syzkaller login: [ 271.370787][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 271.431013][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 271.496930][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 271.530266][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:19880' (ECDSA) to the list of known hosts. 1970/01/01 00:05:56 fuzzer started 1970/01/01 00:06:07 dialing manager at localhost:35225 [ 373.555017][ T2025] cgroup: Unknown subsys name 'net' [ 374.448691][ T2025] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:14 syscalls: 2918 1970/01/01 00:06:14 code coverage: enabled 1970/01/01 00:06:14 comparison tracing: enabled 1970/01/01 00:06:14 extra coverage: enabled 1970/01/01 00:06:14 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:14 setuid sandbox: enabled 1970/01/01 00:06:14 namespace sandbox: enabled 1970/01/01 00:06:14 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:14 fault injection: enabled 1970/01/01 00:06:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:14 net packet injection: enabled 1970/01/01 00:06:14 net device setup: enabled 1970/01/01 00:06:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:14 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:14 USB emulation: enabled 1970/01/01 00:06:14 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:14 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:14 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:14 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:19 fetching corpus: 50, signal 27242/30623 (executing program) 1970/01/01 00:06:22 fetching corpus: 99, signal 41044/45613 (executing program) 1970/01/01 00:06:26 fetching corpus: 149, signal 55234/60723 (executing program) 1970/01/01 00:06:29 fetching corpus: 199, signal 61862/68282 (executing program) 1970/01/01 00:06:31 fetching corpus: 249, signal 67753/75096 (executing program) 1970/01/01 00:06:35 fetching corpus: 298, signal 72931/81126 (executing program) 1970/01/01 00:06:38 fetching corpus: 348, signal 77620/86506 (executing program) 1970/01/01 00:06:39 fetching corpus: 398, signal 81490/91074 (executing program) 1970/01/01 00:06:42 fetching corpus: 448, signal 85126/95376 (executing program) 1970/01/01 00:06:45 fetching corpus: 498, signal 90458/101103 (executing program) 1970/01/01 00:06:47 fetching corpus: 548, signal 93111/104390 (executing program) 1970/01/01 00:06:52 fetching corpus: 598, signal 95651/107476 (executing program) 1970/01/01 00:06:56 fetching corpus: 648, signal 99237/111389 (executing program) 1970/01/01 00:06:58 fetching corpus: 697, signal 101558/114189 (executing program) 1970/01/01 00:07:00 fetching corpus: 747, signal 103932/116940 (executing program) 1970/01/01 00:07:05 fetching corpus: 796, signal 106759/120032 (executing program) 1970/01/01 00:07:12 fetching corpus: 846, signal 109386/122857 (executing program) 1970/01/01 00:07:15 fetching corpus: 895, signal 111413/125202 (executing program) 1970/01/01 00:07:17 fetching corpus: 945, signal 113347/127449 (executing program) 1970/01/01 00:07:19 fetching corpus: 994, signal 115073/129498 (executing program) 1970/01/01 00:07:22 fetching corpus: 1044, signal 118427/132677 (executing program) 1970/01/01 00:07:24 fetching corpus: 1094, signal 119925/134439 (executing program) 1970/01/01 00:07:27 fetching corpus: 1144, signal 122307/136861 (executing program) 1970/01/01 00:07:29 fetching corpus: 1194, signal 124266/138882 (executing program) 1970/01/01 00:07:31 fetching corpus: 1244, signal 125784/140520 (executing program) 1970/01/01 00:07:33 fetching corpus: 1294, signal 127275/142105 (executing program) 1970/01/01 00:07:36 fetching corpus: 1344, signal 129157/143917 (executing program) 1970/01/01 00:07:39 fetching corpus: 1394, signal 130756/145533 (executing program) 1970/01/01 00:07:42 fetching corpus: 1444, signal 132729/147324 (executing program) 1970/01/01 00:07:44 fetching corpus: 1494, signal 133900/148604 (executing program) 1970/01/01 00:07:48 fetching corpus: 1544, signal 135074/149802 (executing program) 1970/01/01 00:07:51 fetching corpus: 1594, signal 136659/151273 (executing program) 1970/01/01 00:07:54 fetching corpus: 1644, signal 138163/152638 (executing program) 1970/01/01 00:07:56 fetching corpus: 1694, signal 139680/153969 (executing program) 1970/01/01 00:07:58 fetching corpus: 1744, signal 141114/155225 (executing program) 1970/01/01 00:08:00 fetching corpus: 1794, signal 142465/156379 (executing program) 1970/01/01 00:08:03 fetching corpus: 1844, signal 143318/157243 (executing program) 1970/01/01 00:08:06 fetching corpus: 1894, signal 144800/158456 (executing program) 1970/01/01 00:08:08 fetching corpus: 1944, signal 146128/159560 (executing program) 1970/01/01 00:08:11 fetching corpus: 1994, signal 147570/160646 (executing program) 1970/01/01 00:08:13 fetching corpus: 2044, signal 148803/161635 (executing program) 1970/01/01 00:08:16 fetching corpus: 2094, signal 150461/162795 (executing program) 1970/01/01 00:08:18 fetching corpus: 2144, signal 151270/163457 (executing program) 1970/01/01 00:08:20 fetching corpus: 2194, signal 152323/164240 (executing program) 1970/01/01 00:08:23 fetching corpus: 2244, signal 153555/165100 (executing program) 1970/01/01 00:08:26 fetching corpus: 2294, signal 155242/166164 (executing program) 1970/01/01 00:08:28 fetching corpus: 2343, signal 156224/166857 (executing program) 1970/01/01 00:08:30 fetching corpus: 2393, signal 157212/167531 (executing program) 1970/01/01 00:08:32 fetching corpus: 2443, signal 158405/168223 (executing program) 1970/01/01 00:08:34 fetching corpus: 2493, signal 159197/168748 (executing program) 1970/01/01 00:08:38 fetching corpus: 2543, signal 160412/169392 (executing program) 1970/01/01 00:08:40 fetching corpus: 2593, signal 161545/170036 (executing program) 1970/01/01 00:08:43 fetching corpus: 2643, signal 164468/171314 (executing program) 1970/01/01 00:08:45 fetching corpus: 2693, signal 165445/171793 (executing program) 1970/01/01 00:08:48 fetching corpus: 2743, signal 166318/172227 (executing program) 1970/01/01 00:08:50 fetching corpus: 2793, signal 167361/172708 (executing program) 1970/01/01 00:08:53 fetching corpus: 2843, signal 168345/173155 (executing program) 1970/01/01 00:08:55 fetching corpus: 2893, signal 169015/173455 (executing program) 1970/01/01 00:08:58 fetching corpus: 2943, signal 169631/173720 (executing program) 1970/01/01 00:09:01 fetching corpus: 2993, signal 170496/174071 (executing program) 1970/01/01 00:09:04 fetching corpus: 3043, signal 171186/174312 (executing program) 1970/01/01 00:09:06 fetching corpus: 3093, signal 172382/174711 (executing program) 1970/01/01 00:09:08 fetching corpus: 3142, signal 173052/174955 (executing program) 1970/01/01 00:09:08 fetching corpus: 3144, signal 173058/174990 (executing program) 1970/01/01 00:09:08 fetching corpus: 3144, signal 173058/175020 (executing program) 1970/01/01 00:09:09 fetching corpus: 3144, signal 173058/175049 (executing program) 1970/01/01 00:09:09 fetching corpus: 3144, signal 173058/175079 (executing program) 1970/01/01 00:09:09 fetching corpus: 3144, signal 173058/175111 (executing program) 1970/01/01 00:09:09 fetching corpus: 3144, signal 173058/175142 (executing program) 1970/01/01 00:09:09 fetching corpus: 3144, signal 173058/175178 (executing program) 1970/01/01 00:09:09 fetching corpus: 3144, signal 173058/175194 (executing program) 1970/01/01 00:09:09 fetching corpus: 3144, signal 173058/175227 (executing program) 1970/01/01 00:09:10 fetching corpus: 3144, signal 173058/175259 (executing program) 1970/01/01 00:09:10 fetching corpus: 3144, signal 173058/175286 (executing program) 1970/01/01 00:09:10 fetching corpus: 3144, signal 173070/175318 (executing program) 1970/01/01 00:09:10 fetching corpus: 3144, signal 173070/175342 (executing program) 1970/01/01 00:09:10 fetching corpus: 3144, signal 173070/175369 (executing program) 1970/01/01 00:09:10 fetching corpus: 3144, signal 173070/175407 (executing program) 1970/01/01 00:09:10 fetching corpus: 3144, signal 173070/175434 (executing program) 1970/01/01 00:09:10 fetching corpus: 3144, signal 173070/175460 (executing program) 1970/01/01 00:09:11 fetching corpus: 3144, signal 173070/175495 (executing program) 1970/01/01 00:09:11 fetching corpus: 3144, signal 173070/175534 (executing program) 1970/01/01 00:09:11 fetching corpus: 3144, signal 173070/175572 (executing program) 1970/01/01 00:09:11 fetching corpus: 3144, signal 173070/175597 (executing program) 1970/01/01 00:09:11 fetching corpus: 3144, signal 173070/175621 (executing program) 1970/01/01 00:09:11 fetching corpus: 3144, signal 173070/175654 (executing program) 1970/01/01 00:09:11 fetching corpus: 3144, signal 173070/175676 (executing program) 1970/01/01 00:09:12 fetching corpus: 3144, signal 173070/175676 (executing program) 1970/01/01 00:10:51 starting 2 fuzzer processes 00:10:52 executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0x2e81, &(0x7f0000000080), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000990000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}, 0x0) io_uring_enter(r0, 0xbfc, 0x0, 0x0, 0x0, 0x0) 00:10:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x3, 0x7, 0x801}, 0x14}}, 0x0) [ 677.605412][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 677.705668][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 679.839487][ T2040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 680.038483][ T2040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 688.472813][ T2038] device hsr_slave_0 entered promiscuous mode [ 688.506141][ T2038] device hsr_slave_1 entered promiscuous mode [ 691.340348][ T2040] device hsr_slave_0 entered promiscuous mode [ 691.390331][ T2040] device hsr_slave_1 entered promiscuous mode [ 691.419465][ T2040] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 691.427488][ T2040] Cannot create hsr debugfs directory [ 696.071094][ T2038] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 696.375803][ T2038] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 696.587848][ T2038] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 696.865886][ T2038] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 698.810359][ T2040] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 698.966613][ T2040] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 699.082331][ T2040] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 699.260958][ T2040] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 706.467562][ T2038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 707.035470][ T2314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 707.089495][ T2314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 708.929098][ T2040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 709.208751][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 709.220774][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 713.654024][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 713.727244][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 714.010463][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 714.050294][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 714.274517][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 715.117872][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 715.406855][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 715.456592][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 715.805365][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 715.860272][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 716.134583][ T2038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 717.469953][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 717.563471][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 717.589461][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 717.616456][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 717.669399][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 718.077896][ T2643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 719.065128][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 719.177324][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 719.402494][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 719.440665][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 719.710417][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 722.533573][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 722.537949][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 724.709657][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 724.727790][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 735.180080][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 735.219130][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 738.515366][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 738.544232][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 742.809686][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 742.865163][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 742.995948][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 743.037708][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 743.066418][ T2038] device veth0_vlan entered promiscuous mode [ 743.598323][ T2038] device veth1_vlan entered promiscuous mode [ 744.976933][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 745.036607][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 745.226857][ T2038] device veth0_macvtap entered promiscuous mode [ 745.547860][ T2038] device veth1_macvtap entered promiscuous mode [ 746.030451][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 746.069825][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 746.445891][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 746.475100][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 746.625665][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 746.666543][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 746.933595][ T2038] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.937120][ T2038] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.938790][ T2038] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.940290][ T2038] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 748.276486][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 748.348502][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 748.576245][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 748.649838][ T2310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 748.865150][ T2040] device veth0_vlan entered promiscuous mode [ 749.819912][ T2040] device veth1_vlan entered promiscuous mode [ 751.318389][ T2643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 751.369329][ T2643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 751.609213][ T2040] device veth0_macvtap entered promiscuous mode [ 751.888885][ T2040] device veth1_macvtap entered promiscuous mode [ 752.429027][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 753.010685][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 753.078338][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 753.456747][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 753.509782][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 753.899710][ T2040] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.903262][ T2040] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.904905][ T2040] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.906476][ T2040] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:12:35 executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0x2e81, &(0x7f0000000080), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000990000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}, 0x0) io_uring_enter(r0, 0xbfc, 0x0, 0x0, 0x0, 0x0) 00:12:39 executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0x2e81, &(0x7f0000000080), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000990000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}, 0x0) io_uring_enter(r0, 0xbfc, 0x0, 0x0, 0x0, 0x0) 00:12:39 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x3, 0x7, 0x801}, 0x14}}, 0x0) 00:12:41 executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0x2e81, &(0x7f0000000080), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000990000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}, 0x0) io_uring_enter(r0, 0xbfc, 0x0, 0x0, 0x0, 0x0) 00:12:42 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x3, 0x7, 0x801}, 0x14}}, 0x0) 00:12:45 executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0x2e81, &(0x7f0000000080), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000990000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}, 0x0) io_uring_enter(r0, 0xbfc, 0x0, 0x0, 0x0, 0x0) 00:12:46 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x3, 0x7, 0x801}, 0x14}}, 0x0) 00:12:49 executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0x2e81, &(0x7f0000000080), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000990000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}, 0x0) io_uring_enter(r0, 0xbfc, 0x0, 0x0, 0x0, 0x0) 00:12:50 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000440000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0x126, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000180), 0x0, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) 00:12:52 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000440000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0x126, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000180), 0x0, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) 00:12:53 executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0x2e81, &(0x7f0000000080), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000990000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}, 0x0) io_uring_enter(r0, 0xbfc, 0x0, 0x0, 0x0, 0x0) 00:12:57 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000440000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0x126, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000180), 0x0, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) 00:13:03 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000440000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0x126, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000180), 0x0, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) 00:13:03 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000440000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0x126, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000180), 0x0, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) 00:13:06 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000440000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0x126, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000180), 0x0, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) 00:13:09 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:12 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000440000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0x126, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000180), 0x0, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) 00:13:14 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:19 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:20 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:21 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:23 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:25 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:27 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:30 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:31 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:33 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:35 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:38 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x24}}, 0x0) 00:13:40 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r0, 0xc01064b3, &(0x7f0000000040)) 00:13:44 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r0, 0xc01064b3, &(0x7f0000000040)) 00:13:45 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x0, 0x0, 0x0, 0x6, 0x3}]}}, &(0x7f0000000100)=""/239, 0x26, 0xef, 0x1}, 0x20) 00:13:47 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r0, 0xc01064b3, &(0x7f0000000040)) 00:13:48 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x0, 0x0, 0x0, 0x6, 0x3}]}}, &(0x7f0000000100)=""/239, 0x26, 0xef, 0x1}, 0x20) 00:13:50 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x0, 0x0, 0x0, 0x6, 0x3}]}}, &(0x7f0000000100)=""/239, 0x26, 0xef, 0x1}, 0x20) 00:13:50 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r0, 0xc01064b3, &(0x7f0000000040)) 00:13:52 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x0, 0x0, 0x0, 0x6, 0x3}]}}, &(0x7f0000000100)=""/239, 0x26, 0xef, 0x1}, 0x20) 00:13:54 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, 0x0) 00:13:56 executing program 0: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000002b00), 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000a00)=ANY=[]) 00:13:57 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, 0x0) 00:13:59 executing program 0: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000002b00), 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000a00)=ANY=[]) 00:13:59 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, 0x0) 00:14:01 executing program 0: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000002b00), 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000a00)=ANY=[]) 00:14:02 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, 0x0) 00:14:04 executing program 0: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000002b00), 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000a00)=ANY=[]) 00:14:06 executing program 1: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000002b00), 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000a00)=ANY=[]) 00:14:08 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, 0x0) 00:14:10 executing program 1: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000002b00), 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000a00)=ANY=[]) 00:14:11 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, 0x0) 00:14:13 executing program 1: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000002b00), 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000a00)=ANY=[]) 00:14:13 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, 0x0) 00:14:17 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sched_getattr(0x0, &(0x7f0000000080)={0x38}, 0x38, 0x0) 00:14:18 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000240)=@rc, 0x1f) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x5, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "2dc2d7d9bcb17cac"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x5, 0xa20, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "9b0a7cc66eaadf3937ec9d0de255b89d3b7e6b6592b64574c5f0e71a974b9e31802e4c7121d81bc5df3e6e7433dca236630fe12e85caab681aa532da09777122"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x5, 0x800, 0x0, {0x77359400}, {0x77359400}, {0x0, 0x1}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d3e036b3f0bec45f1cdfa4aade8c59c5c8ac6a23f211989a0168dad23cd6a2e91e76fb78f81b3a5889d8e717108c4420b8ee6b2c267d758ea273fc4249642a53"}}, 0x80}}, 0x0) 00:14:19 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sched_getattr(0x0, &(0x7f0000000080)={0x38}, 0x38, 0x0) 00:14:20 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000240)=@rc, 0x1f) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x5, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "2dc2d7d9bcb17cac"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x5, 0xa20, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "9b0a7cc66eaadf3937ec9d0de255b89d3b7e6b6592b64574c5f0e71a974b9e31802e4c7121d81bc5df3e6e7433dca236630fe12e85caab681aa532da09777122"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x5, 0x800, 0x0, {0x77359400}, {0x77359400}, {0x0, 0x1}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d3e036b3f0bec45f1cdfa4aade8c59c5c8ac6a23f211989a0168dad23cd6a2e91e76fb78f81b3a5889d8e717108c4420b8ee6b2c267d758ea273fc4249642a53"}}, 0x80}}, 0x0) 00:14:22 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sched_getattr(0x0, &(0x7f0000000080)={0x38}, 0x38, 0x0) 00:14:23 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000240)=@rc, 0x1f) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x5, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "2dc2d7d9bcb17cac"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x5, 0xa20, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "9b0a7cc66eaadf3937ec9d0de255b89d3b7e6b6592b64574c5f0e71a974b9e31802e4c7121d81bc5df3e6e7433dca236630fe12e85caab681aa532da09777122"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x5, 0x800, 0x0, {0x77359400}, {0x77359400}, {0x0, 0x1}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d3e036b3f0bec45f1cdfa4aade8c59c5c8ac6a23f211989a0168dad23cd6a2e91e76fb78f81b3a5889d8e717108c4420b8ee6b2c267d758ea273fc4249642a53"}}, 0x80}}, 0x0) 00:14:25 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sched_getattr(0x0, &(0x7f0000000080)={0x38}, 0x38, 0x0) 00:14:26 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000240)=@rc, 0x1f) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x5, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "2dc2d7d9bcb17cac"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x5, 0xa20, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "9b0a7cc66eaadf3937ec9d0de255b89d3b7e6b6592b64574c5f0e71a974b9e31802e4c7121d81bc5df3e6e7433dca236630fe12e85caab681aa532da09777122"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x5, 0x800, 0x0, {0x77359400}, {0x77359400}, {0x0, 0x1}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d3e036b3f0bec45f1cdfa4aade8c59c5c8ac6a23f211989a0168dad23cd6a2e91e76fb78f81b3a5889d8e717108c4420b8ee6b2c267d758ea273fc4249642a53"}}, 0x80}}, 0x0) 00:14:27 executing program 1: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000240)=@rc, 0x1f) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x5, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "2dc2d7d9bcb17cac"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x5, 0xa20, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "9b0a7cc66eaadf3937ec9d0de255b89d3b7e6b6592b64574c5f0e71a974b9e31802e4c7121d81bc5df3e6e7433dca236630fe12e85caab681aa532da09777122"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x5, 0x800, 0x0, {0x77359400}, {0x77359400}, {0x0, 0x1}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d3e036b3f0bec45f1cdfa4aade8c59c5c8ac6a23f211989a0168dad23cd6a2e91e76fb78f81b3a5889d8e717108c4420b8ee6b2c267d758ea273fc4249642a53"}}, 0x80}}, 0x0) 00:14:30 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sched_getattr(0x0, &(0x7f0000000080)={0x38}, 0x38, 0x0) 00:14:31 executing program 1: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000240)=@rc, 0x1f) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x5, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "2dc2d7d9bcb17cac"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x5, 0xa20, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "9b0a7cc66eaadf3937ec9d0de255b89d3b7e6b6592b64574c5f0e71a974b9e31802e4c7121d81bc5df3e6e7433dca236630fe12e85caab681aa532da09777122"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x5, 0x800, 0x0, {0x77359400}, {0x77359400}, {0x0, 0x1}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d3e036b3f0bec45f1cdfa4aade8c59c5c8ac6a23f211989a0168dad23cd6a2e91e76fb78f81b3a5889d8e717108c4420b8ee6b2c267d758ea273fc4249642a53"}}, 0x80}}, 0x0) 00:14:33 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sched_getattr(0x0, &(0x7f0000000080)={0x38}, 0x38, 0x0) 00:14:34 executing program 1: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000240)=@rc, 0x1f) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x5, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "2dc2d7d9bcb17cac"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x5, 0xa20, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "9b0a7cc66eaadf3937ec9d0de255b89d3b7e6b6592b64574c5f0e71a974b9e31802e4c7121d81bc5df3e6e7433dca236630fe12e85caab681aa532da09777122"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x5, 0x800, 0x0, {0x77359400}, {0x77359400}, {0x0, 0x1}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d3e036b3f0bec45f1cdfa4aade8c59c5c8ac6a23f211989a0168dad23cd6a2e91e76fb78f81b3a5889d8e717108c4420b8ee6b2c267d758ea273fc4249642a53"}}, 0x80}}, 0x0) 00:14:37 executing program 1: syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000700)='mnt/encrypted_dir/file\x00', 0x42, 0x180) write(r2, &(0x7f0000000740)='foo', 0x3) 00:14:38 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sched_getattr(0x0, &(0x7f0000000080)={0x38}, 0x38, 0x0) [ 881.298800][ T2871] loop1: detected capacity change from 0 to 128 [ 882.756962][ T2871] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. 00:14:43 executing program 0: r0 = socket$nl_crypto(0x10, 0x3, 0x15) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000140)) [ 885.824666][ T2871] fscrypt: Error allocating hmac(sha512): -2 00:14:47 executing program 1: syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000700)='mnt/encrypted_dir/file\x00', 0x42, 0x180) write(r2, &(0x7f0000000740)='foo', 0x3) 00:14:47 executing program 0: r0 = socket$nl_crypto(0x10, 0x3, 0x15) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000140)) [ 891.770482][ T2891] loop1: detected capacity change from 0 to 128 00:14:51 executing program 0: r0 = socket$nl_crypto(0x10, 0x3, 0x15) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000140)) [ 893.165922][ T2891] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 897.258498][ T2891] fscrypt: Error allocating hmac(sha512): -4 00:14:57 executing program 0: r0 = socket$nl_crypto(0x10, 0x3, 0x15) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000140)) 00:14:59 executing program 1: syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000700)='mnt/encrypted_dir/file\x00', 0x42, 0x180) write(r2, &(0x7f0000000740)='foo', 0x3) 00:15:03 executing program 0: syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000700)='mnt/encrypted_dir/file\x00', 0x42, 0x180) write(r2, &(0x7f0000000740)='foo', 0x3) [ 904.559562][ T2908] loop1: detected capacity change from 0 to 128 [ 905.408111][ T2908] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 906.555574][ T2914] loop0: detected capacity change from 0 to 128 [ 907.565402][ T2914] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. 00:15:08 executing program 1: syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000700)='mnt/encrypted_dir/file\x00', 0x42, 0x180) write(r2, &(0x7f0000000740)='foo', 0x3) 00:15:10 executing program 0: syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000700)='mnt/encrypted_dir/file\x00', 0x42, 0x180) write(r2, &(0x7f0000000740)='foo', 0x3) [ 912.548572][ T2924] loop1: detected capacity change from 0 to 128 [ 913.155099][ T2924] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 913.718900][ T2932] loop0: detected capacity change from 0 to 128 [ 914.680295][ T2932] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 916.087917][ T2924] fscrypt (loop1, inode 12): Error allocating 'cts(cbc(aes))' transform: -4 [ 916.458087][ T2932] fscrypt: AES-256-CTS-CBC using implementation "cts(cbc(aes-fixed-time))" [ 918.684176][ T2932] fscrypt (loop0): Error allocating 'xts(aes)' transform: -4 00:15:21 executing program 0: syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000700)='mnt/encrypted_dir/file\x00', 0x42, 0x180) write(r2, &(0x7f0000000740)='foo', 0x3) 00:15:21 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) sendto$inet(r1, 0x0, 0x100000, 0x0, &(0x7f00000005c0)={0x2, 0x0, @private=0xa010101}, 0x10) [ 925.418877][ T2955] loop0: detected capacity change from 0 to 128 [ 926.336674][ T2955] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. 00:15:26 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) sendto$inet(r1, 0x0, 0x100000, 0x0, &(0x7f00000005c0)={0x2, 0x0, @private=0xa010101}, 0x10) [ 929.399512][ T2955] fscrypt (loop0): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") 00:15:31 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) sendto$inet(r1, 0x0, 0x100000, 0x0, &(0x7f00000005c0)={0x2, 0x0, @private=0xa010101}, 0x10) 00:15:35 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) sendto$inet(r1, 0x0, 0x100000, 0x0, &(0x7f00000005c0)={0x2, 0x0, @private=0xa010101}, 0x10) 00:15:36 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) sendto$inet(r1, 0x0, 0x100000, 0x0, &(0x7f00000005c0)={0x2, 0x0, @private=0xa010101}, 0x10) 00:15:37 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) sendto$inet(r1, 0x0, 0x100000, 0x0, &(0x7f00000005c0)={0x2, 0x0, @private=0xa010101}, 0x10) 00:15:39 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) 00:15:40 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) sendto$inet(r1, 0x0, 0x100000, 0x0, &(0x7f00000005c0)={0x2, 0x0, @private=0xa010101}, 0x10) [ 942.273177][ T26] audit: type=1800 audit(941.160:2): pid=2984 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=636 res=0 errno=0 00:15:43 executing program 0: execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000002180)=[&(0x7f0000002140)='/dev/vcsa\x00']) 00:15:45 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) 00:15:46 executing program 0: execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000002180)=[&(0x7f0000002140)='/dev/vcsa\x00']) [ 948.039919][ T26] audit: type=1800 audit(946.950:3): pid=2991 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=638 res=0 errno=0 00:15:48 executing program 0: execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000002180)=[&(0x7f0000002140)='/dev/vcsa\x00']) 00:15:49 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 952.000565][ T26] audit: type=1800 audit(950.910:4): pid=2997 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=644 res=0 errno=0 00:15:51 executing program 0: execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000002180)=[&(0x7f0000002140)='/dev/vcsa\x00']) 00:15:54 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 957.389083][ T26] audit: type=1800 audit(956.300:5): pid=3001 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=636 res=0 errno=0 00:15:57 executing program 0: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 959.982341][ T26] audit: type=1800 audit(958.890:6): pid=3003 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=645 res=0 errno=0 00:16:00 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 963.149087][ T26] audit: type=1800 audit(962.050:7): pid=3006 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=643 res=0 errno=0 00:16:02 executing program 0: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 965.080036][ T26] audit: type=1800 audit(963.990:8): pid=3009 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=645 res=0 errno=0 00:16:05 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) 00:16:06 executing program 0: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 968.486476][ T26] audit: type=1800 audit(967.380:9): pid=3011 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=638 res=0 errno=0 [ 969.509950][ T26] audit: type=1800 audit(968.390:10): pid=3013 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=645 res=0 errno=0 00:16:10 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 974.255328][ T26] audit: type=1800 audit(973.140:11): pid=3016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=640 res=0 errno=0 00:16:13 executing program 0: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 975.121101][ T26] audit: type=1800 audit(974.030:12): pid=3018 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=645 res=0 errno=0 00:16:17 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) 00:16:18 executing program 0: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 980.167884][ T26] audit: type=1800 audit(979.080:13): pid=3021 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=640 res=0 errno=0 [ 981.293096][ T26] audit: type=1800 audit(980.200:14): pid=3023 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=645 res=0 errno=0 00:16:22 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) 00:16:22 executing program 0: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 985.228113][ T26] audit: type=1800 audit(984.140:15): pid=3026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=644 res=0 errno=0 [ 985.946329][ T26] audit: type=1800 audit(984.860:16): pid=3027 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=645 res=0 errno=0 00:16:27 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) 00:16:29 executing program 0: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 990.824336][ T26] audit: type=1800 audit(989.720:17): pid=3030 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=640 res=0 errno=0 [ 992.154171][ T26] audit: type=1800 audit(991.060:18): pid=3032 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=645 res=0 errno=0 00:16:33 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 995.762458][ T26] audit: type=1800 audit(994.670:19): pid=3035 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=640 res=0 errno=0 00:16:34 executing program 0: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 997.674483][ T26] audit: type=1800 audit(996.580:20): pid=3037 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=645 res=0 errno=0 00:16:37 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 1000.474742][ T26] audit: type=1800 audit(999.380:21): pid=3039 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=640 res=0 errno=0 00:16:39 executing program 0: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 1002.752317][ T26] audit: type=1800 audit(1001.660:22): pid=3041 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=645 res=0 errno=0 00:16:42 executing program 1: syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat(r5, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r6, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540f, 0x0) truncate(&(0x7f0000000200)='./file1\x00', 0x0) syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0) [ 1005.409956][ T26] audit: type=1800 audit(1004.320:23): pid=3043 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=640 res=0 errno=0 00:16:46 executing program 0: unshare(0x4000000) unshare(0x4000000) 00:16:50 executing program 0: unshare(0x4000000) unshare(0x4000000) 00:16:50 executing program 1: unshare(0x4000000) unshare(0x4000000) 00:16:52 executing program 1: unshare(0x4000000) unshare(0x4000000) 00:16:52 executing program 0: unshare(0x4000000) unshare(0x4000000) 00:16:55 executing program 1: unshare(0x4000000) unshare(0x4000000) 00:16:57 executing program 0: unshare(0x4000000) unshare(0x4000000) 00:17:02 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r0, 0x28, 0x6, &(0x7f0000001900), 0x10) 00:17:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) 00:17:08 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r0, 0x28, 0x6, &(0x7f0000001900), 0x10) 00:17:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) 00:17:13 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r0, 0x28, 0x6, &(0x7f0000001900), 0x10) 00:17:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) 00:17:17 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r0, 0x28, 0x6, &(0x7f0000001900), 0x10) 00:17:19 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) 00:17:21 executing program 1: r0 = eventfd2(0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0, r0}, 0x68) 00:17:24 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/2, 0xfffffddc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r1, &(0x7f00000000c0)=""/2, 0xfffffddc) syz_io_uring_setup(0x3064, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), 0x0) 00:17:25 executing program 1: r0 = eventfd2(0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0, r0}, 0x68) 00:17:29 executing program 1: r0 = eventfd2(0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0, r0}, 0x68) 00:17:30 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/2, 0xfffffddc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r1, &(0x7f00000000c0)=""/2, 0xfffffddc) syz_io_uring_setup(0x3064, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), 0x0) 00:17:32 executing program 1: r0 = eventfd2(0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0, r0}, 0x68) 00:17:35 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/2, 0xfffffddc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r1, &(0x7f00000000c0)=""/2, 0xfffffddc) syz_io_uring_setup(0x3064, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), 0x0) 00:17:37 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/2, 0xfffffddc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r1, &(0x7f00000000c0)=""/2, 0xfffffddc) syz_io_uring_setup(0x3064, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), 0x0) 00:17:42 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/2, 0xfffffddc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r1, &(0x7f00000000c0)=""/2, 0xfffffddc) syz_io_uring_setup(0x3064, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), 0x0) 00:17:44 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/2, 0xfffffddc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r1, &(0x7f00000000c0)=""/2, 0xfffffddc) syz_io_uring_setup(0x3064, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), 0x0) 00:17:49 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/2, 0xfffffddc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) read(r1, &(0x7f00000000c0)=""/2, 0xfffffddc) syz_io_uring_setup(0x3064, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), 0x0) 00:17:52 executing program 0: r0 = eventfd2(0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0, r0}, 0x68) 00:17:54 executing program 0: r0 = eventfd2(0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0, r0}, 0x68) 00:17:57 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x42, 0x1ed) write(r0, &(0x7f0000000080)="01", 0x1) close(r0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x40402, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') 00:17:58 executing program 0: r0 = eventfd2(0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0, r0}, 0x68) 00:18:01 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x42, 0x1ed) write(r0, &(0x7f0000000080)="01", 0x1) close(r0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x40402, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') 00:18:01 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x42, 0x1ed) write(r0, &(0x7f0000000080)="01", 0x1) close(r0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x40402, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') 00:18:05 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x42, 0x1ed) write(r0, &(0x7f0000000080)="01", 0x1) close(r0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x40402, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') 00:18:05 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x42, 0x1ed) write(r0, &(0x7f0000000080)="01", 0x1) close(r0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x40402, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') 00:18:09 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x42, 0x1ed) write(r0, &(0x7f0000000080)="01", 0x1) close(r0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x40402, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') 00:18:09 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x42, 0x1ed) write(r0, &(0x7f0000000080)="01", 0x1) close(r0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x40402, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') 00:18:14 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x42, 0x1ed) write(r0, &(0x7f0000000080)="01", 0x1) close(r0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x40402, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') 00:18:16 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x15}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:18:17 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x42, 0x1ed) write(r0, &(0x7f0000000080)="01", 0x1) close(r0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x40402, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') 00:18:18 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x15}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:18:20 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x15}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:18:22 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x42, 0x1ed) write(r0, &(0x7f0000000080)="01", 0x1) close(r0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x40402, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') 00:18:23 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x15}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:18:28 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = eventfd2(0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) 00:18:30 executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r0, 0x29, 0x1, &(0x7f0000000040), 0x4) 00:18:31 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = eventfd2(0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) 00:18:32 executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r0, 0x29, 0x1, &(0x7f0000000040), 0x4) 00:18:33 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = eventfd2(0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) 00:18:35 executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r0, 0x29, 0x1, &(0x7f0000000040), 0x4) 00:18:36 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = eventfd2(0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) 00:18:38 executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r0, 0x29, 0x1, &(0x7f0000000040), 0x4) 00:18:39 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r0, 0x29, 0x1, &(0x7f0000000040), 0x4) 00:18:41 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:18:42 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r0, 0x29, 0x1, &(0x7f0000000040), 0x4) 00:18:44 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r0, 0x29, 0x1, &(0x7f0000000040), 0x4) 00:18:48 executing program 1: r0 = syz_io_uring_setup(0x39df, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x31}, 0x1c) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x48a5, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) 00:18:50 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:18:53 executing program 1: r0 = syz_io_uring_setup(0x39df, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x31}, 0x1c) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x48a5, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) 00:18:58 executing program 1: r0 = syz_io_uring_setup(0x39df, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x31}, 0x1c) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x48a5, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) 00:19:01 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:06 executing program 1: r0 = syz_io_uring_setup(0x39df, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x31}, 0x1c) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x48a5, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) [ 1154.215609][ T3208] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 1154.285247][ T3208] [ 1154.285887][ T3208] ====================================================== [ 1154.286493][ T3208] WARNING: possible circular locking dependency detected [ 1154.287137][ T3208] 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted [ 1154.287927][ T3208] ------------------------------------------------------ [ 1154.288456][ T3208] syz-executor.0/3208 is trying to acquire lock: [ 1154.289351][ T3208] ffffffff84fc0408 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58 [ 1154.292701][ T3208] [ 1154.292701][ T3208] but task is already holding lock: [ 1154.293485][ T3208] ffffaf800c722350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de [ 1154.295235][ T3208] [ 1154.295235][ T3208] which lock already depends on the new lock. [ 1154.295235][ T3208] [ 1154.295883][ T3208] [ 1154.295883][ T3208] the existing dependency chain (in reverse order) is: [ 1154.296817][ T3208] [ 1154.296817][ T3208] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 1154.298111][ T3208] lock_acquire.part.0+0x1d0/0x424 [ 1154.299205][ T3208] lock_acquire+0x54/0x6a [ 1154.300063][ T3208] __mutex_lock+0x114/0xade [ 1154.300969][ T3208] mutex_lock_nested+0x14/0x1c [ 1154.302102][ T3208] nci_start_poll+0x4de/0x6b8 [ 1154.303036][ T3208] nfc_start_poll+0x10c/0x1e8 [ 1154.303995][ T3208] nfc_genl_start_poll+0xfe/0x252 [ 1154.304925][ T3208] genl_family_rcv_msg_doit+0x19a/0x23c [ 1154.305939][ T3208] genl_rcv_msg+0x236/0x3ba [ 1154.306803][ T3208] netlink_rcv_skb+0xf8/0x2be [ 1154.307542][ T3208] genl_rcv+0x36/0x4c [ 1154.308114][ T3208] netlink_unicast+0x40e/0x5fe [ 1154.308685][ T3208] netlink_sendmsg+0x4e0/0x994 [ 1154.309304][ T3208] sock_sendmsg+0xa0/0xc4 [ 1154.309955][ T3208] ____sys_sendmsg+0x46e/0x484 [ 1154.310641][ T3208] ___sys_sendmsg+0x16c/0x1f6 [ 1154.311281][ T3208] __sys_sendmsg+0xba/0x150 [ 1154.312098][ T3208] sys_sendmsg+0x2c/0x3a [ 1154.312769][ T3208] ret_from_syscall+0x0/0x2 [ 1154.313464][ T3208] [ 1154.313464][ T3208] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 1154.314603][ T3208] lock_acquire.part.0+0x1d0/0x424 [ 1154.315511][ T3208] lock_acquire+0x54/0x6a [ 1154.318284][ T3208] __mutex_lock+0x114/0xade [ 1154.320431][ T3208] mutex_lock_nested+0x14/0x1c [ 1154.322223][ T3208] nfc_urelease_event_work+0x126/0x218 [ 1154.323861][ T3208] process_one_work+0x654/0xffe [ 1154.324718][ T3208] worker_thread+0x360/0x8fa [ 1154.325462][ T3208] kthread+0x19e/0x1fa [ 1154.326206][ T3208] ret_from_exception+0x0/0x10 [ 1154.327095][ T3208] [ 1154.327095][ T3208] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 1154.328499][ T3208] lock_acquire.part.0+0x1d0/0x424 [ 1154.329403][ T3208] lock_acquire+0x54/0x6a [ 1154.330288][ T3208] __mutex_lock+0x114/0xade [ 1154.331195][ T3208] mutex_lock_nested+0x14/0x1c [ 1154.332444][ T3208] nfc_register_device+0x44/0x29e [ 1154.333470][ T3208] nci_register_device+0x538/0x612 [ 1154.334456][ T3208] virtual_ncidev_open+0x82/0x12c [ 1154.335449][ T3208] misc_open+0x272/0x2c8 [ 1154.336422][ T3208] chrdev_open+0x1d4/0x478 [ 1154.337316][ T3208] do_dentry_open+0x2a4/0x7d4 [ 1154.338290][ T3208] vfs_open+0x52/0x5e [ 1154.339196][ T3208] path_openat+0x12b6/0x189e [ 1154.340084][ T3208] do_filp_open+0x10e/0x22a [ 1154.340953][ T3208] do_sys_openat2+0x174/0x31e [ 1154.342611][ T3208] sys_openat+0xdc/0x164 [ 1154.343629][ T3208] ret_from_syscall+0x0/0x2 [ 1154.344546][ T3208] [ 1154.344546][ T3208] -> #0 (nci_mutex){+.+.}-{3:3}: [ 1154.346074][ T3208] check_noncircular+0x1de/0x1fe [ 1154.347176][ T3208] __lock_acquire+0x19a4/0x333e [ 1154.348170][ T3208] lock_acquire.part.0+0x1d0/0x424 [ 1154.349156][ T3208] lock_acquire+0x54/0x6a [ 1154.350038][ T3208] __mutex_lock+0x114/0xade [ 1154.351035][ T3208] mutex_lock_nested+0x14/0x1c [ 1154.352782][ T3208] virtual_nci_close+0x28/0x58 [ 1154.353847][ T3208] nci_close_device+0x12e/0x1de [ 1154.354794][ T3208] nci_unregister_device+0x34/0x182 [ 1154.355761][ T3208] virtual_ncidev_close+0x9c/0xbc [ 1154.356752][ T3208] __fput+0x164/0x502 [ 1154.357573][ T3208] ____fput+0x1a/0x24 [ 1154.358478][ T3208] task_work_run+0xdc/0x154 [ 1154.359413][ T3208] do_notify_resume+0x894/0xa56 [ 1154.360396][ T3208] ret_from_exception+0x0/0x10 [ 1154.361784][ T3208] [ 1154.361784][ T3208] other info that might help us debug this: [ 1154.361784][ T3208] [ 1154.364366][ T3208] Chain exists of: [ 1154.364366][ T3208] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 1154.364366][ T3208] [ 1154.366500][ T3208] Possible unsafe locking scenario: [ 1154.366500][ T3208] [ 1154.367458][ T3208] CPU0 CPU1 [ 1154.368129][ T3208] ---- ---- [ 1154.368816][ T3208] lock(&ndev->req_lock); [ 1154.369830][ T3208] lock(&genl_data->genl_data_mutex); [ 1154.372167][ T3208] lock(&ndev->req_lock); [ 1154.374319][ T3208] lock(nci_mutex); [ 1154.375313][ T3208] [ 1154.375313][ T3208] *** DEADLOCK *** [ 1154.375313][ T3208] [ 1154.377263][ T3208] 1 lock held by syz-executor.0/3208: [ 1154.378451][ T3208] #0: ffffaf800c722350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de [ 1154.381127][ T3208] [ 1154.381127][ T3208] stack backtrace: [ 1154.382892][ T3208] CPU: 1 PID: 3208 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1154.384273][ T3208] Hardware name: riscv-virtio,qemu (DT) [ 1154.385256][ T3208] Call Trace: [ 1154.385921][ T3208] [] dump_backtrace+0x2e/0x3c [ 1154.387029][ T3208] [] show_stack+0x34/0x40 [ 1154.388012][ T3208] [] dump_stack_lvl+0xe4/0x150 [ 1154.389099][ T3208] [] dump_stack+0x1c/0x24 [ 1154.390136][ T3208] [] print_circular_bug+0x34e/0x3d8 [ 1154.391177][ T3208] [] check_noncircular+0x1de/0x1fe [ 1154.392591][ T3208] [] __lock_acquire+0x19a4/0x333e [ 1154.393625][ T3208] [] lock_acquire.part.0+0x1d0/0x424 [ 1154.394806][ T3208] [] lock_acquire+0x54/0x6a [ 1154.395865][ T3208] [] __mutex_lock+0x114/0xade [ 1154.397030][ T3208] [] mutex_lock_nested+0x14/0x1c [ 1154.398256][ T3208] [] virtual_nci_close+0x28/0x58 [ 1154.399380][ T3208] [] nci_close_device+0x12e/0x1de [ 1154.400507][ T3208] [] nci_unregister_device+0x34/0x182 [ 1154.401775][ T3208] [] virtual_ncidev_close+0x9c/0xbc [ 1154.402914][ T3208] [] __fput+0x164/0x502 [ 1154.403895][ T3208] [] ____fput+0x1a/0x24 [ 1154.404923][ T3208] [] task_work_run+0xdc/0x154 [ 1154.406050][ T3208] [] do_notify_resume+0x894/0xa56 [ 1154.407789][ T3208] [] ret_from_exception+0x0/0x10 00:19:14 executing program 1: r0 = syz_io_uring_setup(0x39df, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x31}, 0x1c) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x48a5, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) 00:19:14 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:15 executing program 1: r0 = syz_io_uring_setup(0x39df, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x31}, 0x1c) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x48a5, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) 00:19:17 executing program 1: r0 = syz_io_uring_setup(0x39df, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x31}, 0x1c) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x48a5, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) 00:19:19 executing program 1: r0 = syz_io_uring_setup(0x39df, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x31}, 0x1c) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x48a5, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) [ 1163.243496][ T3225] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:19:22 executing program 1: r0 = syz_io_uring_setup(0x39df, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x31}, 0x1c) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x48a5, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) 00:19:22 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:24 executing program 1: r0 = syz_io_uring_setup(0x39df, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x31}, 0x1c) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x48a5, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) 00:19:26 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:27 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) [ 1171.498863][ T3247] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:19:30 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:30 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:32 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:33 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:34 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) [ 1179.403786][ T3265] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:19:38 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:39 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:41 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:42 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) VM DIAGNOSIS: 12:32:13 Registers: info registers vcpu 0 pc ffffffff802009d2 mhartid 0000000000000000 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 000000000003b6d6 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80201320 x2/sp ffffaf800d3af930 x3/gp ffffffff85863ac0 x4/tp ffffaf8008d96100 x5/t0 fffff5ef01d74600 x6/t1 fffffffef0da2bb0 x7/t2 0000000000000000 x8/s0 ffffaf800d3af850 x9/s1 ffffffff86e0c5f8 x10/a0 ffffffff8588a420 x11/a1 0000000000000003 x12/a2 1ffffffff0dc18c2 x13/a3 ffffffff80119df0 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff86d15d87 x18/s2 ffffaf805a9d43e8 x19/s3 ffffffff831afd54 x20/s4 ffffaf800e625a40 x21/s5 00000000000ebf38 x22/s6 ffffaf800d3af974 x23/s7 ffffaf800e625a00 x24/s8 0000000000400000 x25/s9 0000000000080800 x26/s10 ffffaf800d3af5c0 x27/s11 0000000000000008 x28/t3 ffffaf800d3af7e0 x29/t4 fffffffef0da2bb0 x30/t5 fffffffef0da2bb1 x31/t6 ffffaf800d3af811 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8010ed7a mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8010dd7a sepc 000000000005547c mcause 8000000000000007 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8010ed68 x2/sp ffffaf8010e573f0 x3/gp ffffffff85863ac0 x4/tp ffffaf8009f23080 x5/t0 ffffffff86bdc320 x6/t1 fffff5ef0b53c90c x7/t2 0000000000000000 x8/s0 ffffaf8010e57420 x9/s1 ffffaf8010e57460 x10/a0 ffffffff8670c3b0 x11/a1 0000000000000007 x12/a2 1ffffffff0ce1876 x13/a3 ffffffff8010ed68 x14/a4 0000000000000004 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf805a9e4863 x18/s2 ffffffff8670c360 x19/s3 000000000000002b x20/s4 ffffaf8009f23ac8 x21/s5 ffffffff85889780 x22/s6 ffffaf8009f23ac8 x23/s7 ffffaf8009f23aa0 x24/s8 ffffaf8009f23080 x25/s9 ffffffff85f8ad08 x26/s10 ffffffff85899680 x27/s11 ffffaf8009f23080 x28/t3 0000000038303430 x29/t4 fffff5ef0b53c90c x30/t5 fffff5ef0b53c90d x31/t6 ffffaf8010e56fd8 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000