Warning: Permanently added '[localhost]:49256' (ECDSA) to the list of known hosts. 2022/10/06 19:42:59 fuzzer started 2022/10/06 19:43:00 dialing manager at localhost:37161 syzkaller login: [ 35.810470] cgroup: Unknown subsys name 'net' [ 35.897153] cgroup: Unknown subsys name 'rlimit' 2022/10/06 19:43:15 syscalls: 2215 2022/10/06 19:43:15 code coverage: enabled 2022/10/06 19:43:15 comparison tracing: enabled 2022/10/06 19:43:15 extra coverage: enabled 2022/10/06 19:43:15 setuid sandbox: enabled 2022/10/06 19:43:15 namespace sandbox: enabled 2022/10/06 19:43:15 Android sandbox: enabled 2022/10/06 19:43:15 fault injection: enabled 2022/10/06 19:43:15 leak checking: enabled 2022/10/06 19:43:15 net packet injection: enabled 2022/10/06 19:43:15 net device setup: enabled 2022/10/06 19:43:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/06 19:43:15 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/06 19:43:15 USB emulation: enabled 2022/10/06 19:43:15 hci packet injection: enabled 2022/10/06 19:43:15 wifi device emulation: failed to parse kernel version (6.0.0-next-20221006) 2022/10/06 19:43:15 802.15.4 emulation: enabled 2022/10/06 19:43:15 fetching corpus: 50, signal 21748/23501 (executing program) 2022/10/06 19:43:16 fetching corpus: 100, signal 36580/39787 (executing program) 2022/10/06 19:43:16 fetching corpus: 150, signal 44344/48901 (executing program) 2022/10/06 19:43:16 fetching corpus: 200, signal 53795/59513 (executing program) 2022/10/06 19:43:16 fetching corpus: 250, signal 59587/66474 (executing program) 2022/10/06 19:43:16 fetching corpus: 300, signal 63596/71566 (executing program) 2022/10/06 19:43:16 fetching corpus: 350, signal 66320/75409 (executing program) 2022/10/06 19:43:16 fetching corpus: 400, signal 71705/81678 (executing program) 2022/10/06 19:43:16 fetching corpus: 450, signal 74732/85707 (executing program) 2022/10/06 19:43:16 fetching corpus: 500, signal 77091/89054 (executing program) 2022/10/06 19:43:16 fetching corpus: 550, signal 78498/91550 (executing program) 2022/10/06 19:43:17 fetching corpus: 600, signal 80804/94790 (executing program) 2022/10/06 19:43:17 fetching corpus: 650, signal 82894/97800 (executing program) 2022/10/06 19:43:17 fetching corpus: 700, signal 87069/102485 (executing program) 2022/10/06 19:43:17 fetching corpus: 750, signal 88588/104843 (executing program) 2022/10/06 19:43:17 fetching corpus: 800, signal 90648/107674 (executing program) 2022/10/06 19:43:17 fetching corpus: 850, signal 94120/111657 (executing program) 2022/10/06 19:43:17 fetching corpus: 900, signal 95579/113916 (executing program) 2022/10/06 19:43:17 fetching corpus: 950, signal 97587/116541 (executing program) 2022/10/06 19:43:17 fetching corpus: 1000, signal 99350/118937 (executing program) 2022/10/06 19:43:17 fetching corpus: 1050, signal 100985/121221 (executing program) 2022/10/06 19:43:18 fetching corpus: 1100, signal 102669/123492 (executing program) 2022/10/06 19:43:18 fetching corpus: 1150, signal 103934/125355 (executing program) 2022/10/06 19:43:18 fetching corpus: 1200, signal 105537/127448 (executing program) 2022/10/06 19:43:18 fetching corpus: 1250, signal 106764/129289 (executing program) 2022/10/06 19:43:18 fetching corpus: 1300, signal 108864/131721 (executing program) 2022/10/06 19:43:18 fetching corpus: 1350, signal 110646/133831 (executing program) 2022/10/06 19:43:18 fetching corpus: 1400, signal 111495/135304 (executing program) 2022/10/06 19:43:18 fetching corpus: 1450, signal 113645/137734 (executing program) 2022/10/06 19:43:18 fetching corpus: 1500, signal 114791/139325 (executing program) 2022/10/06 19:43:18 fetching corpus: 1550, signal 116054/140998 (executing program) 2022/10/06 19:43:19 fetching corpus: 1600, signal 117486/142756 (executing program) 2022/10/06 19:43:19 fetching corpus: 1650, signal 118360/144149 (executing program) 2022/10/06 19:43:19 fetching corpus: 1700, signal 119088/145437 (executing program) 2022/10/06 19:43:19 fetching corpus: 1750, signal 120695/147228 (executing program) 2022/10/06 19:43:19 fetching corpus: 1800, signal 122010/148787 (executing program) 2022/10/06 19:43:19 fetching corpus: 1850, signal 122813/150017 (executing program) 2022/10/06 19:43:19 fetching corpus: 1900, signal 123503/151151 (executing program) 2022/10/06 19:43:19 fetching corpus: 1950, signal 124254/152369 (executing program) 2022/10/06 19:43:19 fetching corpus: 2000, signal 125959/154078 (executing program) 2022/10/06 19:43:19 fetching corpus: 2050, signal 127362/155567 (executing program) 2022/10/06 19:43:19 fetching corpus: 2100, signal 128708/157041 (executing program) 2022/10/06 19:43:20 fetching corpus: 2150, signal 130041/158501 (executing program) 2022/10/06 19:43:20 fetching corpus: 2200, signal 131652/160013 (executing program) 2022/10/06 19:43:20 fetching corpus: 2250, signal 132996/161363 (executing program) 2022/10/06 19:43:20 fetching corpus: 2300, signal 133451/162258 (executing program) 2022/10/06 19:43:20 fetching corpus: 2350, signal 134355/163392 (executing program) 2022/10/06 19:43:20 fetching corpus: 2400, signal 135227/164435 (executing program) 2022/10/06 19:43:20 fetching corpus: 2450, signal 136079/165496 (executing program) 2022/10/06 19:43:20 fetching corpus: 2500, signal 137104/166580 (executing program) 2022/10/06 19:43:20 fetching corpus: 2550, signal 137919/167565 (executing program) 2022/10/06 19:43:21 fetching corpus: 2600, signal 138835/168560 (executing program) 2022/10/06 19:43:21 fetching corpus: 2650, signal 139756/169579 (executing program) 2022/10/06 19:43:21 fetching corpus: 2700, signal 140934/170681 (executing program) 2022/10/06 19:43:21 fetching corpus: 2750, signal 142340/171896 (executing program) 2022/10/06 19:43:21 fetching corpus: 2800, signal 143250/172812 (executing program) 2022/10/06 19:43:21 fetching corpus: 2850, signal 144623/173905 (executing program) 2022/10/06 19:43:21 fetching corpus: 2900, signal 145395/174717 (executing program) 2022/10/06 19:43:21 fetching corpus: 2950, signal 146788/175744 (executing program) 2022/10/06 19:43:21 fetching corpus: 3000, signal 148494/176930 (executing program) 2022/10/06 19:43:22 fetching corpus: 3050, signal 149346/177701 (executing program) 2022/10/06 19:43:22 fetching corpus: 3100, signal 149926/178371 (executing program) 2022/10/06 19:43:22 fetching corpus: 3150, signal 150602/179078 (executing program) 2022/10/06 19:43:22 fetching corpus: 3200, signal 151264/179749 (executing program) 2022/10/06 19:43:22 fetching corpus: 3250, signal 152554/180619 (executing program) 2022/10/06 19:43:22 fetching corpus: 3300, signal 153969/181468 (executing program) 2022/10/06 19:43:22 fetching corpus: 3350, signal 154505/182098 (executing program) 2022/10/06 19:43:22 fetching corpus: 3400, signal 154907/182651 (executing program) 2022/10/06 19:43:22 fetching corpus: 3450, signal 155422/183230 (executing program) 2022/10/06 19:43:22 fetching corpus: 3500, signal 156261/183856 (executing program) 2022/10/06 19:43:23 fetching corpus: 3550, signal 157838/184681 (executing program) 2022/10/06 19:43:23 fetching corpus: 3600, signal 158530/185231 (executing program) 2022/10/06 19:43:23 fetching corpus: 3650, signal 159142/185778 (executing program) 2022/10/06 19:43:23 fetching corpus: 3700, signal 159577/186266 (executing program) 2022/10/06 19:43:23 fetching corpus: 3750, signal 160625/186847 (executing program) 2022/10/06 19:43:23 fetching corpus: 3800, signal 161609/187393 (executing program) 2022/10/06 19:43:23 fetching corpus: 3850, signal 161999/187806 (executing program) 2022/10/06 19:43:23 fetching corpus: 3900, signal 162553/188260 (executing program) 2022/10/06 19:43:24 fetching corpus: 3950, signal 163319/188744 (executing program) 2022/10/06 19:43:24 fetching corpus: 4000, signal 163815/189127 (executing program) 2022/10/06 19:43:24 fetching corpus: 4050, signal 164875/189615 (executing program) 2022/10/06 19:43:24 fetching corpus: 4100, signal 165745/190056 (executing program) 2022/10/06 19:43:24 fetching corpus: 4150, signal 166303/190435 (executing program) 2022/10/06 19:43:24 fetching corpus: 4200, signal 166988/190799 (executing program) 2022/10/06 19:43:24 fetching corpus: 4250, signal 167849/191197 (executing program) 2022/10/06 19:43:24 fetching corpus: 4300, signal 168547/191551 (executing program) 2022/10/06 19:43:24 fetching corpus: 4350, signal 168987/191867 (executing program) 2022/10/06 19:43:24 fetching corpus: 4400, signal 169674/192187 (executing program) 2022/10/06 19:43:25 fetching corpus: 4450, signal 170711/192524 (executing program) 2022/10/06 19:43:25 fetching corpus: 4500, signal 171269/192818 (executing program) 2022/10/06 19:43:25 fetching corpus: 4550, signal 171700/193083 (executing program) 2022/10/06 19:43:25 fetching corpus: 4600, signal 172627/193407 (executing program) 2022/10/06 19:43:25 fetching corpus: 4650, signal 173616/193681 (executing program) 2022/10/06 19:43:25 fetching corpus: 4700, signal 174197/193921 (executing program) 2022/10/06 19:43:25 fetching corpus: 4750, signal 175172/194131 (executing program) 2022/10/06 19:43:25 fetching corpus: 4800, signal 175742/194341 (executing program) 2022/10/06 19:43:25 fetching corpus: 4850, signal 176290/194460 (executing program) 2022/10/06 19:43:25 fetching corpus: 4900, signal 176686/194460 (executing program) 2022/10/06 19:43:26 fetching corpus: 4950, signal 177234/194460 (executing program) 2022/10/06 19:43:26 fetching corpus: 5000, signal 177513/194461 (executing program) 2022/10/06 19:43:26 fetching corpus: 5050, signal 178511/194462 (executing program) 2022/10/06 19:43:26 fetching corpus: 5100, signal 179030/194518 (executing program) 2022/10/06 19:43:26 fetching corpus: 5150, signal 179697/194518 (executing program) 2022/10/06 19:43:26 fetching corpus: 5200, signal 181171/194532 (executing program) 2022/10/06 19:43:26 fetching corpus: 5246, signal 182115/194676 (executing program) 2022/10/06 19:43:26 fetching corpus: 5246, signal 182115/194676 (executing program) 2022/10/06 19:43:29 starting 8 fuzzer processes 19:43:29 executing program 0: sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x90, 0x0, 0x1, 0xffffffff, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfff}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5d}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x10001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x10000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x101}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x814}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000081}, 0x804) r0 = syz_open_dev$mouse(&(0x7f0000000180), 0x7f, 0x44a000) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xac, r1, 0x400, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x1, 0x8}}}}, [@NL80211_ATTR_VENDOR_DATA={0x63, 0xc5, "68ab25763586171ca57764835a6f79110d2afd4e4df82cc77241d4e923fb9febfd2b0e92422152c2b6d4de55a02070aa031d4069565b5f2bfb9e6c250f0816a98dd5ad4862d369ff58d8b15f158c04f813a9dae5e77a69e1cb8f82596e0e19"}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x3}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x5}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x4}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x7fff}]}, 0xac}, 0x1, 0x0, 0x0, 0x4800}, 0x20000000) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400), r0) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, r3, 0xd08, 0x70bd2c, 0x25dfdbff, {}, [""]}, 0x1c}}, 0x4000000) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r0, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x88, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}}]}, 0x88}, 0x1, 0x0, 0x0, 0x6000805}, 0x80) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x28, r4, 0x400, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4041) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), r0) sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x20, r6, 0x400, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x20}, 0x1, 0x0, 0x0, 0x80000}, 0x20000000) r7 = signalfd4(r0, &(0x7f0000000940)={[0x7]}, 0x8, 0x80400) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r7, &(0x7f0000000bc0)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000b80)={&(0x7f00000009c0)={0x188, 0x0, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x188}, 0x1, 0x0, 0x0, 0x41}, 0x24000891) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000c40)={{0x1, 0x1, 0x18, r0, @in_args={0x1}}, './file0\x00'}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r7, &(0x7f0000000d00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x34, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x3c}, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_NETNS_FD={0x8, 0xdb, r8}, @NL80211_ATTR_PID={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4041040}, 0x8000) r9 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000d80), r7) sendmsg$WG_CMD_GET_DEVICE(r8, &(0x7f0000000e40)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x14, r9, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}}, 0xc880) sendmsg$ETHTOOL_MSG_WOL_SET(r8, &(0x7f0000001200)={&(0x7f0000000e80)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000011c0)={&(0x7f0000000ec0)={0x2c8, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_WOL_SOPASS={0xc4, 0x3, "7bd206f9195dff8729a64bda91952034c6e16f2998d628595298b155233429024ac84222f92ea9a96b23fec37715c0b25b86246eede22c4ee8a6d75ddbcbd943a5a79a4d4bd5f47c57ab6be10e414424c40ee5f95c5f6ee96aae2fa47e8a8c4bded90a005d09d94b3f5422c7353d14a48d0c872f256f7aee91de05bca6f198b20e27b7378970dfcba0c750169c87c1f1614a31717a1340ee27d0430c94c3ea01a79cca770a6d2a4a3d5462d2085e8aa02edafe2ae789ae4fcb8ef0bc069e8664"}, @ETHTOOL_A_WOL_SOPASS={0x3f, 0x3, "ad921d3b56cbcfadab90123d732106f58b28e683150b2cb048c4468e9558d0b6cffd21ca90981a32f84df973ecf3f2d0f4d378efae0d8fa6a75be4"}, @ETHTOOL_A_WOL_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_WOL_SOPASS={0x9d, 0x3, "e5bed3e1004fd09338e26b8aa0de3c119869976c447658ed6aae166ae388e17d2260e1ad35026750bcf3ac91c6c68b832f5dd137c6b9b48744321dfc3fc7bf18e64f3a7acacf6729befd7f6c58e0464e807c2c3336cdb0aa6be5bc8a891635cec7421545e436bcb1de64931b56ee9ab2a9478fd0a8a8c8823e0f0dc100548a0d2137edd08e80a2aedba2c1f7d369b3f9a17ba65ee05a4b9dfe"}, @ETHTOOL_A_WOL_SOPASS={0xbe, 0x3, "73de4b5454ed1f668f540c02b0d9a62df1ed74eec42a12d4276d0ffac1fc9560fa4b8fdde7252ea3b8a96790ba5821beb62434ae7b03148ea0e81f8d32707d7d9b906e0afe7262c805bade4eda732ac3d5927d2d7b08ea7449f4b9b81699e02d5f896ff21a2964be515c7e00ee8f116a286cecb7ec3e00d6fa3984bcfc20c01303f208922f426ccfab851c04399e0d8a2c466583dbdcdfacd273bab623a78779e70a53ccbf1af3089d2e1c90f9c8180b65c0819d8650bf4bbed4"}, @ETHTOOL_A_WOL_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}]}]}, 0x2c8}, 0x1, 0x0, 0x0, 0x1}, 0x8004) 19:43:29 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1) write$rfkill(r1, &(0x7f0000000080)={0x80000000, 0x2, 0x3, 0x1, 0x1}, 0x8) r2 = openat(r1, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'ip6gre0\x00'}) ioctl$FS_IOC_GETVERSION(r1, 0x80087601, &(0x7f0000000140)) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x7f}}, './file0\x00'}) close_range(r3, r0, 0x2) r4 = dup(r1) ioctl$TUNSETOFFLOAD(r4, 0x400454d0, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001480), 0x100003, 0x0) recvmsg$unix(r5, &(0x7f0000001700)={&(0x7f00000014c0)=@abs, 0x6e, &(0x7f00000015c0)=[{&(0x7f0000001540)=""/104, 0x68}], 0x1, &(0x7f0000001600)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd0}, 0x2101) r8 = dup2(r6, r2) ioctl$EVIOCGREP(r8, 0x80084503, &(0x7f0000001740)=""/244) ioctl$BTRFS_IOC_SET_FEATURES(r7, 0x40309439, &(0x7f0000001840)={0x0, 0x5, 0x2}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001880)) fsetxattr$security_ima(r2, &(0x7f0000001a80), &(0x7f0000001ac0)=@md5={0x1, "c873617e867832aad186de7fb4d186da"}, 0x11, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r6, &(0x7f0000001b00)={0x4}) ioctl$PERF_EVENT_IOC_DISABLE(0xffffffffffffffff, 0x2401, 0x3) 19:43:29 executing program 3: sendmsg$NL80211_CMD_STOP_NAN(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x800, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x8880) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) getsockname(r0, &(0x7f0000000140)=@nfc_llcp, &(0x7f00000001c0)=0x80) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x81}}, './file0\x00'}) fremovexattr(r1, &(0x7f0000000240)=@random={'user.', '\\{\x00'}) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x208081) r3 = fcntl$getown(r2, 0x9) ioctl$TCSETA(r1, 0x5406, &(0x7f00000002c0)={0x8, 0x2, 0x6, 0x1f, 0xa, "c931323472ba94fc"}) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x40, 0x0, 0x2, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0x76}, @void, @void}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_PID={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x7f, 0x4d}}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x20004010) getsockname(r1, &(0x7f0000000440)=@l2tp6={0xa, 0x0, 0x0, @local}, &(0x7f00000004c0)=0x80) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000500)={0x0, 0x8, 0x0, [0x4, 0x1000, 0x7fffffff, 0x0, 0x5], [0x5, 0x6, 0x5, 0x1, 0x5e, 0x0, 0x0, 0x8088, 0x6, 0x3, 0x101, 0x8, 0xfff, 0x101, 0x7, 0x0, 0x0, 0x20, 0x2, 0x0, 0x1ff, 0x2, 0x1ff, 0x7, 0x20, 0x8001, 0x8576, 0x3ff, 0x5, 0x4467, 0x401, 0xfe, 0x9, 0x3, 0x7fff, 0x334800000, 0xffffffffffff0000, 0x100000000, 0x1, 0x2, 0x0, 0x9, 0x4, 0x6, 0x6, 0x953, 0x7, 0x1f, 0x10001, 0xe903, 0x0, 0x7fffffff, 0x4, 0x0, 0x7, 0x100, 0x1000, 0x6, 0x8, 0x0, 0x1, 0x10000, 0xfffffffffffffff8, 0x7f, 0x51, 0x5, 0x2, 0x0, 0x5, 0xae70, 0x3ff, 0x6, 0x6, 0x7fffffff, 0x1da7d757, 0xffff, 0x8, 0x8001, 0xb9, 0x5, 0x1, 0x7, 0xff, 0x14, 0x8, 0x0, 0x3, 0x0, 0x21, 0x7, 0x6ba, 0x8, 0x1, 0x7ff, 0x0, 0x7ff, 0xbae, 0x81, 0x6, 0x800000000000, 0x5, 0x6, 0xff, 0xfffffffffffffffc, 0x8, 0x4, 0x2, 0xc471, 0x100000001, 0x7fffffff, 0x5b31, 0x1, 0x76, 0x10000, 0x1dac8105, 0x101, 0x9, 0xa5, 0x2, 0x1, 0x80000000]}) ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, &(0x7f0000000940)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) ioctl$SIOCGSTAMPNS(r5, 0x8907, &(0x7f0000000b80)) ioctl$F2FS_IOC_GET_PIN_FILE(r2, 0x8004f50e, &(0x7f0000000bc0)) r6 = pidfd_open(r3, 0x0) r7 = inotify_init() io_submit(0x0, 0x6, &(0x7f0000001100)=[&(0x7f0000000c80)={0x0, 0x0, 0x0, 0x1, 0x3cdc, r6, &(0x7f0000000c00)="14861762dc17b7b6ce4ebffcaed33f563df8f0ae994bf4fbabc3302c6307792bd5cd27d73b3dbaed5974f789d5ce396f578f1c3d1c8d1cc5b0e767f7bc00f0b2150ec26b3585077e6bbd1174e226", 0x4e, 0x0, 0x0, 0x3, r1}, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x3, 0x6, r7, &(0x7f0000000cc0)="f63c54ee4d4e6f705dd19ffb1cdd", 0xe, 0x4, 0x0, 0x2, r1}, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x1, r2, &(0x7f0000000d40)="fc1b7ece9f6d4bcfa55019725676a84272aba44176dee2f7d2640da5101bad9a2d501eebd34b525a32536607c4be3d4893d8041b2b3f3cb2a9dc0385cc093ad2359cdf5c4e3e643525a93050e3b731f2287cebe22bda", 0x56, 0x3}, &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x2, 0x1, 0xffffffffffffffff, &(0x7f0000000e00)="91da579aefc7d747913562c7c018db130a6aa0b17707089d2fb359fd3928462f7780626d8efda648e5b79cee6ec8f757cc382734144728e14f5d9503dd2af66699e3d9389aeb6b4877fcfdaf72ff881cd95485c1b5f08947571a7ec8440752b951aff94724676e5a275f46fff5263958ddf8ea", 0x73, 0x0, 0x0, 0x3}, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000ec0)="00645c205fb05ae7cf43b25d60d8d5536890c3851c90d589d45327e2ff54914acabfee7f02810992830f613e2ba2574d83bf363548d50a17f4883b595fee5236b7d38f9e5339a4b48cd806c120790dcbcbd734019df9ba71424a4635b3f9f4342fc9c7144b28b9c1f82620af23e77cc88f54865eff57c9ced247498912cb433df892f3231f543fe038c888b244c28a88285187", 0x93, 0x8, 0x0, 0x2}, &(0x7f00000010c0)={0x0, 0x0, 0x0, 0x6, 0xff, 0xffffffffffffffff, &(0x7f0000001040)="09fd87f61b664205474f194cd9b5f56d07048f93ea1090d1a3de3e9b17bbf649fef8eb124700754f6e5e224911f80b8c5225c2e8bd1547787c17ca60b869d51f36f52b50", 0x44, 0x7, 0x0, 0x2}]) 19:43:29 executing program 2: fstatfs(0xffffffffffffffff, &(0x7f0000000000)=""/74) r0 = socket(0x2b, 0x5, 0x7ff) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast1, 0x7ff, 0x0, 0x0, 0x8, 0xa1f, 0xff}, &(0x7f00000000c0)=0x20) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000100)={0x2, 'batadv0\x00'}) r2 = accept$unix(r0, &(0x7f0000000140), &(0x7f00000001c0)=0x6e) ioctl$AUTOFS_IOC_PROTOVER(r2, 0x80049363, &(0x7f0000000200)) ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, {r0}}, './file0\x00'}) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r0) sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x60, r4, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xa7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x10001}]}, @TIPC_NLA_SOCK={0x18, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xffffffff}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x404c800}, 0xc081) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000400), 0x6100, 0x0) fstat(r5, &(0x7f0000000440)) sendmmsg$sock(r0, &(0x7f0000000a40)=[{{&(0x7f00000004c0)=@ieee802154={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000540)="bd032fe0e9f43f4edf11637cc6027ede0d4abc76614b265ac46d02b286d8b8e29640e9ceedd09c0d93253d534aa778d0d123b0c8587538b443d584dbe83fd7c445deb97eb0566b5e355f6bb5f31067af5941023c049a1ded53ac9a0b021bdf65894c48206acb11efb27746759fde4439a153bc9eb0fad0958df2fb7405e8f142d4477d852b66fc0d949360b18d5f60b184370d9a", 0x94}, {&(0x7f0000000600)="16c027e5d96dec6d2d467019c36cd2971da78518faf9b6ae446672d9fec2c39d5fa211f49d70e5b6c76efd882d31fa1e0948bd1cea682f7592baddb4de1b3fe7caf641e3ad3de1971ebc1c4f51e1ab274736806dcf0d58dbb1ad4b403cab42649b4f95e9692d82fcdfb517f224e39d02032d15919623af54bbf95a00f128d9e3b092ae0740536b74f94e33dc6ecef4f06ee0cff58cc59375b313d1eb9e5368ed5cfc1e09b7c8838da454", 0xaa}, {&(0x7f00000006c0)="beee846a4fde170a22283fd710dfd1e8a4bc69d525e01d66dcedb2cabb184a0f7b22f3d3a1ff2b4a227d207cbc78fdb4ff5af3098c24cd70087ff9906eccdca8887d2608120a91984c5104efded246157b4d79e0abd92e47330b6a208f2b491e04f7295a04a9b5ad27709a4c0cff463c7c280c6785c5de8faab158f125", 0x7d}], 0x3, &(0x7f0000000780)=[@txtime={{0x18, 0x1, 0x3d, 0x5}}, @mark={{0x14, 0x1, 0x24, 0x5}}, @timestamping={{0x14}}], 0x48}}, {{&(0x7f0000000800)=@ieee802154={0x24, @short={0x2, 0x7fff, 0xaaa3}}, 0x80, &(0x7f0000000940)=[{&(0x7f0000000880)}, {&(0x7f00000008c0)="9f8734712e7c80322ad7298c7f23b7ec12b04305afe3c28a2e1397a225d248f1698eeec54f475481105b55d73eb8ee967bf309a58c601ac482e29916ada859f9a2759b3cd862e6a915754ce3cf6802ffc074", 0x52}], 0x2, &(0x7f0000000980)=[@mark={{0x14, 0x1, 0x24, 0x1}}, @timestamping={{0x14, 0x1, 0x25, 0xff}}, @txtime={{0x18, 0x1, 0x3d, 0x5}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x8b5}}, @txtime={{0x18, 0x1, 0x3d, 0x7f}}, @timestamping={{0x14, 0x1, 0x25, 0x10000}}, @txtime={{0x18}}], 0xc0}}], 0x2, 0xc0) getpeername$inet6(r0, &(0x7f0000000ac0)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000b00)=0x1c) openat$sr(0xffffffffffffff9c, &(0x7f0000000b40), 0x10400, 0x0) clock_gettime(0x0, &(0x7f0000000fc0)={0x0, 0x0}) recvmmsg$unix(r5, &(0x7f0000000f80)=[{{&(0x7f0000000b80), 0x6e, &(0x7f0000000e00)=[{&(0x7f0000000c00)=""/98, 0x62}, {&(0x7f0000000c80)=""/77, 0x4d}, {&(0x7f0000000d00)=""/229, 0xe5}], 0x3, &(0x7f0000000e40)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x128}}], 0x1, 0x120, &(0x7f0000001000)={r6, r7+60000000}) openat(r8, &(0x7f0000001040)='./file0\x00', 0x610100, 0x8) llistxattr(&(0x7f0000001080)='./file0\x00', &(0x7f00000010c0)=""/205, 0xcd) [ 64.533010] audit: type=1400 audit(1665085409.107:6): avc: denied { execmem } for pid=284 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 19:43:29 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x40) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x141) r2 = signalfd4(r1, &(0x7f0000000080)={[0xffffffff]}, 0x8, 0x800) ioctl$AUTOFS_IOC_EXPIRE(r2, 0x810c9365, &(0x7f00000000c0)={{0x7f, 0x76}, 0x100, './file0\x00'}) connect(r0, &(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x1, @remote}, 0x80) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) setsockopt$IP_VS_SO_SET_TIMEOUT(r3, 0x0, 0x48a, &(0x7f0000000280)={0x80000001, 0x80, 0x3}, 0xc) getsockopt$IP_VS_SO_GET_SERVICE(r3, 0x0, 0x483, &(0x7f00000002c0), &(0x7f0000000340)=0x68) r4 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl(r4, 0x2, &(0x7f0000000380)="53399ea64ffae00bff62668d27f95edc0371f5669b4220bdbad91f2cebea5699e42a059d0b9c76b9ad3d92571fa9ec71cffb1397ac8352348239f7b766ea8a7282871519f25e580511386b572e0ed66c29807a15bde990c8982ce16232fb49463879b5") setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000400)={0x1, 'wlan0\x00', 0x3}, 0x18) fcntl$F_SET_RW_HINT(r4, 0x40c, &(0x7f0000000440)=0x1) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000480)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) sendfile(r3, r5, &(0x7f00000004c0), 0x9) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000000500)) r6 = signalfd(r1, &(0x7f0000000540)={[0x442]}, 0x8) ioctl$AUTOFS_IOC_SETTIMEOUT(r6, 0x80049367, &(0x7f0000000580)=0x85e9a4b) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r2, 0xc08c5334, &(0x7f00000005c0)={0x5, 0x1, 0x0, 'queue0\x00', 0x8000}) r7 = io_uring_setup(0x14, &(0x7f0000000680)={0x0, 0x219, 0x8, 0x2, 0x2cd, 0x0, r6}) write$binfmt_script(r7, &(0x7f0000000700)={'#! ', './file0', [{0x20, '\\%@'}, {0x20, 'wlan0\x00'}, {0x20, ',]'}, {0x20, 'queue0\x00'}, {0x20, '*'}, {0x20, '!*-+}\xc2'}, {0x20, '&.]]'}, {0x20, '\x00'}], 0xa, "1b0263abc759cbee27c5d1de35e8430048ac58f902437d36123e6f73a74ea6a8cf7b2ff470e8d6c08ff9d47eb8975f84ce68a1ee61d8e81378b394878b9ce17b7bcb4eed0a94533bff85b55309c7ac13eb8a2f9a02339ca83db2a49ea3a0dc10d496c06c375ae19d"}, 0x99) 19:43:29 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, 0x0, 0x10, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_PAGE={0x5, 0x7, 0x6}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x7e609e8ec6929f27}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0xd}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x10}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x4040000) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000180)={'wpan3\x00'}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000001c0)={'wpan3\x00', 0x0}) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_LBT_MODE(r5, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20004001}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, 0x0, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000000}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040}, 0x40000) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000003c0)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_CHANNEL(r5, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, 0x0, 0xa00, 0x70bd26, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004804}, 0x4000) sendmsg$NL802154_CMD_SET_TX_POWER(r5, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x24, 0x0, 0x0, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4044000}, 0x4040010) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000005c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) sendmsg$BATADV_CMD_GET_MESH(r9, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x5c, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x55}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3ff}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xffff}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000080) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000740), r3) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000780), r10) sendmsg$IPVS_CMD_DEL_DEST(r9, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x1c, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40400c0}, 0x8000) 19:43:29 executing program 7: ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000000)) r0 = syz_open_dev$loop(&(0x7f0000000200), 0x1ff, 0xa2000) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000240)) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000440)={{0x1, 0x1, 0x18, r0, {0x5}}, './file0\x00'}) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f00000004c0)) r3 = open_tree(0xffffffffffffffff, &(0x7f00000006c0)='./file1\x00', 0xc000) ioctl$LOOP_CLR_FD(r3, 0x4c01) chmod(&(0x7f0000000700)='./file0\x00', 0x28) r4 = syz_open_dev$usbmon(&(0x7f0000000740), 0x9, 0x2000) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r4) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8, 0xa013, r2, 0xb40c4000) r5 = fsmount(r2, 0x1, 0xe) read(r5, &(0x7f0000000780)=""/48, 0x30) dup2(r5, 0xffffffffffffffff) r6 = fsmount(r2, 0x0, 0xf6) ioctl$MON_IOCQ_URB_LEN(r6, 0x9201) openat$vcsa(0xffffffffffffff9c, &(0x7f00000007c0), 0x111880, 0x0) getsockopt$inet6_udp_int(r6, 0x11, 0x55, &(0x7f0000000800), &(0x7f0000000840)=0x4) 19:43:29 executing program 6: ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000000000)) ioctl$TIOCL_SELLOADLUT(0xffffffffffffffff, 0x541c, &(0x7f0000000040)={0x5, 0xf0b9, 0x3, 0x6, 0x5}) ioctl$GIO_SCRNMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000080)=""/197) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000180)) ioctl$AUTOFS_IOC_PROTOVER(0xffffffffffffffff, 0x80049363, &(0x7f00000001c0)) fsetxattr$trusted_overlay_origin(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000240), 0x2, 0x2) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(0xffffffffffffffff, 0x8010661b, &(0x7f0000000280)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x1f) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000300)=0x0) ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000340)=r1) ioctl$SNAPSHOT_PLATFORM_SUPPORT(0xffffffffffffffff, 0x330f, 0x5) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x80000000) ioctl$KDGETMODE(r0, 0x4b3b, &(0x7f0000000380)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000003c0)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r2, 0xc0c89425, &(0x7f00000005c0)={"864ad7256fe5a5eb524a8da51294fd1c", 0x0, r3, {0xff, 0x3}, {0x9, 0xff}, 0x7, [0x6, 0x3, 0x1, 0x7, 0x8, 0xfffffffffffffffa, 0x100, 0x698, 0x0, 0x2, 0xfffffffffffffff9, 0x6, 0x3ff, 0x4d00, 0x60b, 0x4b]}) r4 = ioctl$TIOCGPTPEER(r2, 0x5441, 0x7d2) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000006c0), 0x2) fcntl$getown(r5, 0x9) ioctl$TCSBRKP(r4, 0x5425, 0x9) [ 65.891850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.894941] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.898576] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.900333] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.906144] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.919963] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.921520] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.923187] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.929125] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.930588] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.931744] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.934284] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.939333] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.943457] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.945150] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.948347] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 65.951698] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.953572] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 65.955475] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 65.956816] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 65.959060] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.959743] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 65.962171] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 65.964740] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.965515] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.975100] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.976601] Bluetooth: hci1: HCI_REQ-0x0c1a [ 65.982530] Bluetooth: hci2: HCI_REQ-0x0c1a [ 65.987802] Bluetooth: hci3: HCI_REQ-0x0c1a [ 66.001460] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 66.005549] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 66.009530] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 66.020707] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 66.024877] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 66.026275] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 66.037128] Bluetooth: hci7: HCI_REQ-0x0c1a [ 66.037958] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 66.042095] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 66.050175] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.059596] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 66.061050] Bluetooth: hci0: HCI_REQ-0x0c1a [ 66.063814] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 66.065319] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 66.072864] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 66.074920] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 66.080615] Bluetooth: hci4: HCI_REQ-0x0c1a [ 66.091778] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 66.096871] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 66.098540] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 66.103752] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 66.105735] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 66.110727] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 66.113360] Bluetooth: hci6: HCI_REQ-0x0c1a [ 66.116012] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 66.118476] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 66.126566] Bluetooth: hci5: HCI_REQ-0x0c1a [ 68.014195] Bluetooth: hci1: command 0x0409 tx timeout [ 68.014273] Bluetooth: hci2: command 0x0409 tx timeout [ 68.015076] Bluetooth: hci3: command 0x0409 tx timeout [ 68.077514] Bluetooth: hci0: command 0x0409 tx timeout [ 68.078236] Bluetooth: hci7: command 0x0409 tx timeout [ 68.141509] Bluetooth: hci6: command 0x0409 tx timeout [ 68.142638] Bluetooth: hci5: command 0x0409 tx timeout [ 68.143183] Bluetooth: hci4: command 0x0409 tx timeout [ 70.062135] Bluetooth: hci2: command 0x041b tx timeout [ 70.062922] Bluetooth: hci3: command 0x041b tx timeout [ 70.063283] Bluetooth: hci1: command 0x041b tx timeout [ 70.126473] Bluetooth: hci7: command 0x041b tx timeout [ 70.126904] Bluetooth: hci0: command 0x041b tx timeout [ 70.190504] Bluetooth: hci4: command 0x041b tx timeout [ 70.190943] Bluetooth: hci5: command 0x041b tx timeout [ 70.191319] Bluetooth: hci6: command 0x041b tx timeout [ 72.109469] Bluetooth: hci1: command 0x040f tx timeout [ 72.109890] Bluetooth: hci3: command 0x040f tx timeout [ 72.110242] Bluetooth: hci2: command 0x040f tx timeout [ 72.174461] Bluetooth: hci0: command 0x040f tx timeout [ 72.174830] Bluetooth: hci7: command 0x040f tx timeout [ 72.237473] Bluetooth: hci6: command 0x040f tx timeout [ 72.237842] Bluetooth: hci5: command 0x040f tx timeout [ 72.238197] Bluetooth: hci4: command 0x040f tx timeout [ 74.157682] Bluetooth: hci2: command 0x0419 tx timeout [ 74.158458] Bluetooth: hci3: command 0x0419 tx timeout [ 74.159089] Bluetooth: hci1: command 0x0419 tx timeout [ 74.222504] Bluetooth: hci7: command 0x0419 tx timeout [ 74.223169] Bluetooth: hci0: command 0x0419 tx timeout [ 74.285496] Bluetooth: hci4: command 0x0419 tx timeout [ 74.286150] Bluetooth: hci5: command 0x0419 tx timeout [ 74.286846] Bluetooth: hci6: command 0x0419 tx timeout 19:44:27 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x121042, 0x21) mount(&(0x7f0000000240)=ANY=[@ANYBLOB="4b4f0000001000000007"], &(0x7f0000000300)='./file1\x00', &(0x7f00000003c0)='cramfs\x00', 0x1000, &(0x7f0000000400)='\x00') pwritev(r0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000000)="dbf225f5a4568675d4b9d93506777ce8e7e1", 0x12}, {&(0x7f0000000240)}], 0x3, 0x8001, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x40) syz_io_uring_setup(0x15971, &(0x7f0000000180)={0x0, 0x4494, 0x2, 0x1, 0x254, 0x0, r0}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000200)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000005c0)) r4 = memfd_create(&(0x7f0000000440)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLY\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\xe3g\v\xca(\x96\xe1C\xdf\x1c\xea\x85CD1\x13\xfa\x03\x16\xcd\x17\xa2\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\x92#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x06L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x11\xc4\x04\x00\x84\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r,\x87\xe6]^j\xcd\x06\xea\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfeW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\xd00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\x7f\n\x1a\xda.\x94kJ\xe2\x82_\x8905\xcc\xb0\xc6\x94\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\xd6\xcf\xf6\xb5\x82\xb7\x9dA\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/L\x01\xe2\xba|\xf0\x01)PP\xcdl\x06\xfc\x15;qZ\xb1u\xc9\xd0\xd16~JEGm\xe4\x1e@\x9dG\xe4@\xdf\xba`\x14\x1cD\xc7\xec\xd1@}tR\xd9P\xf4N\xe3\xd8x\xa0\x91\x17\xc2}\x13\b\xca\t(Z\xa3\x04\x00\x00\x00T\x93\xe7%\x98\xa7\xfb\x8bp/eq\x93\xbf\x1f 4|\xf3\xb1\xfcR\xd8\nM,\xcb%@\'\x15\x88\xd8\xad\f\x91|\x95\x8fq+\x98\x81W\xba\x9f\xe0elOt\xbd\by\r\x87\x1c\xba\xbd\x8e+S>\xb8\xe29\x91h^x\xfb`\x00\xdd/\xa6\xb1\x16=\xa1bwEI\xb1\x00'/567, 0x0) syz_io_uring_setup(0x7d8d, &(0x7f00000007c0)={0x0, 0xb5f1, 0x20, 0x3, 0x1b5}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000840), &(0x7f0000000880)) fallocate(r4, 0x8, 0x0, 0x8800000) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000440)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r4, @ANYBLOB="315ec9"]) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000019c0)) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001fc0), 0x82, 0x0) write$P9_RSETATTR(r5, &(0x7f0000002000)={0x7}, 0x7) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x5, 0x7f, 0xfb, 0xff, 0x0, 0x400, 0x80000, 0xb, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x6, 0x0, @perf_config_ext={0x450, 0x5}, 0x904, 0x7, 0x4, 0x5, 0x1, 0x1, 0x1, 0x0, 0xf8, 0x0, 0x7}, 0x0, 0xffffffffffffffff, r5, 0xa) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext={0x203}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x3, 0x0, 0x0, 0x0, 0x3800000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, 0x0, 0x100000) [ 123.461241] audit: type=1400 audit(1665085468.035:7): avc: denied { open } for pid=3840 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 123.465182] audit: type=1400 audit(1665085468.035:8): avc: denied { kernel } for pid=3840 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 123.494065] ------------[ cut here ]------------ [ 123.494098] [ 123.494103] ====================================================== [ 123.494108] WARNING: possible circular locking dependency detected [ 123.494113] 6.0.0-next-20221006 #1 Not tainted [ 123.494124] ------------------------------------------------------ [ 123.494128] syz-executor.4/3842 is trying to acquire lock: [ 123.494138] ffffffff853fac98 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 123.494193] [ 123.494193] but task is already holding lock: [ 123.494197] ffff88803d70bc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 123.494236] [ 123.494236] which lock already depends on the new lock. [ 123.494236] [ 123.494241] [ 123.494241] the existing dependency chain (in reverse order) is: [ 123.494245] [ 123.494245] -> #3 (&ctx->lock){....}-{2:2}: [ 123.494266] _raw_spin_lock+0x2a/0x40 [ 123.494283] __perf_event_task_sched_out+0x53b/0x18d0 [ 123.494300] __schedule+0xedd/0x2470 [ 123.494323] preempt_schedule_common+0x45/0xc0 [ 123.494347] __cond_resched+0x17/0x30 [ 123.494371] __mutex_lock+0xa3/0x14d0 [ 123.494396] __do_sys_perf_event_open+0x1eec/0x32c0 [ 123.494413] do_syscall_64+0x3b/0x90 [ 123.494428] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 123.494449] [ 123.494449] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 123.494470] _raw_spin_lock_nested+0x30/0x40 [ 123.494488] raw_spin_rq_lock_nested+0x1e/0x30 [ 123.494508] task_fork_fair+0x63/0x4d0 [ 123.494533] sched_cgroup_fork+0x3d0/0x540 [ 123.494553] copy_process+0x4183/0x6e20 [ 123.494569] kernel_clone+0xe7/0x890 [ 123.494583] user_mode_thread+0xad/0xf0 [ 123.494599] rest_init+0x24/0x250 [ 123.494619] arch_call_rest_init+0xf/0x14 [ 123.494635] start_kernel+0x4c6/0x4eb [ 123.494649] secondary_startup_64_no_verify+0xe0/0xeb [ 123.494669] [ 123.494669] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 123.494690] _raw_spin_lock_irqsave+0x39/0x60 [ 123.494707] try_to_wake_up+0xab/0x1930 [ 123.494726] up+0x75/0xb0 [ 123.494749] __up_console_sem+0x6e/0x80 [ 123.494773] console_unlock+0x46a/0x590 [ 123.494797] vt_ioctl+0x2822/0x2ca0 [ 123.494816] tty_ioctl+0x785/0x16b0 [ 123.494833] __x64_sys_ioctl+0x19a/0x210 [ 123.494854] do_syscall_64+0x3b/0x90 [ 123.494869] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 123.494890] [ 123.494890] -> #0 ((console_sem).lock){....}-{2:2}: [ 123.494912] __lock_acquire+0x2a02/0x5e70 [ 123.494937] lock_acquire+0x1a2/0x530 [ 123.494961] _raw_spin_lock_irqsave+0x39/0x60 [ 123.494980] down_trylock+0xe/0x70 [ 123.495005] __down_trylock_console_sem+0x3b/0xd0 [ 123.495030] vprintk_emit+0x16b/0x560 [ 123.495064] vprintk+0x84/0xa0 [ 123.495087] _printk+0xba/0xf1 [ 123.495106] report_bug.cold+0x72/0xab [ 123.495120] handle_bug+0x3c/0x70 [ 123.495134] exc_invalid_op+0x14/0x50 [ 123.495149] asm_exc_invalid_op+0x16/0x20 [ 123.495170] group_sched_out.part.0+0x2c7/0x460 [ 123.495197] ctx_sched_out+0x8f1/0xc10 [ 123.495222] __perf_event_task_sched_out+0x6d0/0x18d0 [ 123.495239] __schedule+0xedd/0x2470 [ 123.495262] preempt_schedule_common+0x45/0xc0 [ 123.495287] __cond_resched+0x17/0x30 [ 123.495310] __mutex_lock+0xa3/0x14d0 [ 123.495335] __do_sys_perf_event_open+0x1eec/0x32c0 [ 123.495352] do_syscall_64+0x3b/0x90 [ 123.495368] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 123.495389] [ 123.495389] other info that might help us debug this: [ 123.495389] [ 123.495392] Chain exists of: [ 123.495392] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 123.495392] [ 123.495416] Possible unsafe locking scenario: [ 123.495416] [ 123.495419] CPU0 CPU1 [ 123.495422] ---- ---- [ 123.495426] lock(&ctx->lock); [ 123.495434] lock(&rq->__lock); [ 123.495443] lock(&ctx->lock); [ 123.495453] lock((console_sem).lock); [ 123.495461] [ 123.495461] *** DEADLOCK *** [ 123.495461] [ 123.495464] 2 locks held by syz-executor.4/3842: [ 123.495474] #0: ffff88806ce37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 123.495519] #1: ffff88803d70bc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 123.495559] [ 123.495559] stack backtrace: [ 123.495564] CPU: 0 PID: 3842 Comm: syz-executor.4 Not tainted 6.0.0-next-20221006 #1 [ 123.495582] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.495592] Call Trace: [ 123.495596] [ 123.495603] dump_stack_lvl+0x8b/0xb3 [ 123.495620] check_noncircular+0x263/0x2e0 [ 123.495643] ? format_decode+0x26c/0xb50 [ 123.495666] ? print_circular_bug+0x450/0x450 [ 123.495688] ? simple_strtoul+0x30/0x30 [ 123.495708] ? __lockdep_reset_lock+0x180/0x180 [ 123.495733] ? format_decode+0x26c/0xb50 [ 123.495761] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 123.495788] __lock_acquire+0x2a02/0x5e70 [ 123.495821] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 123.495855] lock_acquire+0x1a2/0x530 [ 123.495881] ? down_trylock+0xe/0x70 [ 123.495910] ? lock_release+0x750/0x750 [ 123.495939] ? find_held_lock+0x2c/0x110 [ 123.495965] ? vprintk+0x84/0xa0 [ 123.495992] _raw_spin_lock_irqsave+0x39/0x60 [ 123.496012] ? down_trylock+0xe/0x70 [ 123.496039] down_trylock+0xe/0x70 [ 123.496065] ? vprintk+0x84/0xa0 [ 123.496092] __down_trylock_console_sem+0x3b/0xd0 [ 123.496118] vprintk_emit+0x16b/0x560 [ 123.496147] vprintk+0x84/0xa0 [ 123.496175] _printk+0xba/0xf1 [ 123.496194] ? record_print_text.cold+0x16/0x16 [ 123.496218] ? hrtimer_try_to_cancel+0x163/0x2c0 [ 123.496239] ? lock_downgrade+0x6d0/0x6d0 [ 123.496266] ? report_bug.cold+0x66/0xab [ 123.496283] ? group_sched_out.part.0+0x2c7/0x460 [ 123.496312] report_bug.cold+0x72/0xab [ 123.496330] handle_bug+0x3c/0x70 [ 123.496348] exc_invalid_op+0x14/0x50 [ 123.496365] asm_exc_invalid_op+0x16/0x20 [ 123.496386] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 123.496416] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 123.496432] RSP: 0018:ffff88803cedf978 EFLAGS: 00010006 [ 123.496446] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 123.496458] RDX: ffff8880211b1ac0 RSI: ffffffff815677b7 RDI: 0000000000000005 [ 123.496469] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 123.496481] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88803d70bc00 [ 123.496492] R13: ffff88806ce3d2c0 R14: ffffffff8547cb60 R15: 0000000000000002 [ 123.496509] ? group_sched_out.part.0+0x2c7/0x460 [ 123.496540] ? group_sched_out.part.0+0x2c7/0x460 [ 123.496570] ctx_sched_out+0x8f1/0xc10 [ 123.496600] __perf_event_task_sched_out+0x6d0/0x18d0 [ 123.496622] ? lock_is_held_type+0xd7/0x130 [ 123.496646] ? __perf_cgroup_move+0x160/0x160 [ 123.496661] ? set_next_entity+0x304/0x550 [ 123.496688] ? update_curr+0x267/0x740 [ 123.496716] ? lock_is_held_type+0xd7/0x130 [ 123.496739] __schedule+0xedd/0x2470 [ 123.496768] ? io_schedule_timeout+0x150/0x150 [ 123.496793] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 123.496815] ? __cond_resched+0x17/0x30 [ 123.496841] preempt_schedule_common+0x45/0xc0 [ 123.496868] __cond_resched+0x17/0x30 [ 123.496892] __mutex_lock+0xa3/0x14d0 [ 123.496920] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 123.496940] ? mutex_lock_io_nested+0x1310/0x1310 [ 123.496967] ? __up_read+0xb0/0x730 [ 123.496989] ? __up_read+0x192/0x730 [ 123.497011] ? up_write+0x520/0x520 [ 123.497037] __do_sys_perf_event_open+0x1eec/0x32c0 [ 123.497060] ? perf_compat_ioctl+0x130/0x130 [ 123.497075] ? xfd_validate_state+0x59/0x180 [ 123.497106] ? syscall_enter_from_user_mode+0x1d/0x50 [ 123.497127] ? syscall_enter_from_user_mode+0x1d/0x50 [ 123.497152] do_syscall_64+0x3b/0x90 [ 123.497170] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 123.497192] RIP: 0033:0x7f105cc09b19 [ 123.497206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.497223] RSP: 002b:00007f105a17f188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 123.497240] RAX: ffffffffffffffda RBX: 00007f105cd1cf60 RCX: 00007f105cc09b19 [ 123.497253] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280 [ 123.497264] RBP: 00007f105cc63f6d R08: 0000000000000000 R09: 0000000000000000 [ 123.497275] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 123.497286] R13: 00007fff542e28df R14: 00007f105a17f300 R15: 0000000000022000 [ 123.497306] [ 123.574802] WARNING: CPU: 0 PID: 3842 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 123.575654] Modules linked in: [ 123.575949] CPU: 0 PID: 3842 Comm: syz-executor.4 Not tainted 6.0.0-next-20221006 #1 [ 123.576618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.577338] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 123.577857] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 123.579499] RSP: 0018:ffff88803cedf978 EFLAGS: 00010006 [ 123.579983] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 123.580629] RDX: ffff8880211b1ac0 RSI: ffffffff815677b7 RDI: 0000000000000005 [ 123.581287] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 123.581939] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88803d70bc00 [ 123.582596] R13: ffff88806ce3d2c0 R14: ffffffff8547cb60 R15: 0000000000000002 [ 123.583252] FS: 00007f105a17f700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 123.583990] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.584521] CR2: 00007f9acfb631f0 CR3: 000000003e064000 CR4: 0000000000350ef0 [ 123.585142] Call Trace: [ 123.585377] [ 123.585591] ctx_sched_out+0x8f1/0xc10 [ 123.585965] __perf_event_task_sched_out+0x6d0/0x18d0 [ 123.586420] ? lock_is_held_type+0xd7/0x130 [ 123.586813] ? __perf_cgroup_move+0x160/0x160 [ 123.587246] ? set_next_entity+0x304/0x550 [ 123.587641] ? update_curr+0x267/0x740 [ 123.588017] ? lock_is_held_type+0xd7/0x130 [ 123.588407] __schedule+0xedd/0x2470 [ 123.588764] ? io_schedule_timeout+0x150/0x150 [ 123.589185] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 123.589649] ? __cond_resched+0x17/0x30 [ 123.590024] preempt_schedule_common+0x45/0xc0 [ 123.590448] __cond_resched+0x17/0x30 [ 123.590813] __mutex_lock+0xa3/0x14d0 [ 123.591173] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 123.591607] ? mutex_lock_io_nested+0x1310/0x1310 [ 123.592052] ? __up_read+0xb0/0x730 [ 123.592390] ? __up_read+0x192/0x730 [ 123.592752] ? up_write+0x520/0x520 [ 123.593107] __do_sys_perf_event_open+0x1eec/0x32c0 [ 123.593579] ? perf_compat_ioctl+0x130/0x130 [ 123.593982] ? xfd_validate_state+0x59/0x180 [ 123.594398] ? syscall_enter_from_user_mode+0x1d/0x50 [ 123.594867] ? syscall_enter_from_user_mode+0x1d/0x50 [ 123.595370] do_syscall_64+0x3b/0x90 [ 123.595718] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 123.596185] RIP: 0033:0x7f105cc09b19 [ 123.596528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.598122] RSP: 002b:00007f105a17f188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 123.598808] RAX: ffffffffffffffda RBX: 00007f105cd1cf60 RCX: 00007f105cc09b19 [ 123.599451] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280 [ 123.600076] RBP: 00007f105cc63f6d R08: 0000000000000000 R09: 0000000000000000 [ 123.600710] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 123.601350] R13: 00007fff542e28df R14: 00007f105a17f300 R15: 0000000000022000 [ 123.601997] [ 123.602217] irq event stamp: 5538 [ 123.602525] hardirqs last enabled at (5537): [] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 123.603425] hardirqs last disabled at (5538): [] __schedule+0x1225/0x2470 [ 123.604196] softirqs last enabled at (5502): [] __irq_exit_rcu+0x11b/0x180 [ 123.604951] softirqs last disabled at (3019): [] __irq_exit_rcu+0x11b/0x180 [ 123.605703] ---[ end trace 0000000000000000 ]--- [ 124.936874] syz-executor.3 (294) used greatest stack depth: 24792 bytes left [ 127.101518] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 127.103373] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 127.104415] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 127.106315] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 127.108700] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 127.109703] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 127.114160] Bluetooth: hci0: HCI_REQ-0x0c1a [ 127.219914] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 127.224533] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 127.226886] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 127.228660] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 127.229592] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 127.230326] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 127.235605] Bluetooth: hci7: HCI_REQ-0x0c1a [ 129.133438] Bluetooth: hci0: command 0x0409 tx timeout [ 129.197426] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 129.197480] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 129.198513] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 129.261437] Bluetooth: hci7: command 0x0409 tx timeout [ 131.182431] Bluetooth: hci0: command 0x041b tx timeout [ 131.309451] Bluetooth: hci7: command 0x041b tx timeout [ 133.229481] Bluetooth: hci0: command 0x040f tx timeout [ 133.357461] Bluetooth: hci7: command 0x040f tx timeout [ 133.486120] Bluetooth: hci2: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 19:44:28 Registers: info registers vcpu 0 RAX=0000000000000063 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823c0801 RDI=ffffffff8765c9e0 RBP=ffffffff8765c9a0 RSP=ffff88803cedf3c0 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000063 R11=0000000000000001 R12=0000000000000063 R13=ffffffff8765c9a0 R14=0000000000000010 R15=ffffffff823c07f0 RIP=ffffffff823c0859 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f105a17f700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f9acfb631f0 CR3=000000003e064000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=1ffff11004117ef5 RCX=ffffffff812a34cf RDX=fffffbfff0b6106b RSI=0000000000000008 RDI=ffffffff85b08350 RBP=0000000000000001 RSP=ffff8880208bf798 R8 =0000000000000000 R9 =ffffffff85b08357 R10=fffffbfff0b6106a R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=ffff88800851c7e8 R15=0000000000000000 RIP=ffffffff812a34cf RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1f656476f4 CR3=000000001dc7a000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f1f6565647000007f1f65655f20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000