110.649041] softirqs last enabled at (1054): [] __irq_exit_rcu+0x113/0x170 [ 110.649645] softirqs last disabled at (1023): [] __irq_exit_rcu+0x113/0x170 [ 110.650257] ---[ end trace 0000000000000000 ]--- 14:03:44 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x39b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) pread64(r0, 0x0, 0x0, 0x0) 14:03:44 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000000)={0xdcf}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xd) 14:03:44 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x39b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) pread64(r0, 0x0, 0x0, 0x0) 14:03:44 executing program 5: mkdir(&(0x7f0000003b80)='./file0\x00', 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="100003000000000020"], 0x2c, 0x0) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) 14:03:44 executing program 7: mkdir(&(0x7f0000003b80)='./file0\x00', 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="100003000000000020"], 0x2c, 0x0) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) 14:03:44 executing program 4: openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\x00') sendfile(r1, r0, 0x0, 0x409afb) 14:03:44 executing program 0: mkdir(&(0x7f0000003b80)='./file0\x00', 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="100003000000000020"], 0x2c, 0x0) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) [ 110.776359] ------------[ cut here ]------------ [ 110.776999] WARNING: CPU: 1 PID: 4024 at lib/iov_iter.c:1026 iov_iter_pipe+0x23c/0x2b0 [ 110.777679] Modules linked in: [ 110.777980] CPU: 1 PID: 4024 Comm: syz-executor.4 Tainted: G W 5.19.0-rc6-next-20220711 #1 [ 110.778984] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 110.779888] RIP: 0010:iov_iter_pipe+0x23c/0x2b0 [ 110.780273] Code: 83 c0 03 38 d0 7c 04 84 d2 75 30 44 89 63 24 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 fb 04 3f ff 0f 0b e8 f4 04 3f ff <0f> 0b e9 ac fe ff ff e8 48 40 71 ff e9 1b fe ff ff e8 ae 40 71 ff [ 110.781731] RSP: 0018:ffff88803f0079d8 EFLAGS: 00010216 [ 110.782173] RAX: 0000000000000806 RBX: ffff88803f007a68 RCX: ffffc9000700b000 [ 110.782730] RDX: 0000000000040000 RSI: ffffffff8205786c RDI: 0000000000000004 [ 110.783304] RBP: ffff88803cb3a000 R08: 0000000000000004 R09: 0000000000000010 [ 110.783883] R10: 0000000000000010 R11: 0000000000000001 R12: 0000000000000010 [ 110.784438] R13: 0000000000000000 R14: 0000000000000010 R15: 0000000000000010 [ 110.785013] FS: 00007f6987460700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 110.785646] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.786119] CR2: 0000001b2d825000 CR3: 0000000016970000 CR4: 0000000000350ee0 [ 110.786676] Call Trace: [ 110.786901] [ 110.787087] generic_file_splice_read+0x95/0x4d0 [ 110.787469] ? lock_is_held_type+0xd7/0x130 [ 110.788588] ? add_to_pipe+0x3b0/0x3b0 [ 110.789059] ? inode_security+0x105/0x130 [ 110.789403] ? fsnotify_perm.part.0+0x221/0x610 [ 110.789817] ? security_file_permission+0xb1/0xd0 [ 110.790206] ? add_to_pipe+0x3b0/0x3b0 [ 110.790524] do_splice_to+0x1bc/0x240 [ 110.790850] ? direct_splice_actor+0x117/0x170 [ 110.791217] splice_direct_to_actor+0x2ac/0x8c0 [ 110.791594] ? pipe_to_sendpage+0x380/0x380 [ 110.791965] ? pipe_to_user+0x170/0x170 [ 110.792282] ? security_file_permission+0xb1/0xd0 [ 110.792674] do_splice_direct+0x1b8/0x280 [ 110.793029] ? splice_direct_to_actor+0x8c0/0x8c0 [ 110.793445] ? lock_is_held_type+0xd7/0x130 [ 110.793811] do_sendfile+0xb19/0x1270 [ 110.794125] ? __ia32_compat_sys_preadv64+0x2e0/0x2e0 [ 110.794525] ? xfd_validate_state+0x59/0x180 [ 110.794916] ? restore_fpregs_from_fpstate+0xbd/0x1c0 [ 110.795322] __x64_sys_sendfile64+0x1cd/0x210 [ 110.795682] ? __ia32_compat_sys_sendfile64+0x210/0x210 [ 110.796126] ? syscall_enter_from_user_mode+0x1d/0x50 [ 110.796536] ? syscall_enter_from_user_mode+0x1d/0x50 [ 110.796973] do_syscall_64+0x3b/0x90 [ 110.797275] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 110.797693] RIP: 0033:0x7f6989eeab19 [ 110.798014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.799409] RSP: 002b:00007f6987460188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 110.800023] RAX: ffffffffffffffda RBX: 00007f6989ffdf60 RCX: 00007f6989eeab19 [ 110.800570] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 110.801135] RBP: 00007f6989f44f6d R08: 0000000000000000 R09: 0000000000000000 [ 110.801702] R10: 0000000000409afb R11: 0000000000000246 R12: 0000000000000000 [ 110.802277] R13: 00007fff8cf9ab0f R14: 00007f6987460300 R15: 0000000000022000 [ 110.802854] [ 110.803049] irq event stamp: 1769 [ 110.803315] hardirqs last enabled at (1779): [] __up_console_sem+0x78/0x80 [ 110.804011] hardirqs last disabled at (1790): [] __up_console_sem+0x5d/0x80 [ 110.804667] softirqs last enabled at (1408): [] __irq_exit_rcu+0x113/0x170 [ 110.805346] softirqs last disabled at (1291): [] __irq_exit_rcu+0x113/0x170 [ 110.806030] ---[ end trace 0000000000000000 ]--- 14:03:44 executing program 6: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:44 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000000)={0xdcf}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xd) [ 110.844205] audit: type=1400 audit(1657548224.670:7): avc: denied { open } for pid=4032 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.845863] audit: type=1400 audit(1657548224.670:8): avc: denied { kernel } for pid=4032 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.870791] hrtimer: interrupt took 20729 ns 14:03:44 executing program 0: mkdir(&(0x7f0000003b80)='./file0\x00', 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="100003000000000020"], 0x2c, 0x0) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) 14:03:44 executing program 7: mkdir(&(0x7f0000003b80)='./file0\x00', 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="100003000000000020"], 0x2c, 0x0) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) 14:03:44 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x39b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) pread64(r0, 0x0, 0x0, 0x0) 14:03:44 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000280)=ANY=[@ANYBLOB='//'], &(0x7f00000000c0)='./file0\x00', 0x0, 0x101c00, 0x0) 14:03:44 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) r2 = epoll_create1(0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200), 0x0, &(0x7f0000000c40)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 14:03:44 executing program 2: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000001200), 0x0, &(0x7f0000001280)={[{@fat=@nfs_nostale_ro}]}) [ 110.985717] FAT-fs (loop2): bogus number of reserved sectors [ 110.986413] FAT-fs (loop2): Can't find a valid FAT filesystem [ 111.017735] FAT-fs (loop2): bogus number of reserved sectors [ 111.018276] FAT-fs (loop2): Can't find a valid FAT filesystem 14:03:46 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000280)=ANY=[@ANYBLOB='//'], &(0x7f00000000c0)='./file0\x00', 0x0, 0x101c00, 0x0) 14:03:46 executing program 0: mkdir(&(0x7f0000003b80)='./file0\x00', 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="100003000000000020"], 0x2c, 0x0) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) 14:03:46 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8919, &(0x7f0000000000)={'lo\x00'}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x891a, &(0x7f0000000000)={'lo\x00'}) 14:03:46 executing program 2: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000001200), 0x0, &(0x7f0000001280)={[{@fat=@nfs_nostale_ro}]}) 14:03:46 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x39b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) pread64(r0, 0x0, 0x0, 0x0) 14:03:46 executing program 7: mkdir(&(0x7f0000003b80)='./file0\x00', 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="100003000000000020"], 0x2c, 0x0) creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) 14:03:46 executing program 6: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:46 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) r2 = epoll_create1(0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200), 0x0, &(0x7f0000000c40)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) [ 113.127872] FAT-fs (loop2): bogus number of reserved sectors [ 113.128359] FAT-fs (loop2): Can't find a valid FAT filesystem 14:03:47 executing program 2: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000001200), 0x0, &(0x7f0000001280)={[{@fat=@nfs_nostale_ro}]}) 14:03:47 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8919, &(0x7f0000000000)={'lo\x00'}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x891a, &(0x7f0000000000)={'lo\x00'}) 14:03:47 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000280)=ANY=[@ANYBLOB='//'], &(0x7f00000000c0)='./file0\x00', 0x0, 0x101c00, 0x0) [ 113.261238] FAT-fs (loop2): bogus number of reserved sectors [ 113.261729] FAT-fs (loop2): Can't find a valid FAT filesystem 14:03:47 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8919, &(0x7f0000000000)={'lo\x00'}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x891a, &(0x7f0000000000)={'lo\x00'}) [ 113.335929] FAT-fs (loop2): bogus number of reserved sectors [ 113.336384] FAT-fs (loop2): Can't find a valid FAT filesystem 14:03:47 executing program 2: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000001200), 0x0, &(0x7f0000001280)={[{@fat=@nfs_nostale_ro}]}) 14:03:47 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8919, &(0x7f0000000000)={'lo\x00'}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x891a, &(0x7f0000000000)={'lo\x00'}) 14:03:47 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8919, &(0x7f0000000000)={'lo\x00'}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x891a, &(0x7f0000000000)={'lo\x00'}) 14:03:47 executing program 6: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:47 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:47 executing program 7: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:47 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000280)=ANY=[@ANYBLOB='//'], &(0x7f00000000c0)='./file0\x00', 0x0, 0x101c00, 0x0) 14:03:47 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8919, &(0x7f0000000000)={'lo\x00'}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x891a, &(0x7f0000000000)={'lo\x00'}) 14:03:47 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8919, &(0x7f0000000000)={'lo\x00'}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x891a, &(0x7f0000000000)={'lo\x00'}) 14:03:47 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:47 executing program 6: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:47 executing program 7: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:47 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:47 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:47 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) r2 = epoll_create1(0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200), 0x0, &(0x7f0000000c40)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 14:03:47 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:47 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:48 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:48 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:48 executing program 7: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:48 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:48 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:48 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:48 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:48 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) r2 = epoll_create1(0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200), 0x0, &(0x7f0000000c40)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 14:03:48 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:49 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) r2 = epoll_create1(0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200), 0x0, &(0x7f0000000c40)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 14:03:49 executing program 6: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fsetxattr$security_evm(r0, &(0x7f0000000740), &(0x7f0000000780), 0x1, 0x0) 14:03:49 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) r2 = epoll_create1(0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200), 0x0, &(0x7f0000000c40)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 14:03:49 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:49 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x32be, 0x2, 0x3, 0x215}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480)=0x0, &(0x7f00000014c0)) syz_io_uring_submit(r3, r2, &(0x7f0000001540)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x7, &(0x7f0000001500)={0x77359400}}, 0x5) 14:03:49 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x4, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_emit_ethernet(0x1e, &(0x7f0000000040)={@dev, @random="ea1ffab8e9da", @void, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "7eb255ffd2740ab6"}}}}, 0x0) 14:03:49 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RFSYNC(r0, &(0x7f0000000080)={0x7}, 0xffffff43) 14:03:49 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') getdents64(r0, &(0x7f0000000180)=""/70, 0x18) getdents(r0, &(0x7f0000000300)=""/123, 0x7b) 14:03:49 executing program 6: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fsetxattr$security_evm(r0, &(0x7f0000000740), &(0x7f0000000780), 0x1, 0x0) 14:03:50 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') getdents64(r0, &(0x7f0000000180)=""/70, 0x18) getdents(r0, &(0x7f0000000300)=""/123, 0x7b) 14:03:50 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x4, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_emit_ethernet(0x1e, &(0x7f0000000040)={@dev, @random="ea1ffab8e9da", @void, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "7eb255ffd2740ab6"}}}}, 0x0) 14:03:50 executing program 6: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fsetxattr$security_evm(r0, &(0x7f0000000740), &(0x7f0000000780), 0x1, 0x0) 14:03:50 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x4, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_emit_ethernet(0x1e, &(0x7f0000000040)={@dev, @random="ea1ffab8e9da", @void, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "7eb255ffd2740ab6"}}}}, 0x0) 14:03:50 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000), 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x33, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "6c62e7deeb"}}}}}}, 0x0) 14:03:50 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) r2 = epoll_create1(0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200), 0x0, &(0x7f0000000c40)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 14:03:50 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RFSYNC(r0, &(0x7f0000000080)={0x7}, 0xffffff43) 14:03:50 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') getdents64(r0, &(0x7f0000000180)=""/70, 0x18) getdents(r0, &(0x7f0000000300)=""/123, 0x7b) 14:03:50 executing program 6: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fsetxattr$security_evm(r0, &(0x7f0000000740), &(0x7f0000000780), 0x1, 0x0) 14:03:50 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x4, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_emit_ethernet(0x1e, &(0x7f0000000040)={@dev, @random="ea1ffab8e9da", @void, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "7eb255ffd2740ab6"}}}}, 0x0) 14:03:50 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') getdents64(r0, &(0x7f0000000180)=""/70, 0x18) getdents(r0, &(0x7f0000000300)=""/123, 0x7b) 14:03:50 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x4, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_emit_ethernet(0x1e, &(0x7f0000000040)={@dev, @random="ea1ffab8e9da", @void, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "7eb255ffd2740ab6"}}}}, 0x0) 14:03:50 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000), 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x33, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "6c62e7deeb"}}}}}}, 0x0) 14:03:50 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') getdents64(r0, &(0x7f0000000180)=""/70, 0x18) getdents(r0, &(0x7f0000000300)=""/123, 0x7b) 14:03:50 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000), 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x33, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "6c62e7deeb"}}}}}}, 0x0) 14:03:50 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x4, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_emit_ethernet(0x1e, &(0x7f0000000040)={@dev, @random="ea1ffab8e9da", @void, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "7eb255ffd2740ab6"}}}}, 0x0) 14:03:50 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x4, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_emit_ethernet(0x1e, &(0x7f0000000040)={@dev, @random="ea1ffab8e9da", @void, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "7eb255ffd2740ab6"}}}}, 0x0) 14:03:50 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') getdents64(r0, &(0x7f0000000180)=""/70, 0x18) getdents(r0, &(0x7f0000000300)=""/123, 0x7b) 14:03:50 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000), 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x33, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "6c62e7deeb"}}}}}}, 0x0) 14:03:50 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') getdents64(r0, &(0x7f0000000180)=""/70, 0x18) getdents(r0, &(0x7f0000000300)=""/123, 0x7b) 14:03:51 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000), 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x33, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "6c62e7deeb"}}}}}}, 0x0) 14:03:51 executing program 3: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x0, 0x81, 0x6, 0x0, 0x0, 0x6394, 0x12002, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x9459, 0x9}, 0x4c00c, 0xfffffffffffffff9, 0xff, 0x5, 0x3, 0x6, 0x20, 0x0, 0x6, 0x0, 0x7}, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x20, 0xbf, 0x2, 0x7, 0x0, 0xfffffffffffff082, 0x7e2ea, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x800, 0x5, @perf_bp={&(0x7f0000000240), 0x15}, 0x892, 0x9, 0x2, 0x8, 0x8, 0x80, 0x3, 0x0, 0x3, 0x0, 0x4080000000}, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x8) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000180)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) openat(0xffffffffffffffff, 0x0, 0x400000, 0x8) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x181c00, 0x0) finit_module(r1, 0x0, 0x0) 14:03:51 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000), 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x33, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "6c62e7deeb"}}}}}}, 0x0) 14:03:51 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000), 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x33, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "6c62e7deeb"}}}}}}, 0x0) 14:03:51 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x12, &(0x7f0000000000), 0x0) ioctl$F2FS_IOC_FLUSH_DEVICE(r1, 0x4008f50a, 0x0) r2 = syz_open_procfs(0x0, 0x0) readlinkat(r2, &(0x7f0000000040)='./mnt\x00', &(0x7f0000000080)=""/176, 0xb0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000100)={{0x1, 0x1, 0x18, r2, {0x7ff}}, './file0\x00'}) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'sit0\x00', 0x0}) r5 = openat$null(0xffffffffffffff9c, 0x0, 0x400000, 0x0) kcmp(0x0, 0x0, 0x6, r3, r5) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000080)={@local, 0x0, r4}) 14:03:51 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RFSYNC(r0, &(0x7f0000000080)={0x7}, 0xffffff43) 14:03:51 executing program 5: delete_module(0x0, 0x0) 14:03:51 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f00000012c0)=[{{&(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10, 0x0}}, {{&(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, &(0x7f0000001340)=[@ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x7, 0x2}]}}}], 0x18}}], 0x2, 0x0) [ 117.294432] audit: type=1400 audit(1657548231.115:9): avc: denied { write } for pid=4235 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 14:03:51 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000), 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x33, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "6c62e7deeb"}}}}}}, 0x0) [ 117.345428] audit: type=1400 audit(1657548231.171:10): avc: denied { module_load } for pid=4235 comm="syz-executor.3" path="/syz-executor.3" dev="sda" ino=15936 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=system permissive=1 14:03:51 executing program 5: delete_module(0x0, 0x0) [ 117.355297] Invalid ELF header type: 3 != 1 14:03:51 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000), 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x33, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "6c62e7deeb"}}}}}}, 0x0) 14:03:51 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty, 0x1}, 0x6c) io_setup(0x40, &(0x7f0000000180)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmmsg(0xffffffffffffffff, &(0x7f0000001240)=[{{&(0x7f0000000000)=@ll={0x11, 0x1, r2}, 0x80, 0x0}}], 0x1, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000002880), 0x4000101, 0xa00) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) 14:03:51 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f00000012c0)=[{{&(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10, 0x0}}, {{&(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, &(0x7f0000001340)=[@ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x7, 0x2}]}}}], 0x18}}], 0x2, 0x0) 14:03:51 executing program 5: delete_module(0x0, 0x0) 14:03:51 executing program 6: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@none}, {@noprefix}, {@name={'name', 0x3d, 'vfat\x00'}}]}) 14:03:51 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f00000012c0)=[{{&(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10, 0x0}}, {{&(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, &(0x7f0000001340)=[@ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x7, 0x2}]}}}], 0x18}}], 0x2, 0x0) 14:03:51 executing program 3: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x0, 0x81, 0x6, 0x0, 0x0, 0x6394, 0x12002, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x9459, 0x9}, 0x4c00c, 0xfffffffffffffff9, 0xff, 0x5, 0x3, 0x6, 0x20, 0x0, 0x6, 0x0, 0x7}, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x20, 0xbf, 0x2, 0x7, 0x0, 0xfffffffffffff082, 0x7e2ea, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x800, 0x5, @perf_bp={&(0x7f0000000240), 0x15}, 0x892, 0x9, 0x2, 0x8, 0x8, 0x80, 0x3, 0x0, 0x3, 0x0, 0x4080000000}, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x8) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000180)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) openat(0xffffffffffffffff, 0x0, 0x400000, 0x8) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x181c00, 0x0) finit_module(r1, 0x0, 0x0) VM DIAGNOSIS: 14:03:42 Registers: info registers vcpu 0 RAX=000000000000006f RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82407de1 RDI=ffffffff873e5660 RBP=ffffffff873e5620 RSP=ffff888039e07340 R8 =0000000000000001 R9 =000000000000000a R10=000000000000006f R11=0000000000000001 R12=000000000000006f R13=ffffffff873e5620 R14=0000000000000010 R15=ffffffff82407dd0 RIP=ffffffff82407e39 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f6987460700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d822000 CR3=000000000ed9c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM01=0000000000000000 0000000000000000 2525252525252525 2525252525252525 YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffffed1003065f28 RCX=0000000000000000 RDX=ffff88801747d040 RSI=ffff88801832f960 RDI=ffffffff81346120 RBP=ffff88801832f930 RSP=ffff88801832f920 R8 =0000000000000001 R9 =ffff88800e8499e3 R10=ffffed1001d0933c R11=0000000000000001 R12=ffff88800e849998 R13=0000000000000000 R14=ffff88801747d040 R15=ffff88800e849950 RIP=ffffffff810a846b RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f6d24401900 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6d238520a0 CR3=000000000e79a000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM01=0000000000000000 0000000000000000 3030623438613630 3638616663356134 YMM02=0000000000000000 0000000000000000 3830306234386136 3036386166633561 YMM03=0000000000000000 0000000000000000 2f6c616e72756f6a 2f676f6c2f6e7572 YMM04=0000000000000000 0000000000000000 455e825d37ee3403 000000000013ccb8 YMM05=0000000000000000 0000000000000000 d3fdd5f48436fbd7 00000000000aead0 YMM06=0000000000000000 0000000000000000 0658252dc55acbab 00000000000ae988 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 44495f474f4c5359 530069253d595449 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0020000000200000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000