Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:5170' (ECDSA) to the list of known hosts. 2022/10/03 17:09:27 fuzzer started 2022/10/03 17:09:27 dialing manager at localhost:35095 syzkaller login: [ 36.312340] cgroup: Unknown subsys name 'net' [ 36.413534] cgroup: Unknown subsys name 'rlimit' 2022/10/03 17:09:41 syscalls: 2215 2022/10/03 17:09:41 code coverage: enabled 2022/10/03 17:09:41 comparison tracing: enabled 2022/10/03 17:09:41 extra coverage: enabled 2022/10/03 17:09:41 setuid sandbox: enabled 2022/10/03 17:09:41 namespace sandbox: enabled 2022/10/03 17:09:41 Android sandbox: enabled 2022/10/03 17:09:41 fault injection: enabled 2022/10/03 17:09:41 leak checking: enabled 2022/10/03 17:09:41 net packet injection: enabled 2022/10/03 17:09:41 net device setup: enabled 2022/10/03 17:09:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/03 17:09:41 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/03 17:09:41 USB emulation: enabled 2022/10/03 17:09:41 hci packet injection: enabled 2022/10/03 17:09:41 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930) 2022/10/03 17:09:41 802.15.4 emulation: enabled 2022/10/03 17:09:42 fetching corpus: 50, signal 23749/25599 (executing program) 2022/10/03 17:09:42 fetching corpus: 100, signal 38176/41678 (executing program) 2022/10/03 17:09:42 fetching corpus: 150, signal 44500/49640 (executing program) 2022/10/03 17:09:42 fetching corpus: 200, signal 52022/58675 (executing program) 2022/10/03 17:09:42 fetching corpus: 250, signal 60117/68141 (executing program) 2022/10/03 17:09:42 fetching corpus: 300, signal 67648/76953 (executing program) 2022/10/03 17:09:42 fetching corpus: 350, signal 74080/84654 (executing program) 2022/10/03 17:09:42 fetching corpus: 400, signal 77427/89369 (executing program) 2022/10/03 17:09:43 fetching corpus: 450, signal 81218/94408 (executing program) 2022/10/03 17:09:43 fetching corpus: 500, signal 83384/97872 (executing program) 2022/10/03 17:09:43 fetching corpus: 550, signal 86689/102386 (executing program) 2022/10/03 17:09:43 fetching corpus: 600, signal 89681/106549 (executing program) 2022/10/03 17:09:43 fetching corpus: 650, signal 92564/110569 (executing program) 2022/10/03 17:09:43 fetching corpus: 700, signal 96071/115164 (executing program) 2022/10/03 17:09:43 fetching corpus: 750, signal 97513/117848 (executing program) 2022/10/03 17:09:43 fetching corpus: 800, signal 99228/120774 (executing program) 2022/10/03 17:09:43 fetching corpus: 850, signal 101364/124010 (executing program) 2022/10/03 17:09:44 fetching corpus: 900, signal 104113/127720 (executing program) 2022/10/03 17:09:44 fetching corpus: 950, signal 107066/131686 (executing program) 2022/10/03 17:09:44 fetching corpus: 1000, signal 108688/134346 (executing program) 2022/10/03 17:09:44 fetching corpus: 1050, signal 110326/137077 (executing program) 2022/10/03 17:09:44 fetching corpus: 1100, signal 112798/140448 (executing program) 2022/10/03 17:09:44 fetching corpus: 1150, signal 114254/142976 (executing program) 2022/10/03 17:09:44 fetching corpus: 1200, signal 115826/145574 (executing program) 2022/10/03 17:09:44 fetching corpus: 1250, signal 117346/148071 (executing program) 2022/10/03 17:09:44 fetching corpus: 1300, signal 118947/150606 (executing program) 2022/10/03 17:09:45 fetching corpus: 1350, signal 121190/153686 (executing program) 2022/10/03 17:09:45 fetching corpus: 1400, signal 122286/155810 (executing program) 2022/10/03 17:09:45 fetching corpus: 1450, signal 123196/157746 (executing program) 2022/10/03 17:09:45 fetching corpus: 1500, signal 125169/160528 (executing program) 2022/10/03 17:09:45 fetching corpus: 1550, signal 126081/162416 (executing program) 2022/10/03 17:09:45 fetching corpus: 1600, signal 127267/164589 (executing program) 2022/10/03 17:09:45 fetching corpus: 1650, signal 128382/166660 (executing program) 2022/10/03 17:09:45 fetching corpus: 1700, signal 130913/169786 (executing program) 2022/10/03 17:09:46 fetching corpus: 1750, signal 133294/172748 (executing program) 2022/10/03 17:09:46 fetching corpus: 1800, signal 135769/175828 (executing program) 2022/10/03 17:09:46 fetching corpus: 1850, signal 138112/178697 (executing program) 2022/10/03 17:09:46 fetching corpus: 1900, signal 138771/180283 (executing program) 2022/10/03 17:09:46 fetching corpus: 1950, signal 139614/181993 (executing program) 2022/10/03 17:09:46 fetching corpus: 2000, signal 140642/183868 (executing program) 2022/10/03 17:09:46 fetching corpus: 2050, signal 142038/185974 (executing program) 2022/10/03 17:09:46 fetching corpus: 2100, signal 143329/187994 (executing program) 2022/10/03 17:09:47 fetching corpus: 2150, signal 144099/189632 (executing program) 2022/10/03 17:09:47 fetching corpus: 2200, signal 144902/191292 (executing program) 2022/10/03 17:09:47 fetching corpus: 2250, signal 146429/193461 (executing program) 2022/10/03 17:09:47 fetching corpus: 2300, signal 147272/195098 (executing program) 2022/10/03 17:09:47 fetching corpus: 2350, signal 147918/196601 (executing program) 2022/10/03 17:09:47 fetching corpus: 2400, signal 148762/198253 (executing program) 2022/10/03 17:09:47 fetching corpus: 2450, signal 149955/200051 (executing program) 2022/10/03 17:09:47 fetching corpus: 2500, signal 151738/202226 (executing program) 2022/10/03 17:09:47 fetching corpus: 2550, signal 152553/203781 (executing program) 2022/10/03 17:09:48 fetching corpus: 2600, signal 154048/205803 (executing program) 2022/10/03 17:09:48 fetching corpus: 2650, signal 154947/207377 (executing program) 2022/10/03 17:09:48 fetching corpus: 2700, signal 155814/208870 (executing program) 2022/10/03 17:09:48 fetching corpus: 2750, signal 156534/210282 (executing program) 2022/10/03 17:09:48 fetching corpus: 2800, signal 157096/211643 (executing program) 2022/10/03 17:09:48 fetching corpus: 2850, signal 157826/213075 (executing program) 2022/10/03 17:09:48 fetching corpus: 2900, signal 159225/214952 (executing program) 2022/10/03 17:09:48 fetching corpus: 2950, signal 160530/216735 (executing program) 2022/10/03 17:09:49 fetching corpus: 3000, signal 162498/218828 (executing program) 2022/10/03 17:09:49 fetching corpus: 3050, signal 163506/220386 (executing program) 2022/10/03 17:09:49 fetching corpus: 3100, signal 164174/221701 (executing program) 2022/10/03 17:09:49 fetching corpus: 3150, signal 165825/223559 (executing program) 2022/10/03 17:09:49 fetching corpus: 3200, signal 166148/224675 (executing program) 2022/10/03 17:09:49 fetching corpus: 3250, signal 167234/226240 (executing program) 2022/10/03 17:09:49 fetching corpus: 3300, signal 167601/227402 (executing program) 2022/10/03 17:09:49 fetching corpus: 3350, signal 168317/228736 (executing program) 2022/10/03 17:09:50 fetching corpus: 3400, signal 169004/230076 (executing program) 2022/10/03 17:09:50 fetching corpus: 3450, signal 169753/231453 (executing program) 2022/10/03 17:09:50 fetching corpus: 3500, signal 170484/232820 (executing program) 2022/10/03 17:09:50 fetching corpus: 3550, signal 170972/233959 (executing program) 2022/10/03 17:09:50 fetching corpus: 3600, signal 171936/235371 (executing program) 2022/10/03 17:09:50 fetching corpus: 3650, signal 173021/236834 (executing program) 2022/10/03 17:09:50 fetching corpus: 3700, signal 173787/238056 (executing program) 2022/10/03 17:09:50 fetching corpus: 3750, signal 174991/239537 (executing program) 2022/10/03 17:09:51 fetching corpus: 3800, signal 175677/240717 (executing program) 2022/10/03 17:09:51 fetching corpus: 3850, signal 176690/242068 (executing program) 2022/10/03 17:09:51 fetching corpus: 3900, signal 177700/243407 (executing program) 2022/10/03 17:09:51 fetching corpus: 3950, signal 178506/244657 (executing program) 2022/10/03 17:09:51 fetching corpus: 4000, signal 179527/246004 (executing program) 2022/10/03 17:09:51 fetching corpus: 4050, signal 180129/247096 (executing program) 2022/10/03 17:09:51 fetching corpus: 4100, signal 180749/248211 (executing program) 2022/10/03 17:09:51 fetching corpus: 4150, signal 182160/249702 (executing program) 2022/10/03 17:09:51 fetching corpus: 4200, signal 183280/251045 (executing program) 2022/10/03 17:09:52 fetching corpus: 4250, signal 183968/252138 (executing program) 2022/10/03 17:09:52 fetching corpus: 4300, signal 184601/253244 (executing program) 2022/10/03 17:09:52 fetching corpus: 4350, signal 185534/254498 (executing program) 2022/10/03 17:09:52 fetching corpus: 4400, signal 186194/255627 (executing program) 2022/10/03 17:09:52 fetching corpus: 4450, signal 187328/256905 (executing program) 2022/10/03 17:09:52 fetching corpus: 4500, signal 187844/257904 (executing program) 2022/10/03 17:09:52 fetching corpus: 4550, signal 188583/258993 (executing program) 2022/10/03 17:09:52 fetching corpus: 4600, signal 189626/260209 (executing program) 2022/10/03 17:09:53 fetching corpus: 4650, signal 190190/261233 (executing program) 2022/10/03 17:09:53 fetching corpus: 4700, signal 190830/262226 (executing program) 2022/10/03 17:09:53 fetching corpus: 4750, signal 191747/263329 (executing program) 2022/10/03 17:09:53 fetching corpus: 4800, signal 192345/264302 (executing program) 2022/10/03 17:09:53 fetching corpus: 4850, signal 192711/265189 (executing program) 2022/10/03 17:09:53 fetching corpus: 4900, signal 193467/266169 (executing program) 2022/10/03 17:09:53 fetching corpus: 4950, signal 194177/267167 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/268122 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/268862 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/269614 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/270339 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/271046 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/271779 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/272512 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/273288 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/273990 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/274741 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/275520 (executing program) 2022/10/03 17:09:53 fetching corpus: 5000, signal 194783/276270 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/276962 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/277705 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/278425 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/279181 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/279926 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/280675 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/281411 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/282146 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/282883 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/283637 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/284359 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/285083 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/285834 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/286560 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/287276 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/288038 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/288754 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/289486 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/290189 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/290936 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/291684 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/292420 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/293144 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/293861 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/294571 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/295324 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/296067 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/296797 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/297507 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/298269 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/298996 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/299720 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/300486 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/301211 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/301917 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/302635 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/303368 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/304077 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/304819 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/305483 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/305743 (executing program) 2022/10/03 17:09:54 fetching corpus: 5000, signal 194783/305743 (executing program) 2022/10/03 17:09:57 starting 8 fuzzer processes 17:09:57 executing program 0: ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000080)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f00000000c0)) preadv2(r1, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/147, 0x93}, {&(0x7f0000000200)=""/179, 0xb3}], 0x2, 0x5, 0x7ff, 0x6) shutdown(r0, 0x1) recvfrom(r0, &(0x7f0000000300)=""/4096, 0x1000, 0x40000000, &(0x7f0000001300)=@sco={0x1f, @none}, 0x80) sendmsg$NFT_BATCH(r1, &(0x7f0000001bc0)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001b80)={&(0x7f00000013c0)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x58, 0x18, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELRULE={0x260, 0x8, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x214, 0x4, 0x0, 0x1, [{0xa8, 0x1, 0x0, 0x1, [@quota={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x40}, @NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0xd59a}, @NFTA_QUOTA_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_QUOTA_CONSUMED={0xc, 0x4, 0x1, 0x0, 0x40}]}}, @numgen={{0xb}, @void}, @quota={{0xa}, @void}, @limit={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x9}]}}, @fwd={{0x8}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x10}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0xa}]}}]}, {0x108, 0x1, 0x0, 0x1, [@redir={{0xa}, @void}, @lookup={{0xb}, @void}, @cmp={{0x8}, @val={0xd4, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_CMP_OP={0x8}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_CMP_DATA={0xa8, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x7, 0x1, "7129fe"}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x54, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}]}]}}, @connlimit={{0xe}, @void}]}, {0x60, 0x1, 0x0, 0x1, [@tunnel={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TUNNEL_DREG={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_TUNNEL_DREG={0x8}]}}, @connlimit={{0xe}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfa4b}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_CONNLIMIT_FLAGS={0x8}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x34}]}}]}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x1}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_ID={0x8}]}, @NFT_MSG_NEWFLOWTABLE={0x1c, 0x16, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWRULE={0x144, 0x6, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFTA_RULE_USERDATA={0x9c, 0x7, 0x1, 0x0, "b661c6f2f5a4bf1d1dfa8263ca4d702bc32220f57878bc6a9cc562d6ee02c0ef36a79f563a680b7b06a3c9c91f5616f8e4df407e973f3ec67842dd39099c3af6fe3c3a97a816f3a7a1eeafa6723d4807bc90a49b893d246574c5b673ae197ea832b402c55362d59395429ca8c4b466388c70af98f8978ec6ce58d4e369f3beeb4ce8df126243c64d59d2df6e9f4e4ac2a67acde090914798"}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_RULE_USERDATA={0x86, 0x7, 0x1, 0x0, "07ef8a9ec9bdc2fa387618937110f49c6510fad9f2191f2ef273463ed8abaa741e02b96cbe0626633edf4204ef4fc03f6da6bd41d845527c0d44e25b39562fb04e8794f1a6683fb4780b0c1fd74dfcdc948ebb504cab9b05057e073df733bd6624662ac83854825dd877b0556cfb104877b8e7e254aba630965d54260abfde35bbdb"}]}, @NFT_MSG_NEWRULE={0x2f8, 0x6, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x5}, [@NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION_ID={0x8}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x194, 0x4, 0x0, 0x1, [{0x14c, 0x1, 0x0, 0x1, [@cmp={{0x8}, @void}, @objref={{0xb}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x9}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_OBJREF_SET_NAME={0x9, 0x4, 'syz0\x00'}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x1}]}}, @synproxy={{0xd}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_MSS={0x6}, @NFTA_SYNPROXY_WSCALE={0x5, 0x2, 0x7d}, @NFTA_SYNPROXY_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}}, @lookup={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LOOKUP_SET_ID={0x8}]}}, @payload={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0xd}]}}, @counter={{0xc}, @void}, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0xff}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x89}, @NFTA_EXTHDR_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0x14}]}}, @redir={{0xa}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_REDIR_FLAGS={0x8, 0x3, 0x1, 0x0, 0x10}, @NFTA_REDIR_FLAGS={0x8}, @NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_REDIR_REG_PROTO_MAX={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_REDIR_REG_PROTO_MAX={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_REDIR_REG_PROTO_MAX={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_REDIR_REG_PROTO_MAX={0x8, 0x2, 0x1, 0x0, 0xd}]}}, @meta={{0x9}, @void}, @fib={{0x8}, @void}]}, {0x44, 0x1, 0x0, 0x1, [@dup_ipv4={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xe}]}}, @queue={{0xa}, @void}, @tproxy={{0xb}, @void}, @numgen={{0xb}, @void}]}]}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT={0x4c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x1c}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x73}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x883e}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x84}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x32}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x1a}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x19}]}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_RULE_USERDATA={0xca, 0x7, 0x1, 0x0, "b4a1aa6076474b7bd745019d99409793b5327f9e361f941a1d30d21c9d9e1a99790893a945c59e1495caf2479e6e8cc55aa8f3179ef1538dabb7aaede20d8923fa126ab86001a660555046ebe17dcd84ebe3dac54132b582b5a42781be83d5f6f9dc83010cbf2ef6bcada768a6b04bea0931066072ee831ebdf566d5ebcd1d901d446cd1564583fa8ef89d17267f481cfac62bb4eab13561466a2142f80806c722d799181a187af3136d78c018b67e42535363567f50fd9ae4092ca180642450dd4b2a3272d0"}, @NFTA_RULE_POSITION_ID={0x8}]}, @NFT_MSG_DELSET={0x64, 0xb, 0xa, 0x201, 0x0, 0x0, {0xc, 0x0, 0x1}, [@NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x28}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0xa}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x5}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xa}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x6}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0xfffffff8}]}], {0x14}}, 0x79c}, 0x1, 0x0, 0x0, 0x40004}, 0x8000) clock_gettime(0x3, &(0x7f0000001c00)) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000001c40), &(0x7f0000001c80)=0x2) clock_getres(0x5, &(0x7f0000001cc0)) pselect6(0x40, &(0x7f0000001d00)={0x200, 0x3, 0xea8, 0x7fffffff, 0x1, 0x8, 0x5, 0x9}, &(0x7f0000001d40)={0x3, 0x4, 0x2, 0x8, 0x20, 0xfff, 0x6, 0xd711}, &(0x7f0000001d80)={0x4, 0x81, 0x5, 0xfff, 0x1, 0x1, 0x400}, &(0x7f0000001dc0)={0x0, 0x3938700}, &(0x7f0000001e40)={&(0x7f0000001e00)={[0x20]}, 0x8}) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000002040)={&(0x7f0000001e80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000002000)={&(0x7f0000001ec0)={0x124, 0x1, 0x2, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_NAT={0x1c, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_MASK={0x40, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x89}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT={0x78, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x64, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x35}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x48800}, 0x1) ioctl$BTRFS_IOC_WAIT_SYNC(r1, 0x40089416, &(0x7f0000002080)) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002100)='/sys/class/i2c-adapter', 0x121002, 0x102) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000002240)={&(0x7f00000020c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000002200)={&(0x7f0000002140)={0xa8, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0x2c, 0x7, 0x0, 0x1, [{0x8, 0x1, r0}, {0x8, 0x1, r0}, {0x8, 0x1, r0}, {0x8, 0x1, r2}, {0x8, 0x1, r0}]}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xfff}, @NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8}]}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0xa8}, 0x1, 0x0, 0x0, 0x40}, 0x4044084) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000002340)={&(0x7f0000002280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000002300)={&(0x7f00000022c0)={0x24, 0x1, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4048890}, 0x4c010) openat(r2, &(0x7f0000002380)='./file0\x00', 0x2, 0x2) setsockopt$sock_void(r1, 0x1, 0x77, 0x0, 0x0) 17:09:57 executing program 1: r0 = memfd_create(&(0x7f0000000000)='[}])&&[\x00', 0x3) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r0, 0x40049366, &(0x7f0000000040)) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305) r1 = socket$inet_icmp(0x2, 0x2, 0x1) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e23, 0xd6d, @mcast2, 0x7}, 0x1c) pread64(r1, &(0x7f00000000c0)=""/110, 0x6e, 0x2) ioctl$SNAPSHOT_UNFREEZE(0xffffffffffffffff, 0x3302) ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000140)={0x80000000, 0x9, 0xe21, 0x3, 0x5}) memfd_create(&(0x7f0000000180)='\x00', 0x6) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) stat(&(0x7f0000001540)='./file0\x00', &(0x7f0000001580)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = getegid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000001600)={{0x1, 0x1, 0x18, r1, {r2, r3}}, './file0\x00'}) ioctl$SNAPSHOT_S2RAM(r4, 0x330b) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000001640)={{0x1, 0x1, 0x18, r0, {0x5}}, './file0\x00'}) write$binfmt_misc(r5, &(0x7f0000001680)={'syz0', "5bb372c3db77094f762e72b57995fdbb1f111e013a584f88bc5fb78fd2855b6ad13bf898ec8ad12793969f1042ef06d7640f091b"}, 0x38) fchdir(r0) msgctl$MSG_STAT(0xffffffffffffffff, 0xb, &(0x7f00000016c0)=""/183) getsockopt$inet_tcp_buf(r5, 0x6, 0x1f, &(0x7f0000001780), &(0x7f00000017c0)) 17:09:57 executing program 2: statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x400, 0x43, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f00000001c0)=@abs, 0x6e, &(0x7f00000014c0)=[{&(0x7f0000000240)=""/137, 0x89}, {&(0x7f0000000300)=""/187, 0xbb}, {&(0x7f00000003c0)=""/51, 0x33}, {&(0x7f0000000400)=""/153, 0x99}, {&(0x7f00000004c0)=""/4096, 0x1000}], 0x5, &(0x7f0000001540)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}, @cred={{0x1c}}], 0xa0}, 0x40000000) getgroups(0x3, &(0x7f0000001680)=[0xee00, 0xee00, 0xee00]) getresgid(&(0x7f00000016c0)=0x0, &(0x7f0000001700)=0x0, &(0x7f0000001740)) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000001780)={{}, {0x1, 0x3}, [{0x2, 0x5}], {0x4, 0x1}, [{0x8, 0x3, 0xffffffffffffffff}, {0x8, 0xd, r0}, {0x8, 0x2, 0xffffffffffffffff}, {0x8, 0x6, r3}, {0x8, 0x2}, {0x8, 0x7, r4}, {0x8, 0x6, 0xffffffffffffffff}, {0x8, 0x0, 0xee00}, {0x8, 0x6, r6}], {}, {0x20, 0x5}}, 0x74, 0x2) r8 = syz_io_uring_complete(0x0) r9 = syz_open_dev$mouse(&(0x7f0000001840), 0xfffffffffffffffe, 0xd4c5e621bc4ef221) mount_setattr(r8, &(0x7f0000001800)='./file0/../file0\x00', 0x100, &(0x7f0000001880)={0x4, 0x0, 0xa0000, {r9}}, 0x20) mount_setattr(r1, &(0x7f00000018c0)='./file0\x00', 0x900, &(0x7f0000001900)={0x5, 0x100070, 0x0, {r8}}, 0x20) creat(&(0x7f0000001940)='./file0/../file0\x00', 0x8) clock_gettime(0x0, &(0x7f00000019c0)={0x0, 0x0}) utimes(&(0x7f0000001980)='./file0\x00', &(0x7f0000001a00)={{r10, r11/1000+60000}, {0x0, 0x2710}}) syncfs(0xffffffffffffffff) lstat(&(0x7f0000001a40)='./file0\x00', &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r14 = getgid() setgroups(0x6, &(0x7f0000001b80)=[r12, r13, r7, r2, r14, r5]) r15 = syz_open_dev$vcsa(&(0x7f0000001bc0), 0x0, 0x8800) recvmsg$unix(r15, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000003f80)=[{&(0x7f0000001c00)=""/4096, 0x1000}, {&(0x7f0000002c00)=""/90, 0x5a}, {&(0x7f0000002c80)=""/200, 0xc8}, {&(0x7f0000002d80)=""/106, 0x6a}, {&(0x7f0000002e00)=""/4096, 0x1000}, {&(0x7f0000003e00)=""/182, 0xb6}, {&(0x7f0000003ec0)=""/190, 0xbe}], 0x7, &(0x7f0000004000)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}, 0x2000) setgroups(0x4, &(0x7f00000040c0)=[r16, r2, r12, r6]) 17:09:57 executing program 3: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffffffffffffffff}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x20}}, './file0\x00'}) ioctl(r0, 0x8, &(0x7f00000000c0)="7e799e95c00c9e58baa75161e5c3721ea3d1ce3f7a60282c356319cc9b4a1401cc2b875e1c6a8191746a6f917be8966c7f267b3cd8c9142158f10b963b886ed55baf96684f3188f958ffed5583e37c6a6d9bcb456435ec66c1aa96fe8e721050fb844e7429216cba3c97") r3 = syz_open_dev$mouse(&(0x7f0000000140), 0xe3e, 0x48042) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000180)={{0x1, 0x1, 0x18, r3, {0x2}}, './file0\x00'}) ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f00000001c0)) ioctl$AUTOFS_IOC_SETTIMEOUT(r1, 0x80049367, &(0x7f0000000200)=0x1e) recvmmsg$unix(r2, &(0x7f0000003080)=[{{&(0x7f0000000240)=@abs, 0x6e, &(0x7f0000001540)=[{&(0x7f00000002c0)=""/112, 0x70}, {&(0x7f0000000340)=""/100, 0x64}, {&(0x7f00000003c0)=""/55, 0x37}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/65, 0x41}, {&(0x7f0000001480)=""/129, 0x81}], 0x6, &(0x7f00000015c0)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}}, {{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001640)=""/5, 0x5}], 0x1, &(0x7f00000016c0)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x130}}, {{&(0x7f0000001800), 0x6e, &(0x7f0000002f40)=[{&(0x7f0000001880)=""/82, 0x52}, {&(0x7f0000001900)=""/4096, 0x1000}, {&(0x7f0000002900)=""/232, 0xe8}, {&(0x7f0000002a00)=""/166, 0xa6}, {&(0x7f0000002ac0)=""/212, 0xd4}, {&(0x7f0000002bc0)=""/165, 0xa5}, {&(0x7f0000002c80)=""/174, 0xae}, {&(0x7f0000002d40)=""/235, 0xeb}, {&(0x7f0000002e40)=""/189, 0xbd}, {&(0x7f0000002f00)=""/51, 0x33}], 0xa, &(0x7f0000003000)=[@cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x68}}], 0x3, 0x0, &(0x7f0000003140)={0x0, 0x989680}) setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000003180)={@rand_addr=0x64010101, @multicast1, @rand_addr=0x64010102}, 0xc) r11 = socket$inet_udp(0x2, 0x2, 0x0) recvmsg(r11, &(0x7f00000033c0)={&(0x7f00000031c0)=@hci, 0x80, &(0x7f0000003340)=[{&(0x7f0000003240)=""/88, 0x58}, {&(0x7f00000032c0)=""/29, 0x1d}, {&(0x7f0000003300)}], 0x3, &(0x7f0000003380)=""/11, 0xb}, 0x200) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r9, 0x89f6, &(0x7f0000003480)={'ip6gre0\x00', &(0x7f0000003400)={'sit0\x00', 0x0, 0x2f, 0x0, 0x6, 0x5, 0x4, @loopback, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x43}}, 0x20, 0x8000, 0x1, 0xe74}}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f00000034c0)={{0x1, 0x1, 0x18, r10, {0x4}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r6, 0xc018937c, &(0x7f0000003500)={{0x1, 0x1, 0x18, r12, {0x1}}, './file0\x00'}) r13 = open$dir(&(0x7f0000003540)='./file0\x00', 0xd9699e4b910b3861, 0x0) openat(r13, &(0x7f0000003580)='./file0\x00', 0x208000, 0x8) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r7, 0xc0189372, &(0x7f00000035c0)={{0x1, 0x1, 0x18, r8, {0x80000000}}, './file1\x00'}) r14 = openat$bsg(0xffffffffffffff9c, &(0x7f0000003600), 0xa82, 0x0) ioctl$sock_inet_SIOCADDRT(r14, 0x890b, &(0x7f0000003680)={0x0, {0x2, 0x4e20, @private=0xa010101}, {0x2, 0x4e20, @private=0xa010101}, {0x2, 0x4e22, @rand_addr=0x64010102}, 0x201, 0x0, 0x0, 0x0, 0x4, &(0x7f0000003640)='ip6erspan0\x00', 0x3, 0x8, 0x1}) 17:09:57 executing program 4: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00}}, './file0\x00'}) sendmsg$AUDIT_TTY_GET(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3f8, 0x100, 0x70bd29, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x2400c0c5}, 0x40800) r1 = syz_open_dev$vcsu(&(0x7f0000000140), 0x3, 0x8800) sendmsg$AUDIT_TTY_SET(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x18, 0x3f9, 0x400, 0x70bd26, 0x25dfdbfe, {0x1, 0x1}, ["", "", "", "", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'veth1_to_bridge\x00'}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000000340)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @in_args={0x1}}, './file0\x00'}) perf_event_open(&(0x7f00000002c0)={0x5, 0x80, 0x6, 0x93, 0x9, 0xff, 0x0, 0x7, 0x100, 0x5, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x4, @perf_config_ext={0x3, 0x7ff}, 0x8000, 0x9, 0x4, 0x7, 0x5, 0x5, 0x40, 0x0, 0xffffb6df, 0x0, 0x7}, 0xffffffffffffffff, 0x1, r2, 0x8) r3 = openat2(r1, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x4000, 0x43, 0x15}, 0x18) sendmsg$NL80211_CMD_SET_BEACON(r3, &(0x7f00000007c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000440)={0x324, 0x0, 0x800, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0x9b, 0x2a, [@perr={0x84, 0x7b, {0x7, 0x7, [@ext={{}, @device_a, 0xfff, @broadcast, 0x12}, @ext={{}, @broadcast, 0x7, @device_b, 0x40}, @ext={{}, @broadcast, 0x0, @broadcast, 0x15}, @not_ext={{}, @device_b, 0x8, "", 0x1}, @ext={{}, @broadcast, 0x5, @device_b, 0x35}, @not_ext={{}, @device_b, 0x7fa, "", 0x42}, @ext={{}, @broadcast, 0x80, @broadcast, 0x1d}]}}, @mic={0x8c, 0x18, {0x430, "63ce626c65b8", @long="cb015eb813b40e1f58fc85afeb1f009d"}}]}, @NL80211_ATTR_PROBE_RESP={0x269, 0x91, "c6115b9c310dbea76cf10048fccabb0148a8ebb2d85fe310154d32176752acd26fa350a32ac0aebf81a411fb52d432f2d717d2f83a49ed49e164dce6ab22f4409e5f9a153042b73d520bf8175394c3a8b58bab9f6ee204a6ff66085ec44667f56677efbcfde79a7353be4cbe454deca8fffe6100ed37b47c650c7c187615e554ffb40a8955948f46be412c705d34d23ef8ba5b0a6a54e88680595d1c0d1ea6a5a41aa0bafaa93047e08096680e8a942e270492d16bd380af24a9ca3aaa77e4595d5aaf684e47503c95faa2492d7408ab2071be84befc1345b00ac41b3b1ad4dda81d920002669ba840d8751c33690b51f60f21e9c214609e6847ea20e803081863baf313e5dedb1cd0a7379a0a06d61d6c2154a06b06416238bf028227db2023d779bb22646f7e01bf18604337b3e121e0cb2e9696426f0b7d3cf9d8d745b6b0f5e47effccf00a64309a4a16d38fa1032627a910aa814255888c85cbf2a4625a57d00b506d07460c41fb360365d6bbe99e07597becacf4a578702a8ccfa5c1d57874944d0a142573859cb2d498945bdcd7e45d661cc8d9175746a85928e96e14b91856b62d4e2c86f3200f3f45b0da036be68161eec05cfeec9f98ee9162b3b371d7843f30604342d16dea48f948cce3d14ae144ab864685a6d7d4b172d1f39e7388d8b009550c6ae3430b72dec8218189ef1d3587e1fd8b2d0e927e9f95ba1420259e1be64b60eaa28e0007ca028888f7704ffb50a26bd979748ba240a1ccda4d111825da27b7f883f73be4d8e54abf5db6da7226d153242fe13c73136b17b0844c30e672d71a29d77f9ab1ec8c53d509f26a2eeaecf1a80b8a2d2beb878b671581c3db1d"}]}, 0x324}, 0x1, 0x0, 0x0, 0x4004001}, 0x4000000) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000800)={r2, 0x3, 0x454, 0x401}) write$binfmt_aout(r4, &(0x7f0000000840)={{0x107, 0x6c, 0x51, 0x367, 0x2f9, 0xb99fd4, 0x113, 0x8}, "", ['\x00', '\x00', '\x00', '\x00']}, 0x420) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000c80), 0xc, &(0x7f0000000d40)={&(0x7f0000000cc0)={0x64, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x6}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5f5}]}, 0x64}, 0x1, 0x0, 0x0, 0x40004}, 0x0) r5 = socket$inet_icmp(0x2, 0x2, 0x1) fcntl$setstatus(r5, 0x4, 0x400) r6 = syz_open_dev$mouse(&(0x7f0000000dc0), 0x9, 0x44800) accept$unix(r6, &(0x7f0000000e00), &(0x7f0000000e80)=0x6e) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp(0x0, 0xffffffffffffffff, 0x5, r3, r7) sendmsg$TIPC_NL_MON_SET(r3, &(0x7f00000010c0)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001080)={&(0x7f0000000f00)={0x164, 0x0, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x5c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffff001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000000}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NODE={0x5c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x660}, @TIPC_NLA_NODE_KEY={0x45, 0x4, {'gcm(aes)\x00', 0x1d, "c4eb8524892685d7a8cc318b0ae7c17425bb9e2c2d5850ab0dbaf13f1f"}}]}, @TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffe408}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffffc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK={0x74, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xaa}]}]}]}, 0x164}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000001140)={0x1, 0x9, [@random="c506de7674a9", @broadcast, @broadcast, @local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @random="ad03334e9bd5", @local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}]}) [ 66.338313] audit: type=1400 audit(1664816997.741:6): avc: denied { execmem } for pid=286 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 17:09:57 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x400000, 0x40) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.log\x00', 0x115041, 0x0) r2 = pidfd_getfd(r0, r1, 0x0) r3 = pidfd_getfd(r2, r2, 0x0) fcntl$setflags(r2, 0x2, 0x0) io_uring_register$IORING_UNREGISTER_EVENTFD(r2, 0x5, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r4, 0x8008f511, &(0x7f0000000080)) fcntl$addseals(r1, 0x409, 0x0) fsetxattr$trusted_overlay_origin(r2, &(0x7f00000000c0), &(0x7f0000000100), 0x2, 0x1) dup2(r2, r0) r5 = openat$incfs(r3, &(0x7f0000000140)='.log\x00', 0xcc101, 0xe0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) sendmsg$NL80211_CMD_GET_MPATH(r5, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r6, 0x4, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x68}, 0x1, 0x0, 0x0, 0x20008090}, 0x20000085) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r7, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4804}, 0x20000014) ioctl$BINDER_CTL_ADD(r5, 0xc1086201, &(0x7f0000000440)={'custom1\x00'}) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000580)) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f00000005c0), r8) 17:09:57 executing program 6: sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x3, 0x8, 0x201, 0x0, 0x0, {0xa, 0x0, 0x8}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0xc0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x64, r1, 0x200, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x15}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x15}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa3}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xb}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}, @IEEE802154_ATTR_COORD_PAN_ID={0x6}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0002}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4881}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r2, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x40, r1, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0xc9}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x4) sendmsg$NLBL_UNLABEL_C_LIST(r0, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xd4, 0x0, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'macvlan0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x22, 0x7, 'system_u:object_r:shadow_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @rand_addr=0x64010101}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'macvlan1\x00'}, @NLBL_UNLABEL_A_SECCTX={0x29, 0x7, 'system_u:object_r:setfiles_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_to_batadv\x00'}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:auditd_var_run_t:s0\x00'}]}, 0xd4}, 0x1, 0x0, 0x0, 0xc00c000}, 0x40) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000540), r3) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f00000005c0), r3) sendmsg$NL802154_CMD_SET_CHANNEL(r4, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x34, r5, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x17}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x10}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4) sendmsg$NLBL_MGMT_C_VERSION(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x14, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x80) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_ADD(r4, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x1c, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8064}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000900)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x28, 0x0, 0x20, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x9, 0xb}}}}, ["", "", ""]}, 0x28}}, 0x4) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_VERSION(r7, &(0x7f0000000b40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a40)={0x90, 0x0, 0x2, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_DOMAIN={0x9, 0x1, '}-[!\x00'}, @NLBL_MGMT_A_DOMAIN={0xa, 0x1, 'wpan1\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_DOMAIN={0x11, 0x1, '802.15.4 MAC\x00'}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}, @NLBL_MGMT_A_DOMAIN={0x11, 0x1, '802.15.4 MAC\x00'}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0xd680d98d652b08f4}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @broadcast}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast2}]}, 0x90}, 0x1, 0x0, 0x0, 0x4}, 0x10) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f0000000c40)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x3c, 0xf, 0x6, 0x801, 0x0, 0x0, {0xc, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x1}, @IPSET_ATTR_INDEX={0x6, 0xb, 0xffffffffffffffff}]}, 0x3c}}, 0x20080000) 17:09:57 executing program 7: syz_genetlink_get_family_id$net_dm(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r0, 0x2, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x400c841}, 0x40) sendmsg$NL80211_CMD_START_NAN(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x0, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x8, 0x59}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x9}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xb7}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xb}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x4c021) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffff7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040041}, 0x40000000) sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x40, r0, 0x200, 0x70bd29, 0x8, {}, [@NLBL_MGMT_A_DOMAIN={0xb, 0x1, 'NET_DM\x00'}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xb}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000094}, 0x48001) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r1, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0xe88aaed8d0e1f52a}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x2c, 0x0, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x5}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc800}, 0x10) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, r0, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000854}, 0xc0c0) sendmsg$NET_DM_CMD_START(r1, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x14, 0x0, 0x8, 0x70bd25, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4041}, 0x4000000) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x40, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x44}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000900)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x48, 0x0, 0x200, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x5c}, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x80, 0x2f}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x6}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x2}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0xe6ac}]}, 0x48}}, 0x1) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x40, 0x0, 0x800, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="dc62733894a3"}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x2}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}]}, 0x40}, 0x1, 0x0, 0x0, 0x200448e4}, 0x810) sendmsg$DEVLINK_CMD_PORT_SET(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000c80)={&(0x7f0000000b80)={0xf8, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x6, 0x4, 0x3}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x2}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x6, 0x4, 0x3}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x1}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x8084}, 0x1) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000d40), r1) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x2c, r3, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x37}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004004}, 0x4040814) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e80), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000ec0)={0xf0, r4, 0x2, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x6c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfc05}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x411}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_NODE={0x64, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x45, 0x4, {'gcm(aes)\x00', 0x1d, "11d39e93a6148ed72ee49e48fef96aafac61b49319e326dbc066896c1d"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3fffc00}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) [ 67.696489] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.697672] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.699575] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.700348] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.702682] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.703427] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.708299] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.712267] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.715030] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.717934] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.719230] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.759435] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.784486] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 67.786132] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.793596] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 67.795053] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.797100] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.798142] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 67.806653] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.806844] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 67.808691] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.810299] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 67.812170] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.812330] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 67.814629] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.815232] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.816189] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 67.822146] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.826666] Bluetooth: hci7: HCI_REQ-0x0c1a [ 67.828282] Bluetooth: hci6: HCI_REQ-0x0c1a [ 67.845495] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.847195] Bluetooth: hci0: HCI_REQ-0x0c1a [ 67.848461] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.856924] Bluetooth: hci1: HCI_REQ-0x0c1a [ 67.858405] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.874624] Bluetooth: hci3: HCI_REQ-0x0c1a [ 67.875915] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 67.877498] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.880169] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.881374] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 67.885085] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.887264] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 67.895073] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.905061] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 67.907447] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.910041] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.911080] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.912430] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 67.913911] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 67.914958] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.920248] Bluetooth: hci5: HCI_REQ-0x0c1a [ 67.930259] Bluetooth: hci2: HCI_REQ-0x0c1a [ 67.942268] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.944280] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 67.945832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 67.950523] Bluetooth: hci4: HCI_REQ-0x0c1a [ 69.839273] Bluetooth: hci7: command 0x0409 tx timeout [ 69.903612] Bluetooth: hci6: command 0x0409 tx timeout [ 69.903657] Bluetooth: hci3: command 0x0409 tx timeout [ 69.904734] Bluetooth: hci1: command 0x0409 tx timeout [ 69.905828] Bluetooth: hci0: command 0x0409 tx timeout [ 69.966939] Bluetooth: hci2: command 0x0409 tx timeout [ 69.967961] Bluetooth: hci4: command 0x0409 tx timeout [ 69.968158] Bluetooth: hci5: command 0x0409 tx timeout [ 71.886862] Bluetooth: hci7: command 0x041b tx timeout [ 71.950886] Bluetooth: hci0: command 0x041b tx timeout [ 71.950906] Bluetooth: hci1: command 0x041b tx timeout [ 71.950932] Bluetooth: hci3: command 0x041b tx timeout [ 71.951298] Bluetooth: hci6: command 0x041b tx timeout [ 72.014864] Bluetooth: hci4: command 0x041b tx timeout [ 72.015313] Bluetooth: hci2: command 0x041b tx timeout [ 72.015829] Bluetooth: hci5: command 0x041b tx timeout [ 73.935875] Bluetooth: hci7: command 0x040f tx timeout [ 73.998886] Bluetooth: hci6: command 0x040f tx timeout [ 73.999919] Bluetooth: hci3: command 0x040f tx timeout [ 74.000645] Bluetooth: hci0: command 0x040f tx timeout [ 74.001418] Bluetooth: hci1: command 0x040f tx timeout [ 74.062899] Bluetooth: hci5: command 0x040f tx timeout [ 74.063675] Bluetooth: hci2: command 0x040f tx timeout [ 74.064484] Bluetooth: hci4: command 0x040f tx timeout [ 75.982834] Bluetooth: hci7: command 0x0419 tx timeout [ 76.046846] Bluetooth: hci1: command 0x0419 tx timeout [ 76.047277] Bluetooth: hci0: command 0x0419 tx timeout [ 76.047680] Bluetooth: hci3: command 0x0419 tx timeout [ 76.048125] Bluetooth: hci6: command 0x0419 tx timeout [ 76.110855] Bluetooth: hci4: command 0x0419 tx timeout [ 76.111345] Bluetooth: hci2: command 0x0419 tx timeout [ 76.111998] Bluetooth: hci5: command 0x0419 tx timeout 17:10:53 executing program 1: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = memfd_secret(0x80000) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) futex(&(0x7f0000000080), 0xd, 0x1, &(0x7f00000000c0), &(0x7f0000000100)=0x1, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000bc0), 0x0) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)={0xe0, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x42}, @void, @val={0xc, 0x99, {0x1, 0x5a}}}}, [@NL80211_ATTR_VENDOR_DATA={0xb8, 0xc5, "404d834e2855844286048c1bfdaa20e590006d377803ed2f679002e7730194c9be6ad57184b0b4ea89259d8f59af26c6e84335a7d6d5fa0bb647bb8c196b6889d666dd248ebac78ccc2a513fba2537283954e64210b243a368dbe1459ca2e1fc3bb19ed751a070f0ed827bbe721c275647eb923404c433774372620cec983cb0d5e448d14cce0feb92acbcb8c0a200c03bb532e319c1a3cc897538abb2b82942b3f853158cb714f2d6fb11d9a0d0939c3925a526"}]}, 0xe0}, 0x1, 0x0, 0x0, 0x8010}, 0x800) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r4, 0xc0105303, &(0x7f0000000c00)={0x0, 0x81}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r4, 0x84009422, &(0x7f0000000140)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) recvmmsg(r1, 0x0, 0x0, 0x21, &(0x7f0000008500)={r2, r3+10000000}) setsockopt$WPAN_WANTLQI(r0, 0x0, 0x3, &(0x7f0000000000), 0x4) 17:10:53 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, 0x0) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000180)=']{\x00', 0x0, 0xffffffffffffffff) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r1, 0xa015000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x11, 0x0, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) setresuid(0x0, 0x0, 0x0) mount$9p_rdma(&(0x7f00000001c0), &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x1001000, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e22,rq=0x0000000000000009,timeout=0x0000000000000006,rq=0x0000000000000001,euid<', @ANYRESDEC=0xee00, @ANYBLOB=',permit_directio,smackfsdef=,uid>', @ANYRESDEC=0x0, @ANYBLOB="2c6d61736b3d4d4159c157524954452c686173682c6f626a5f74577b5a903d721103f5f87970653d76666174002c6f5304ee7f444ac028dc00000000000076", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="05ff232ef592436bf2d9", 0xa}, {&(0x7f0000000100)="9f", 0x1}], 0x2, 0x0, 0x0, 0x0) sendfile(r3, r0, 0x0, 0xfffffdef) [ 121.919905] loop1: detected capacity change from 0 to 40 [ 121.998502] audit: type=1400 audit(1664817053.401:7): avc: denied { open } for pid=3756 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.045278] audit: type=1400 audit(1664817053.448:8): avc: denied { kernel } for pid=3756 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.056400] ------------[ cut here ]------------ [ 122.056422] [ 122.056425] ====================================================== [ 122.056428] WARNING: possible circular locking dependency detected [ 122.056433] 6.0.0-rc7-next-20220930 #1 Not tainted [ 122.056439] ------------------------------------------------------ [ 122.056443] syz-executor.1/3757 is trying to acquire lock: [ 122.056450] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 122.056492] [ 122.056492] but task is already holding lock: [ 122.056495] ffff88800dcf5c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 122.056522] [ 122.056522] which lock already depends on the new lock. [ 122.056522] [ 122.056525] [ 122.056525] the existing dependency chain (in reverse order) is: [ 122.056528] [ 122.056528] -> #3 (&ctx->lock){....}-{2:2}: [ 122.056542] _raw_spin_lock+0x2a/0x40 [ 122.056553] __perf_event_task_sched_out+0x53b/0x18d0 [ 122.056564] __schedule+0xedd/0x2470 [ 122.056578] schedule+0xda/0x1b0 [ 122.056591] futex_wait_queue+0xf5/0x1e0 [ 122.056603] futex_wait+0x28e/0x690 [ 122.056614] do_futex+0x2ff/0x380 [ 122.056623] __x64_sys_futex+0x1c6/0x4d0 [ 122.056633] do_syscall_64+0x3b/0x90 [ 122.056650] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 122.056663] [ 122.056663] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 122.056677] _raw_spin_lock_nested+0x30/0x40 [ 122.056687] raw_spin_rq_lock_nested+0x1e/0x30 [ 122.056701] task_fork_fair+0x63/0x4d0 [ 122.056717] sched_cgroup_fork+0x3d0/0x540 [ 122.056731] copy_process+0x4183/0x6e20 [ 122.056742] kernel_clone+0xe7/0x890 [ 122.056752] user_mode_thread+0xad/0xf0 [ 122.056762] rest_init+0x24/0x250 [ 122.056776] arch_call_rest_init+0xf/0x14 [ 122.056794] start_kernel+0x4c6/0x4eb [ 122.056809] secondary_startup_64_no_verify+0xe0/0xeb [ 122.056823] [ 122.056823] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 122.056836] _raw_spin_lock_irqsave+0x39/0x60 [ 122.056847] try_to_wake_up+0xab/0x1930 [ 122.056860] up+0x75/0xb0 [ 122.056873] __up_console_sem+0x6e/0x80 [ 122.056889] console_unlock+0x46a/0x590 [ 122.056905] vt_ioctl+0x2822/0x2ca0 [ 122.056917] tty_ioctl+0x785/0x16b0 [ 122.056928] __x64_sys_ioctl+0x19a/0x210 [ 122.056942] do_syscall_64+0x3b/0x90 [ 122.056958] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 122.056971] [ 122.056971] -> #0 ((console_sem).lock){....}-{2:2}: [ 122.056984] __lock_acquire+0x2a02/0x5e70 [ 122.057003] lock_acquire+0x1a2/0x530 [ 122.057019] _raw_spin_lock_irqsave+0x39/0x60 [ 122.057029] down_trylock+0xe/0x70 [ 122.057044] __down_trylock_console_sem+0x3b/0xd0 [ 122.057060] vprintk_emit+0x16b/0x560 [ 122.057076] vprintk+0x84/0xa0 [ 122.057091] _printk+0xba/0xf1 [ 122.057103] report_bug.cold+0x72/0xab [ 122.057119] handle_bug+0x3c/0x70 [ 122.057135] exc_invalid_op+0x14/0x50 [ 122.057152] asm_exc_invalid_op+0x16/0x20 [ 122.057164] group_sched_out.part.0+0x2c7/0x460 [ 122.057182] ctx_sched_out+0x8f1/0xc10 [ 122.057198] __perf_event_task_sched_out+0x6d0/0x18d0 [ 122.057209] __schedule+0xedd/0x2470 [ 122.057222] schedule+0xda/0x1b0 [ 122.057235] futex_wait_queue+0xf5/0x1e0 [ 122.057246] futex_wait+0x28e/0x690 [ 122.057256] do_futex+0x2ff/0x380 [ 122.057265] __x64_sys_futex+0x1c6/0x4d0 [ 122.057275] do_syscall_64+0x3b/0x90 [ 122.057291] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 122.057310] [ 122.057310] other info that might help us debug this: [ 122.057310] [ 122.057313] Chain exists of: [ 122.057313] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 122.057313] [ 122.057328] Possible unsafe locking scenario: [ 122.057328] [ 122.057330] CPU0 CPU1 [ 122.057333] ---- ---- [ 122.057335] lock(&ctx->lock); [ 122.057341] lock(&rq->__lock); [ 122.057347] lock(&ctx->lock); [ 122.057353] lock((console_sem).lock); [ 122.057359] [ 122.057359] *** DEADLOCK *** [ 122.057359] [ 122.057361] 2 locks held by syz-executor.1/3757: [ 122.057368] #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 122.057397] #1: ffff88800dcf5c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 122.057423] [ 122.057423] stack backtrace: [ 122.057426] CPU: 1 PID: 3757 Comm: syz-executor.1 Not tainted 6.0.0-rc7-next-20220930 #1 [ 122.057438] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 122.057446] Call Trace: [ 122.057450] [ 122.057454] dump_stack_lvl+0x8b/0xb3 [ 122.057472] check_noncircular+0x263/0x2e0 [ 122.057489] ? format_decode+0x26c/0xb50 [ 122.057505] ? print_circular_bug+0x450/0x450 [ 122.057522] ? simple_strtoul+0x30/0x30 [ 122.057538] ? format_decode+0x26c/0xb50 [ 122.057555] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 122.057572] __lock_acquire+0x2a02/0x5e70 [ 122.057594] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 122.057616] lock_acquire+0x1a2/0x530 [ 122.057632] ? down_trylock+0xe/0x70 [ 122.057649] ? lock_release+0x750/0x750 [ 122.057669] ? vprintk+0x84/0xa0 [ 122.057687] _raw_spin_lock_irqsave+0x39/0x60 [ 122.057698] ? down_trylock+0xe/0x70 [ 122.057714] down_trylock+0xe/0x70 [ 122.057730] ? vprintk+0x84/0xa0 [ 122.057746] __down_trylock_console_sem+0x3b/0xd0 [ 122.057763] vprintk_emit+0x16b/0x560 [ 122.057782] vprintk+0x84/0xa0 [ 122.057799] _printk+0xba/0xf1 [ 122.057810] ? record_print_text.cold+0x16/0x16 [ 122.057826] ? report_bug.cold+0x66/0xab [ 122.057844] ? group_sched_out.part.0+0x2c7/0x460 [ 122.057862] report_bug.cold+0x72/0xab [ 122.057880] handle_bug+0x3c/0x70 [ 122.057897] exc_invalid_op+0x14/0x50 [ 122.057915] asm_exc_invalid_op+0x16/0x20 [ 122.057928] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 122.057949] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 122.057960] RSP: 0018:ffff88800f84f8f8 EFLAGS: 00010006 [ 122.057969] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 122.057977] RDX: ffff888010483580 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 122.057985] RBP: ffff88801a688000 R08: 0000000000000005 R09: 0000000000000001 [ 122.057992] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800dcf5c00 [ 122.058000] R13: ffff88806cf3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 122.058010] ? group_sched_out.part.0+0x2c7/0x460 [ 122.058030] ? group_sched_out.part.0+0x2c7/0x460 [ 122.058050] ctx_sched_out+0x8f1/0xc10 [ 122.058069] __perf_event_task_sched_out+0x6d0/0x18d0 [ 122.058083] ? lock_is_held_type+0xd7/0x130 [ 122.058097] ? __perf_cgroup_move+0x160/0x160 [ 122.058107] ? set_next_entity+0x304/0x550 [ 122.058127] ? lock_is_held_type+0xd7/0x130 [ 122.058141] __schedule+0xedd/0x2470 [ 122.058158] ? io_schedule_timeout+0x150/0x150 [ 122.058173] ? futex_wait_setup+0x166/0x230 [ 122.058187] schedule+0xda/0x1b0 [ 122.058202] futex_wait_queue+0xf5/0x1e0 [ 122.058214] futex_wait+0x28e/0x690 [ 122.058227] ? futex_wait_setup+0x230/0x230 [ 122.058240] ? wake_up_q+0x8b/0xf0 [ 122.058253] ? do_raw_spin_unlock+0x4f/0x220 [ 122.058272] ? futex_wake+0x158/0x490 [ 122.058288] ? fd_install+0x1f9/0x640 [ 122.058303] do_futex+0x2ff/0x380 [ 122.058314] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 122.058330] __x64_sys_futex+0x1c6/0x4d0 [ 122.058343] ? __x64_sys_futex_time32+0x480/0x480 [ 122.058356] ? syscall_enter_from_user_mode+0x1d/0x50 [ 122.058369] ? syscall_enter_from_user_mode+0x1d/0x50 [ 122.058385] do_syscall_64+0x3b/0x90 [ 122.058402] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 122.058415] RIP: 0033:0x7fb93553db19 [ 122.058424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.058435] RSP: 002b:00007fb932ab3218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.058445] RAX: ffffffffffffffda RBX: 00007fb935650f68 RCX: 00007fb93553db19 [ 122.058453] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb935650f68 [ 122.058460] RBP: 00007fb935650f60 R08: 0000000000000000 R09: 0000000000000000 [ 122.058467] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb935650f6c [ 122.058474] R13: 00007ffd4691482f R14: 00007fb932ab3300 R15: 0000000000022000 [ 122.058487] [ 122.117564] WARNING: CPU: 1 PID: 3757 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 122.118251] Modules linked in: [ 122.118494] CPU: 1 PID: 3757 Comm: syz-executor.1 Not tainted 6.0.0-rc7-next-20220930 #1 [ 122.119088] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 122.119923] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 122.120354] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 122.121687] RSP: 0018:ffff88800f84f8f8 EFLAGS: 00010006 [ 122.122073] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 122.122589] RDX: ffff888010483580 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 122.123107] RBP: ffff88801a688000 R08: 0000000000000005 R09: 0000000000000001 [ 122.123626] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800dcf5c00 [ 122.124149] R13: ffff88806cf3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 122.124666] FS: 00007fb932ab3700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 122.125247] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.125689] CR2: 000055cf1196b2b0 CR3: 000000000f68a000 CR4: 0000000000350ee0 [ 122.126206] Call Trace: [ 122.126401] [ 122.126574] ctx_sched_out+0x8f1/0xc10 [ 122.126877] __perf_event_task_sched_out+0x6d0/0x18d0 [ 122.127253] ? lock_is_held_type+0xd7/0x130 [ 122.127570] ? __perf_cgroup_move+0x160/0x160 [ 122.127909] ? set_next_entity+0x304/0x550 [ 122.128236] ? lock_is_held_type+0xd7/0x130 [ 122.128554] __schedule+0xedd/0x2470 [ 122.128837] ? io_schedule_timeout+0x150/0x150 [ 122.129183] ? futex_wait_setup+0x166/0x230 [ 122.129514] schedule+0xda/0x1b0 [ 122.129773] futex_wait_queue+0xf5/0x1e0 [ 122.130076] futex_wait+0x28e/0x690 [ 122.130350] ? futex_wait_setup+0x230/0x230 [ 122.130665] ? wake_up_q+0x8b/0xf0 [ 122.130936] ? do_raw_spin_unlock+0x4f/0x220 [ 122.131271] ? futex_wake+0x158/0x490 [ 122.131563] ? fd_install+0x1f9/0x640 [ 122.131853] do_futex+0x2ff/0x380 [ 122.132118] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 122.132544] __x64_sys_futex+0x1c6/0x4d0 [ 122.132850] ? __x64_sys_futex_time32+0x480/0x480 [ 122.133209] ? syscall_enter_from_user_mode+0x1d/0x50 [ 122.133605] ? syscall_enter_from_user_mode+0x1d/0x50 [ 122.133991] do_syscall_64+0x3b/0x90 [ 122.134278] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 122.134663] RIP: 0033:0x7fb93553db19 [ 122.134936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.136241] RSP: 002b:00007fb932ab3218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.136786] RAX: ffffffffffffffda RBX: 00007fb935650f68 RCX: 00007fb93553db19 [ 122.137299] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb935650f68 [ 122.137828] RBP: 00007fb935650f60 R08: 0000000000000000 R09: 0000000000000000 [ 122.138345] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb935650f6c [ 122.138860] R13: 00007ffd4691482f R14: 00007fb932ab3300 R15: 0000000000022000 [ 122.139390] [ 122.139572] irq event stamp: 7242 [ 122.139846] hardirqs last enabled at (7241): [] syscall_enter_from_user_mode+0x1d/0x50 [ 122.140570] hardirqs last disabled at (7242): [] __schedule+0x1225/0x2470 [ 122.141189] softirqs last enabled at (6352): [] __irq_exit_rcu+0x11b/0x180 [ 122.141833] softirqs last disabled at (6307): [] __irq_exit_rcu+0x11b/0x180 [ 122.142459] ---[ end trace 0000000000000000 ]--- [ 122.191164] syz-executor.1: attempt to access beyond end of device [ 122.191164] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 122.192145] Buffer I/O error on dev loop1, logical block 10, lost async page write 17:10:53 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, 0x0) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000180)=']{\x00', 0x0, 0xffffffffffffffff) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r1, 0xa015000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x11, 0x0, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) setresuid(0x0, 0x0, 0x0) mount$9p_rdma(&(0x7f00000001c0), &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x1001000, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e22,rq=0x0000000000000009,timeout=0x0000000000000006,rq=0x0000000000000001,euid<', @ANYRESDEC=0xee00, @ANYBLOB=',permit_directio,smackfsdef=,uid>', @ANYRESDEC=0x0, @ANYBLOB="2c6d61736b3d4d4159c157524954452c686173682c6f626a5f74577b5a903d721103f5f87970653d76666174002c6f5304ee7f444ac028dc00000000000076", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="05ff232ef592436bf2d9", 0xa}, {&(0x7f0000000100)="9f", 0x1}], 0x2, 0x0, 0x0, 0x0) sendfile(r3, r0, 0x0, 0xfffffdef) [ 122.298269] loop1: detected capacity change from 0 to 40 [ 122.404173] syz-executor.1: attempt to access beyond end of device [ 122.404173] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 122.405293] Buffer I/O error on dev loop1, logical block 10, lost async page write 17:10:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="140000000200007f9b29e800000000e9b66d0c163b4de64a782271eb"], 0x0) perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0xd2, 0x6, 0x8, 0xf7, 0x0, 0x2, 0x200, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x80000000, 0xffffffffffff532d}, 0x210, 0x40025cb, 0x4, 0x0, 0x6, 0x2, 0x0, 0x0, 0xfffff000, 0x0, 0x200}, 0x0, 0xb, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x37bc, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, &(0x7f00000006c0)) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000004c0)) r1 = syz_mount_image$nfs(&(0x7f0000000180), &(0x7f0000000300)='./file0\x00', 0x5, 0x4, &(0x7f00000008c0)=[{&(0x7f00000003c0)="76ec59dba075dd5ee268a1c3edc905a427f725a0e126c0ba05165d8eb1e8c0957823924cef2d79617579abbff75817c8a856151db40cd2f8c9f3e3166cface2e93941d6048e2f6fae8b77fa05fd13955711217ef05c96d9943225dd50dd65d11876eb44b8b420cb0b416e6cde031e17b2360932c7ad5f9fdd9020a5952006c81c1a3565af91883cadc8b51fe60aa80093c33a0894be68d7b9d1720c2d1f45a86dcc894cfa41ee74d8c9c6dfb5cc2032373387ad3d059a3859c994243391e216aa4d5ba6e781f046416", 0xc9, 0x100000001}, {&(0x7f0000000700)="2085288acf6694c88893a911014f95f71cbe8e1b5e70abc890f5ab5fa2dc2f39edd999f7913238f9f6299dd33242415d87f3f5d2b2387570b38929164002c71a4bb83c6249805d3198f74dbaddb65c4620f5952e06858e8ccef8ec33abf9c21fdafc0ac0760a575ee0a95201b9abca1c5c97a1b9d0823d97363d1342245fd77ae01560549dba25a317353867e8092febc435e524c2e8330cc5d7d6e7e2cfa923d66d7e646b132fa9aca7b8ff34195f153dab85effdfd1223194202", 0xbb, 0x8}, {&(0x7f0000000340)="1038782e9cf2a45e159f3b43bb8c970fd05b", 0x12, 0x7}, {&(0x7f00000007c0)="26279964b30ab11dabf4dc1a91e388e6cdff79f99e145834ebe1ff28dbc7153e640bc20ee5939214db0cc7a78d54df437d21e88332d46835ee7ef35999aa9e6b0871a81cb13832a270ca74c20144ab0ac0bf55bdabec89fce3398f239ae204e50d8f3eb433b969a5e6ac48fc148a1b91fff61aa93deb9d9aa93b570830f797e5cdff287684232e0f65f724dd0ae75f365e44aeeebadbf90a8cc88c77c57acb19a45f4b59ac2098dafed0761735628c9bef0b9a4b3155808a3eb37f23c76604fe3d0c0f00548ba55ca6dec7fe909b76bf967d5bf23c70c69bf8c5e08dda69a300d0c8dd707532f2b757e7c6f1f539", 0xee, 0xb9}], 0x40022, &(0x7f0000000940)={[{'/&\\.'}], [{@pcr={'pcr', 0x3d, 0x6}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x64, 0x32, 0x62, 0x51, 0x35, 0x65, 0x30], 0x2d, [0x62, 0x32, 0x31, 0x30], 0x2d, [0x30, 0x65, 0x51, 0x34], 0x2d, [0x39, 0x33, 0x0, 0x32], 0x2d, [0x37, 0x0, 0x31, 0x51, 0x36, 0x62, 0x36, 0x32]}}}, {@obj_type={'obj_type', 0x3d, '):\''}}, {@dont_measure}]}) openat(r1, &(0x7f00000009c0)='./file0\x00', 0x64800, 0x90) r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, r2, 0x0) syz_io_uring_setup(0xaaf, &(0x7f0000000100)={0x0, 0x0, 0x10, 0x4, 0x17, 0x0, r2}, &(0x7f0000fef000/0x2000)=nil, &(0x7f0000fef000/0x11000)=nil, &(0x7f00000001c0), &(0x7f0000000380)) [ 122.539158] audit: type=1400 audit(1664817053.941:9): avc: denied { write } for pid=3801 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.549207] loop1: detected capacity change from 0 to 264192 [ 122.619620] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 122.620368] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 122.620893] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 122.621389] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 40 00 [ 122.621949] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [ 122.623285] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.623693] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.624325] Buffer I/O error on dev sr0, logical block 0, async page read [ 122.624986] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.625405] I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.626004] Buffer I/O error on dev sr0, logical block 1, async page read [ 122.626634] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.627146] I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.627725] Buffer I/O error on dev sr0, logical block 2, async page read [ 122.628371] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.628752] I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.629361] Buffer I/O error on dev sr0, logical block 3, async page read [ 122.630044] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.630431] I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.631027] Buffer I/O error on dev sr0, logical block 4, async page read [ 122.631647] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.632104] I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.632677] Buffer I/O error on dev sr0, logical block 5, async page read [ 122.633357] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.633737] I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.634320] Buffer I/O error on dev sr0, logical block 6, async page read [ 122.634974] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.635356] I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.635945] Buffer I/O error on dev sr0, logical block 7, async page read [ 122.636742] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.637152] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.637923] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.638432] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.638981] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.639478] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.640043] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.640541] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.641147] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.641846] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.642387] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.643028] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.643558] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.644081] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.644661] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.645219] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.645803] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 17:10:54 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x0, 0x40000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000140)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r4 = fcntl$dupfd(r2, 0x0, r0) getsockopt$bt_BT_SNDMTU(r4, 0x112, 0xc, &(0x7f0000000000)=0x4, &(0x7f00000001c0)=0x2) fallocate(r3, 0x10, 0x0, 0x7ffc) r5 = socket$inet_tcp(0x2, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) shutdown(r5, 0x1) lseek(0xffffffffffffffff, 0x4, 0x6b417b1c08756aa5) r6 = fcntl$dupfd(r3, 0x0, r2) sendfile(r2, r6, 0x0, 0x1ff) r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fcntl$dupfd(r8, 0x0, r7) perf_event_open$cgroup(&(0x7f0000000400)={0x1, 0x80, 0x45, 0xfe, 0x80, 0x4, 0x0, 0x4, 0x80000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x81, 0x4, @perf_bp={&(0x7f0000000200), 0x2}, 0x100b2, 0x5, 0x0, 0x7, 0x81f5, 0x8000, 0x81, 0x0, 0x5, 0x0, 0x7}, r6, 0xe, r8, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000480)=ANY=[@ANYRES16=r7, @ANYRES64, @ANYRESOCT=r0, @ANYRES16=r7]) 17:10:54 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp\x00') lseek(r1, 0xb2, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'lo\x00'}) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @broadcast}}}], 0x20}, 0x0) recvmmsg(r0, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40000042, 0x0) 17:10:54 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) pwrite64(r2, &(0x7f0000000080)="ee35", 0x2, 0xfff) pwrite64(r3, &(0x7f0000000140)="c0", 0x1, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) r4 = syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x80, 0x6, &(0x7f0000000500)=[{&(0x7f00000001c0)="a30b7f2365d03d6343df6d5dc8af3a4bb41b5cc4e1dfa1630d778e43c4bc2a6ff29f861e8b106713cfbae5725898fb030f446f59f777b9a0a9d58cfd145d8ddb07da7ad7588e5a6640f3456a78156324a392c4a3f47a86f17d231616b87e9649f7ddd6a2ecf84a5154e7eccc2f4e4da0e55104add76dcf04357dda49e9c1fdbffa2f6b358079d87c695f73242a4370084b1d87a0dc218f7188", 0x99, 0x6}, {&(0x7f0000000280)="1256cbc0cb97499df50da6f8d3531d0319888db98620d8f4da87cd0a80c8a24a96ab667a", 0x24, 0x1}, {&(0x7f00000002c0)="34e0bddd6e58a37b1ae2ee6cd10e3277710b", 0x12, 0x5}, {&(0x7f0000000300)="8324d8ad71f3f6f4012ae81857176ed5132d9f151490233d95e03d2f468f363eba57573c9fdce95edc483f3b4a6ba417193133279db47459a3a3c8783469276ef886113445fd9ac851", 0x49, 0x2}, {&(0x7f0000000380)="79dad8aa3821fe8ff5f912b7bd25d74de5fbfc9b8607b2457d008679a844dbbd0302c45c60f33c7f7adf7a6948943c358ca4c18999539f32f11c2ba73639eb858aa3ae29c9d2019af4e50254d4c0775d95a08f21f757c695a0b261248c7482ec7a361e81a50a2b79795b5f33cc9182bfd888461f820aeb0ecf3cca4d20d3314e32f2f37b811add2ee0448e2e8406bcc14956dd8b77f093a2a4623ec894528873fa2fcf780238e6ec4c0c1505ef03ab805637fb833cf5e29e8134570c9e0e6ddea909db72081764ad7ff9ce771afbee", 0xcf, 0x2}, {&(0x7f0000000480)="bde1e7e0857db55f21ffe0034684d447ecfadcd76f7050a6c314204bd91a69ff6048400bc8cd3c209b82f7d0aa22ce78f1b6dc998b9cb353389d7ce01c9ffd2da4238ed06c05", 0x46, 0x8}], 0x3020000, &(0x7f00000005c0)={[{@mpol={'mpol', 0x3d, {'local', '', @void}}}, {@huge_advise}, {@nr_inodes={'nr_inodes', 0x3d, [0x37, 0x34, 0x35, 0x6b, 0x38, 0x37]}}, {@huge_within_size}, {@nr_inodes={'nr_inodes', 0x3d, [0x32, 0x35]}}], [{@appraise_type}, {@fsname={'fsname', 0x3d, '\xa3#-\':'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '\''}}, {@uid_gt}, {@obj_user={'obj_user', 0x3d, ']{,'}}, {@smackfstransmute}, {@func={'func', 0x3d, 'BPRM_CHECK'}}]}) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000bc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r5, 0xc0105303, &(0x7f0000000c00)={0x0, 0x81}) ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000680)={0x0, r5, 0x4, 0x977, 0x8, 0x8}) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r1}) 17:10:54 executing program 5: syslog(0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) openat(r0, &(0x7f0000000100)='./file1\x00', 0x8c0100, 0xd2) sendfile(r0, 0xffffffffffffffff, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000ee", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) perf_event_open(&(0x7f0000000440)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x80000000, 0x7, 0x2c5}, 0xffffffffffffffff, 0xe, r0, 0x8) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x110, 0xffffffffffffffff, 0x0) syz_io_uring_complete(r1) VM DIAGNOSIS: 17:10:53 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000001 RCX=1ffff11007e06e96 RDX=1ffff11007e06e94 RSI=ffff88803f037450 RDI=ffff88803f037450 RBP=ffff88803f0374b0 RSP=ffff88803f037388 R8 =ffffffff85e41d80 R9 =ffffffff85e41d84 R10=ffffed1007e06e98 R11=ffff88803f037498 R12=ffff88803f037499 R13=ffff88803f0374b8 R14=ffff88803f037458 R15=ffffffff85e41d85 RIP=ffffffff8111abff RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000562696cfb080 CR3=000000000e79e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=000000000000006c RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823bb0f1 RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff88800f84f340 R8 =0000000000000001 R9 =000000000000000a R10=000000000000006c R11=0000000000000001 R12=000000000000006c R13=ffffffff8765a960 R14=0000000000000010 R15=ffffffff823bb0e0 RIP=ffffffff823bb149 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb932ab3700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055cf1196b2b0 CR3=000000000f68a000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000