Warning: Permanently added '[localhost]:45210' (ECDSA) to the list of known hosts.
2022/10/02 01:56:00 fuzzer started
2022/10/02 01:56:01 dialing manager at localhost:35095
syzkaller login: [   36.297191] cgroup: Unknown subsys name 'net'
[   36.397606] cgroup: Unknown subsys name 'rlimit'
2022/10/02 01:56:15 syscalls: 2215
2022/10/02 01:56:15 code coverage: enabled
2022/10/02 01:56:15 comparison tracing: enabled
2022/10/02 01:56:15 extra coverage: enabled
2022/10/02 01:56:15 setuid sandbox: enabled
2022/10/02 01:56:15 namespace sandbox: enabled
2022/10/02 01:56:15 Android sandbox: enabled
2022/10/02 01:56:15 fault injection: enabled
2022/10/02 01:56:15 leak checking: enabled
2022/10/02 01:56:15 net packet injection: enabled
2022/10/02 01:56:15 net device setup: enabled
2022/10/02 01:56:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/10/02 01:56:15 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/10/02 01:56:15 USB emulation: enabled
2022/10/02 01:56:15 hci packet injection: enabled
2022/10/02 01:56:15 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930                                          )
2022/10/02 01:56:15 802.15.4 emulation: enabled
2022/10/02 01:56:15 fetching corpus: 50, signal 26933/28711 (executing program)
2022/10/02 01:56:16 fetching corpus: 100, signal 38984/42367 (executing program)
2022/10/02 01:56:16 fetching corpus: 150, signal 46167/51100 (executing program)
2022/10/02 01:56:16 fetching corpus: 200, signal 53474/59862 (executing program)
2022/10/02 01:56:16 fetching corpus: 250, signal 61718/69431 (executing program)
2022/10/02 01:56:16 fetching corpus: 300, signal 69119/78002 (executing program)
2022/10/02 01:56:16 fetching corpus: 350, signal 74532/84626 (executing program)
2022/10/02 01:56:16 fetching corpus: 400, signal 78907/90155 (executing program)
2022/10/02 01:56:17 fetching corpus: 450, signal 81925/94369 (executing program)
2022/10/02 01:56:17 fetching corpus: 500, signal 84615/98184 (executing program)
2022/10/02 01:56:17 fetching corpus: 550, signal 88095/102688 (executing program)
2022/10/02 01:56:17 fetching corpus: 600, signal 90896/106602 (executing program)
2022/10/02 01:56:17 fetching corpus: 650, signal 93763/110512 (executing program)
2022/10/02 01:56:17 fetching corpus: 700, signal 97282/114928 (executing program)
2022/10/02 01:56:17 fetching corpus: 750, signal 98732/117490 (executing program)
2022/10/02 01:56:17 fetching corpus: 800, signal 100482/120239 (executing program)
2022/10/02 01:56:17 fetching corpus: 850, signal 102898/123590 (executing program)
2022/10/02 01:56:18 fetching corpus: 900, signal 105411/127008 (executing program)
2022/10/02 01:56:18 fetching corpus: 950, signal 107895/130343 (executing program)
2022/10/02 01:56:18 fetching corpus: 1000, signal 109681/133033 (executing program)
2022/10/02 01:56:18 fetching corpus: 1050, signal 111258/135542 (executing program)
2022/10/02 01:56:18 fetching corpus: 1100, signal 114049/139005 (executing program)
2022/10/02 01:56:18 fetching corpus: 1150, signal 115451/141283 (executing program)
2022/10/02 01:56:18 fetching corpus: 1200, signal 117141/143789 (executing program)
2022/10/02 01:56:18 fetching corpus: 1250, signal 118215/145750 (executing program)
2022/10/02 01:56:18 fetching corpus: 1300, signal 120330/148508 (executing program)
2022/10/02 01:56:19 fetching corpus: 1350, signal 122161/151046 (executing program)
2022/10/02 01:56:19 fetching corpus: 1400, signal 123024/152782 (executing program)
2022/10/02 01:56:19 fetching corpus: 1450, signal 124657/155123 (executing program)
2022/10/02 01:56:19 fetching corpus: 1500, signal 126027/157219 (executing program)
2022/10/02 01:56:19 fetching corpus: 1550, signal 127122/159042 (executing program)
2022/10/02 01:56:19 fetching corpus: 1600, signal 128555/161194 (executing program)
2022/10/02 01:56:19 fetching corpus: 1650, signal 130327/163531 (executing program)
2022/10/02 01:56:19 fetching corpus: 1700, signal 132727/166328 (executing program)
2022/10/02 01:56:19 fetching corpus: 1750, signal 135253/169142 (executing program)
2022/10/02 01:56:20 fetching corpus: 1800, signal 137694/171878 (executing program)
2022/10/02 01:56:20 fetching corpus: 1850, signal 138812/173649 (executing program)
2022/10/02 01:56:20 fetching corpus: 1900, signal 139787/175290 (executing program)
2022/10/02 01:56:20 fetching corpus: 1950, signal 140573/176748 (executing program)
2022/10/02 01:56:20 fetching corpus: 2000, signal 141541/178377 (executing program)
2022/10/02 01:56:20 fetching corpus: 2050, signal 143148/180403 (executing program)
2022/10/02 01:56:20 fetching corpus: 2100, signal 144291/182056 (executing program)
2022/10/02 01:56:20 fetching corpus: 2150, signal 144998/183419 (executing program)
2022/10/02 01:56:21 fetching corpus: 2200, signal 146396/185232 (executing program)
2022/10/02 01:56:21 fetching corpus: 2250, signal 147404/186821 (executing program)
2022/10/02 01:56:21 fetching corpus: 2300, signal 148115/188139 (executing program)
2022/10/02 01:56:21 fetching corpus: 2350, signal 149001/189594 (executing program)
2022/10/02 01:56:21 fetching corpus: 2400, signal 150031/191091 (executing program)
2022/10/02 01:56:21 fetching corpus: 2450, signal 151971/193101 (executing program)
2022/10/02 01:56:21 fetching corpus: 2500, signal 152813/194469 (executing program)
2022/10/02 01:56:21 fetching corpus: 2550, signal 154278/196178 (executing program)
2022/10/02 01:56:21 fetching corpus: 2600, signal 155180/197521 (executing program)
2022/10/02 01:56:22 fetching corpus: 2650, signal 156016/198852 (executing program)
2022/10/02 01:56:22 fetching corpus: 2700, signal 156774/200114 (executing program)
2022/10/02 01:56:22 fetching corpus: 2750, signal 157339/201274 (executing program)
2022/10/02 01:56:22 fetching corpus: 2800, signal 158075/202455 (executing program)
2022/10/02 01:56:22 fetching corpus: 2850, signal 159452/204043 (executing program)
2022/10/02 01:56:22 fetching corpus: 2900, signal 160957/205674 (executing program)
2022/10/02 01:56:22 fetching corpus: 2950, signal 162737/207398 (executing program)
2022/10/02 01:56:23 fetching corpus: 3000, signal 163757/208714 (executing program)
2022/10/02 01:56:23 fetching corpus: 3050, signal 164579/209862 (executing program)
2022/10/02 01:56:23 fetching corpus: 3100, signal 166053/211365 (executing program)
2022/10/02 01:56:23 fetching corpus: 3150, signal 166454/212277 (executing program)
2022/10/02 01:56:23 fetching corpus: 3200, signal 167471/213519 (executing program)
2022/10/02 01:56:23 fetching corpus: 3250, signal 167903/214457 (executing program)
2022/10/02 01:56:23 fetching corpus: 3300, signal 168810/215730 (executing program)
2022/10/02 01:56:23 fetching corpus: 3350, signal 169484/216820 (executing program)
2022/10/02 01:56:23 fetching corpus: 3400, signal 170348/218043 (executing program)
2022/10/02 01:56:24 fetching corpus: 3450, signal 170937/219039 (executing program)
2022/10/02 01:56:24 fetching corpus: 3500, signal 171515/219959 (executing program)
2022/10/02 01:56:24 fetching corpus: 3550, signal 172637/221116 (executing program)
2022/10/02 01:56:24 fetching corpus: 3600, signal 173499/222190 (executing program)
2022/10/02 01:56:24 fetching corpus: 3650, signal 174352/223263 (executing program)
2022/10/02 01:56:24 fetching corpus: 3700, signal 175645/224525 (executing program)
2022/10/02 01:56:24 fetching corpus: 3750, signal 176659/225618 (executing program)
2022/10/02 01:56:24 fetching corpus: 3800, signal 177453/226613 (executing program)
2022/10/02 01:56:25 fetching corpus: 3850, signal 178561/227703 (executing program)
2022/10/02 01:56:25 fetching corpus: 3900, signal 178905/228448 (executing program)
2022/10/02 01:56:25 fetching corpus: 3950, signal 180073/229538 (executing program)
2022/10/02 01:56:25 fetching corpus: 4000, signal 180856/230469 (executing program)
2022/10/02 01:56:25 fetching corpus: 4050, signal 182169/231553 (executing program)
2022/10/02 01:56:25 fetching corpus: 4100, signal 183376/232627 (executing program)
2022/10/02 01:56:25 fetching corpus: 4150, signal 183918/233412 (executing program)
2022/10/02 01:56:25 fetching corpus: 4200, signal 184477/234213 (executing program)
2022/10/02 01:56:26 fetching corpus: 4250, signal 185628/235197 (executing program)
2022/10/02 01:56:26 fetching corpus: 4300, signal 186255/236006 (executing program)
2022/10/02 01:56:26 fetching corpus: 4350, signal 187310/236917 (executing program)
2022/10/02 01:56:26 fetching corpus: 4400, signal 187920/237694 (executing program)
2022/10/02 01:56:26 fetching corpus: 4450, signal 188586/238458 (executing program)
2022/10/02 01:56:26 fetching corpus: 4500, signal 189707/239437 (executing program)
2022/10/02 01:56:26 fetching corpus: 4550, signal 190283/240149 (executing program)
2022/10/02 01:56:26 fetching corpus: 4600, signal 190937/240893 (executing program)
2022/10/02 01:56:27 fetching corpus: 4650, signal 191882/241657 (executing program)
2022/10/02 01:56:27 fetching corpus: 4700, signal 192474/242354 (executing program)
2022/10/02 01:56:27 fetching corpus: 4750, signal 192858/242948 (executing program)
2022/10/02 01:56:27 fetching corpus: 4800, signal 193663/243687 (executing program)
2022/10/02 01:56:27 fetching corpus: 4850, signal 194305/244416 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/245010 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/245489 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/246008 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/246521 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/247032 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/247526 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/248055 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/248553 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/249091 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/249552 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/250058 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/250580 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/251091 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/251589 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/252077 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/252598 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/253107 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/253634 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/254146 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/254666 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/255181 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/255690 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/256213 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/256701 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/257217 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/257732 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/258238 (executing program)
2022/10/02 01:56:27 fetching corpus: 4874, signal 194680/258744 (executing program)
2022/10/02 01:56:28 fetching corpus: 4874, signal 194680/259263 (executing program)
2022/10/02 01:56:28 fetching corpus: 4874, signal 194680/259799 (executing program)
2022/10/02 01:56:28 fetching corpus: 4874, signal 194680/260306 (executing program)
2022/10/02 01:56:28 fetching corpus: 4874, signal 194680/260652 (executing program)
2022/10/02 01:56:28 fetching corpus: 4874, signal 194680/260652 (executing program)
2022/10/02 01:56:31 starting 8 fuzzer processes
01:56:31 executing program 0:
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e24, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4bc}, 0x1c)
r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0xce6ba4436cb879de)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
sendfile(r1, r0, &(0x7f00000000c0)=0x3, 0x80000000)
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x6, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000180), 0x0, 0xff}], 0x140000, &(0x7f0000000200)={[{@uni_xlate}, {@uni_xlate}, {@fat=@sys_immutable}], [{@audit}, {@permit_directio}, {@uid_gt={'uid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x32, 0x34, 0x34, 0x34, 0x39, 0x62, 0x7, 0x38], 0x2d, [0x35, 0x30, 0x61, 0x30], 0x2d, [0x35, 0x63, 0x36, 0x38], 0x2d, [0x31, 0x39, 0x35, 0x61], 0x2d, [0x35, 0x39, 0x35, 0xa7, 0x30, 0x30, 0x65, 0x34]}}}]})
tee(r1, r0, 0x0, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000280)='tasks\x00', 0x2, 0x0)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r2)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @remote, 0xad}, 0x1c)
socket$inet6(0xa, 0xa, 0x3)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r3 = getuid()
r4 = geteuid()
mount$tmpfs(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x1000008, &(0x7f0000000380)={[{@huge_within_size}, {@uid={'uid', 0x3d, r3}}, {@size={'size', 0x3d, [0x39, 0x38, 0x6d]}}, {@mode={'mode', 0x3d, 0x8000}}], [{@subj_type={'subj_type', 0x3d, 'vfat\x00'}}, {@uid_gt={'uid>', r4}}]})
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000440)={{{@in=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@empty}, 0x0, @in6=@private1}}, &(0x7f0000000540)=0xe8)
lchown(&(0x7f0000000400)='./file0\x00', r5, 0x0)
r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000580), 0x18100, 0x0)
fadvise64(r6, 0x100, 0x513e, 0x0)
syz_io_uring_setup(0x3d26, &(0x7f00000005c0)={0x0, 0xc8a5, 0x0, 0x0, 0x374, 0x0, r0}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000640), &(0x7f0000000680)=<r7=>0x0)
syz_io_uring_submit(0x0, r7, &(0x7f00000006c0)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x0, @fd_index=0x7, 0x0, 0x0, 0x9a, 0x12, 0x0, {0x3}}, 0x9)

01:56:31 executing program 2:
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)="7ffcbafba4317cef42ee3b8cde8f3aa3", 0x10)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(0xffffffffffffffff, 0x80089419, &(0x7f0000000040))
ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x6)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'xfrm0\x00', <r0=>0x0})
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f00000000c0)={@dev={0xac, 0x14, 0x14, 0x24}, @rand_addr=0x64010101, r0}, 0xc)
r1 = socket$inet6(0xa, 0x5, 0x4)
ioctl$SIOCGSTAMP(r1, 0x8906, &(0x7f0000000100))
r2 = fsmount(0xffffffffffffffff, 0x1, 0x0)
ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f0000000140)={0x0, 0x1, {0xc, 0x6, 0x0, 0x5, 0x9, 0x9, 0x2, 0xc2}})
getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000180)={'filter\x00', 0xb8, "7961653a9c12638ed875d9e9254f38bb3d2941ea99f58231fe84d334280811b9a9a13c4c20b04219cffb1456811d0727036dc4a50d944c44956ce7d4038ff472aadb6ec1969e1e3de1ef5ff1e4eb4d6c8c28a3a0c1867eebfd5156df255f446eeba321c4a17e72c1f007c7761bae38f0b971ec18cec5128b8bcee9e1d3dfed68a73ba297bae37db2be73b54036c6c7fe43940b7f3c81f7af74d8999aac0ada278c562073de426be417ce9fa7b9c3e46633227edc6b123019"}, &(0x7f0000000280)=0xdc)
r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x144)
getsockopt$IP6T_SO_GET_ENTRIES(r3, 0x29, 0x41, &(0x7f0000000300)={'raw\x00', 0xf8, "2592ca990be6f1355af59c394fb283a392bae333dbe7da7b9bbff4b623333a5e644fe1ca0ca7a8ee900db7a32d0a6be595e232e2e545abd224b56bd525253a20f9aebd287a24a4f70657eb8820c4a00aac05d5585c8075d414f114a45a0ee5e50a731cd4b714573dc2b536c5f853a801e545797a644784275495ebd53a6b087d070b20669fcbdcea6f741e80c58681393133808843d912cf8be0d55367959da4d31439c28867de85cd7e33142795986dc28bbec7e06ec75ae5edf684e0a47b3c763c58637a6cba18e6bd2609b639d0729bbadfa55c9c3708f1761bd5cf7cc463e3b7091c812182e56ed37ff432a2e54bd7735bdd055e744b"}, &(0x7f0000000440)=0x11c)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8983, &(0x7f0000000480)={0x6, 'veth1_macvtap\x00', {0x9}, 0x400})
connect$inet6(r3, &(0x7f00000004c0)={0xa, 0x4e24, 0x3f, @private2={0xfc, 0x2, '\x00', 0x1}, 0xfffffffb}, 0x1c)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r2)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x63, &(0x7f0000000500)={'icmp6\x00'}, &(0x7f0000000540)=0x1e)
syz_open_pts(r3, 0x8040)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = getpid()
perf_event_open(&(0x7f00000005c0)={0x5, 0x80, 0x6, 0x9b, 0x9, 0x5, 0x0, 0x1000, 0xe8804, 0x242c710940fa3310, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_bp={&(0x7f0000000580), 0x7}, 0x44250, 0x6, 0x3, 0x8, 0x40, 0x5, 0x100, 0x0, 0x3f, 0x0, 0x2}, r4, 0x8, 0xffffffffffffffff, 0x9)

01:56:31 executing program 4:
prctl$PR_CAPBSET_READ(0x17, 0x27)
prctl$PR_CAPBSET_READ(0x17, 0x3)
prctl$PR_CAPBSET_READ(0x17, 0x1c)
prctl$PR_CAPBSET_READ(0x17, 0x14)
prctl$PR_CAPBSET_READ(0x17, 0x7)
prctl$PR_CAPBSET_READ(0x17, 0x16)
prctl$PR_CAPBSET_READ(0x17, 0xc)
prctl$PR_CAPBSET_READ(0x17, 0x17)
prctl$PR_CAPBSET_READ(0x17, 0x13)
prctl$PR_CAPBSET_READ(0x17, 0x8)
prctl$PR_CAPBSET_READ(0x17, 0x24)
prctl$PR_CAPBSET_READ(0x17, 0x1b)
prctl$PR_CAPBSET_READ(0x17, 0x5)
prctl$PR_CAPBSET_READ(0x17, 0xf)
prctl$PR_CAPBSET_READ(0x17, 0xe)
prctl$PR_CAPBSET_READ(0x17, 0x1d)
prctl$PR_CAPBSET_READ(0x17, 0x12)
prctl$PR_CAPBSET_READ(0x17, 0x9)
prctl$PR_CAPBSET_READ(0x17, 0x15)
prctl$PR_CAPBSET_READ(0x17, 0x17)

01:56:31 executing program 1:
sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, 0x0, 0x2, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x3, 0x59}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x24000801)
r0 = syz_genetlink_get_family_id$gtp(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r0, 0x2, 0x70bd2a, 0x25dfdbfe, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x4)
sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x30, r0, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_VERSION={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, 0x0, 0x100, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0xbd4, 0x72}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x24008801}, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0xe157faa75076081f}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x38, 0x0, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x9}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa3}]}, 0x38}, 0x1, 0x0, 0x0, 0x4005014}, 0xc0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000580)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x2}}, './file0\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000640)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000740)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x60, r2, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "39d455e8ac45e200d7531f0f69"}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "6d110e7578f5d8fe3b151fe86a"}]}, 0x60}}, 0x40e8fea9cc1a1ff1)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000007c0), r1)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000b80)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000b40)={&(0x7f0000000800)={0x304, r4, 0x20, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x1]}, @NL80211_ATTR_FRAME={0x2e7, 0x33, @beacon={@wo_ht={{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x1820}, @device_b, @device_b, @from_mac=@device_b, {0x0, 0x1}}, 0x7ea, @default, 0x9c0a, @void, @val={0x1, 0x3, [{0x24, 0x1}, {0x3}, {0xc, 0x1}]}, @void, @void, @val={0x6, 0x2, 0x800}, @val={0x5, 0xcd, {0x2, 0x36, 0x1f, "91d8849d6789bb71995a327cc5cbccd271aa392a8893637955b1f264c1315800606672286cd6ece8bcc37007c5a0d15485acf7a78867af40a9448de2d1e958d048d60321d2e11218083e9cb224375eaef75f361ce3e88eca0dc66ed9eb4241c7f77cea95457175a707613fd8e8cf319f5e8867db7546326bc5cbde56356d321811e650d172fbeb0593672360c26efdeeaff152cb14302915fa2cadda6080ba68ad87c08c460e839059e27adb67ed12a55b148ed7f95201ac3b03858b8b3aa7c25ae2fd0dc1a5faa300a0"}}, @val={0x25, 0x3, {0x0, 0x68, 0x8}}, @void, @val={0x3c, 0x4, {0x1, 0x3, 0xa1, 0x1f}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x0, 0x2, 0x80, 0x1}}, @val={0x76, 0x6, {0x7, 0x5, 0x3, 0x3}}, [{0xdd, 0x87, "38c4e792d8267b2753291d536bcf45e4bb4eee194d7bcbfa12bca22b8f5a780380f5079bfcdb1c3ce6cec3407cdd17645474291adde5ef2ee9574a209add4b971d46a07f0bdf4d8f818604d85ee2e4387a67b502d2fe1ff0c5a4f0929ced22fbd90eebc53a84ce784cd3e27e037763e9953ca8218a55e9a83dea9e0b6a1b8fcd44c0e6b71da49a"}, {0xdd, 0x67, "5104ad0abcf538a1230cc9065b44a6463c380003407e60db27f3740247b256ff8d4eaffbe3348bb296f4fb85ea3711d8f950fbdb02c96520f5639951311864c8077c4c4b68fde8ef6e899b4845216a54b3719922fc09fd3e6b323343e8dd1bb4a1c596d31ccacb"}, {0xdd, 0xcf, "a5c8b66c600ae921b57f58f235ceb510132df223350f817236ca5bde8cf6bab40767740d76ce74a8e44453e24c440960b3a8ad48bfdd88749c3993a38b135880f0aecd81fd1826c4a1e34f3fd02a6112d7a056f6f389289ea546d4f22084f5e1284f6c2f606bded52135e5060a5c7acd0b109ad114fc039e89fc243fdfc29cb6d301f3a7638e14a9767f62f82f07b15029ec94c1910c1c3e6af2836a438af2527ce982f0d450f76a15945b8d67338c28a0302abc0714432be7f2550c9291043ceea1af2212d6b9f6fc37bb6f7b9936"}]}}]}, 0x304}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004010)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f0000000e40)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000e00)={&(0x7f0000000c00)={0x1c8, r2, 0x8, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x80000001, 0x4d}}}}, [@NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x2000, 0x2, 0x3, 0x0, {0x5, 0x2, 0x0, 0x40, 0x0, 0x1}, 0x800, 0x10001, 0x81}}, @crypto_settings=[@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_PMK={0x102, 0xfe, "8f35191a7d18dc2db61bb58aa0b1e309fe31ca790376d928564cfaccd5f51d365f26c020ef61f7a6df180aed2f1a7e573fc1bc19fcf5f455bd6e5f2051ab24bbc07c36863db03d0a55ba3adcae9aa96e3f45393bb982f5a31dd493248017e19bb318e681a889b58146d2386b65f123d654e0fcf004ceff2224bd4cf758622205893ab42a2f876f81ee5708bf1dfa30d1a36d231b5699fcc2c110c13f5b22fbc103b82b683e79e88841a371c2da72f2d4507077964edcaeeeee0b11279235a111a26c5df8a2cba6331e0e8779c5a64b39ad6d048bbb1d9c12995196b67d0371bb1f367cb2ed8fce26a38ef84966e55d592971f61fca8a172bc4cb8da58bb8"}, @NL80211_ATTR_SAE_PASSWORD={0x5e, 0x115, "f19ceb7075d7ccb4e1cf6af9308c0f0d07417bd2fcf0a7aa24a6c4324e9ef9da6f55ae498b3200d73270ea426fc09135ec649630db3c4accf1b7342a41b4637d8b0a9ecb3cd0584f585d74e5ac10f7184acc7c75483da51f398d"}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}], @NL80211_ATTR_DISABLE_HT={0x4}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
r5 = syz_open_dev$vcsa(&(0x7f0000000ec0), 0x5, 0x8000)
syz_genetlink_get_family_id$tipc(&(0x7f0000000e80), r5)
lstat(&(0x7f0000000fc0)='./file0\x00', &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$9p_unix(&(0x7f0000000f00)='./file0\x00', &(0x7f0000000f40)='./file0\x00', &(0x7f0000000f80), 0x0, &(0x7f0000001080)={'trans=unix,', {[{@debug}, {@posixacl}, {@loose}, {@dfltuid={'dfltuid', 0x3d, 0xee00}}, {@privport}], [{@fscontext={'fscontext', 0x3d, 'user_u'}}, {@euid_eq}, {@uid_lt={'uid<', r6}}, {@euid_eq}, {@fscontext={'fscontext', 0x3d, 'user_u'}}]}})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000001180)={{0x1, 0x1, 0x18, <r7=>r5}, './file0\x00'})
write(r7, &(0x7f00000011c0)="1f2df4e34f20219301ac73b5320eda8a202e4d5b2a1af705ae62dd7b0f7d62b69a2aad69c8b6aaecfe5fb23c75ccd6c65e53582e9f53b0a5d355cfa93933197a6d20ec14f78f32dbe17fb34f50c61a7e8ed9a45a9c25582186c6a77aedaafec78e10f47882972ad2dd5603428b2eb5a2cba0ea33d0acb37e0516a9eb0330fb0432038064acf97326585f7c4e3520810f8c13f73045637e7cca6796ad59c58aed78290739", 0xa4)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001300)={&(0x7f00000012c0)={0x2c, 0x0, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x240d0}, 0x40051)

01:56:31 executing program 3:
sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x15, 0xa, 0x0, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}}, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000100)=@sco={0x1f, @fixed}, &(0x7f0000000180)=0x80)
sendmsg$NL80211_CMD_START_NAN(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x58, 0x0, 0x20, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x4, 0xd}}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x7}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xe}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x73}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x1f}, @NL80211_ATTR_NAN_MASTER_PREF={0x5}, @NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xc}]}, 0x58}}, 0x20000004)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x30, 0x1, 0x1, 0x0, 0x0, 0x0, {0x3, 0x0, 0x7}, [@CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xbb78}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008004}, 0x51)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000400)={{0x1, 0x1, 0x18, <r1=>r0, {0x7}}, './file0\x00'})
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)={0x84, 0x0, 0x0, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x20}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DEST={0x50, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x9}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x2c}}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x4}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfffffffc}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0x84}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000000)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x28, 0x0, 0x100, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x80000001, 0xa}}}}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40090}, 0x80)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000700), r1)
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f00000008c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000880)={&(0x7f0000000740)={0x120, r2, 0x0, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xf87}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x357}]}, @IPVS_CMD_ATTR_DEST={0x60, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xbf34}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x3}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x400}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast1}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x80000001}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_DAEMON={0x78, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x38}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x4}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_1\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010101}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x10000}]}, 0x120}, 0x1, 0x0, 0x0, 0x44020}, 0x20000840)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000900)={{0x1, 0x1, 0x18, <r3=>r1}, './file0\x00'})
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x80, 0x1, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x73f14804}, @CTA_NAT_DST={0x48, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}]}, @CTA_NAT_V6_MINIP={0x14, 0x4, @empty}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @local}, @CTA_NAT_V4_MINIP={0x8, 0x1, @multicast2}]}, @CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xfaa5}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x880)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000a80)={<r4=>0xffffffffffffffff, 0x6, 0x7, 0x9})
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000b00), r1)
sendmsg$TIPC_CMD_GET_LINKS(r4, &(0x7f0000000bc0)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x24, r5, 0x400, 0x70bd2c, 0x25dfdbfe, {{}, {}, {0x8}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x40)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000c00)={'batadv_slave_1\x00'})
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000c80), r3)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000000d40)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x30, r6, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {}, {0x14, 0x18, {0xe12f, @bearer=@l2={'eth', 0x3a, 'geneve1\x00'}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x240000d0)
r7 = io_uring_setup(0x31ca, &(0x7f0000000d80)={0x0, 0xce80, 0x20, 0x2, 0x282, 0x0, r4})
fcntl$setstatus(r7, 0x4, 0x800)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000ec0)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e40)={0x24, 0x1, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0x8}, [@CTA_MARK_MASK={0x8}, @CTA_MARK_MASK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0xc014}, 0x10)

[   66.025054] audit: type=1400 audit(1664675791.104:6): avc:  denied  { execmem } for  pid=282 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
01:56:31 executing program 5:
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000000)={{0x108, 0x7f, 0x43, 0x2ed, 0x2a, 0x8af, 0x2d2, 0x3800}, "731af470b9af87f66092021675a3f48833ba66ca0fa41a5da7ce356bf7096b8381b1c096eb9cc9a654c2b344e9d90425712449a7bbd44be11f2e5ebdc9ebac582c7af48c6cd281c85dca5a5f4a65acef270e8fc08f3ce293a5ac9f04fbc467bc28c8551041029c03a157d4ce03a79b0e782481f90aa42624ba3d856db2cb9fe11804608be2f5b9533cd9c4fca8fb56dc7c18ad33e5840e47084f9c60736a5fcd1122252df889c55069538af9bad4a687d16d4459c98646506e45e2881a31e019f741", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x6e2)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
write$sndseq(r0, &(0x7f0000000700)=[{0x2, 0x1c, 0x9, 0x0, @time={0x1, 0x1000}, {0x9, 0x7}, {0x1, 0xff}, @queue={0xc, {0x8, 0x8}}}, {0x6, 0x20, 0x8, 0x7, @tick=0x1, {0xff, 0xff}, {0xcf, 0x82}, @connect={{0x20, 0xc7}, {0x0, 0x2}}}, {0x5, 0x0, 0x8, 0x0, @tick=0x9, {0x9e}, {0x80, 0x20}, @raw8={"22304f3aa869fc6300b80f4e"}}, {0x5, 0x80, 0x0, 0xc9, @tick=0x1, {0x6, 0x3}, {0x40, 0x4}, @note={0x8, 0x2, 0x1f, 0x6}}, {0x8, 0x7, 0x40, 0xae, @time={0x159, 0x49ba}, {0x4, 0x9}, {0x5, 0x7}, @time=@time={0x2, 0x80000001}}, {0xff, 0x5, 0x3f, 0x6, @time={0xffff, 0x4}, {0x3, 0x3}, {0x9e}, @queue={0x0, {0x7be0, 0x7}}}], 0xa8)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000007c0), 0x408203)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000800)={0x1c0, @time={0x2, 0x30}, 0x1f, {0x5, 0x3f}, 0x6, 0x1, 0x7f})
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000000840)={0x2, 0x0, 'client1\x00', 0x6, "1207a62840932d01", "62b0e5b44e856db1366395c7b8001961dca9fc35650df5ca175e1f36db7d7fa1", 0x4, 0x5})
sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000a80)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000a40)={&(0x7f0000000940)={0xf0, 0xa, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0x9}, [@IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x101}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}, @IPSET_ATTR_COMMENT={0x11, 0x1a, '/dev/snd/seq\x00'}]}, @IPSET_ATTR_ADT={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0xfb}}]}, @IPSET_ATTR_ADT={0x94, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x7f}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x7}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x8}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0x80}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0xc107}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x2}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2_TO={0xc, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x7}}, {0x18, 0x7, 0x0, 0x1, @IPSET_ATTR_IFACE={0x14, 0x17, 'netdevsim0\x00'}}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x6dea0c15cefc2bde}, 0x44000)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, 0xffffffffffffffff, 0x10621000)
r2 = openat2(0xffffffffffffffff, &(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00)={0x10000, 0x8, 0xa}, 0x18)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r2, 0xc0105303, &(0x7f0000000b40)={0x3f, 0x81, 0x3})
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000b80)={{0x81}, 'port1\x00', 0x20, 0x100002, 0x0, 0x1, 0x1, 0x0, 0x9, 0x0, 0x7})
getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000c40)=""/239, &(0x7f0000000d40)=0xef)
r3 = openat$cgroup_devices(r2, &(0x7f0000000d80)='devices.deny\x00', 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000dc0)={{0x1, 0x1, 0x18, r3, {<r4=>r0}}, './file0\x00'})
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000e00)='/sys/module/kernel', 0x4e07c1, 0x40)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000000e40)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'})
connect$bt_sco(r4, 0xfffffffffffffffe, 0x0)
r6 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000f40), 0xac01, 0x0)
perf_event_open(&(0x7f0000000ec0)={0x0, 0x80, 0x1, 0x8, 0x4, 0x18, 0x0, 0x9, 0x8000, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x5, 0x4, @perf_bp={&(0x7f0000000e80), 0x9}, 0x1040, 0x80000001, 0x4, 0x9, 0x80000000, 0xfffffffa, 0x200, 0x0, 0x200, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, r6, 0x1)
stat(&(0x7f0000000f80)='./file0\x00', &(0x7f0000000fc0))

01:56:31 executing program 6:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101000)
r1 = signalfd4(r0, &(0x7f0000000040)={[0xffffffffffffff81]}, 0x8, 0x80000)
r2 = openat$cgroup_type(r1, &(0x7f0000000080), 0x2, 0x0)
readv(r2, &(0x7f00000000c0), 0x0)
ftruncate(r0, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f0000000100), 0x9, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r3, 0xc0bc5351, &(0x7f0000000140)={0xfffffff7, 0x0, 'client1\x00', 0x0, "bc0292f12d59acd6", "9d8582984788157387ada4d06c74a236361f777309fa60a05670e0ae6b888357", 0x80000000, 0x401})
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x80200, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r1, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r5=>r4, {0x401}}, './file0\x00'})
ftruncate(r2, 0x7)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0xe00, 0x0)
ioctl$BTRFS_IOC_SEND(r6, 0x40489426, &(0x7f00000003c0)={{r5}, 0x4, &(0x7f0000000380)=[0x3, 0x5, 0x5, 0x1], 0x68c6a183, 0x1, [0x100, 0x7, 0x3, 0x2]})
recvmsg$unix(r1, &(0x7f0000000740)={&(0x7f0000000440), 0x6e, &(0x7f0000000680)=[{&(0x7f00000004c0)=""/142, 0x8e}, {&(0x7f0000000580)=""/43, 0x2b}, {&(0x7f00000005c0)=""/30, 0x1e}, {&(0x7f0000000600)=""/120, 0x78}], 0x4, &(0x7f00000006c0)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r7=>0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r8=>0xffffffffffffffff, 0xffffffffffffffff, <r9=>0xffffffffffffffff]}}], 0x50}, 0x40000000)
fsetxattr$trusted_overlay_redirect(r7, &(0x7f0000000780), &(0x7f00000007c0)='./file0\x00', 0x8, 0x0)
r10 = syz_open_dev$mouse(&(0x7f0000000800), 0x8, 0x20000)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r10, 0xf504, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000840)={@in={{0x2, 0x4e21, @broadcast}}, 0x0, 0x0, 0x1f, 0x0, "10f6eb58369264f82f302ce42bccf6f30db1e21b07e55455b86342112cf099968c28da3973679a3b56d974fb1e7897e3033d7508e995444301e5f01a098feaa30a99449acff4882307672779550e7f53"}, 0xd8)
r11 = accept$unix(r8, &(0x7f0000000940)=@abs, &(0x7f00000009c0)=0x6e)
readahead(r11, 0x800, 0x3f)
getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, &(0x7f0000000a40)={'IDLETIMER\x00'}, &(0x7f0000000a80)=0x1e)

01:56:31 executing program 7:
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)={'syz1', "2a7f3af29de93ceb716e6163562844976a38ebdc7aa401acd7c9c032a7db"}, 0x22)
r0 = socket(0x23, 0x800, 0x3)
readv(r0, &(0x7f0000000280)=[{&(0x7f0000000040)=""/120, 0x78}, {&(0x7f00000000c0)=""/160, 0xa0}, {&(0x7f0000000180)=""/181, 0xb5}, {&(0x7f0000000240)}], 0x4)
r1 = signalfd4(0xffffffffffffffff, &(0x7f00000002c0)={[0x3]}, 0x8, 0x800)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x4c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x1}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000840}, 0x10)
getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000440), &(0x7f00000004c0)=0x68)
ioctl$AUTOFS_IOC_FAIL(r0, 0x9361, 0x1000)
r2 = open_tree(r1, &(0x7f0000000500)='./file0\x00', 0x80100)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r1)
sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f00000007c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000780)={&(0x7f00000005c0)={0x184, r3, 0x400, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x800, 0x75}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x5}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0xc, 0x3, 0x5, 0x0, {0x8, 0x3f, 0x0, 0x2da}, 0x300, 0x8, 0x5}}, @NL80211_ATTR_IE={0x104, 0x2a, [@chsw_timing={0x68, 0x4, {0x6, 0x9}}, @preq={0x82, 0x67, @not_ext={{0x1, 0x1, 0x1}, 0xc3, 0xbe, 0x1b5, @device_b, 0xd4d, "", 0x90b, 0x4, 0x7, [{{}, @broadcast, 0x12000}, {{0x0, 0x0, 0x1}, @device_b, 0xf3}, {{}, @broadcast, 0x4}, {{0x0, 0x0, 0x1}, @device_a, 0x200}, {{0x0, 0x0, 0x1}, @broadcast, 0x5}, {{}, @device_b, 0xe9c0}, {{}, @device_a, 0x7}]}}, @prep={0x83, 0x25, @ext={{}, 0x2, 0x14, @device_b, 0x0, @device_b, 0x4, 0x8, @device_a, 0x2}}, @link_id={0x65, 0x12, {@random="cfafeb44456a", @device_b, @broadcast}}, @perr={0x84, 0xf, {0x0, 0x1, [@not_ext={{}, @broadcast, 0x64e8, "", 0x42}]}}, @dsss={0x3, 0x1}, @ssid={0x0, 0x1a, @random="bdbe60c071790aa9fd780bfd967cdd14f7b9bf61492b3a63211b"}, @ext_channel_switch={0x3c, 0x4, {0x11, 0x6, 0xae, 0x17}}, @rann={0x7e, 0x15, {{0x1, 0x7}, 0xb7, 0xf6, @broadcast, 0x100, 0x6, 0x8}}, @mesh_config={0x71, 0x7, {0x0, 0xffffffffffffffff, 0x0, 0x1, 0xffffffffffffffff, 0x2, 0x29}}]}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x8000, 0x1, 0x3, 0x0, {0x2, 0x80, 0x0, 0x81, 0x0, 0x1}, 0x6, 0x3f, 0x6}}]}, 0x184}, 0x1, 0x0, 0x0, 0x20008045}, 0x20000000)
r4 = syz_open_procfs(0x0, &(0x7f0000000800)='net/netfilter\x00')
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000840), 0x200100, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000880)={0x8})
ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, &(0x7f00000008c0)=0xbe73)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000900))
r6 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, r6)
ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r2, &(0x7f0000000b00)={0x80000013})
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, &(0x7f0000000b40))

[   67.375611] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   67.377505] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   67.379461] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   67.381402] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   67.382703] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   67.385331] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   67.386408] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   67.387778] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   67.389221] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   67.390510] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   67.392595] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   67.393797] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   67.395235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   67.396390] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   67.398484] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   67.403702] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   67.405180] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   67.407200] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   67.408288] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   67.410151] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   67.411171] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   67.412431] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   67.413703] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   67.414762] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   67.415900] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   67.417156] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   67.418812] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   67.428429] Bluetooth: hci4: HCI_REQ-0x0c1a
[   67.432815] Bluetooth: hci2: HCI_REQ-0x0c1a
[   67.433652] Bluetooth: hci1: HCI_REQ-0x0c1a
[   67.441106] Bluetooth: hci0: HCI_REQ-0x0c1a
[   67.461276] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   67.463463] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   67.465303] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   67.466520] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   67.467773] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   67.467876] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   67.473503] Bluetooth: hci3: HCI_REQ-0x0c1a
[   67.480582] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   67.482846] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   67.488245] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   67.489887] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   67.491235] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   67.492520] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   67.496866] Bluetooth: hci6: HCI_REQ-0x0c1a
[   67.507369] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   67.515252] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   67.517695] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   67.525627] Bluetooth: hci5: HCI_REQ-0x0c1a
[   69.430274] Bluetooth: hci7: Opcode 0x c03 failed: -110
[   69.494594] Bluetooth: hci3: command 0x0409 tx timeout
[   69.496326] Bluetooth: hci4: command 0x0409 tx timeout
[   69.497390] Bluetooth: hci1: command 0x0409 tx timeout
[   69.498383] Bluetooth: hci0: command 0x0409 tx timeout
[   69.499395] Bluetooth: hci2: command 0x0409 tx timeout
[   69.558528] Bluetooth: hci5: command 0x0409 tx timeout
[   69.559968] Bluetooth: hci6: command 0x0409 tx timeout
[   71.542152] Bluetooth: hci2: command 0x041b tx timeout
[   71.542741] Bluetooth: hci0: command 0x041b tx timeout
[   71.543332] Bluetooth: hci1: command 0x041b tx timeout
[   71.543835] Bluetooth: hci4: command 0x041b tx timeout
[   71.544378] Bluetooth: hci3: command 0x041b tx timeout
[   71.606109] Bluetooth: hci6: command 0x041b tx timeout
[   71.606913] Bluetooth: hci5: command 0x041b tx timeout
[   73.590230] Bluetooth: hci3: command 0x040f tx timeout
[   73.591073] Bluetooth: hci4: command 0x040f tx timeout
[   73.591787] Bluetooth: hci1: command 0x040f tx timeout
[   73.592573] Bluetooth: hci0: command 0x040f tx timeout
[   73.593314] Bluetooth: hci2: command 0x040f tx timeout
[   73.654376] Bluetooth: hci5: command 0x040f tx timeout
[   73.655228] Bluetooth: hci6: command 0x040f tx timeout
[   75.126164] Bluetooth: hci7: Opcode 0x c03 failed: -110
[   75.638119] Bluetooth: hci2: command 0x0419 tx timeout
[   75.638608] Bluetooth: hci0: command 0x0419 tx timeout
[   75.639088] Bluetooth: hci1: command 0x0419 tx timeout
[   75.639508] Bluetooth: hci4: command 0x0419 tx timeout
[   75.639928] Bluetooth: hci3: command 0x0419 tx timeout
[   75.702093] Bluetooth: hci6: command 0x0419 tx timeout
[   75.702595] Bluetooth: hci5: command 0x0419 tx timeout
[   77.927389] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   77.934256] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   77.936287] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   78.001817] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   78.004420] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   78.006151] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   78.014675] Bluetooth: hci7: HCI_REQ-0x0c1a
[   80.054118] Bluetooth: hci7: command 0x0409 tx timeout
[   82.102057] Bluetooth: hci7: command 0x041b tx timeout
[   84.150058] Bluetooth: hci7: command 0x040f tx timeout
[   86.198235] Bluetooth: hci7: command 0x0419 tx timeout
01:57:29 executing program 6:
fdatasync(0xffffffffffffffff)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000000)={@remote, @loopback}, &(0x7f0000000040)=0x8)
sendmmsg$sock(r0, &(0x7f0000000a40)=[{{&(0x7f0000000840)=@caif, 0x80, 0x0, 0x0, &(0x7f00000009c0)=[@txtime={{0x18}}, @timestamping={{0x14}}], 0x30}}], 0x1, 0x0)

[  124.778457] raw_sendmsg: syz-executor.6 forgot to set AF_INET. Fix it!
01:57:29 executing program 6:
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
r4 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
signalfd(r4, &(0x7f0000000340), 0x8)
read(r4, &(0x7f0000000440)=""/97, 0x61)
sendmsg$NL80211_CMD_GET_MPP(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x28, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000003c0)={0x68, r2, 0x4b61345b13f92579, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x2}, @NL80211_ATTR_PMKID={0x14, 0x55, "9a323f0a5beeee22df5ee8ea444a1eca"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x48}, @NL80211_ATTR_BSSID={0xa}]}, 0x68}}, 0x20000881)
syz_mount_image$ext4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0xfff1, 0x0, 0x0, 0x0)
mount$9p_tcp(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000380)={'trans=tcp,', {'port', 0x3d, 0xa7ffffff}})

01:57:30 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x84758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = dup(r0)
r2 = syz_open_dev$vcsn(&(0x7f0000000000), 0x5, 0x10040)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3}, './file0\x00'})
socket$inet_udp(0x2, 0x2, 0x0)
r4 = dup(r0)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000180)={'bridge0\x00'})

[  125.282916] audit: type=1400 audit(1664675850.362:7): avc:  denied  { open } for  pid=3798 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  125.284451] audit: type=1400 audit(1664675850.362:8): avc:  denied  { kernel } for  pid=3798 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  125.293759] audit: type=1400 audit(1664675850.373:9): avc:  denied  { tracepoint } for  pid=3798 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  125.309531] ------------[ cut here ]------------
[  125.309549] 
[  125.309551] ======================================================
[  125.309554] WARNING: possible circular locking dependency detected
[  125.309558] 6.0.0-rc7-next-20220930 #1 Not tainted
[  125.309564] ------------------------------------------------------
[  125.309567] syz-executor.6/3799 is trying to acquire lock:
[  125.309574] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  125.309611] 
[  125.309611] but task is already holding lock:
[  125.309614] ffff88803f0a7420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  125.309640] 
[  125.309640] which lock already depends on the new lock.
[  125.309640] 
[  125.309642] 
[  125.309642] the existing dependency chain (in reverse order) is:
[  125.309645] 
[  125.309645] -> #3 (&ctx->lock){....}-{2:2}:
[  125.309659]        _raw_spin_lock+0x2a/0x40
[  125.309670]        __perf_event_task_sched_out+0x53b/0x18d0
[  125.309681]        __schedule+0xedd/0x2470
[  125.309694]        schedule+0xda/0x1b0
[  125.309707]        exit_to_user_mode_prepare+0x114/0x1a0
[  125.309720]        syscall_exit_to_user_mode+0x19/0x40
[  125.309732]        do_syscall_64+0x48/0x90
[  125.309749]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  125.309761] 
[  125.309761] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  125.309775]        _raw_spin_lock_nested+0x30/0x40
[  125.309785]        raw_spin_rq_lock_nested+0x1e/0x30
[  125.309797]        task_fork_fair+0x63/0x4d0
[  125.309813]        sched_cgroup_fork+0x3d0/0x540
[  125.309827]        copy_process+0x4183/0x6e20
[  125.309838]        kernel_clone+0xe7/0x890
[  125.309847]        user_mode_thread+0xad/0xf0
[  125.309857]        rest_init+0x24/0x250
[  125.309869]        arch_call_rest_init+0xf/0x14
[  125.309886]        start_kernel+0x4c6/0x4eb
[  125.309901]        secondary_startup_64_no_verify+0xe0/0xeb
[  125.309914] 
[  125.309914] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  125.309928]        _raw_spin_lock_irqsave+0x39/0x60
[  125.309938]        try_to_wake_up+0xab/0x1930
[  125.309951]        up+0x75/0xb0
[  125.309965]        __up_console_sem+0x6e/0x80
[  125.309980]        console_unlock+0x46a/0x590
[  125.309996]        vprintk_emit+0x1bd/0x560
[  125.310015]        vprintk+0x84/0xa0
[  125.310030]        _printk+0xba/0xf1
[  125.310044]        kauditd_hold_skb.cold+0x3f/0x4e
[  125.310061]        kauditd_send_queue+0x233/0x290
[  125.310076]        kauditd_thread+0x5f9/0x9c0
[  125.310089]        kthread+0x2ed/0x3a0
[  125.310103]        ret_from_fork+0x22/0x30
[  125.310115] 
[  125.310115] -> #0 ((console_sem).lock){....}-{2:2}:
[  125.310128]        __lock_acquire+0x2a02/0x5e70
[  125.310145]        lock_acquire+0x1a2/0x530
[  125.310160]        _raw_spin_lock_irqsave+0x39/0x60
[  125.310171]        down_trylock+0xe/0x70
[  125.310185]        __down_trylock_console_sem+0x3b/0xd0
[  125.310201]        vprintk_emit+0x16b/0x560
[  125.310217]        vprintk+0x84/0xa0
[  125.310232]        _printk+0xba/0xf1
[  125.310242]        report_bug.cold+0x72/0xab
[  125.310261]        handle_bug+0x3c/0x70
[  125.310279]        exc_invalid_op+0x14/0x50
[  125.310296]        asm_exc_invalid_op+0x16/0x20
[  125.310308]        group_sched_out.part.0+0x2c7/0x460
[  125.310325]        ctx_sched_out+0x8f1/0xc10
[  125.310341]        __perf_event_task_sched_out+0x6d0/0x18d0
[  125.310352]        __schedule+0xedd/0x2470
[  125.310365]        schedule+0xda/0x1b0
[  125.310378]        exit_to_user_mode_prepare+0x114/0x1a0
[  125.310389]        syscall_exit_to_user_mode+0x19/0x40
[  125.310401]        do_syscall_64+0x48/0x90
[  125.310418]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  125.310430] 
[  125.310430] other info that might help us debug this:
[  125.310430] 
[  125.310433] Chain exists of:
[  125.310433]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  125.310433] 
[  125.310447]  Possible unsafe locking scenario:
[  125.310447] 
[  125.310449]        CPU0                    CPU1
[  125.310451]        ----                    ----
[  125.310454]   lock(&ctx->lock);
[  125.310459]                                lock(&rq->__lock);
[  125.310465]                                lock(&ctx->lock);
[  125.310471]   lock((console_sem).lock);
[  125.310477] 
[  125.310477]  *** DEADLOCK ***
[  125.310477] 
[  125.310479] 2 locks held by syz-executor.6/3799:
[  125.310486]  #0: ffff88806ce37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  125.310514]  #1: ffff88803f0a7420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  125.310540] 
[  125.310540] stack backtrace:
[  125.310543] CPU: 0 PID: 3799 Comm: syz-executor.6 Not tainted 6.0.0-rc7-next-20220930 #1
[  125.310556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  125.310563] Call Trace:
[  125.310566]  <TASK>
[  125.310570]  dump_stack_lvl+0x8b/0xb3
[  125.310588]  check_noncircular+0x263/0x2e0
[  125.310605]  ? format_decode+0x26c/0xb50
[  125.310620]  ? print_circular_bug+0x450/0x450
[  125.310637]  ? simple_strtoul+0x30/0x30
[  125.310653]  ? format_decode+0x26c/0xb50
[  125.310670]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  125.310687]  __lock_acquire+0x2a02/0x5e70
[  125.310708]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  125.310731]  lock_acquire+0x1a2/0x530
[  125.310747]  ? down_trylock+0xe/0x70
[  125.310764]  ? lock_release+0x750/0x750
[  125.310784]  ? vprintk+0x84/0xa0
[  125.310802]  _raw_spin_lock_irqsave+0x39/0x60
[  125.310813]  ? down_trylock+0xe/0x70
[  125.310829]  down_trylock+0xe/0x70
[  125.310844]  ? vprintk+0x84/0xa0
[  125.310861]  __down_trylock_console_sem+0x3b/0xd0
[  125.310878]  vprintk_emit+0x16b/0x560
[  125.310897]  vprintk+0x84/0xa0
[  125.310914]  _printk+0xba/0xf1
[  125.310925]  ? record_print_text.cold+0x16/0x16
[  125.310941]  ? report_bug.cold+0x66/0xab
[  125.310959]  ? group_sched_out.part.0+0x2c7/0x460
[  125.310977]  report_bug.cold+0x72/0xab
[  125.310995]  handle_bug+0x3c/0x70
[  125.311013]  exc_invalid_op+0x14/0x50
[  125.311030]  asm_exc_invalid_op+0x16/0x20
[  125.311043] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  125.311063] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  125.311074] RSP: 0018:ffff888040707c48 EFLAGS: 00010006
[  125.311083] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  125.311090] RDX: ffff8880207ab580 RSI: ffffffff81565dc7 RDI: 0000000000000005
[  125.311098] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001
[  125.311105] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88803f0a7400
[  125.311113] R13: ffff88806ce3d2c0 R14: ffffffff8547d000 R15: 0000000000000002
[  125.311123]  ? group_sched_out.part.0+0x2c7/0x460
[  125.311143]  ? group_sched_out.part.0+0x2c7/0x460
[  125.311163]  ctx_sched_out+0x8f1/0xc10
[  125.311182]  __perf_event_task_sched_out+0x6d0/0x18d0
[  125.311196]  ? lock_is_held_type+0xd7/0x130
[  125.311210]  ? __perf_cgroup_move+0x160/0x160
[  125.311220]  ? set_next_entity+0x304/0x550
[  125.311238]  ? update_curr+0x267/0x740
[  125.311256]  ? lock_is_held_type+0xd7/0x130
[  125.311270]  __schedule+0xedd/0x2470
[  125.311287]  ? io_schedule_timeout+0x150/0x150
[  125.311303]  ? rcu_read_lock_sched_held+0x3e/0x80
[  125.311324]  schedule+0xda/0x1b0
[  125.311338]  exit_to_user_mode_prepare+0x114/0x1a0
[  125.311351]  syscall_exit_to_user_mode+0x19/0x40
[  125.311364]  do_syscall_64+0x48/0x90
[  125.311382]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  125.311395] RIP: 0033:0x7fa45fd1cb19
[  125.311403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  125.311414] RSP: 002b:00007fa45d292218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  125.311424] RAX: 0000000000000001 RBX: 00007fa45fe2ff68 RCX: 00007fa45fd1cb19
[  125.311431] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa45fe2ff6c
[  125.311439] RBP: 00007fa45fe2ff60 R08: 000000000000000e R09: 0000000000000000
[  125.311446] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fa45fe2ff6c
[  125.311453] R13: 00007fff639d66df R14: 00007fa45d292300 R15: 0000000000022000
[  125.311465]  </TASK>
[  125.367020] WARNING: CPU: 0 PID: 3799 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  125.367703] Modules linked in:
[  125.367938] CPU: 0 PID: 3799 Comm: syz-executor.6 Not tainted 6.0.0-rc7-next-20220930 #1
[  125.368533] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  125.369353] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  125.369759] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  125.371086] RSP: 0018:ffff888040707c48 EFLAGS: 00010006
[  125.371479] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  125.372013] RDX: ffff8880207ab580 RSI: ffffffff81565dc7 RDI: 0000000000000005
[  125.372534] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001
[  125.373057] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88803f0a7400
[  125.373577] R13: ffff88806ce3d2c0 R14: ffffffff8547d000 R15: 0000000000000002
[  125.374100] FS:  00007fa45d292700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  125.374698] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  125.375129] CR2: 00007f4c30c64040 CR3: 000000001a88e000 CR4: 0000000000350ef0
[  125.375654] Call Trace:
[  125.375847]  <TASK>
[  125.376016]  ctx_sched_out+0x8f1/0xc10
[  125.376315]  __perf_event_task_sched_out+0x6d0/0x18d0
[  125.376700]  ? lock_is_held_type+0xd7/0x130
[  125.377024]  ? __perf_cgroup_move+0x160/0x160
[  125.377366]  ? set_next_entity+0x304/0x550
[  125.377684]  ? update_curr+0x267/0x740
[  125.377981]  ? lock_is_held_type+0xd7/0x130
[  125.378304]  __schedule+0xedd/0x2470
[  125.378588]  ? io_schedule_timeout+0x150/0x150
[  125.378937]  ? rcu_read_lock_sched_held+0x3e/0x80
[  125.379296]  schedule+0xda/0x1b0
[  125.379562]  exit_to_user_mode_prepare+0x114/0x1a0
[  125.379941]  syscall_exit_to_user_mode+0x19/0x40
[  125.380292]  do_syscall_64+0x48/0x90
[  125.380588]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  125.380967] RIP: 0033:0x7fa45fd1cb19
[  125.381243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  125.382559] RSP: 002b:00007fa45d292218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  125.383114] RAX: 0000000000000001 RBX: 00007fa45fe2ff68 RCX: 00007fa45fd1cb19
[  125.383645] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa45fe2ff6c
[  125.384166] RBP: 00007fa45fe2ff60 R08: 000000000000000e R09: 0000000000000000
[  125.384694] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fa45fe2ff6c
[  125.385216] R13: 00007fff639d66df R14: 00007fa45d292300 R15: 0000000000022000
[  125.385742]  </TASK>
[  125.385919] irq event stamp: 712
[  125.386168] hardirqs last  enabled at (711): [<ffffffff8133e829>] exit_to_user_mode_prepare+0x109/0x1a0
[  125.386855] hardirqs last disabled at (712): [<ffffffff8425caa5>] __schedule+0x1225/0x2470
[  125.387464] softirqs last  enabled at (40): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  125.388078] softirqs last disabled at (35): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  125.388690] ---[ end trace 0000000000000000 ]---
[  125.514024] hrtimer: interrupt took 19436 ns
[  125.679671] tmpfs: Unsupported parameter 'huge'
01:57:30 executing program 5:
ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f0000000080))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
signalfd(r1, &(0x7f0000000340), 0x8)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='dctcp-reno\x00', 0xb)
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
r3 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000006b00000000000300", @ANYRES32=r5, @ANYBLOB="0a0006000802110000000000"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_SET_NOACK_MAP(r2, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x40, 0x0, 0x8, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x0, 0x2a}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x494}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x2}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000060}, 0x40000)
signalfd(r3, &(0x7f0000000340), 0x8)
r6 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
signalfd(r6, &(0x7f0000000340), 0x8)
signalfd(r6, &(0x7f0000000340), 0x8)
io_uring_enter(r2, 0xb9c, 0x5707, 0x2, &(0x7f0000000180)={[0x6]}, 0x8)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x0, @empty}, 0x10, &(0x7f0000001480)=[{&(0x7f0000000140)="01", 0x7ffff000}], 0x1}, 0x20000040)

[  125.821983] tmpfs: Unsupported parameter 'huge'
01:57:30 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
pwritev(r1, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0)
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
signalfd(r2, &(0x7f0000000340), 0x8)
ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x5)
r3 = socket$inet6(0xa, 0x1, 0x0)
ioctl$int_in(r3, 0x5421, &(0x7f0000000080)=0x7)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r3, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x4, [{}, {}, {}, {}]}, 0x68)
sendfile(r3, r1, 0x0, 0x80000001)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x8000, @ipv4={'\x00', '\xff\xff', @empty}, 0x8}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x28e4, 0x0, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000880), &(0x7f00000008c0))

01:57:31 executing program 5:
ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f0000000080))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
signalfd(r1, &(0x7f0000000340), 0x8)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='dctcp-reno\x00', 0xb)
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
r3 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000006b00000000000300", @ANYRES32=r5, @ANYBLOB="0a0006000802110000000000"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_SET_NOACK_MAP(r2, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x40, 0x0, 0x8, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x0, 0x2a}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x494}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x2}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000060}, 0x40000)
signalfd(r3, &(0x7f0000000340), 0x8)
r6 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
signalfd(r6, &(0x7f0000000340), 0x8)
signalfd(r6, &(0x7f0000000340), 0x8)
io_uring_enter(r2, 0xb9c, 0x5707, 0x2, &(0x7f0000000180)={[0x6]}, 0x8)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x0, @empty}, 0x10, &(0x7f0000001480)=[{&(0x7f0000000140)="01", 0x7ffff000}], 0x1}, 0x20000040)

[  130.678158] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  130.742052] Bluetooth: hci4: Opcode 0x c03 failed: -110
[  130.743379] Bluetooth: hci5: Opcode 0x c03 failed: -110
[  132.860678] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  132.863083] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  132.864695] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  132.872496] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  132.875190] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  132.876795] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  132.881409] Bluetooth: hci2: HCI_REQ-0x0c1a
[  134.902059] Bluetooth: hci2: command 0x0409 tx timeout
[  134.966073] Bluetooth: hci5: Opcode 0x c03 failed: -110
[  134.966880] Bluetooth: hci4: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
01:57:30  Registers:
info registers vcpu 0
RAX=000000000000002e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff823bb0f1 RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff888040707690
R8 =0000000000000001 R9 =000000000000000a R10=000000000000002e R11=0000000000000001
R12=000000000000002e R13=ffffffff8765a960 R14=0000000000000010 R15=ffffffff823bb0e0
RIP=ffffffff823bb149 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fa45d292700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4c30c64040 CR3=000000001a88e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007fa45fe037c0 00007fa45fe037c8
YMM02=0000000000000000 0000000000000000 00007fa45fe037e0 00007fa45fe037c0
YMM03=0000000000000000 0000000000000000 00007fa45fe037c8 00007fa45fe037c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000007 RBX=0000000000000000 RCX=ffffffff8177059f RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000000 RBP=ffffffff87074820 RSP=ffff88803cc17b30
R8 =0000000000000000 R9 =ffffffff85b06ed7 R10=fffffbfff0b60dda R11=0000000000000001
R12=0000000000100cca R13=ffffea0000bbed00 R14=0000000000000000 R15=0000000000000001
RIP=ffffffff814608c4 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f8f5f43f540 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f8f5f91a870 CR3=0000000036cf8000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 ffff00ffffffffff ffffffffffff00ff
YMM02=0000000000000000 0000000000000000 4c4700362e322e32 5f4342494c470035
YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000470035
YMM04=0000000000000000 0000000000000000 4342494c4700362e 322e325f4342494c
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000