Warning: Permanently added '[localhost]:29668' (ECDSA) to the list of known hosts. 2022/10/06 19:16:07 fuzzer started 2022/10/06 19:16:08 dialing manager at localhost:37161 syzkaller login: [ 44.093914] cgroup: Unknown subsys name 'net' [ 44.195622] cgroup: Unknown subsys name 'rlimit' 2022/10/06 19:16:22 syscalls: 2215 2022/10/06 19:16:22 code coverage: enabled 2022/10/06 19:16:22 comparison tracing: enabled 2022/10/06 19:16:22 extra coverage: enabled 2022/10/06 19:16:22 setuid sandbox: enabled 2022/10/06 19:16:22 namespace sandbox: enabled 2022/10/06 19:16:22 Android sandbox: enabled 2022/10/06 19:16:22 fault injection: enabled 2022/10/06 19:16:22 leak checking: enabled 2022/10/06 19:16:22 net packet injection: enabled 2022/10/06 19:16:22 net device setup: enabled 2022/10/06 19:16:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/06 19:16:22 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/06 19:16:22 USB emulation: enabled 2022/10/06 19:16:22 hci packet injection: enabled 2022/10/06 19:16:22 wifi device emulation: failed to parse kernel version (6.0.0-next-20221006) 2022/10/06 19:16:22 802.15.4 emulation: enabled 2022/10/06 19:16:22 fetching corpus: 50, signal 26740/28451 (executing program) 2022/10/06 19:16:22 fetching corpus: 100, signal 32354/35693 (executing program) 2022/10/06 19:16:22 fetching corpus: 150, signal 38984/43778 (executing program) 2022/10/06 19:16:22 fetching corpus: 200, signal 45307/51396 (executing program) 2022/10/06 19:16:23 fetching corpus: 250, signal 52826/60077 (executing program) 2022/10/06 19:16:23 fetching corpus: 300, signal 60539/68787 (executing program) 2022/10/06 19:16:23 fetching corpus: 350, signal 64463/73811 (executing program) 2022/10/06 19:16:23 fetching corpus: 400, signal 67649/78058 (executing program) 2022/10/06 19:16:23 fetching corpus: 450, signal 70900/82296 (executing program) 2022/10/06 19:16:23 fetching corpus: 500, signal 74656/86936 (executing program) 2022/10/06 19:16:23 fetching corpus: 550, signal 76633/89882 (executing program) 2022/10/06 19:16:23 fetching corpus: 600, signal 80366/94321 (executing program) 2022/10/06 19:16:24 fetching corpus: 650, signal 83092/97846 (executing program) 2022/10/06 19:16:24 fetching corpus: 700, signal 85668/101172 (executing program) 2022/10/06 19:16:24 fetching corpus: 750, signal 88678/104863 (executing program) 2022/10/06 19:16:24 fetching corpus: 800, signal 91646/108408 (executing program) 2022/10/06 19:16:24 fetching corpus: 850, signal 93317/110867 (executing program) 2022/10/06 19:16:24 fetching corpus: 900, signal 95528/113711 (executing program) 2022/10/06 19:16:24 fetching corpus: 950, signal 97578/116372 (executing program) 2022/10/06 19:16:24 fetching corpus: 1000, signal 100911/120114 (executing program) 2022/10/06 19:16:24 fetching corpus: 1050, signal 101981/121890 (executing program) 2022/10/06 19:16:24 fetching corpus: 1100, signal 104494/124791 (executing program) 2022/10/06 19:16:25 fetching corpus: 1150, signal 105598/126508 (executing program) 2022/10/06 19:16:25 fetching corpus: 1200, signal 107095/128531 (executing program) 2022/10/06 19:16:25 fetching corpus: 1250, signal 108448/130441 (executing program) 2022/10/06 19:16:25 fetching corpus: 1300, signal 110086/132581 (executing program) 2022/10/06 19:16:25 fetching corpus: 1350, signal 112028/134813 (executing program) 2022/10/06 19:16:25 fetching corpus: 1400, signal 113696/136847 (executing program) 2022/10/06 19:16:25 fetching corpus: 1450, signal 115832/139174 (executing program) 2022/10/06 19:16:25 fetching corpus: 1500, signal 117289/141004 (executing program) 2022/10/06 19:16:25 fetching corpus: 1550, signal 118620/142725 (executing program) 2022/10/06 19:16:26 fetching corpus: 1600, signal 119497/144074 (executing program) 2022/10/06 19:16:26 fetching corpus: 1650, signal 120793/145674 (executing program) 2022/10/06 19:16:26 fetching corpus: 1700, signal 123114/148017 (executing program) 2022/10/06 19:16:26 fetching corpus: 1750, signal 125231/150188 (executing program) 2022/10/06 19:16:26 fetching corpus: 1800, signal 126419/151664 (executing program) 2022/10/06 19:16:26 fetching corpus: 1850, signal 128001/153328 (executing program) 2022/10/06 19:16:26 fetching corpus: 1900, signal 130730/155694 (executing program) 2022/10/06 19:16:26 fetching corpus: 1950, signal 131961/157058 (executing program) 2022/10/06 19:16:26 fetching corpus: 2000, signal 133235/158409 (executing program) 2022/10/06 19:16:27 fetching corpus: 2050, signal 134153/159589 (executing program) 2022/10/06 19:16:27 fetching corpus: 2100, signal 135593/161033 (executing program) 2022/10/06 19:16:27 fetching corpus: 2150, signal 136696/162197 (executing program) 2022/10/06 19:16:27 fetching corpus: 2200, signal 138301/163652 (executing program) 2022/10/06 19:16:27 fetching corpus: 2250, signal 139189/164717 (executing program) 2022/10/06 19:16:27 fetching corpus: 2300, signal 140944/166158 (executing program) 2022/10/06 19:16:27 fetching corpus: 2350, signal 141934/167198 (executing program) 2022/10/06 19:16:27 fetching corpus: 2400, signal 142725/168143 (executing program) 2022/10/06 19:16:27 fetching corpus: 2450, signal 143132/168940 (executing program) 2022/10/06 19:16:27 fetching corpus: 2500, signal 143854/169820 (executing program) 2022/10/06 19:16:28 fetching corpus: 2550, signal 144840/170782 (executing program) 2022/10/06 19:16:28 fetching corpus: 2600, signal 146107/171885 (executing program) 2022/10/06 19:16:28 fetching corpus: 2650, signal 147054/172784 (executing program) 2022/10/06 19:16:28 fetching corpus: 2700, signal 147652/173531 (executing program) 2022/10/06 19:16:28 fetching corpus: 2750, signal 148824/174564 (executing program) 2022/10/06 19:16:28 fetching corpus: 2800, signal 149171/175187 (executing program) 2022/10/06 19:16:28 fetching corpus: 2850, signal 150368/176193 (executing program) 2022/10/06 19:16:28 fetching corpus: 2900, signal 151139/176940 (executing program) 2022/10/06 19:16:28 fetching corpus: 2950, signal 151602/177542 (executing program) 2022/10/06 19:16:28 fetching corpus: 3000, signal 152608/178391 (executing program) 2022/10/06 19:16:29 fetching corpus: 3050, signal 153115/179021 (executing program) 2022/10/06 19:16:29 fetching corpus: 3100, signal 153916/179719 (executing program) 2022/10/06 19:16:29 fetching corpus: 3150, signal 154484/180351 (executing program) 2022/10/06 19:16:29 fetching corpus: 3200, signal 155485/181135 (executing program) 2022/10/06 19:16:29 fetching corpus: 3250, signal 156401/181855 (executing program) 2022/10/06 19:16:29 fetching corpus: 3300, signal 156857/182376 (executing program) 2022/10/06 19:16:29 fetching corpus: 3350, signal 157585/183000 (executing program) 2022/10/06 19:16:29 fetching corpus: 3400, signal 158184/183563 (executing program) 2022/10/06 19:16:29 fetching corpus: 3450, signal 158924/184106 (executing program) 2022/10/06 19:16:29 fetching corpus: 3500, signal 159688/184656 (executing program) 2022/10/06 19:16:30 fetching corpus: 3550, signal 160175/185156 (executing program) 2022/10/06 19:16:30 fetching corpus: 3600, signal 160581/185656 (executing program) 2022/10/06 19:16:30 fetching corpus: 3650, signal 161379/186190 (executing program) 2022/10/06 19:16:30 fetching corpus: 3700, signal 161890/186652 (executing program) 2022/10/06 19:16:30 fetching corpus: 3750, signal 162539/187139 (executing program) 2022/10/06 19:16:30 fetching corpus: 3800, signal 162950/187574 (executing program) 2022/10/06 19:16:30 fetching corpus: 3850, signal 163519/188058 (executing program) 2022/10/06 19:16:30 fetching corpus: 3900, signal 164506/188583 (executing program) 2022/10/06 19:16:30 fetching corpus: 3950, signal 165125/188987 (executing program) 2022/10/06 19:16:30 fetching corpus: 4000, signal 166182/189453 (executing program) 2022/10/06 19:16:31 fetching corpus: 4050, signal 166794/189853 (executing program) 2022/10/06 19:16:31 fetching corpus: 4100, signal 167742/190267 (executing program) 2022/10/06 19:16:31 fetching corpus: 4150, signal 168940/190708 (executing program) 2022/10/06 19:16:31 fetching corpus: 4200, signal 169251/191005 (executing program) 2022/10/06 19:16:31 fetching corpus: 4250, signal 169712/191335 (executing program) 2022/10/06 19:16:31 fetching corpus: 4300, signal 170260/191656 (executing program) 2022/10/06 19:16:31 fetching corpus: 4350, signal 170971/191979 (executing program) 2022/10/06 19:16:31 fetching corpus: 4400, signal 171558/192265 (executing program) 2022/10/06 19:16:31 fetching corpus: 4450, signal 172142/192523 (executing program) 2022/10/06 19:16:31 fetching corpus: 4500, signal 172760/192832 (executing program) 2022/10/06 19:16:32 fetching corpus: 4550, signal 173327/193087 (executing program) 2022/10/06 19:16:32 fetching corpus: 4600, signal 174169/193318 (executing program) 2022/10/06 19:16:32 fetching corpus: 4650, signal 175239/193618 (executing program) 2022/10/06 19:16:32 fetching corpus: 4700, signal 176051/193837 (executing program) 2022/10/06 19:16:32 fetching corpus: 4750, signal 176963/194035 (executing program) 2022/10/06 19:16:32 fetching corpus: 4800, signal 177399/194227 (executing program) 2022/10/06 19:16:32 fetching corpus: 4850, signal 178656/194296 (executing program) 2022/10/06 19:16:32 fetching corpus: 4900, signal 179186/194298 (executing program) 2022/10/06 19:16:33 fetching corpus: 4950, signal 179972/194298 (executing program) 2022/10/06 19:16:33 fetching corpus: 5000, signal 180181/194298 (executing program) 2022/10/06 19:16:33 fetching corpus: 5050, signal 180669/194299 (executing program) 2022/10/06 19:16:33 fetching corpus: 5100, signal 181206/194299 (executing program) 2022/10/06 19:16:33 fetching corpus: 5150, signal 181843/194325 (executing program) 2022/10/06 19:16:33 fetching corpus: 5181, signal 182086/194325 (executing program) 2022/10/06 19:16:33 fetching corpus: 5181, signal 182086/194325 (executing program) 2022/10/06 19:16:36 starting 8 fuzzer processes 19:16:36 executing program 0: sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0xb0, 0x0, 0x20, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:newrole_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_SECCTX={0x2e, 0x7, 'system_u:object_r:iptables_unit_file_t:s0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ipvlan0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'vlan1\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0xb0}, 0x1, 0x0, 0x0, 0x20008001}, 0x8040) sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, 0x0, 0x400, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4400}, 0x800) sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000540)={&(0x7f00000002c0)={0x26c, 0x0, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MLSCATLST={0x12c, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x32938b6c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2a1ddb86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x505e}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xa0e259e}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x102bfe02}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xfcd8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x39d3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe2d6}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4a019cd1}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x35355254}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9cda}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcbe5}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x45921e47}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1cb9313d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8c5774e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3455}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a06}]}, {0x4}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5ae1eae7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe2ba}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6f3c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xc7b7fec}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9258}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2523}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xbddbfbf}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x153d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3126}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4328}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x11a8d751}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9d3b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46de75b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b9d4dfe}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8f64}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0xb4, 0xc, 0x0, 0x1, [{0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4da6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8def}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x58ebf2be}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2545f677}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe8e6}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc925}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xef16}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1891277e}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x90880be}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9cd5}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d21}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xff32}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x75a6}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5c42cd6f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7795fa97}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3a1b8e70}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf006}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x32d6fda7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd808}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x54, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6d9de9af}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xaa}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x37dd7c6c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x68}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5e7125d8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x721824d7}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xcb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x69}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xcf}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x17561c74}]}]}]}, 0x26c}, 0x1, 0x0, 0x0, 0x4000000}, 0x48080) sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, 0x0, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x81}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x8004800) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8}]}, 0x1c}}, 0x4010) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000800)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000900)={&(0x7f0000000840)={0xa8, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r0}, @val={0xc, 0x99, {0xbc28, 0x1f}}}}, [@NL80211_ATTR_IE_ASSOC_RESP={0xa, 0x80, [@supported_rates={0x1, 0x4, [{0x3}, {0x24}, {0x36}, {0x60, 0x1}]}]}, @NL80211_ATTR_IE={0x32, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x9, 0x2c, @device_b, 0x2, "", 0xfffffffe, 0xfffffffc, @broadcast, 0x2}}, @measure_req={0x26, 0xb, {0x25, 0x6, 0x1, "b67ed395e9fbdb8c"}}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x7, 0x80, [@erp={0x2a, 0x1, {0x0, 0x0, 0x1}}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x38, 0x80, [@gcr_ga={0xbd, 0x6}, @peer_mgmt={0x75, 0x8, {0x0, 0x3, @val=0x400, @val=0x25, @void}}, @peer_mgmt={0x75, 0x6, {0x0, 0x6, @val=0x2, @void, @void}}, @peer_mgmt={0x75, 0x18, {0x1, 0x7, @val=0x5e, @val=0xb, @val="a846ade683fd08af7807e0eba873190c"}}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x8000}, 0xc485) sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x38, 0x0, 0x400, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x3, 0x3b}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3}, @NL80211_ATTR_IE={0x7, 0x2a, [@sec_chan_ofs={0x3e, 0x1, 0x1}]}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x60d}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x11) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x2c, 0x0, 0x20f, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_WANT_1X_4WAY_HS={0x4}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, @random=0x994}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040008}, 0x20040801) r1 = socket(0xf, 0x6, 0x80000001) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000e80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000e40)={&(0x7f0000000bc0)={0x250, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x9, 0x37}}}}, [@NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x25}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x1}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x8}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x7}, @NL80211_ATTR_IE={0x151, 0x2a, [@mesh_chsw={0x76, 0x6, {0x1, 0x7, 0x10, 0x80}}, @supported_rates={0x1, 0x4, [{0x16, 0x1}, {0x18, 0x1}, {0x12, 0x1}, {0x3, 0x1}]}, @erp={0x2a, 0x1, {0x1, 0x1, 0x1}}, @rann={0x7e, 0x15, {{0x1, 0x21}, 0x7, 0x8, @broadcast, 0x1, 0x10000, 0x401}}, @prep={0x83, 0x25, @ext={{}, 0x1, 0x9, @broadcast, 0xff, @device_a, 0x9, 0x3aa8, @broadcast, 0x3}}, @peer_mgmt={0x75, 0x16, {0x0, 0x8fa2, @void, @val=0x2f, @val="531cff4d34b3e9e4f760dd9c4047b02c"}}, @fast_bss_trans={0x37, 0xe4, {0xed, 0x7, "7fa3ac52a5b97be98e25346646000456", "cd06851d6999a35cb48ed2460a75c51b9eea70e64dd96b8132f9d8772dfb38fd", "b62b41fea9d29a0e31e3a202e731ff2e59ef65b14ff0552a023d6d96f9f5fad9", [{0x2, 0xf, "906e3bdfd553fcdcd5fb2a88265edd"}, {0x4, 0x19, "99aa5e04414df3a54458bdd09992f9efe1f311d80bd29af550"}, {0x3, 0xa, "3f60f850600c3c8aa08a"}, {0x4, 0x1b, "497fde588f6f75a6a56e8480ae69e57ed68e23a0c29351cdcd6548"}, {0x4, 0xa, "9bd72f65f12a73701fc3"}, {0x1, 0x12, "2c446ba1105e48f83712675596599e558ce4"}, {0x3, 0x1b, "cf4aadf1498ae560e2aef22bd24f0f98c9bf2be5f2e4fc0e844e44"}]}}]}, @NL80211_ATTR_IE={0xb8, 0x2a, [@mesh_config={0x71, 0x7, {0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, 0x4, 0x1}}, @rann={0x7e, 0x15, {{0x0, 0x10}, 0x30, 0x1f, @device_b, 0x80000000, 0x1, 0x20}}, @random_vendor={0xdd, 0x92, "d80db9aa824869955750ec4a78927d1f86856d041339ac3bb171484de91a25be6234731a587f967694c06f1edc4e47495b8942a7f22bc366710ca2971f90b9c9aec1a454af0650c76c2e4581e9e0d36841cdbe96159839ecca595f21880b5584d499273ce336afa7efe715e842d344f3927df5ddee9f2530fc8daef6d2a33113500df8560439a7688fe074f05bdaf9d56258"}]}]}, 0x250}, 0x1, 0x0, 0x0, 0x80}, 0x20040894) sendmsg$NL80211_CMD_GET_MPP(r1, &(0x7f0000001000)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f00)={0x88, 0x0, 0x2, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r0}, @val={0xc, 0x99, {0x0, 0x65}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}]}, 0x88}, 0x1, 0x0, 0x0, 0xa30964295d92664f}, 0xe7dc7b012f7b019a) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000001240)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001200)={&(0x7f0000001080)={0x178, 0x0, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_OURS={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x6}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x63}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x1f}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x8}, @ETHTOOL_A_LINKMODES_OURS={0x138, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x93, 0x5, "2971121a9d299cd598d15cd0eb51e674af4d0dfd65f59fc4c077acf07b20b1001820caad83524f675292b606270b9cd86762d617c69d7f3027bef892cdf87ccdf426daf00ecefa9a8013e11645248965e5bc32ccbc6aca6682b1ac30bb2a16868b074541aaa2386a9de774c50f0ce9e031394779320264c244df4980fa0fd5672ae84f939f8d01f759cc8c5b3b392c"}, @ETHTOOL_A_BITSET_BITS={0xa0, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffff81c}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x23}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffffb}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xc7}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ipvlan0\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '-/\x00'}]}]}]}, @ETHTOOL_A_LINKMODES_HEADER={0x4}]}, 0x178}, 0x1, 0x0, 0x0, 0x4000840}, 0x20000004) readv(r1, &(0x7f0000001340)=[{&(0x7f0000001280)=""/31, 0x1f}, {&(0x7f00000012c0)=""/105, 0x69}], 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000001380)={'batadv_slave_1\x00'}) r2 = syz_io_uring_complete(0x0) sendmsg$AUDIT_USER_TTY(r2, &(0x7f0000001540)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001500)={&(0x7f0000001400)={0xdc, 0x464, 0x100, 0x70bd27, 0x25dfdbfd, "5c0600376773432466c8394379a3d375af0172be700e33aa51a25f5568f9abb82c391d5114e67eeb3bd7ea3b426b80311677e4139644aed16c1ae55546204c68d83a4716b05f2a16fa28119e8e972ac6706720bbd527e707e7c989d951906bf366acf91ca765891fb3cdaca0bf377e268e5a113722e6cfde850ca67cbe032145dcea39e18682d203a7ed07579eb57694bc97ef5f6232ab96bb88e236b86d756222bd6ca6c36be3a541054296bb54437a7a6cf0aca247da8ba5ff67acc620d74ac212100b51b283b60a", ["", "", "", "", ""]}, 0xdc}, 0x1, 0x0, 0x0, 0xc000}, 0x84) sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001600)={&(0x7f00000015c0)={0x20, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x20000080) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000016c0), r1) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f00000017c0)={&(0x7f0000001680)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001780)={&(0x7f0000001700)={0x4c, r3, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xff}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7ebee669}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x100}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffff81}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4005}, 0x800) 19:16:36 executing program 2: sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x8, 0x5, 0x0, 0x0, {0xc}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0xd0}, 0x20000000) sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}]}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x20000801) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x3c, 0x0, 0xb, 0x201, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_COMPAT_REV={0x8}, @NFTA_COMPAT_REV={0x8}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_COMPAT_REV={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x24044040) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x54, 0x0, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5, 0x6, 0x1}, @ETHTOOL_A_EEE_ENABLED={0x5, 0x5, 0x1}, @ETHTOOL_A_EEE_ENABLED={0x5, 0x5, 0x1}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5, 0x6, 0x1}, @ETHTOOL_A_EEE_MODES_OURS={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_TX_LPI_TIMER={0x8, 0x7, 0x200}]}, 0x54}, 0x1, 0x0, 0x0, 0x20040001}, 0x40000) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x2c, 0x0, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x14000055}, 0x20008040) r1 = syz_open_dev$vcsa(&(0x7f0000000540), 0x3, 0xbaa235de8d255185) sendmsg$NL80211_CMD_DEL_INTERFACE(r1, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x20, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x3, 0x76}}}}, ["", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x1080}, 0x80004) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x38, 0x0, 0x20, 0x70bd28, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0xf1014582421e84e2}, 0x24000050) r2 = syz_open_dev$mouse(&(0x7f0000000780), 0x9, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000a80)={{{@in=@broadcast, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@mcast1}}, &(0x7f0000000b80)=0xe8) sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000c80)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x60, 0x0, 0x800, 0x70bd2d, 0x25dfdbfb, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_IFINDEX={0x8, 0xb, r3}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x6c}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_PEER_V4={0x8, 0x8, @remote}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x4}]}, 0x60}}, 0x20000000) sendmmsg$inet(r2, &(0x7f0000000f40)=[{{&(0x7f0000000cc0)={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f0000000ec0)=[{&(0x7f0000000d00)="e8a3081b1509a23d4c503359505413a4ef5440266e8e327c495d823c", 0x1c}, {&(0x7f0000000d40)="2627c5ef5f21bc66396d35080aef7659598e321ec14b70f6437fbf13e165a52db46b43ed8c9762e9c77699", 0x2b}, {&(0x7f0000000d80)="8a72840540a0bfd1a778ab6a89b6a1e5f50db570849fc009427a7d6ac8373ad6984121b59b5c4ffff60fe85535506f6a", 0x30}, {&(0x7f0000000dc0)="12a766471eae38a7b6e413894dc0ed27c5dedb1e9eef8aebbe5529ff048cff154948c25c454778a3140f0a33c1c21174ae7ab0c04858a1f191ed15327cf9fc1042f03ebeed481fe1f1abcd79accda5a2508fb60a3f48f58f9e37fdde755fb896918ea345d9aef955e6ac7468ab5d046eef31f9df22ef7041d26cad6d35521f904e6d49dd0b1b", 0x86}, {&(0x7f0000000e80)="cf07c41dfe429e4a98b56aaaf27ee5b4e89fed6998a4ee736091bdfae99928f9c2", 0x21}], 0x5}}], 0x1, 0x44050) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000f80)={{0x1, 0x1, 0x18, r2, {0xfffffffc}}, './file0\x00'}) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000003640)={{{@in=@dev, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4}, 0x0, @in6}}, &(0x7f0000003740)=0xe8) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r4, &(0x7f0000003900)={&(0x7f0000000fc0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000038c0)={&(0x7f0000003780)={0x11c, 0x0, 0x821, 0x70bd28, 0x25dfdbfc, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x10}, 0x48001) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000003980), r4) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000003a40)={&(0x7f0000003940)={0x10, 0x0, 0x0, 0x102112000}, 0xc, &(0x7f0000003a00)={&(0x7f00000039c0)={0x1c, r6, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0xb5}, 0x20048085) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r2, &(0x7f0000003b40)={&(0x7f0000003a80)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000003b00)={&(0x7f0000003ac0)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7ff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8851}, 0x20000801) sendmsg$NL80211_CMD_SET_PMKSA(r4, &(0x7f0000003c80)={&(0x7f0000003b80)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000003c40)={&(0x7f0000003bc0)={0x44, 0x0, 0x200, 0x70bd29, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x1}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x1b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) 19:16:36 executing program 1: ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x6, 'veth1_to_hsr\x00', {0x2}}) r0 = accept(0xffffffffffffffff, &(0x7f0000000040)=@nfc, &(0x7f00000000c0)=0x80) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r1, 0x8, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void, @val={0xc, 0x99, {0xffffffff, 0x44}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x24008801) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x30, r2, 0x20, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xfae, 0x2d}}}}, [@NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x40) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x3c, r2, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x13}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xd}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1b}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x21}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x4800) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000004c0)={{0x1, 0x1, 0x18, r0, {0x4}}, '.\x00'}) sendmsg$NFT_MSG_GETOBJ(r4, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x2c, 0x13, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48091) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000700)={&(0x7f0000000640)={0xa0, 0x0, 0x800, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x32}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x10001}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xd12}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6457}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x5}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x6c}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x5b}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x11, 0x1c}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1e}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x6}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x8000}, 0x801) ioctl$sock_SIOCDELRT(r4, 0x890c, &(0x7f0000000800)={0x0, @generic={0x0, "dad8c709e6d0dfd4c61826f19eda"}, @can, @xdp={0x2c, 0x9c516659fc6f8cce, 0x0, 0xf}, 0xe7b, 0x0, 0x0, 0x0, 0x999c, &(0x7f00000007c0)='veth1_to_hsr\x00', 0x7fff, 0x3, 0x5}) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000880)={0x0, @nl=@kern={0x10, 0x0, 0x0, 0xedadd9be4133ad89}, @can={0x1d, 0x0}, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xd5}, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xeb, 0x40}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000900)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r4, 0x89f8, &(0x7f00000009c0)={'syztnl2\x00', &(0x7f0000000940)={'ip6gre0\x00', 0x0, 0x2f, 0x40, 0x40, 0xcff3, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, 0x700, 0x7, 0xffffffff, 0x5}}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000a00)={'wg1\x00', 0x0}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000001300)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000012c0)={&(0x7f0000000a40)={0x87c, 0x0, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x1f8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xe8, 0x3, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x200}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1ff}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x20}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x30}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'sip\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'none\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4b3}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '$+\'@\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x103}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '#\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan1\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffff9}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1ff}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '$\xe3].!)\xab%\x00'}]}]}, @ETHTOOL_A_BITSET_VALUE={0xd2, 0x4, "347ad5d5d53ad3b284b6a16b0f7c16293cfe28d1e7421ec02470e82102dcd5656a699e823dacff055f6fbbc93c84789326ec3c6f4abfa4f65d74dc6a2533a8c3ae8a1805fd1865352211e969575d237a494a4b7e9669aff7fe25b6b07522a09991aecb3112696fa2b633463b00c17ffbef259fffb1a5bcce0d9b502b67535ee0ab756df3ba211dbb90e1e0f1f3d57cb1ae5ee7e5e10cc268367ddcf5cf81d5137aa4c045812f10c6f7fbdaf13435e34792383707bed9b239f4b9c3b615cb9ba5514559dd305375030b56d3175773"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7fffffff}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x4}, @ETHTOOL_A_BITSET_BITS={0x18, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffffff}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x2cc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x5a, 0x5, "a8aaff3c6f3508ff423d999489716bcf91c199080a1a8dc1a3aeb393541c39a796c1a6ae1b1273eb07a34c9e32e994a6aad907b4572d512d75052e539eab0c47988dbcfec4414a95b098e9320f3def5645654e10ce67"}, @ETHTOOL_A_BITSET_BITS={0x144, 0x3, 0x0, 0x1, [{0x4}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\x01\x01\x01\x01\x01\x01'}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\x01\x01\x01\x01\x01\x01'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffffff}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan1\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, 'veth1_to_hsr\x00'}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '{\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '.[4\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan1\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ',\xec\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '@]\\(]-\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x57d4}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}, @ETHTOOL_A_BITSET_BITS={0x7c, 0x3, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '{*\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xd207}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_BITS={0xa4, 0x3, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan1\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'wrr\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffff92b}]}, {0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7ea7ed4b}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xb8}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'sip\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'syz0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '}#@:$\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x6}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x2d4, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x9c, 0x3, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x13, 0x2, '&:{}-\',{%\xef{,-[\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\x01\x01\x01\x01\x01\x01'}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'wrr\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ']$\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2008}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3d}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan1\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7ff}, @ETHTOOL_A_BITSET_MASK={0x3a, 0x5, "7519846279b4f21fa2a3e5ee4356405e4b8362dddddc72ee2c050137759146e63eeb84caf4041f0b0c72fb696dbbcbb658e2d75af2ac"}, @ETHTOOL_A_BITSET_VALUE={0x8a, 0x4, "548c7b2c9bb8c403363521292c1aacc6adf0183c1ac2be111755485adf6c663c3329c659c5cd94ab0dca7b0ed09a51ac4990d5dfaf3293033e7fabe7f7e217c42b1436e56a538d562a88768639ff14b22c77713b3f28128ed2644d1be15b0707cb8800a6e82fce3491219abf866077ba4c06556e60a345aa63a8b7cba5ccc56bfc33455b5373"}, @ETHTOOL_A_BITSET_MASK={0xe9, 0x5, "301636cb40c1508688f74cc9061fc9e8d2ec40bef49bbf839d3d93535dbcdb053b027c8b140ae9af514eef4f74e367011895f211c7c319991b414dc67b549802e5a7cd65632d9f34c4c1708172b91853021200425554b0a72e01185166d2cd50dc7335dfb4f433c451a7cbcaf89e56b26a7f4bdf3b857e530c08b07902447156546797a0e363e19223252767819a93acec9375f03546fe39e85b452519b9b0a543114155177c82b2a04f031d162768aa558d895b2a12dda6737f5fbb5112d5c4ab6b117ed4a99a3a06967ba6316316f896a3322741d783ac3a404dcc085568e1ba15a860ee"}, @ETHTOOL_A_BITSET_BITS={0x68, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '^)}]@\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'wrr\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1ff}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '!}\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xd8}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x87c}, 0x1, 0x0, 0x0, 0x40010}, 0x20000000) syz_genetlink_get_family_id$nl80211(&(0x7f0000001340), r4) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r10, &(0x7f0000001480)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001440)={&(0x7f00000013c0)={0x48, 0x0, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @rand_addr=0x64010100}, @NLBL_UNLABEL_A_SECCTX={0x2c, 0x7, 'system_u:object_r:auditd_unit_file_t:s0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x20000040) [ 71.968318] audit: type=1400 audit(1665083796.181:6): avc: denied { execmem } for pid=282 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 19:16:36 executing program 7: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f0000000040)={0x8, 0x30, [0x3, 0x3, 0x1, 0x1], &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0x3, 0xf8, 0xf8, 0x1f, 0x0, 0x20, 0x2, 0x4, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x8, 0x4, @perf_config_ext={0x4}, 0xa0, 0x4807, 0x0, 0x9, 0xffffffff, 0x8, 0xfba, 0x0, 0x900000, 0x0, 0x7fff}, 0x0, 0x4, 0xffffffffffffffff, 0xb) sendmsg$nl_netfilter(r0, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f0000000140)={0x2c8, 0x13, 0x5, 0x101, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x5}, [@generic="d4d790", @typed={0x4, 0x82}, @generic="a45c38b60c451e309813394adb70ca06c8a1070dff74e57c06e615afa3ba63da01bb6db5e138916764f6d3cf093b5fe7edddbf51722bf8149d4eae4c39599e8e", @generic="f0b7950ace159638bd7282180860b4894275923ab03a1798b97d1223cfc71e5ba4dd7ab5c28e8684afef891e35cc53bea770eb8756210b9509d074571c86ffb3ad8bfab3d1738b36fbc0e3c146121693c750f429b65f4dea0915c548316b561c4a242b1bc55b6a1ed67fc1b2c3d607d0d4748ad119911cef157fc58360a28859e66c8c49abb022c69578af6bcab4fedd18995ef0092c5c2edede32cd0e73935f916a00ed4616949f285f5cb0f7aa7caa32a70bfbb2aafbc82d0a0944442a7706e2ee499429f87e16799475ee11d9afcd2f8942d7874a7f8baec766714e26621bcce00cb48f0a1dffa0fffb46c1cd857d6a73d4fc6bf68d2ccc3b", @typed={0x8, 0x1f, 0x0, 0x0, @ipv4=@private=0xa010101}, @generic="f4f0085aa5e3502612716539f2", @nested={0x6a, 0x3a, 0x0, 0x1, [@typed={0x8, 0x22, 0x0, 0x0, @u32=0x4}, @typed={0x4, 0x65}, @typed={0x8, 0x91, 0x0, 0x0, @ipv4=@local}, @generic="30011e9680f3b4bfe150471487c4f3b5d68438f429f486b93a599510ac13f9c60b53c9481c7451041800407eaec2a19151956d8e8d8232392a1b", @typed={0x8, 0x22, 0x0, 0x0, @u32=0x7}, @typed={0x8, 0x91, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}, @typed={0x8, 0x10, 0x0, 0x0, @fd=r0}]}, @nested={0xee, 0x69, 0x0, 0x1, [@typed={0xc, 0x6c, 0x0, 0x0, @u64}, @generic="fe025b77772541fd61d385979a2b0cdcaa32c9f5fd4a8d85f80396f279c1729100a4ccfbee7acd9c2e1cdb0413c4160879d2446044d30fc30136268a3ef68971eee22f3fba0c409debf54ba02e4ca86486246a2c040e49b8bc2621bd5f5bd073dfd12a805e7c9138d17232c5fcc3726bad7905687fc0067980c4b7a516fa72ee73a0ae8854684824c6da4e37ff0b4d8f024b17f9bba414df3710c56ea17f4aba4252675141a4c3bf702b0505e3ac265a65e1e5aa0932edd7a6c6ae1b4915cc36b02b6764fb5457bf6d6afd01b15426961c4ffbb6e882", @typed={0x8, 0x56, 0x0, 0x0, @u32=0x7fff}]}]}, 0x2c8}, 0x1, 0x0, 0x0, 0x14}, 0x0) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x58, 0x0, 0x2, 0x70bd25, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x58}, 0x1, 0x0, 0x0, 0x20040085}, 0x40000) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000600), 0x101a00, 0x0) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) ioctl$BTRFS_IOC_RESIZE(r3, 0x50009403, &(0x7f0000000680)={{r4}, {@void, @max}}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f00000006c0)={{0x1, 0x1, 0x18, r2, {0x7}}, './file0\x00'}) ioctl$F2FS_IOC_RESIZE_FS(r3, 0x4008f510, &(0x7f0000000700)=0x1000) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000740)={'vxcan0\x00'}) r6 = syz_open_dev$evdev(&(0x7f0000000780), 0x36f6c944, 0x400) dup2(r5, r6) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001540)=[{{&(0x7f00000007c0), 0x6e, &(0x7f00000008c0)=[{&(0x7f0000000840)=""/69, 0x45}], 0x1, &(0x7f0000000900)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x58}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000a00)=""/114, 0x72}, {&(0x7f0000000a80)=""/163, 0xa3}, {&(0x7f0000000b40)=""/169, 0xa9}, {&(0x7f0000000c00)=""/85, 0x55}, {&(0x7f0000000c80)=""/149, 0x95}], 0x6, &(0x7f0000000dc0)=[@cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x48}}, {{&(0x7f0000000e40), 0x6e, &(0x7f0000001040)=[{&(0x7f0000000ec0)=""/229, 0xe5}, {&(0x7f0000000fc0)=""/15, 0xf}, {&(0x7f0000001000)=""/57, 0x39}], 0x3, &(0x7f0000001080)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x80}}, {{&(0x7f0000001100)=@abs, 0x6e, &(0x7f0000001240)=[{&(0x7f0000001180)=""/143, 0x8f}], 0x1, &(0x7f0000001280)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb8}}, {{&(0x7f0000001340)=@abs, 0x6e, &(0x7f0000001480)=[{&(0x7f00000013c0)=""/26, 0x1a}, {&(0x7f0000001400)=""/116, 0x74}], 0x2, &(0x7f00000014c0)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}], 0x5, 0x0, &(0x7f0000001680)={0x77359400}) ioctl$SG_GET_TIMEOUT(r8, 0x2202, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r6, 0x80049367, &(0x7f00000016c0)) sendmsg$NL80211_CMD_SET_CQM(r7, &(0x7f0000001900)={&(0x7f0000001700)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000018c0)={&(0x7f0000001780)={0x134, 0x0, 0x20, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x6, 0x5b}}}}, [@NL80211_ATTR_CQM={0x64, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x1d}, @NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0x7ff, 0x1ff]}, @NL80211_ATTR_CQM_RSSI_THOLD={0x14, 0x1, [0x8, 0x4, 0x1, 0x5]}, @NL80211_ATTR_CQM_RSSI_THOLD={0x10, 0x1, [0x6, 0x6, 0xfb4e]}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x200}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x4}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x4}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x6b4}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x504}]}, @NL80211_ATTR_CQM={0x44, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x9}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x6}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x7}, @NL80211_ATTR_CQM_RSSI_THOLD={0x10, 0x1, [0x9, 0x100, 0xb3]}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x48}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x3f0}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x17a}]}, @NL80211_ATTR_CQM={0x50, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0x80000001]}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x40}, @NL80211_ATTR_CQM_RSSI_THOLD={0x2c, 0x1, [0x4891, 0x2, 0x4, 0x240000, 0x7, 0x2, 0x8001, 0xb5, 0x0, 0x0]}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x19}]}, @NL80211_ATTR_CQM={0x1c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x40}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x10000}]}]}, 0x134}, 0x1, 0x0, 0x0, 0x800}, 0x8000) 19:16:36 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x80049367, &(0x7f0000000000)) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x300, 0x70bd25, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000091}, 0x810) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x400000, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x29, 0x5b, 0x5, 0x3, 0x1, @loopback, @rand_addr=' \x01\x00', 0x7, 0x40, 0xfffffff7, 0xf46}}) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000500)={&(0x7f00000002c0)={0x238, 0x0, 0x0, 0x70bd27, 0x25dfdbfd, {}, [{{0x8, 0x1, r3}, {0x1d0, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xff000}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x90}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x780, 0x5, 0x3, 0x7fff}, {0xce, 0x7, 0x7, 0x9}, {0x2b1, 0x1, 0x0, 0x200}, {0x0, 0x26, 0x81, 0x8}]}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x800}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x9, 0x7f, 0x9, 0x3f}, {0x3, 0x26, 0x0, 0x100}]}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}]}}]}, 0x238}, 0x1, 0x0, 0x0, 0x20048880}, 0x4c080) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f0000000580)={{0x1, 0x1, 0x18, r4, {0xf3}}, './file0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000840)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000800)={&(0x7f0000000600)={0x1d8, r1, 0x2, 0x200, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "025d4e12ef668db2df3608a6920c5039599443d8b779d50d"}, @NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "82c108246750346b40d1e1a4d8e420e822d9f698dc070924"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0x2c, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "4ea866479df3c48103d5c9a50988e5064771fc1c4b668f21"}], @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "c98d0a550ec223bcac6ad5ed1391d30ec1def5550f5b898e"}], @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}, @NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x14, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x28, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "f8a204f20b6184aa890cc4106724905e74e1439608e20426"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "5b6805013a26d6f52647f59c71f04f290dd743a6de17798c"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MNTR_FLAGS={0x20, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "286d255ffb892e71b6d430b75565e1b4ef31a8c3e27341f1"}]]}, 0x1d8}, 0x1, 0x0, 0x0, 0x5000}, 0x20000011) r6 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000880), 0x102c0, 0x0) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000900)={0x8, &(0x7f00000008c0)=[{0x6, 0x81, 0x1, 0x8}, {0x81, 0x20, 0x1, 0x4}, {0xf80a, 0x1, 0x80, 0x9}, {0x5, 0x2, 0x3, 0xc75}, {0x7, 0x3, 0xfb, 0x9}, {0x4bbd, 0xff, 0xf, 0x40000000}, {0x69, 0x9, 0x7f, 0x1c08}, {0x8, 0x8a, 0x80, 0x10001}]}, 0x10) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000ac0)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000a80)={&(0x7f0000000980)={0xc4, r1, 0x4, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb0, 0x2a, [@erp={0x2a, 0x1, {0x0, 0x1}}, @cf={0x4, 0x6, {0x9, 0x3, 0x69a, 0x1ff}}, @preq={0x82, 0x2b, @ext={{0x0, 0x0, 0x1}, 0x3d, 0x80, 0x1, @device_a, 0x1, @device_a, 0x101, 0x200, 0x1, [{{0x1, 0x0, 0x1}, @device_a, 0x1}]}}, @tim={0x5, 0x65, {0x4, 0x7, 0x7, "bfb89d9d1dd5d65203e9f9aee3aa34f46b6c2e913fdc0107a8d0e99dda95ed22b5ba16af6fb13529741b02df1526a4c9e1f891c17e6bd034481045e887132891191e632fcd4616feecc983d7659b56e9c463e42c56fffcabc0ebb92a50f16bc31041"}}, @channel_switch={0x25, 0x3, {0x1, 0x58, 0x8}}, @supported_rates={0x1, 0x6, [{0x2, 0x1}, {0xc, 0x1}, {0x3, 0x1}, {0x24, 0x1}, {0x18, 0x1}, {0x36, 0x1}]}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000481}, 0x8004) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b40), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r6, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x58, r7, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x8}, @NL80211_ATTR_BSS_BASIC_RATES={0x23, 0x24, [{0x6, 0x1}, {0x30}, {0x3, 0x1}, {0x3, 0x1}, {0x36, 0x1}, {0x2, 0x1}, {0x9, 0x1}, {0x6}, {0x16, 0x1}, {0x24}, {0x9, 0x1}, {0x16}, {0x22}, {0x24}, {0x6}, {0x12}, {0x60, 0x1}, {0x16}, {0x18, 0x1}, {0x24, 0x1}, {0x4, 0x1}, {0x1}, {0x12}, {0x4}, {0x30}, {0x5}, {0x1, 0x1}, {0x1, 0x1}, {0xc}, {0x48, 0x1}, {0x4, 0x1}]}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x44}, 0x40) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000d40)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x34, 0x0, 0x8, 0x70bd25, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x19, 0x80000001, @udp='udp:syz1\x00'}}}, ["", "", "", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0xc001}, 0x20040810) setsockopt(r5, 0xd6, 0x3, &(0x7f0000000d80)="97feab9b1759ea2e0c", 0x9) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r4, &(0x7f0000000ec0)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e00)={0x5c, r7, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x86f}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x5a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x67}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5e}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x40080) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000f80)={0x9, &(0x7f0000000f00)=[{0x7, 0x3, 0x3, 0x6}, {0x3, 0x2, 0x4, 0xfffffffa}, {0x8, 0x5, 0x9, 0x5}, {0x9, 0x2, 0x4, 0xda}, {0x8, 0x9, 0x20, 0x200}, {0x9, 0x3f, 0x2, 0x8}, {0x200, 0x40, 0x2, 0x7f}, {0xa79c, 0x1, 0x5, 0x4}, {0xfffd, 0x7, 0x8, 0x3a77}]}, 0x10) sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000010c0)={&(0x7f0000001000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001080)={&(0x7f0000001040)={0x20, 0x0, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x1) 19:16:36 executing program 4: prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) prctl$PR_GET_FP_MODE(0x2e) 19:16:36 executing program 5: r0 = socket$packet(0x11, 0x0, 0x300) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1, 0xd549, 0x100000001, 0x9}) ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000040)={0x0, 0x6227, 0x100000000, 0x1}) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000480)={0x178, 0x2, 0x1, 0x611d64319a1a1d4e, 0x0, 0x0, {0x5, 0x0, 0x9}, [@CTA_NAT_DST={0x150, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x54, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}]}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x37}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0x34, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}]}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x1d}}, @CTA_NAT_PROTO={0x34, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}]}, @CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}]}, @CTA_NAT_PROTO={0x24, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}]}]}, @CTA_HELP={0xc, 0x5, 0x0, 0x1, {0x5, 0x1, '\x00'}}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x80f}]}, 0x178}, 0x1, 0x0, 0x0, 0x1}, 0x44000801) ioctl$int_in(r0, 0x5452, &(0x7f0000000680)=0x81) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f00000006c0)) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000700)={{0x1, 0x1, 0x18, r0, {0xffffffffffffffff, 0xffffffffffffffff}}, './file0\x00'}) sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x28, 0x4, 0x6, 0x201, 0x0, 0x0, {0xc, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}}, 0x8040) sendmsg$nl_generic(r1, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x18, 0x39, 0xa00, 0x70bd29, 0x25dfdbfb, {0x10}, [@typed={0x4, 0x8e}]}, 0x18}, 0x1, 0x0, 0x0, 0x4010}, 0x8840) fallocate(r1, 0x8, 0xaaed, 0x3) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = openat$cgroup_freezer_state(r1, &(0x7f0000000940), 0x2, 0x0) r4 = syz_open_dev$rtc(&(0x7f0000000980), 0x0, 0x200000) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f00000009c0)={0xab9, 0x8000, 0x5, 0x0, 0x0, [{{r2}, 0x6}, {{r1}, 0x1}, {{r3}, 0x100000000}, {{r1}, 0xaf}, {{r4}, 0x2}]}) r5 = ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) pwritev(r5, &(0x7f0000000ac0)=[{&(0x7f0000000a80)="48dd8ffcb5b69ca5d7de15a999e5c58ac52763b3b189ccc09aca", 0x1a}], 0x1, 0x7, 0x4) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000b00)='net/mcfilter\x00') r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000b80), r1) sendmsg$ETHTOOL_MSG_EEE_GET(r6, &(0x7f0000000d40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000bc0)={0x104, r7, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x4}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x104}, 0x1, 0x0, 0x0, 0x10000000}, 0x44) fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f0000000dc0), &(0x7f0000000e00)='system_u:object_r:policy_src_t:s0\x00', 0x22, 0x3) 19:16:36 executing program 6: ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000000)) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000400)='\\!%]|[$\x00', 0x0, 0xffffffffffffffff) r0 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000440)) r1 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000480)='io.pressure\x00', 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='totmaps\x00') ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) r4 = accept$inet6(r3, &(0x7f0000000500)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000540)=0x1c) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r4, 0xc0c89425, &(0x7f0000000580)={"ad8c0867c39867b9efac589fa09d7c9d", 0x0, 0x0, {0xb19, 0xd9}, {0x1, 0x54f}, 0x9, [0x2, 0x7, 0x1906, 0x0, 0x9561, 0x9, 0x1, 0x8, 0x8, 0x40, 0x2, 0x0, 0x21d, 0x200, 0x100000001, 0x3]}) setsockopt$inet6_opts(r4, 0x29, 0x3b, &(0x7f0000000680)=@srh={0x0, 0x4, 0x4, 0x2, 0x3, 0x20, 0xc3ac, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @loopback}]}, 0x28) r5 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000006c0)='ns/time_for_children\x00') ioctl$NS_GET_OWNER_UID(r5, 0xb704, &(0x7f0000000700)) perf_event_open$cgroup(&(0x7f0000000780)={0x3, 0x80, 0x7, 0x3f, 0x0, 0x6, 0x0, 0x9, 0x8000, 0x7, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1f, 0x2, @perf_bp={&(0x7f0000000740), 0xe}, 0x0, 0x9, 0x1, 0x1, 0x20, 0x4747, 0x30, 0x0, 0x1, 0x0, 0x2}, r2, 0x5, 0xffffffffffffffff, 0x4) r6 = accept$packet(0xffffffffffffffff, &(0x7f0000000800)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000840)=0x14) ioctl$FS_IOC_GETFSLABEL(r6, 0x81009431, &(0x7f0000000880)) r7 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000980)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) r8 = accept$inet(r2, 0x0, &(0x7f00000009c0)) ioctl$F2FS_IOC_MOVE_RANGE(r7, 0xc020f509, &(0x7f0000000a00)={r8, 0xffffffffffff55ea, 0x6, 0x6}) ioctl$FIONCLEX(r2, 0x5450) [ 73.223796] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.226251] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.227989] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.231461] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.233940] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.235263] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.238297] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.240249] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 73.243434] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.244606] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.251387] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 73.252407] Bluetooth: hci0: HCI_REQ-0x0c1a [ 73.254503] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.289757] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.292986] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 73.294236] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 73.295447] Bluetooth: hci1: HCI_REQ-0x0c1a [ 73.296470] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 73.297501] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.299861] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 73.305386] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.307892] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 73.309863] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 73.311204] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 73.312603] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 73.316217] Bluetooth: hci4: HCI_REQ-0x0c1a [ 73.317527] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.332512] Bluetooth: hci6: HCI_REQ-0x0c1a [ 73.359722] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.361578] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.363000] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.364695] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 73.365956] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.367284] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.368304] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.369221] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 73.371809] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.373612] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.377436] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 73.378681] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 73.382368] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.383831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.388626] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 73.389658] Bluetooth: hci3: HCI_REQ-0x0c1a [ 73.397386] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 73.416344] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 73.417297] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.428186] Bluetooth: hci5: HCI_REQ-0x0c1a [ 73.428917] Bluetooth: hci2: HCI_REQ-0x0c1a [ 75.308869] Bluetooth: hci0: command 0x0409 tx timeout [ 75.309223] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 75.372222] Bluetooth: hci6: command 0x0409 tx timeout [ 75.372311] Bluetooth: hci4: command 0x0409 tx timeout [ 75.373020] Bluetooth: hci1: command 0x0409 tx timeout [ 75.436153] Bluetooth: hci2: command 0x0409 tx timeout [ 75.436217] Bluetooth: hci3: command 0x0409 tx timeout [ 75.500159] Bluetooth: hci5: command 0x0409 tx timeout [ 77.356176] Bluetooth: hci0: command 0x041b tx timeout [ 77.420159] Bluetooth: hci4: command 0x041b tx timeout [ 77.420545] Bluetooth: hci1: command 0x041b tx timeout [ 77.420898] Bluetooth: hci6: command 0x041b tx timeout [ 77.484162] Bluetooth: hci3: command 0x041b tx timeout [ 77.484548] Bluetooth: hci2: command 0x041b tx timeout [ 77.548123] Bluetooth: hci5: command 0x041b tx timeout [ 78.841627] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 78.844188] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 78.846701] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 78.864360] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 78.867577] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 78.869433] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 78.935019] Bluetooth: hci7: HCI_REQ-0x0c1a [ 79.404138] Bluetooth: hci0: command 0x040f tx timeout [ 79.468227] Bluetooth: hci6: command 0x040f tx timeout [ 79.468306] Bluetooth: hci1: command 0x040f tx timeout [ 79.468967] Bluetooth: hci4: command 0x040f tx timeout [ 79.532311] Bluetooth: hci2: command 0x040f tx timeout [ 79.532335] Bluetooth: hci3: command 0x040f tx timeout [ 79.596162] Bluetooth: hci5: command 0x040f tx timeout [ 81.004177] Bluetooth: hci7: command 0x0409 tx timeout [ 81.452163] Bluetooth: hci0: command 0x0419 tx timeout [ 81.516128] Bluetooth: hci4: command 0x0419 tx timeout [ 81.516168] Bluetooth: hci1: command 0x0419 tx timeout [ 81.516578] Bluetooth: hci6: command 0x0419 tx timeout [ 81.580213] Bluetooth: hci2: command 0x0419 tx timeout [ 81.580265] Bluetooth: hci3: command 0x0419 tx timeout [ 81.644189] Bluetooth: hci5: command 0x0419 tx timeout [ 83.052188] Bluetooth: hci7: command 0x041b tx timeout [ 85.101114] Bluetooth: hci7: command 0x040f tx timeout [ 87.148123] Bluetooth: hci7: command 0x0419 tx timeout 19:17:30 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) chroot(&(0x7f0000000000)='./file0/file0\x00') ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = io_uring_setup(0x454c, &(0x7f0000000240)) r3 = open(&(0x7f0000000380)='./file0\x00', 0x8000, 0x36164c76dcb10265) r4 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/block/sda', 0x0, 0x0) copy_file_range(r4, 0x0, r5, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f00000001c0)=r5, 0x1) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000480), 0x1) sendfile(r1, r0, 0x0, 0xfffffdf2) [ 125.871671] loop3: detected capacity change from 0 to 40 [ 125.922239] audit: type=1400 audit(1665083850.135:7): avc: denied { open } for pid=3777 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.923631] audit: type=1400 audit(1665083850.136:8): avc: denied { kernel } for pid=3777 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.953737] ------------[ cut here ]------------ [ 125.953778] [ 125.953784] ====================================================== [ 125.953792] WARNING: possible circular locking dependency detected [ 125.953800] 6.0.0-next-20221006 #1 Not tainted [ 125.953813] ------------------------------------------------------ [ 125.953820] syz-executor.3/3778 is trying to acquire lock: [ 125.953833] ffffffff853fac98 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 125.953916] [ 125.953916] but task is already holding lock: [ 125.953921] ffff88800ee16c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 125.953978] [ 125.953978] which lock already depends on the new lock. [ 125.953978] [ 125.953985] [ 125.953985] the existing dependency chain (in reverse order) is: [ 125.953991] [ 125.953991] -> #3 (&ctx->lock){....}-{2:2}: [ 125.954021] _raw_spin_lock+0x2a/0x40 [ 125.954049] __perf_event_task_sched_out+0x53b/0x18d0 [ 125.954079] __schedule+0xedd/0x2470 [ 125.954113] preempt_schedule_common+0x45/0xc0 [ 125.954149] __cond_resched+0x17/0x30 [ 125.954182] __mutex_lock+0xa3/0x14d0 [ 125.954218] __do_sys_perf_event_open+0x1eec/0x32c0 [ 125.954244] do_syscall_64+0x3b/0x90 [ 125.954266] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.954297] [ 125.954297] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 125.954327] _raw_spin_lock_nested+0x30/0x40 [ 125.954353] raw_spin_rq_lock_nested+0x1e/0x30 [ 125.954382] task_fork_fair+0x63/0x4d0 [ 125.954418] sched_cgroup_fork+0x3d0/0x540 [ 125.954450] copy_process+0x4183/0x6e20 [ 125.954472] kernel_clone+0xe7/0x890 [ 125.954493] user_mode_thread+0xad/0xf0 [ 125.954516] rest_init+0x24/0x250 [ 125.954548] arch_call_rest_init+0xf/0x14 [ 125.954572] start_kernel+0x4c6/0x4eb [ 125.954594] secondary_startup_64_no_verify+0xe0/0xeb [ 125.954624] [ 125.954624] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 125.954654] _raw_spin_lock_irqsave+0x39/0x60 [ 125.954680] try_to_wake_up+0xab/0x1930 [ 125.954709] up+0x75/0xb0 [ 125.954743] __up_console_sem+0x6e/0x80 [ 125.954778] console_unlock+0x46a/0x590 [ 125.954813] vprintk_emit+0x1bd/0x560 [ 125.954848] vprintk+0x84/0xa0 [ 125.954883] _printk+0xba/0xf1 [ 125.954910] kauditd_hold_skb.cold+0x3f/0x4e [ 125.954949] kauditd_send_queue+0x233/0x290 [ 125.954981] kauditd_thread+0x5f9/0x9c0 [ 125.955012] kthread+0x2ed/0x3a0 [ 125.955043] ret_from_fork+0x22/0x30 [ 125.955069] [ 125.955069] -> #0 ((console_sem).lock){....}-{2:2}: [ 125.955099] __lock_acquire+0x2a02/0x5e70 [ 125.955136] lock_acquire+0x1a2/0x530 [ 125.955170] _raw_spin_lock_irqsave+0x39/0x60 [ 125.955197] down_trylock+0xe/0x70 [ 125.955233] __down_trylock_console_sem+0x3b/0xd0 [ 125.955268] vprintk_emit+0x16b/0x560 [ 125.955304] vprintk+0x84/0xa0 [ 125.955338] _printk+0xba/0xf1 [ 125.955363] report_bug.cold+0x72/0xab [ 125.955384] handle_bug+0x3c/0x70 [ 125.955405] exc_invalid_op+0x14/0x50 [ 125.955428] asm_exc_invalid_op+0x16/0x20 [ 125.955457] group_sched_out.part.0+0x2c7/0x460 [ 125.955496] ctx_sched_out+0x8f1/0xc10 [ 125.955533] __perf_event_task_sched_out+0x6d0/0x18d0 [ 125.955557] __schedule+0xedd/0x2470 [ 125.955590] preempt_schedule_common+0x45/0xc0 [ 125.955626] __cond_resched+0x17/0x30 [ 125.955659] __mutex_lock+0xa3/0x14d0 [ 125.955695] __do_sys_perf_event_open+0x1eec/0x32c0 [ 125.955720] do_syscall_64+0x3b/0x90 [ 125.955742] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.955773] [ 125.955773] other info that might help us debug this: [ 125.955773] [ 125.955778] Chain exists of: [ 125.955778] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 125.955778] [ 125.955811] Possible unsafe locking scenario: [ 125.955811] [ 125.955816] CPU0 CPU1 [ 125.955821] ---- ---- [ 125.955826] lock(&ctx->lock); [ 125.955838] lock(&rq->__lock); [ 125.955852] lock(&ctx->lock); [ 125.955866] lock((console_sem).lock); [ 125.955879] [ 125.955879] *** DEADLOCK *** [ 125.955879] [ 125.955883] 2 locks held by syz-executor.3/3778: [ 125.955897] #0: ffff88806ce37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 125.955965] #1: ffff88800ee16c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 125.956023] [ 125.956023] stack backtrace: [ 125.956028] CPU: 0 PID: 3778 Comm: syz-executor.3 Not tainted 6.0.0-next-20221006 #1 [ 125.956055] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.956069] Call Trace: [ 125.956075] [ 125.956084] dump_stack_lvl+0x8b/0xb3 [ 125.956110] check_noncircular+0x263/0x2e0 [ 125.956146] ? format_decode+0x26c/0xb50 [ 125.956184] ? print_circular_bug+0x450/0x450 [ 125.956221] ? simple_strtoul+0x30/0x30 [ 125.956258] ? lock_release+0x547/0x750 [ 125.956295] ? format_decode+0x26c/0xb50 [ 125.956335] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 125.956374] __lock_acquire+0x2a02/0x5e70 [ 125.956422] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 125.956471] lock_acquire+0x1a2/0x530 [ 125.956508] ? down_trylock+0xe/0x70 [ 125.956549] ? lock_release+0x750/0x750 [ 125.956594] ? vprintk+0x84/0xa0 [ 125.956633] _raw_spin_lock_irqsave+0x39/0x60 [ 125.956661] ? down_trylock+0xe/0x70 [ 125.956700] down_trylock+0xe/0x70 [ 125.956738] ? vprintk+0x84/0xa0 [ 125.956775] __down_trylock_console_sem+0x3b/0xd0 [ 125.956813] vprintk_emit+0x16b/0x560 [ 125.956855] vprintk+0x84/0xa0 [ 125.956893] _printk+0xba/0xf1 [ 125.956921] ? record_print_text.cold+0x16/0x16 [ 125.956956] ? perf_event_update_userpage+0x4e8/0x7c0 [ 125.957000] ? report_bug.cold+0x66/0xab [ 125.957025] ? group_sched_out.part.0+0x2c7/0x460 [ 125.957098] report_bug.cold+0x72/0xab [ 125.957125] handle_bug+0x3c/0x70 [ 125.957149] exc_invalid_op+0x14/0x50 [ 125.957174] asm_exc_invalid_op+0x16/0x20 [ 125.957205] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 125.957249] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 125.957274] RSP: 0018:ffff888021247978 EFLAGS: 00010006 [ 125.957294] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 125.957310] RDX: ffff88801d0f9ac0 RSI: ffffffff815677b7 RDI: 0000000000000005 [ 125.957327] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 125.957343] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800ee16c00 [ 125.957359] R13: ffff88806ce3f200 R14: ffffffff85238040 R15: 0000000000000002 [ 125.957383] ? group_sched_out.part.0+0x2c7/0x460 [ 125.957428] ? group_sched_out.part.0+0x2c7/0x460 [ 125.957472] ctx_sched_out+0x8f1/0xc10 [ 125.957515] __perf_event_task_sched_out+0x6d0/0x18d0 [ 125.957539] ? lock_is_held_type+0xd7/0x130 [ 125.957561] ? __perf_cgroup_move+0x160/0x160 [ 125.957576] ? set_next_entity+0x304/0x550 [ 125.957600] ? update_curr+0x267/0x740 [ 125.957626] ? lock_is_held_type+0xd7/0x130 [ 125.957647] __schedule+0xedd/0x2470 [ 125.957672] ? io_schedule_timeout+0x150/0x150 [ 125.957695] ? find_held_lock+0x2c/0x110 [ 125.957718] ? lock_is_held_type+0xd7/0x130 [ 125.957737] ? __cond_resched+0x17/0x30 [ 125.957761] preempt_schedule_common+0x45/0xc0 [ 125.957785] __cond_resched+0x17/0x30 [ 125.957807] __mutex_lock+0xa3/0x14d0 [ 125.957832] ? lock_is_held_type+0xd7/0x130 [ 125.957852] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 125.957870] ? mutex_lock_io_nested+0x1310/0x1310 [ 125.957895] ? lock_release+0x3b2/0x750 [ 125.957919] ? __up_read+0x192/0x730 [ 125.957940] ? up_write+0x520/0x520 [ 125.957960] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 125.957982] __do_sys_perf_event_open+0x1eec/0x32c0 [ 125.958004] ? perf_compat_ioctl+0x130/0x130 [ 125.958019] ? xfd_validate_state+0x59/0x180 [ 125.958050] ? syscall_enter_from_user_mode+0x1d/0x50 [ 125.958072] ? syscall_enter_from_user_mode+0x1d/0x50 [ 125.958095] do_syscall_64+0x3b/0x90 [ 125.958110] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.958130] RIP: 0033:0x7fe646bf9b19 [ 125.958142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.958157] RSP: 002b:00007fe64416f188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 125.958172] RAX: ffffffffffffffda RBX: 00007fe646d0cf60 RCX: 00007fe646bf9b19 [ 125.958183] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000280 [ 125.958193] RBP: 00007fe646c53f6d R08: 0000000000000000 R09: 0000000000000000 [ 125.958202] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 125.958213] R13: 00007ffffbb5f69f R14: 00007fe64416f300 R15: 0000000000022000 [ 125.958231] [ 126.023995] WARNING: CPU: 0 PID: 3778 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 126.024667] Modules linked in: [ 126.024895] CPU: 0 PID: 3778 Comm: syz-executor.3 Not tainted 6.0.0-next-20221006 #1 [ 126.025453] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.026047] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 126.026443] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 126.027716] RSP: 0018:ffff888021247978 EFLAGS: 00010006 [ 126.028086] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 126.028597] RDX: ffff88801d0f9ac0 RSI: ffffffff815677b7 RDI: 0000000000000005 [ 126.029105] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 126.029615] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800ee16c00 [ 126.030123] R13: ffff88806ce3f200 R14: ffffffff85238040 R15: 0000000000000002 [ 126.030635] FS: 00007fe64416f700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 126.031202] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.031621] CR2: 00007fd0cb4d86f4 CR3: 00000000401fe000 CR4: 0000000000350ef0 [ 126.032120] Call Trace: [ 126.032306] [ 126.032476] ctx_sched_out+0x8f1/0xc10 [ 126.032773] __perf_event_task_sched_out+0x6d0/0x18d0 [ 126.033145] ? lock_is_held_type+0xd7/0x130 [ 126.033460] ? __perf_cgroup_move+0x160/0x160 [ 126.033783] ? set_next_entity+0x304/0x550 [ 126.034090] ? update_curr+0x267/0x740 [ 126.034383] ? lock_is_held_type+0xd7/0x130 [ 126.034702] __schedule+0xedd/0x2470 [ 126.034978] ? io_schedule_timeout+0x150/0x150 [ 126.035310] ? find_held_lock+0x2c/0x110 [ 126.035611] ? lock_is_held_type+0xd7/0x130 [ 126.035922] ? __cond_resched+0x17/0x30 [ 126.036208] preempt_schedule_common+0x45/0xc0 [ 126.036553] __cond_resched+0x17/0x30 [ 126.036822] __mutex_lock+0xa3/0x14d0 [ 126.037103] ? lock_is_held_type+0xd7/0x130 [ 126.037413] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 126.037784] ? mutex_lock_io_nested+0x1310/0x1310 [ 126.038132] ? lock_release+0x3b2/0x750 [ 126.038430] ? __up_read+0x192/0x730 [ 126.038709] ? up_write+0x520/0x520 [ 126.038975] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 126.039333] __do_sys_perf_event_open+0x1eec/0x32c0 [ 126.039706] ? perf_compat_ioctl+0x130/0x130 [ 126.040024] ? xfd_validate_state+0x59/0x180 [ 126.040352] ? syscall_enter_from_user_mode+0x1d/0x50 [ 126.040735] ? syscall_enter_from_user_mode+0x1d/0x50 [ 126.041115] do_syscall_64+0x3b/0x90 [ 126.041375] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.041741] RIP: 0033:0x7fe646bf9b19 [ 126.042011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.043290] RSP: 002b:00007fe64416f188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 126.043824] RAX: ffffffffffffffda RBX: 00007fe646d0cf60 RCX: 00007fe646bf9b19 [ 126.044328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000280 [ 126.044848] RBP: 00007fe646c53f6d R08: 0000000000000000 R09: 0000000000000000 [ 126.045363] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 126.045868] R13: 00007ffffbb5f69f R14: 00007fe64416f300 R15: 0000000000022000 [ 126.046371] [ 126.046546] irq event stamp: 6228 [ 126.046793] hardirqs last enabled at (6227): [] _raw_spin_unlock_irqrestore+0x28/0x60 [ 126.047452] hardirqs last disabled at (6228): [] __schedule+0x1225/0x2470 [ 126.048041] softirqs last enabled at (6224): [] __irq_exit_rcu+0x11b/0x180 [ 126.048658] softirqs last disabled at (6191): [] __irq_exit_rcu+0x11b/0x180 [ 126.049271] ---[ end trace 0000000000000000 ]--- [ 126.084631] syz-executor.3: attempt to access beyond end of device [ 126.084631] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 126.085557] Buffer I/O error on dev loop3, logical block 10, lost async page write 19:17:30 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) chroot(&(0x7f0000000000)='./file0/file0\x00') ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = io_uring_setup(0x454c, &(0x7f0000000240)) r3 = open(&(0x7f0000000380)='./file0\x00', 0x8000, 0x36164c76dcb10265) r4 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/block/sda', 0x0, 0x0) copy_file_range(r4, 0x0, r5, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f00000001c0)=r5, 0x1) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000480), 0x1) sendfile(r1, r0, 0x0, 0xfffffdf2) [ 126.176094] loop3: detected capacity change from 0 to 40 [ 126.284973] syz-executor.3: attempt to access beyond end of device [ 126.284973] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 126.287301] Buffer I/O error on dev loop3, logical block 10, lost async page write 19:17:30 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) chroot(&(0x7f0000000000)='./file0/file0\x00') ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = io_uring_setup(0x454c, &(0x7f0000000240)) r3 = open(&(0x7f0000000380)='./file0\x00', 0x8000, 0x36164c76dcb10265) r4 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/block/sda', 0x0, 0x0) copy_file_range(r4, 0x0, r5, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f00000001c0)=r5, 0x1) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000480), 0x1) sendfile(r1, r0, 0x0, 0xfffffdf2) [ 126.418997] loop3: detected capacity change from 0 to 40 19:17:30 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) chroot(&(0x7f0000000000)='./file0/file0\x00') ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = io_uring_setup(0x454c, &(0x7f0000000240)) r3 = open(&(0x7f0000000380)='./file0\x00', 0x8000, 0x36164c76dcb10265) r4 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/block/sda', 0x0, 0x0) copy_file_range(r4, 0x0, r5, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f00000001c0)=r5, 0x1) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000480), 0x1) sendfile(r1, r0, 0x0, 0xfffffdf2) [ 126.535622] loop6: detected capacity change from 0 to 40 [ 126.538449] syz-executor.3: attempt to access beyond end of device [ 126.538449] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 126.539680] Buffer I/O error on dev loop3, logical block 10, lost async page write 19:17:30 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) chroot(&(0x7f0000000000)='./file0/file0\x00') ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = io_uring_setup(0x454c, &(0x7f0000000240)) r3 = open(&(0x7f0000000380)='./file0\x00', 0x8000, 0x36164c76dcb10265) r4 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/block/sda', 0x0, 0x0) copy_file_range(r4, 0x0, r5, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f00000001c0)=r5, 0x1) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000480), 0x1) sendfile(r1, r0, 0x0, 0xfffffdf2) [ 126.635942] loop3: detected capacity change from 0 to 40 [ 126.676500] syz-executor.6: attempt to access beyond end of device [ 126.676500] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 126.677581] Buffer I/O error on dev loop6, logical block 10, lost async page write 19:17:30 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) chroot(&(0x7f0000000000)='./file0/file0\x00') ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = io_uring_setup(0x454c, &(0x7f0000000240)) r3 = open(&(0x7f0000000380)='./file0\x00', 0x8000, 0x36164c76dcb10265) r4 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/block/sda', 0x0, 0x0) copy_file_range(r4, 0x0, r5, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f00000001c0)=r5, 0x1) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000480), 0x1) sendfile(r1, r0, 0x0, 0xfffffdf2) [ 126.770414] syz-executor.3: attempt to access beyond end of device [ 126.770414] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 126.771341] Buffer I/O error on dev loop3, logical block 10, lost async page write [ 126.794525] loop6: detected capacity change from 0 to 40 19:17:31 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x1f, 0x2}}, './file0\x00'}) sendmsg$NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, 0x0, 0x0, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x22}}}}, [@NL80211_ATTR_TSID={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x40004}, 0x20000008) r2 = syz_mount_image$msdos(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x100000001, 0x2, &(0x7f0000000240)=[{&(0x7f0000000680)="8100ff7937b28c79eb7e6bc4f64888eb46d6fff57519be3fa018a7e08512e9490b2cb48a31d0fd665d810c39c1ecd29300d1d8ac3e1dddd4c21dd7ab59ae05f3494e1192d169840a41ae6e090a8947c21226295a8110d1a8cb4042be4c41459c159761f3168be6735b7c2fbf9fdf7dbeba560257ee6cb634e37b45cd6ed1f3fcbb6fb461cfb28193b8b3d7695196f50a4d0edb0cfb561242ac078abed877502f43e056236cb23f18d981cde7e5b59abf566f15650345385ae471b9a49e88b45167a0f4e36ce568ac65e67d01fb82c94c74c238101e352450e612195e1c10b42155287f84e363545da5cd176551a1a29d89a851405dd807f578eff67f14f26ef470d11c01129ac1c657580626cabf621667a4c6cfe5a2d424a056e94573b24ad3dee9ae74d7ea3a7447aa0e64e4c485829807c0e8df339eaa094c06f91a45b1390dceebd7e78394e26e0f23a278b79f4661441336f1f00226333d468a0ef9de70da5134b667b189b7f1fa92136c9d23e8a027f2b558a758af31d39d4309de4e3e6baaf0a22c6df21b0de69143be05cd7dcfe8e0ac1fc7d0dcf0383afd8252eb5a0f71733d4db91df51b77081e9953c6e16e4b71d86ffe944238963cb2c27dde897282c7235283db274b4ef9a14804c637e8b6c7bc830b93727c5a3822837a28ce60369692148cca5f314ba62a0956e8a6ada7f98b66dc9e278ec73cbcd8fc78bf03f91867835ab901722bb48254beedf8ad7b130eb5641d02e1f46ea710c488953f481c6e7180477a41a7411541054292df608abafc3194c1ee1966b50fa9b2e1822d904b9a004e9460212209916f2248fa047a76ce59725b626099e7a7e656214660bd4ae87e6aeda59f013cd297e42447da47a9cf26f12ad098da172656e72e1555b12385550eb6313e0d5e30dc724e0f43572ebf0a41b538e591ebf2c4f816cbe07bb216a3d1128a5e424586c914fe8138cbf54e1e61e8365d365460dff0dc78d03e87645671f0be6855dc92403b98e075dab68f08b7bfa2901c68723b0182a79d18966e049e4c2554c48ab8788575dd3b4292e926cf7767bb097ea159852b8704ca653ea5f477a85caf227172bccf2e185e1badbcb49d732bcf520b08105498a25f7ff31e1182e85ff66a2ada10fd5878583aa495d02d8c5b055d25f62798bb5ee46e1d518f398e067fb857b1463c89d46eed23a1f6c78356a037fc0063931916068c10901fcab3688664a609fcbec50d30a2edbda20a448ee575ef1d6bc30df64e1e930a9a38d5defdbedcacd88035d63e905624001802383828a3e1167f1cfb1a3eb154ecafc55b8709a2910a595bdf166ca318ca054fd1e9513f653aef50b5ef33a7d7d553e2c871a2f283c891036a85962fbd06a3c45bac5fbae17ea742d01707238224c5a534d3da6d3fb9d06a874a375e3fe08f85605246dca4d394e750798f4b061ceaef6fdaa3d2683af476f9dd3a63d3e82d0de50e71a04ffc2f51f53cb09f89e300eb6ccd1856d140f90b605ee28b87908ddd21817ae552a87133ee0a6dc76ef5017833850eb30d9dd43fb4ea4a4abc781d01cbc257b4d0704a35a13cf147dca268f237d8f4f6e9f8110f2d24bbf12d9201bf221097282f9f3b06e17ca2223437e4b285a4267a31b04a2398b04a5027cc89523b940d678f8d5badc521d891a5b860392542ca97c62910849771e99824af4e105f432ef0f9b350ba1829ffea0d056fa4510ebbe9248a81ca975fbe599801a5ecbde098f8d9b2dde7b48e0aec3d7338e1d1badc3c2c308eeb9afed71164385daa3620c59e665684b1e63a60db30526bedc7a5d90ff1a355cdb346c7aeadef534825c33a82c244b2c4b5804190d5c3a69663c1a1b2dce7dca42cabcbb95748869008d43f535853e79724f7cde62ad3b6e2a1ab39f26ac885ad7681f39496e65cbd82b12768393825d80a1a28f03e33217ab0ee34ca719f9f6394bdeaaefc7a1594c28ae4fd073e90b46ead18d902b07a60b68c3a71382cf7b45f1c2038f361c440b8e3c91ca1ca6ba90706ce9ce0615b90d1f4ecbeaecc162f1cb34479886c3cb7d95d3ecafb5943278a248279b8ee63b796c3ea38ecb7785eebbb16bd8d1849fe89c6fdd954e7987819b6f2c9f3d0d684ea7bbc44d159e7b32545e42fec55767019f95ebd52ac4d8a06d9af2cfe14fdb83140c357a8bfb164c852dd78a535a23dd619e43e4ae1f30bbce6ed9f8300d21cbac8b6be4a54471d494baffe9678870242c37c8331832aacbc33cf4edd1cedba64e2417f0c28be6fe15b550dc7b9581634e787dec6ffb0d62606ccfab181d5cb97258390a32daf1eb5447dfbd86c410688228e84c6a0f0949f455c7391fc658161dbe1b53d0049f1125138a06a908d9ce130718d19aa60e6becce38e2df4d9f7c5c797d6ba7509209352518b15fe62275329a9bc2ff801b86c0efa201cf05f7390ce5427c20c68714c4615b00cb9ae85c72deb19d728bd5ada8dde4bf572cacfa2b0412f899f0a302964071a967d231219f7e34cd12d07add4fdd78ae74d8e9cb3e49024e76230e4fcef71d4dc4d245cfc6031bc0af97aca8dc83deb7e15d9f34b920208c8cbac8a6a7b3f85a129ed8ffc53c08f70283bfcab5438ed72ce5a59bc1fffa8b3bf6ec5aa934534863ac724db2a81a7d691d9a4a94237855f32a620bc0df779811bcc631ceeb47ae904cafb8fd2a846d555f2649ef7d553bf7f02a5c82ad46a6ca2451d406bfeb3bb178c6e56a12e390924976de8e038627420722e471b22dc559e57d767b26079758ab15ca9ed2fd00fdf4e143abc438fbe3678131587f31a5bcf5c967556bcf69a328522fe74cb5b6553c1d71e64201760861a6411029f2446cfdc1c76fac5d1acb9b283b26bcde2f9f5491236f700e77cf10df40605b59118e85c246019775ff6230568f9f2ae8c7e2b89ba087e6929c23f04bb20e6981d7383576585a485cb03c81363ba496c57f06044c5415d45335678add70ab99792e957dc604290832442e83f74531add5154004a749e5ac0434884f3f8659e81296788f5a2f787bbddbb026f7d39a14b415b74268949098e377bbb2084c34590f39a1d733baf4ef66ccb4682456844ad06ed974f01510fb9dcd0a9d2f15097213b61c79379c93eedff1ccd36a616cff9e9db05747edd33ac11fa4b5549812c7dd2febefd0459b8b81cfc003d0135a30cb9ba4c63fbdbd1c94ef300b4e7fddf2a085baf44d32857058aa7ed22fb94838fb8cea7b59be85989f3c686b1784a494287580316dc65878215e6df18601dafc2e58a1aa1c9325b3a9450569795364d1a7199e69cd6011d2f75e371c4cce90b00704530dd32f264ef7a3ece97b613fb79f6f6fa916d294878dbb0798ac6ceed0569bff105b15e1a1a6b72d185f358e43fc4b484e44664102e9c916de0f059965a8c23e152836a357239f294f6bb103ca9140d07ff9105898f2f61684a1dd884d5011bd5191f90e83b683b26a03e6467ed61c65c5cfa959643401797cead1bd13ff8cd3b6c3dbb01c44d32c3edf3b40d487b04a869916c92ae9615c446e51c2a735228f0229bfc2e0b779bfea5052c0a0e785c0069a467da8585667f6e0a892c18332df31d2db460ba79aa1a1b6a17b75fe557267f1c4d49d2fe7d78e25a65791a5166a7185099a817414c5ef22de810ca1db4e6b0161fee52d5c6d679950a01a980c45abebb3b21358ffcfdd5d6ce8830463f224d532cb8359b34f1514a21e0de73eb400dc765292ff4ccbd6d91cc847f1e521c1566cad579118e77397fe50770bdf03e3fedc5cd39f1db952900d6f2b3cd107b46d727ef00760205f7b0057c939a7551cc40ee4abce5a70e3f55d67016be59f7365caf130c7e517b9af35941b9426110d0fb5455da8cc40b90334c9dfba680c3dd64c476de7f4fa2402794004fa4ef2b31b29bfaca295236490a2bad1d0d6f9b2cd2eaf29bd7be1d440e4ad910fc0fac02bbb421b7552f3870bfa2ab6879fbc06de76ba160d646e1c0323911a03bebcca45c50fa5acd49d3c26487e34c181063ab710851c51442896027d1f4ca856a18e28ce8e93c45d67abd76743409052f082de61340abdd7c1ff96a5a5e41feeef4bd36acb5abfb22e5699c9464673677011c724fe83f16d3e51e8b418e6a0938f3e547c1046aca68260c70cdff7809a48c14400af4421c62a061120cd662f9feedad393c176a3e449abb0bac7f738a9406bef58866256c5f32d50d43dcd9d5b05ea89476ca7e7e50d76ef3d799066dc74657340b83f26bf9a5fbe9caa6291f88d246489936b0d013455d51633e145cabefbc363c2a2a2b919d53218e00ae38e389babcba265bd6fd5e5ca875373bd6586ba69751f761ceecfde68c91e1a335b568fe28e82fef929934d47540828ca5e3545d10effe91709190b8de8efa36740932ffa7a013c86012e88f8c32df6c2785d4bd4a676d6fa2c5458447a38c6836f84d36e247cdba56f798891021b94398246d110b7f7fb429740440cf15afb5cddd8f52b51b67298b74c613069c0bac1ef0e909043613da30a0e1bc177176803c6362484f6240833e1a3876309b3c1da21b4b41d9f271b29e2f96e5ddeb8af25ecaa2ce231fb85bf22acdc4a191c2fa2cf2c5c5736af0dc0df68a5654fa4856f6ac06331d024475cd0023a6d1db7e74399acfaa6e3899adb2d60bf662cef6d889ae772fab81f810d139d0f22a91a5bf083019e66ad0c7a4ad529852b6ea2f799de72966fbed2b8426d97c3032298d8823f893ccc29fc7ae3e34da5c68758f267cd11507f80bb927e3a7db9ae38cac08a6103505e99a3beb867e57f6da6642dc7bd3878f716b1fc39edb350426f20b0663f76535a183a7a40137b8cac222c2f52e64c9ca6106da4cfefc3669c7b362c8c63089005a06e07b6c15d5eee5fa66901637d376f2ee7358b0aa5e57304c7b7baf4591485b900d1d005e13a2d08edc3b0c96d981ee8f9e6dd5849932794153c16960e7141e0b5ece2ed848580630fbcc331fd70d8678d4ba443403fa24547251fb83c1473e124461d86d6235b2a83e7772274709e685a2d8f14d9217a3e141816c906d6db812a7646f040fdd36076b7b6f67d8ae5d344e46f584c08b2a50f19d40e33e5e727ee0967ecbd566fbd953ac10f53edb65f94f97c284922cbfa78aecd16c8d4c432235e4b880fbfc29e43be4eb2fcbf1c00ff512e8e5db006c12a11934e77a1fe069cdeeaf9bc2c296089540bbccf68e1ed1723a3e350c2d0a45ae68d983c1d9b95f974ade8eb414f7c2e9d6d1f83031a16ecf418e54a56120c5668e16eaf41edd605d161df62fa5fbbdb4b274fd7b7390294a641598e724c48ad2756079a7e4006d43c8e2d9c4694829f7209ff9b39c308535e943f5eb4ef412dc1abd1c29dc449a52055a25f01a6c9ad4aeb55dcc10a97f96837c10e493d1efc6e193be6821fc58374108883270022dd4a04b0f5e908c706d998e3cc8b16ff902976d352c4c194d105c3c7fdb158572a7e84947175b60b7f4ad97a171a642794e8d46e0a0ac13fea6026ece7bf4fab67f149b499b39ce3b33071e8973258ecfa44315051635c187b4a365813792ea9b8b3e005d4e750d0cedf3c82cccf5eb2390b9384e98b82de57fb16e199175a39a6b2b39ef8abae573877af2b92998a0a3ca8fe707fe19cbdd5a55c0e54b7fc763a1e2629d7a6689fd23fbf253fb569706c318a9da321df737ce4b9bcd63aa46868000da294409eadbba41c418428c1caaf1bd5128fa0ea31101a2ff18e3d0485ba3f25291921b", 0x1000, 0x483e}, {&(0x7f0000000200)="84f446a627a0b79c96e18fb3b522ae2bd2776c4056b0", 0x16, 0x8}], 0x41400, &(0x7f0000000300)={[{@fat=@check_strict}, {@dots}, {@dots}, {@fat=@dmask={'dmask', 0x3d, 0xf791}}], [{@measure}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@hash}, {@uid_eq}, {@euid_gt}, {@smackfsdef={'smackfsdef', 0x3d, 'vfat\x00'}}, {@pcr={'pcr', 0x3d, 0x19}}]}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000001900), 0x101000, 0x0) dup2(r3, r2) ftruncate(r1, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000000040)=ANY=[]) creat(&(0x7f00000018c0)='./file0\x00', 0x28) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000001680)={r0, 0x101, 0x2, 0x778d}) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000001880)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001840)={&(0x7f00000016c0)={0x16c, 0x0, 0x200, 0x70bd29, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7fffffff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x80000000}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xe4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1d}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x200}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x20000004}, 0x20000840) r4 = memfd_create(&(0x7f0000000400)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLY\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x17\xa2\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\x92#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x06L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x84\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\xd00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9\xbb\xfe\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\xd6\xcf\xf6\xb5\x82\xb7\x9dA\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/L\x01\xe2\xba|\xf0\x01)PP\xcdl\x06\xfc\x15;qZ\xb1u\xc9\xd0\xd16~JEGm\xe4\x1e@\x9dG\xe4@\xdf\xba\'\x8b\x1cD\xc7\xec\xd1@}tR\xd9P\xf4N\xe3\xd8x\xa0\x91\x17\xc2}\x13\b\xca\t(Z\xa3_\xa1\x90\x15T\xa4\xe7%\x98\xa7\xfb\x8bp/eq\x93\xbf\x1f =|\xf3\xb1\xfcR\xd8\nM,\xcb%@\'\x15\x88\xd8\xad\f\x91|\x95\x8fq+\x98\x81W\xba\x9f\xe0elOt\xbd\by\r\x87\x1c\xba\xbd\x8e+S>\xb8\xe29\x91h^x\xfb`\x00\xdd/\xa6\xb1\x16=\xa1bw\xc5I\xb1\x00'/549, 0x2) fcntl$addseals(r4, 0x409, 0xd) [ 126.901284] syz-executor.6: attempt to access beyond end of device [ 126.901284] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 126.902467] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 126.938029] loop3: detected capacity change from 0 to 256 [ 126.945630] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 19:17:31 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) chroot(&(0x7f0000000000)='./file0/file0\x00') ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = io_uring_setup(0x454c, &(0x7f0000000240)) r3 = open(&(0x7f0000000380)='./file0\x00', 0x8000, 0x36164c76dcb10265) r4 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/block/sda', 0x0, 0x0) copy_file_range(r4, 0x0, r5, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f00000001c0)=r5, 0x1) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000480), 0x1) sendfile(r1, r0, 0x0, 0xfffffdf2) [ 126.991494] loop6: detected capacity change from 0 to 40 [ 127.190085] hrtimer: interrupt took 18314 ns [ 127.530597] syz-executor.6: attempt to access beyond end of device [ 127.530597] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 127.532275] Buffer I/O error on dev loop6, logical block 10, lost async page write VM DIAGNOSIS: 19:17:30 Registers: info registers vcpu 0 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823c0801 RDI=ffffffff8765c9e0 RBP=ffffffff8765c9a0 RSP=ffff8880212473c0 R8 =0000000000000001 R9 =000000000000000a R10=000000000000005b R11=0000000000000001 R12=000000000000005b R13=ffffffff8765c9a0 R14=0000000000000010 R15=ffffffff823c07f0 RIP=ffffffff823c0859 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe64416f700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd0cb4d86f4 CR3=00000000401fe000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=1ffff110030a71a1 RBX=ffff888018538d08 RCX=ffff888040247d88 RDX=ffff888010001ac0 RSI=ffffffff815bb7dc RDI=0000000000000005 RBP=ffffea000018eb80 RSP=ffff888040247bc0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffffea000018eb80 R13=0000000000000001 R14=00000000000000a0 R15=dffffc0000000000 RIP=ffffffff815bb825 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f23a3ee6540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f23a3fa38b0 CR3=000000003f1a0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00ffffffffffff0000000000000000 XMM01=0100010001000000ffffffffffffffff XMM02=0500050005000000455441564952505f XMM03=0000000000000000000000564952505f XMM04=00030005000500050005000000455441 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000