Warning: Permanently added '[localhost]:5873' (ECDSA) to the list of known hosts. 2022/10/02 10:19:58 fuzzer started 2022/10/02 10:19:58 dialing manager at localhost:35095 syzkaller login: [ 36.435089] cgroup: Unknown subsys name 'net' [ 36.528835] cgroup: Unknown subsys name 'rlimit' 2022/10/02 10:20:13 syscalls: 2215 2022/10/02 10:20:13 code coverage: enabled 2022/10/02 10:20:13 comparison tracing: enabled 2022/10/02 10:20:13 extra coverage: enabled 2022/10/02 10:20:13 setuid sandbox: enabled 2022/10/02 10:20:13 namespace sandbox: enabled 2022/10/02 10:20:13 Android sandbox: enabled 2022/10/02 10:20:13 fault injection: enabled 2022/10/02 10:20:13 leak checking: enabled 2022/10/02 10:20:13 net packet injection: enabled 2022/10/02 10:20:13 net device setup: enabled 2022/10/02 10:20:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/02 10:20:13 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/02 10:20:13 USB emulation: enabled 2022/10/02 10:20:13 hci packet injection: enabled 2022/10/02 10:20:13 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930) 2022/10/02 10:20:13 802.15.4 emulation: enabled 2022/10/02 10:20:13 fetching corpus: 50, signal 27795/29596 (executing program) 2022/10/02 10:20:14 fetching corpus: 100, signal 38575/42010 (executing program) 2022/10/02 10:20:14 fetching corpus: 150, signal 49207/54159 (executing program) 2022/10/02 10:20:14 fetching corpus: 200, signal 54082/60501 (executing program) 2022/10/02 10:20:14 fetching corpus: 250, signal 61457/69181 (executing program) 2022/10/02 10:20:14 fetching corpus: 300, signal 65673/74739 (executing program) 2022/10/02 10:20:14 fetching corpus: 350, signal 69897/80255 (executing program) 2022/10/02 10:20:14 fetching corpus: 400, signal 75193/86722 (executing program) 2022/10/02 10:20:14 fetching corpus: 450, signal 80044/92701 (executing program) 2022/10/02 10:20:15 fetching corpus: 500, signal 81945/95877 (executing program) 2022/10/02 10:20:15 fetching corpus: 550, signal 84023/99168 (executing program) 2022/10/02 10:20:15 fetching corpus: 600, signal 86150/102492 (executing program) 2022/10/02 10:20:15 fetching corpus: 650, signal 90083/107470 (executing program) 2022/10/02 10:20:15 fetching corpus: 700, signal 93428/111873 (executing program) 2022/10/02 10:20:15 fetching corpus: 750, signal 95687/115247 (executing program) 2022/10/02 10:20:15 fetching corpus: 800, signal 97108/117759 (executing program) 2022/10/02 10:20:15 fetching corpus: 850, signal 100209/121787 (executing program) 2022/10/02 10:20:15 fetching corpus: 900, signal 102290/124825 (executing program) 2022/10/02 10:20:16 fetching corpus: 950, signal 104000/127527 (executing program) 2022/10/02 10:20:16 fetching corpus: 1000, signal 105873/130366 (executing program) 2022/10/02 10:20:16 fetching corpus: 1050, signal 107966/133361 (executing program) 2022/10/02 10:20:16 fetching corpus: 1100, signal 110721/136848 (executing program) 2022/10/02 10:20:16 fetching corpus: 1150, signal 112044/139138 (executing program) 2022/10/02 10:20:16 fetching corpus: 1200, signal 113116/141216 (executing program) 2022/10/02 10:20:16 fetching corpus: 1250, signal 115261/144130 (executing program) 2022/10/02 10:20:16 fetching corpus: 1300, signal 116864/146530 (executing program) 2022/10/02 10:20:16 fetching corpus: 1350, signal 118242/148815 (executing program) 2022/10/02 10:20:17 fetching corpus: 1400, signal 120343/151622 (executing program) 2022/10/02 10:20:17 fetching corpus: 1450, signal 122859/154704 (executing program) 2022/10/02 10:20:17 fetching corpus: 1500, signal 124844/157393 (executing program) 2022/10/02 10:20:17 fetching corpus: 1550, signal 127920/160828 (executing program) 2022/10/02 10:20:17 fetching corpus: 1600, signal 130140/163617 (executing program) 2022/10/02 10:20:17 fetching corpus: 1650, signal 130844/165237 (executing program) 2022/10/02 10:20:17 fetching corpus: 1700, signal 131995/167142 (executing program) 2022/10/02 10:20:18 fetching corpus: 1750, signal 132858/168862 (executing program) 2022/10/02 10:20:18 fetching corpus: 1800, signal 134608/171161 (executing program) 2022/10/02 10:20:18 fetching corpus: 1850, signal 136121/173275 (executing program) 2022/10/02 10:20:18 fetching corpus: 1900, signal 136751/174775 (executing program) 2022/10/02 10:20:18 fetching corpus: 1950, signal 138229/176815 (executing program) 2022/10/02 10:20:18 fetching corpus: 2000, signal 139657/178816 (executing program) 2022/10/02 10:20:18 fetching corpus: 2050, signal 140437/180320 (executing program) 2022/10/02 10:20:18 fetching corpus: 2100, signal 141282/181861 (executing program) 2022/10/02 10:20:18 fetching corpus: 2150, signal 142259/183446 (executing program) 2022/10/02 10:20:18 fetching corpus: 2200, signal 144537/185954 (executing program) 2022/10/02 10:20:19 fetching corpus: 2250, signal 145270/187402 (executing program) 2022/10/02 10:20:19 fetching corpus: 2300, signal 146967/189466 (executing program) 2022/10/02 10:20:19 fetching corpus: 2350, signal 149079/191732 (executing program) 2022/10/02 10:20:19 fetching corpus: 2400, signal 150075/193270 (executing program) 2022/10/02 10:20:19 fetching corpus: 2450, signal 151022/194847 (executing program) 2022/10/02 10:20:19 fetching corpus: 2500, signal 151559/196107 (executing program) 2022/10/02 10:20:19 fetching corpus: 2550, signal 152436/197549 (executing program) 2022/10/02 10:20:19 fetching corpus: 2600, signal 153501/199054 (executing program) 2022/10/02 10:20:20 fetching corpus: 2650, signal 154736/200663 (executing program) 2022/10/02 10:20:20 fetching corpus: 2700, signal 157472/203210 (executing program) 2022/10/02 10:20:20 fetching corpus: 2750, signal 158445/204601 (executing program) 2022/10/02 10:20:20 fetching corpus: 2800, signal 159197/205899 (executing program) 2022/10/02 10:20:20 fetching corpus: 2850, signal 160613/207561 (executing program) 2022/10/02 10:20:20 fetching corpus: 2900, signal 161280/208776 (executing program) 2022/10/02 10:20:20 fetching corpus: 2950, signal 162352/210189 (executing program) 2022/10/02 10:20:20 fetching corpus: 3000, signal 162853/211335 (executing program) 2022/10/02 10:20:21 fetching corpus: 3050, signal 163550/212601 (executing program) 2022/10/02 10:20:21 fetching corpus: 3100, signal 164328/213921 (executing program) 2022/10/02 10:20:21 fetching corpus: 3150, signal 165265/215322 (executing program) 2022/10/02 10:20:21 fetching corpus: 3200, signal 165891/216461 (executing program) 2022/10/02 10:20:21 fetching corpus: 3250, signal 166641/217682 (executing program) 2022/10/02 10:20:21 fetching corpus: 3300, signal 167612/219007 (executing program) 2022/10/02 10:20:21 fetching corpus: 3350, signal 168511/220218 (executing program) 2022/10/02 10:20:21 fetching corpus: 3400, signal 169581/221507 (executing program) 2022/10/02 10:20:22 fetching corpus: 3450, signal 170581/222780 (executing program) 2022/10/02 10:20:22 fetching corpus: 3500, signal 171677/224099 (executing program) 2022/10/02 10:20:22 fetching corpus: 3550, signal 172470/225217 (executing program) 2022/10/02 10:20:22 fetching corpus: 3600, signal 173722/226513 (executing program) 2022/10/02 10:20:22 fetching corpus: 3650, signal 174280/227501 (executing program) 2022/10/02 10:20:22 fetching corpus: 3700, signal 175374/228726 (executing program) 2022/10/02 10:20:22 fetching corpus: 3750, signal 176233/229838 (executing program) 2022/10/02 10:20:22 fetching corpus: 3800, signal 177340/231063 (executing program) 2022/10/02 10:20:23 fetching corpus: 3850, signal 178708/232372 (executing program) 2022/10/02 10:20:23 fetching corpus: 3900, signal 179465/233411 (executing program) 2022/10/02 10:20:23 fetching corpus: 3950, signal 179904/234281 (executing program) 2022/10/02 10:20:23 fetching corpus: 4000, signal 180800/235353 (executing program) 2022/10/02 10:20:23 fetching corpus: 4050, signal 182190/236632 (executing program) 2022/10/02 10:20:23 fetching corpus: 4100, signal 183358/237796 (executing program) 2022/10/02 10:20:23 fetching corpus: 4150, signal 183842/238685 (executing program) 2022/10/02 10:20:24 fetching corpus: 4200, signal 184531/239576 (executing program) 2022/10/02 10:20:24 fetching corpus: 4250, signal 185478/240616 (executing program) 2022/10/02 10:20:24 fetching corpus: 4300, signal 186363/241589 (executing program) 2022/10/02 10:20:24 fetching corpus: 4350, signal 187047/242486 (executing program) 2022/10/02 10:20:24 fetching corpus: 4400, signal 188015/243494 (executing program) 2022/10/02 10:20:24 fetching corpus: 4450, signal 188755/244382 (executing program) 2022/10/02 10:20:24 fetching corpus: 4500, signal 189200/245168 (executing program) 2022/10/02 10:20:24 fetching corpus: 4550, signal 190055/246128 (executing program) 2022/10/02 10:20:25 fetching corpus: 4600, signal 190684/246974 (executing program) 2022/10/02 10:20:25 fetching corpus: 4650, signal 191434/247823 (executing program) 2022/10/02 10:20:25 fetching corpus: 4700, signal 191824/248529 (executing program) 2022/10/02 10:20:25 fetching corpus: 4750, signal 192603/249384 (executing program) 2022/10/02 10:20:25 fetching corpus: 4800, signal 193324/250196 (executing program) 2022/10/02 10:20:25 fetching corpus: 4850, signal 193927/250970 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/251776 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/252351 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/252950 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/253487 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/254066 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/254647 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/255228 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/255807 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/256369 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/256961 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/257576 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/258143 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/258675 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/259235 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/259821 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/260420 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/260986 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/261582 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/262176 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/262761 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/263316 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/263922 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/264507 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/265096 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/265709 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/266282 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/266842 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/267425 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/268018 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/268533 (executing program) 2022/10/02 10:20:25 fetching corpus: 4876, signal 194680/269085 (executing program) 2022/10/02 10:20:26 fetching corpus: 4876, signal 194680/269685 (executing program) 2022/10/02 10:20:26 fetching corpus: 4876, signal 194680/270255 (executing program) 2022/10/02 10:20:26 fetching corpus: 4876, signal 194680/270848 (executing program) 2022/10/02 10:20:26 fetching corpus: 4876, signal 194680/271452 (executing program) 2022/10/02 10:20:26 fetching corpus: 4876, signal 194680/272036 (executing program) 2022/10/02 10:20:26 fetching corpus: 4876, signal 194680/272621 (executing program) 2022/10/02 10:20:26 fetching corpus: 4876, signal 194680/273162 (executing program) 2022/10/02 10:20:26 fetching corpus: 4876, signal 194680/273162 (executing program) 2022/10/02 10:20:28 starting 8 fuzzer processes 10:20:28 executing program 0: getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={@remote, @empty}, &(0x7f0000000040)=0x8) ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x80049367, &(0x7f0000000080)) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, &(0x7f00000000c0)={0x5, 0x7, 0x0, 0x81, 0x6, [{0xd5b, 0x3, 0x6, '\x00', 0x1382}, {0x6b0, 0x6, 0x80000000, '\x00', 0x3c00}, {0xdf, 0x4fb, 0x9, '\x00', 0x3004}, {0xf0, 0x6, 0x7, '\x00', 0x50fceb146f4e8071}, {0xacc4, 0xfffffffffffffff9, 0xf56, '\x00', 0x2000}, {0x80000000, 0x6a7b, 0x101, '\x00', 0x204}]}) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, &(0x7f0000000240), &(0x7f0000000280)=0xc) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0xc}, @in=@private=0xa010100, 0x4e21, 0x4, 0x4e22, 0x400, 0x2, 0xa0, 0x0, 0x62, 0x0, 0xffffffffffffffff}, {0x45, 0x4, 0xffffffffffffffd8, 0x9, 0x80000000, 0x7fffffff, 0x1000, 0x5}, {0x8fb, 0x1, 0x3ff, 0x1}, 0x8, 0x0, 0x0, 0x0, 0x4}, {{@in=@remote, 0x4d6, 0x33}, 0x2, @in=@multicast1, 0x0, 0x3, 0x1, 0x3f, 0x0, 0x8}}, 0xe8) r0 = openat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x309400, 0x81) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, r1, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x240180d4) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000540)={0x1, @private=0xa010100, 0x4e24, 0x0, 'lblc\x00', 0x0, 0x5, 0x19}, 0x2c) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000580)={0x73, @multicast1, 0x4e24, 0x4, 'sed\x00', 0x34, 0x3f, 0x19}, 0x2c) fallocate(r0, 0x10, 0x6, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/module/rcutree', 0x40000, 0x4) getsockname$inet(r2, &(0x7f0000000600)={0x2, 0x0, @empty}, &(0x7f0000000640)=0x10) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f0000000680)={0x5, 0x1, 0x100000000, 0x10001, 0x6, 0xd98e}) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000006c0), 0x60401, 0x0) sendmsg$TIPC_CMD_GET_NODES(r3, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x10, 0x70bd25, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4) r4 = eventfd2(0x9, 0x80000) pwritev(r4, &(0x7f0000000c80)=[{&(0x7f0000000800)="40d2f319dd50004d95efce65a3bd32dea9ab530b7635cf3624a8668780131e6e0ceb786c9340df8ec6db6b356920063a7620949879b07e381e1875bac981df920afcf64eb3028761580e6613cae6c1e533f5050846326a5de03cb70f4a71b1d81905d43126c82b43b100da9bb3f9e19abcec7277e1a20c1e64338552fd520d42b4822797eea34bc44d440e5f598a40f467081ee58acd1ab70ee17d10fb810d83bdba0dbe2f9266dd8ad1631974a70738e51420d7", 0xb4}, {&(0x7f00000008c0)="915c823fdd1e9eab705956a53e3039364c27ca917fadf949cbffc64223164be75bb9ebc5bdde385600754a9529aa2f5dc06c3e4289f18ac159ad46d14ddec15c20b5e84a9aa7a97e4bf32784f916a92893954912a044fce7c11696e17d9ef41734252dc39013143adc4a21c1ef44f57d5312e36e5736dfa1b3d5b3abb2f22ef4813b836cb9e7c447440d7837680cfd69cda51f78bd969203349819db3aae894b887174ff2a408065781f66e861", 0xad}, {&(0x7f0000000980)="258b1221a881573c4b9262e0aba9c863c2b8366a79db91369568b595eeddc6bd9d29b7fd6f54bb7b7a822a110609ec", 0x2f}, {&(0x7f00000009c0)="8900b359aba846a6693cea8805cf39f2f76de6a0086a5aacfb8d6a169b4a095d5eadd4437812ab4e8627bd", 0x2b}, {&(0x7f0000000a00)="4c1eb1d72d6839575bf79b32d17db7649efff569dccfa73abab153cfac010d476e7e05743ea70c3870f65b053b9f780ecd1c24f2838c0789be8019bc42ccae202b55cc17a6a96d850b0b306b0b4c82e4cd7bba6c98e97d277330831fb2487fa67d9f3ebcafecc7f2e7f59fede46e03f075b78d5bbcbe38019533bc0153b7cfc0c5a39224dd732c52b6f8c4c748a61bd43377efa106c4f24744078c32b88aafd7e07740daa3e8725e0f", 0xa9}, {&(0x7f0000000ac0)="5f971b9353cdf19aa2bba0c548370ace74ec88562a9e236cd399e1cbadb5fc4d0e9e5cfedcb69e72c7f0344e86777979c409914ea8d6929ccb991b90db3bab71821df363b076aa06b85852e08360802db43242defc0938fa61cd2512cf97c1fd095f7cfe0e7fa304d47f757b0cdd1e332174", 0x72}, {&(0x7f0000000b40)="e30d55c367109ca1c2cf395a7a1cc45550fb1570c0b590f62b031a34cd0555989e803e672b93406fd2a0f1203c79407cae95aa354555dedf62b06e9c4583cf0b980d391a913248273972a735fe2fda606864fc9ae843c867328ac89814ccc45db3fa164c468091afdc0409df1513ef75aded2ccb86f17846de7dbedef2cfaf697d8990e502abb35ddbe809d1ada2e3fc0d3bd0eeb7224fa930e562b755156fa6363b49d0815c549bfce3bdc0a2e00992ad", 0xb1}, {&(0x7f0000000c00)="98e125d925ed645a0c0829a4fc2f5b0859f469e79f52b3274d5419c01cd6bcdd4bff93b042230dbde04c18eec29852880f949d72e5412cd67c9605973273b1d5f204ba7a842db0dbcf1d1a28c57d125990fbf0", 0x53}], 0x8, 0x5, 0x60) socket$inet(0x2, 0x80000, 0x9) sendmsg$GTP_CMD_DELPDP(r0, &(0x7f0000000e00)={&(0x7f0000000d00), 0xc, &(0x7f0000000dc0)={&(0x7f0000000d40)={0x5c, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010101}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @remote}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_PEER_ADDRESS={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x27}}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x5c}}, 0x800) 10:20:28 executing program 7: getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000100)={@private, @local, 0x0}, &(0x7f0000000140)=0xc) sendmsg$BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x5c, 0x0, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x8000}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x81}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r0}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8004}, 0x8040) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000280)={0x0, @initdev, @broadcast}, &(0x7f00000002c0)=0xc) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/meminfo\x00', 0x0, 0x0) sendmsg$AUDIT_SET_FEATURE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, 0x3fa, 0x8, 0x70bd28, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x200480a0}, 0x10) ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000000440)={{0x1, 0x1, 0x18, r2, {0x6}}, './file0\x00'}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000500)={'sit0\x00', &(0x7f0000000480)={'syztnl1\x00', r0, 0x29, 0x80, 0x0, 0x8, 0xa, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x80, 0x40, 0x3, 0xc7}}) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r5, 0x20, 0x70bd25, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x4000000) r6 = dup2(r2, r2) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000000700)={'syztnl2\x00', &(0x7f0000000680)={'syztnl2\x00', 0x0, 0x2d, 0x7f, 0x4, 0x100, 0x60, @private1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x10, 0x7800, 0xffffffff, 0x40}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000007c0)={'syztnl0\x00', &(0x7f0000000740)={'ip6gre0\x00', r7, 0x4, 0x40, 0x7f, 0x8, 0x2, @mcast1, @rand_addr=' \x01\x00', 0x7800, 0x40, 0x0, 0x6}}) r8 = fsmount(0xffffffffffffffff, 0x1, 0x7a) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r8, 0x89f6, &(0x7f0000000880)={'ip6gre0\x00', &(0x7f0000000800)={'ip6tnl0\x00', r1, 0x29, 0x6d, 0x8, 0x7, 0x8, @local, @remote, 0x80, 0xf, 0x6, 0x7}}) r9 = socket$inet_tcp(0x2, 0x1, 0x0) fstatfs(r9, &(0x7f00000008c0)=""/123) r10 = syz_open_dev$vcsa(&(0x7f0000000940), 0x5, 0x4000) setsockopt$packet_add_memb(r10, 0x107, 0x1, &(0x7f0000000980)={r4, 0x1, 0x6, @broadcast}, 0x10) r11 = openat$zero(0xffffffffffffff9c, &(0x7f00000009c0), 0xc4300, 0x0) ioctl$FS_IOC_GETFLAGS(r11, 0x80086601, &(0x7f0000000a00)) 10:20:28 executing program 1: r0 = timerfd_create(0x4, 0x800) ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f0000000080)={0x6eb, 0x48, [0x1, 0x9, 0x3ff, 0x2000000000000000], &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000140)={{r1, r2+10000000}, {r3, r4+10000000}}, &(0x7f0000000180)) ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0) syz_io_uring_setup(0x51a6, &(0x7f00000001c0)={0x0, 0x3d35, 0x2, 0x2, 0x4d}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000240)=0x0, &(0x7f0000000280)) r6 = openat$full(0xffffffffffffff9c, &(0x7f00000002c0), 0x884, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000800)=@IORING_OP_RECVMSG={0xa, 0x3, 0x0, r6, 0x0, &(0x7f00000007c0)={&(0x7f0000000300)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000380)=""/208, 0xd0}, {&(0x7f0000000480)=""/57, 0x39}, {&(0x7f00000004c0)=""/213, 0xd5}, {&(0x7f00000005c0)=""/135, 0x87}, {&(0x7f0000000680)=""/158, 0x9e}], 0x5}, 0x0, 0x2, 0x0, {0x2}}, 0x3ff) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r6, 0xc0189374, &(0x7f0000000840)={{0x1, 0x1, 0x18, r6}, '\x00'}) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r7, 0x40485404, &(0x7f0000000880)={{0xffffffffffffffff, 0x2, 0x7, 0x2, 0x6}, 0x100000000, 0x1}) futex(&(0x7f0000000900)=0x2, 0x7, 0x1, &(0x7f0000000940)={0x0, 0x989680}, &(0x7f0000000980)=0x1, 0x1) syz_io_uring_setup(0x494f, &(0x7f00000009c0)={0x0, 0xe74c, 0x4, 0x1, 0x2a9}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000a40), &(0x7f0000000a80)) r8 = openat$sr(0xffffffffffffff9c, &(0x7f0000000ac0), 0x400000, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(r8, 0xc0389424, &(0x7f0000000b40)={0x3f, 0x18, '\x00', 0x0, &(0x7f0000000b00)=[0x0, 0x0, 0x0]}) socketpair(0x1a, 0x6, 0x8, &(0x7f0000000b80)={0xffffffffffffffff}) setsockopt$bt_l2cap_L2CAP_LM(r9, 0x6, 0x3, &(0x7f0000000bc0)=0x9, 0x4) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r8, 0xc018937b, &(0x7f0000000c00)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) io_uring_enter(r10, 0x4f38, 0x29b5, 0x0, &(0x7f0000000c40)={[0x7fffffff]}, 0x8) futex(&(0x7f0000000c80), 0xa, 0x0, &(0x7f0000000d00), &(0x7f0000000d40)=0x1, 0x0) 10:20:28 executing program 2: sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x4, 0x8, 0x201, 0x0, 0x0, {0x7, 0x0, 0xa}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xa01}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x851}, 0x20048400) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x6c, 0x0, 0x8, 0x201, 0x0, 0x0, {0x5, 0x0, 0xa}, [@CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0xfffffffa}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x81}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x1f}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88ca}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_SYN_SENT2={0x8}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x20000054) fcntl$setstatus(r0, 0x4, 0x44000) ioctl$int_in(r0, 0x5452, &(0x7f0000000280)=0x202000000000000) ioctl$CDROMVOLCTRL(r0, 0x530a, &(0x7f00000002c0)={0x7, 0x40, 0x81, 0xa2}) sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, 0x7, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4008001) sendmsg$NFT_MSG_GETOBJ_RESET(r0, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x4c, 0x15, 0xa, 0x101, 0x0, 0x0, {0xc}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20004001}, 0x40880) fchdir(r0) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f00000008c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000580)={0x2c8, 0x0, 0x10, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x104, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0xa1, 0x3, "b2e259fd6e52288d4c376b932191c76fd140194d2e67998627f2e648d7351a3c5884490be515af6800325f2f60f6e11a34536b81ebdced7b98905172aab1c3f7ab9cc2608b5d4fe92ddef82e14c90b9bbd1c5e94ba4e8b3e08c018262285e9b7595e48bb353961d5cf7fa0f89d5eb884161ef2afb61aba3137c388a29b26379064c816bf7394997e7fcd3132477d949856fd062240c82bec14133544ec"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x81}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x41, 0x4, {'gcm(aes)\x00', 0x19, "fc3cf70ef691207ddf6022044a4eca97796b10767452b41587"}}]}, @TIPC_NLA_BEARER={0x128, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_BEARER_NAME={0x16, 0x1, @l2={'eth', 0x3a, 'veth1_to_bond\x00'}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffd9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x3, @dev={0xfe, 0x80, '\x00', 0x25}, 0xf68}}, {0x14, 0x2, @in={0x2, 0x4e21, @multicast2}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x8, @mcast2, 0x4}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x2, @loopback, 0x6b}}}}, @TIPC_NLA_BEARER_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xed}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'ib', 0x3a, 'vxcan1\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x17}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x19}]}, @TIPC_NLA_BEARER={0x54, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'team0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x760}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'eth', 0x3a, 'veth1_to_hsr\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x2c8}}, 0x10000005) sendmsg$NFT_MSG_GETOBJ_RESET(r0, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x40, 0x15, 0xa, 0x801, 0x0, 0x0, {0xc}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x9081}, 0x4850) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000a00)={0xc}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000a40), 0x101002, 0x0) r2 = syz_io_uring_setup(0x7446, &(0x7f0000000a80)={0x0, 0x5fee, 0x1, 0x2, 0x266, 0x0, r1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000b00), &(0x7f0000000b40)) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r2, 0xf503, 0x0) fsetxattr$trusted_overlay_nlink(r1, &(0x7f0000000b80), &(0x7f0000000bc0)={'U+', 0x22e1}, 0x16, 0x3) ioctl$EXT4_IOC_GROUP_EXTEND(r2, 0x40086607, &(0x7f0000000c00)=0x20) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000c80), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_ADD_DEV(r3, &(0x7f0000000d40)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x20, r4, 0x20, 0x70bd2c, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8}, 0x48800) 10:20:28 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f0000000000)={0x1, 0x7}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0xf5, 0x0, 0x1, 0xec}, 0x14) r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x74, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @handle=@pci={{0x8}, {0x11}}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x40) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/connector\x00') accept$packet(r1, 0x0, &(0x7f0000000200)) r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000280)=0x7fff) r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000002c0), 0x80101, 0x0) fremovexattr(r3, &(0x7f0000000300)=@known='trusted.overlay.metacopy\x00') bind$packet(r3, &(0x7f0000000340)={0x11, 0x18, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r3, 0xf501, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wpan3\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wpan1\x00', 0x0}) sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x3c, 0x0, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x20000041) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000540), r3) ioctl$sock_ipv6_tunnel_SIOCGETPRL(0xffffffffffffffff, 0x89f4, &(0x7f0000000600)={'syztnl2\x00', &(0x7f0000000580)={'syztnl2\x00', 0x0, 0x2f, 0x4c, 0x9, 0xcd, 0xc, @local, @rand_addr=' \x01\x00', 0x80, 0x700, 0x4, 0x7}}) sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f0000000700)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x64, r6, 0x800, 0x70bd28, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x34}}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6}]}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x40000) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000740)) sendmsg$nl_generic(r0, &(0x7f0000000940)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000900)={&(0x7f0000000800)={0xc8, 0x13, 0x2, 0x70bd2b, 0x25dfdbff, {0x1f}, [@nested={0xb1, 0xb, 0x0, 0x1, [@typed={0x8, 0x93, 0x0, 0x0, @uid=0xee01}, @generic="835c6cdef9a5973b9c9c714790826e3f37b21c19174c58af6ab1fe8f586080e31b581dec083d39097f6133876b298db6c1882bdfc9af81e898cb09dad15f73709a31df973722c2964353863530ad336026ce9e7b06e170f216f4a3b55ddf288f748728ac9ad4c31d63572fd3f500028d01a086727f5c642108c94292010e4aff9e6723279bbf90a08dada11458c146e3d16f00e619aa9dd2f5b9cb980666cdb262fd600793"]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x8048}, 0x4000800) [ 66.287080] audit: type=1400 audit(1664706028.554:6): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:20:28 executing program 4: set_robust_list(&(0x7f0000000080)={0x0, 0x5, &(0x7f0000000040)={&(0x7f0000000000)}}, 0x18) get_robust_list(0x0, &(0x7f0000000200)=&(0x7f00000001c0)={&(0x7f0000000100)={&(0x7f00000000c0)}, 0x0, &(0x7f0000000180)={&(0x7f0000000140)}}, &(0x7f0000000240)=0x18) get_robust_list(0x0, &(0x7f0000000340)=&(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)}}, &(0x7f0000000380)=0x18) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f00000003c0)) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x4) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, &(0x7f0000000400)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000440)={0x3, 0x1000, 0x7fff, 0x80, 0x1b, "7c8f06a299033de0d611a43ba201f8bca459c0"}) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x88000) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f00000004c0)={0x2, 0x3, 0x9}) get_robust_list(0x0, &(0x7f0000000600)=&(0x7f00000005c0)={&(0x7f0000000540)={&(0x7f0000000500)}, 0x0, &(0x7f0000000580)}, &(0x7f0000000640)=0x18) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000680), 0x4000, 0x0) ioctl$KDFONTOP_GET(r1, 0x4b72, &(0x7f0000000ac0)={0x1, 0x0, 0x13, 0x4, 0x17e, &(0x7f00000006c0)}) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000b00)={0x165, 0x8, 0x0, 0x1, 0x2, [{0x4, 0xfa35, 0xfffffffffffffff8, '\x00', 0x8}, {0x8, 0x80000001, 0x80, '\x00', 0x8}]}) perf_event_open(&(0x7f0000000bc0)={0x0, 0x80, 0x40, 0x81, 0x1, 0x80, 0x0, 0x10000, 0x4200, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x4, @perf_config_ext={0x4, 0x1}, 0x4000, 0xffffffff, 0x66, 0x3, 0x101, 0xffffff80, 0x0, 0x0, 0x9, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(0xffffffffffffffff, 0x80089419, &(0x7f0000000c40)) clone3(&(0x7f0000000f00)={0x1000, &(0x7f0000000d00), &(0x7f0000000d40), &(0x7f0000000d80)=0x0, {0x19}, &(0x7f0000000dc0)=""/167, 0xa7, &(0x7f0000000e80)=""/47, &(0x7f0000000ec0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff], 0x8, {r0}}, 0x58) perf_event_open(&(0x7f0000000c80)={0x4, 0x80, 0x0, 0xff, 0x9, 0x80, 0x0, 0x2, 0x80a02, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x1f, 0xffff}, 0x6, 0xfffffffffffffffc, 0xffff, 0x3, 0x3, 0x100, 0x9, 0x0, 0x0, 0x0, 0xfff}, r2, 0xc, r0, 0xb) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000000fc0)) 10:20:28 executing program 5: openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x200201, 0x0) fchmod(r0, 0x140) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'}) r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) write$binfmt_aout(r3, &(0x7f0000000100)={{0x107, 0x2, 0x4, 0x0, 0x86, 0x8000, 0x2ee, 0x14}, "97bd20f53e05d5ba1bba92b32f3a31d8635208de214e0ecb0c3245df978eda680deb6fb394bf2064b6c1609c449b50e7d56146e51d148ab503405ac7dfa5ec2be99e70b8fd8617415ff175d8ef351fb5495456a850dab46f1738219b6fe35eb84f7d11aa7fb8dc72efa8a7a4ff8a61dacab9ca3efb0dde1fbdcf0bcdb0024aeca5d967da8726f60b5846573a63361a931a0990f4c3a6792ebd4ec0a0a94144a69544010d216093d216589c8e6a9ed8199205c552f4b4b7b49afebe45297b9c9fa6e47136a9405edd67261d45a9f87a861b378bd2dcad09a83630fe40c889eb8dd0ba4fbebd4468418370d0dce5c5f724238410c8518e2e6a838d1745afbee1", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xb1f) r4 = clone3(&(0x7f0000001e40)={0x80400, &(0x7f0000000c40)=0xffffffffffffffff, &(0x7f0000000c80), &(0x7f0000000cc0), {0x27}, &(0x7f0000000d00)=""/218, 0xda, &(0x7f0000000e00)=""/4096, &(0x7f0000001e00)=[0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0], 0x5, {r2}}, 0x58) ioctl$FIONCLEX(r5, 0x5450) r6 = clone3(&(0x7f0000002100)={0x100, &(0x7f0000001ec0)=0xffffffffffffffff, &(0x7f0000001f00), &(0x7f0000001f40), {0x3b}, &(0x7f0000001f80)=""/172, 0xac, &(0x7f0000002040)=""/109, &(0x7f00000020c0)=[r4], 0x1, {r2}}, 0x58) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000003e40)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) waitid$P_PIDFD(0x3, r8, &(0x7f0000003e80), 0x2, &(0x7f0000003f00)) r9 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000003fc0), 0x6843, 0x0) preadv(r7, &(0x7f0000004080)=[{&(0x7f0000004000)=""/61, 0x3d}, {&(0x7f0000004040)=""/49, 0x31}], 0x2, 0x10000, 0x400) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000004100)={0x1, &(0x7f00000040c0)=[{0x81, 0x6a, 0x6, 0xe2d}]}) r11 = open_tree(0xffffffffffffffff, &(0x7f0000004140)='./file0\x00', 0x91f149c50aaf2bd4) sendfile(r10, r11, &(0x7f0000004180)=0xfffffffffffffffe, 0x100) fcntl$getownex(r3, 0x10, &(0x7f0000004400)={0x0, 0x0}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r9, 0xc0502100, &(0x7f0000004440)={0x0, 0x0}) clone3(&(0x7f0000004500)={0x89780000, &(0x7f00000041c0), &(0x7f0000004200), &(0x7f0000004240), {0x16}, &(0x7f0000004280)=""/73, 0x49, &(0x7f0000004300)=""/202, &(0x7f00000044c0)=[r4, r12, r6, r13], 0x4, {r9}}, 0x58) 10:20:28 executing program 6: r0 = semget(0x2, 0x2, 0x108) semctl$GETPID(r0, 0x3, 0xb, &(0x7f0000000000)=""/80) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000080)=[0xa759, 0x7]) r1 = semget$private(0x0, 0x3, 0x600) semctl$IPC_RMID(r1, 0x0, 0x0) semctl$SETALL(r0, 0x0, 0x11, &(0x7f00000000c0)=[0x3, 0x4, 0x1000]) semctl$IPC_RMID(r0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000100)={{{@in=@dev, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@remote}}, &(0x7f0000000200)=0xe8) r4 = getegid() semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f0000000340)={{0x0, r3, 0xee01, 0xffffffffffffffff, r4, 0x130, 0xd0}, 0x7, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x401}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0}, &(0x7f0000000480)=0xc) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in6=@dev={0xfe, 0x80, '\x00', 0x36}, 0x1, 0xfffc, 0x4e23, 0x8000, 0x2, 0xa0, 0xe0, 0x3a, r2, r5}, {0x1000, 0x8, 0x1ff, 0x7, 0x7, 0x5, 0xff, 0x1f}, {0x80000000, 0x4, 0x9, 0x486e}, 0x2, 0x6e6bbd, 0x2, 0x1, 0x1}, {{@in=@multicast2, 0x4d5, 0x33}, 0xa, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3504, 0x2, 0x1, 0xf9, 0x3ff, 0xd63b, 0x5a}}, 0xe8) semctl$SETALL(r1, 0x0, 0x11, &(0x7f00000005c0)=[0x7]) r6 = semget(0x2, 0x3, 0x208) semctl$IPC_RMID(r6, 0x0, 0x0) r7 = semget$private(0x0, 0x4, 0x0) semctl$SETALL(r7, 0x0, 0x11, &(0x7f0000000600)=[0x2, 0x96cb, 0x2]) r8 = semget$private(0x0, 0x1, 0x100) semctl$IPC_RMID(r8, 0x0, 0x0) semop(r8, &(0x7f0000000640)=[{0x3, 0x7fff, 0x800}, {0x0, 0x1f}, {0x2, 0x43c3, 0x800}, {0x0, 0x7fff, 0x1000}], 0x4) [ 67.601067] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.602667] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.604594] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.606013] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.609218] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.611139] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.612730] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.617542] Bluetooth: hci0: HCI_REQ-0x0c1a [ 67.630928] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.636691] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.643444] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.645211] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.646859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.653376] Bluetooth: hci1: HCI_REQ-0x0c1a [ 67.655667] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.657195] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.658736] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.659205] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.660944] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.662093] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.678024] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.680426] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.682202] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.692629] Bluetooth: hci3: HCI_REQ-0x0c1a [ 67.711330] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.715539] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.719949] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.723084] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.725480] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 67.726833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 67.732626] Bluetooth: hci4: HCI_REQ-0x0c1a [ 67.759804] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.767081] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 67.778388] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.781220] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 67.783782] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 67.787522] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.800058] Bluetooth: hci2: HCI_REQ-0x0c1a [ 67.800212] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 67.802628] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.804169] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 67.812209] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 67.813342] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.815559] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 67.816605] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 67.817640] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.821795] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 67.834122] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 67.835189] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.845667] Bluetooth: hci7: HCI_REQ-0x0c1a [ 67.864123] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 67.865374] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 67.869091] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.870031] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 67.880381] Bluetooth: hci6: HCI_REQ-0x0c1a [ 67.883615] Bluetooth: hci5: HCI_REQ-0x0c1a [ 69.680827] Bluetooth: hci1: command 0x0409 tx timeout [ 69.680841] Bluetooth: hci0: command 0x0409 tx timeout [ 69.744766] Bluetooth: hci3: command 0x0409 tx timeout [ 69.808602] Bluetooth: hci4: command 0x0409 tx timeout [ 69.873081] Bluetooth: hci7: command 0x0409 tx timeout [ 69.873102] Bluetooth: hci2: command 0x0409 tx timeout [ 69.936562] Bluetooth: hci6: command 0x0409 tx timeout [ 69.936594] Bluetooth: hci5: command 0x0409 tx timeout [ 71.728619] Bluetooth: hci0: command 0x041b tx timeout [ 71.729571] Bluetooth: hci1: command 0x041b tx timeout [ 71.792532] Bluetooth: hci3: command 0x041b tx timeout [ 71.856532] Bluetooth: hci4: command 0x041b tx timeout [ 71.920565] Bluetooth: hci2: command 0x041b tx timeout [ 71.920582] Bluetooth: hci7: command 0x041b tx timeout [ 71.984575] Bluetooth: hci5: command 0x041b tx timeout [ 71.986595] Bluetooth: hci6: command 0x041b tx timeout [ 73.776541] Bluetooth: hci1: command 0x040f tx timeout [ 73.777096] Bluetooth: hci0: command 0x040f tx timeout [ 73.840544] Bluetooth: hci3: command 0x040f tx timeout [ 73.904531] Bluetooth: hci4: command 0x040f tx timeout [ 73.968546] Bluetooth: hci2: command 0x040f tx timeout [ 73.969652] Bluetooth: hci7: command 0x040f tx timeout [ 74.032531] Bluetooth: hci6: command 0x040f tx timeout [ 74.033047] Bluetooth: hci5: command 0x040f tx timeout [ 75.824580] Bluetooth: hci0: command 0x0419 tx timeout [ 75.825002] Bluetooth: hci1: command 0x0419 tx timeout [ 75.889603] Bluetooth: hci3: command 0x0419 tx timeout [ 75.953511] Bluetooth: hci4: command 0x0419 tx timeout [ 76.017524] Bluetooth: hci7: command 0x0419 tx timeout [ 76.017917] Bluetooth: hci2: command 0x0419 tx timeout [ 76.080534] Bluetooth: hci5: command 0x0419 tx timeout [ 76.080915] Bluetooth: hci6: command 0x0419 tx timeout 10:21:21 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_rdma(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="7472616e733d72f5eeb6a088000740c2c066fd0ebaab3ea8a932c659834f09d6cea49a3ea6808f64e52ef148f7860777597486b340bf70f6982a60"]) rmdir(&(0x7f0000000600)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x80100, 0x300) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000003c0)={{{@in=@multicast2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@empty}}, &(0x7f00000004c0)=0xe8) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000380)=[{&(0x7f0000000180)="226652b4fd62b81807ea91031291ec8b65280c8d4a4f82d9d5e2397ebe8fac32f9c132bdba9903223d52c477ec6bd5d9415206e8d199e12bcdef5df9225f9ce3be438d649dd0f641ecf8ed9111cbfbd82315d3224fbc4c6166dca237770564877fb4f138c1f2d3215f6e7a5443d2d5cbcb58516fa967afd58edf97470cf92e3a1f2127af46d089b5d8cb6dd2df87234957c01a30a62a3b4370a8116e007595b5be45abcd61b49bcf714d5a5ef8d185f264998c4248bf70063e3e18ae12abeb1280f39261e77051c4fb7589af7b5691de9e659ea9d7", 0xd5, 0x4}, {&(0x7f0000000280)="a4ba60fe56d7063f4fea73db5e36e76d8eb4ed5bc3f66b28d456358ea1d857c85422e51f72e1560098d19c5f97fe4dd72707ceb2a70af2baea34f928415139672e34ca207ae1ba4dba84749a2e206a9a7187ef495f412437133054687ff8daa324d0638090f9a4f693e9addec87c5357be7eaed5c1351cb56bdab71bbffd9940ccc3508fd4bdcd09593c301fa6c85906bda026b5763cfcae7bc19ccb21b723a0f460d3db8b1c35438917d50c5e407703298d4a7e0f519b49771f678fc349414a74899bc7246f77c9972b2736ba37e5ae1b7e0763b9a2214c2467662d8cceb8c62aa1", 0xe2, 0x6c1}], 0x182c00, &(0x7f0000000500)={[{@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@quota}, {@oldalloc}, {@commit={'commit', 0x3d, 0x10000}}], [{@audit}, {@uid_eq={'uid', 0x3d, r0}}, {@dont_hash}, {@smackfstransmute={'smackfstransmute', 0x3d, '-'}}, {@appraise}, {@fsname={'fsname', 0x3d, '9p\x00'}}, {@audit}]}) 10:21:22 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1036e1, 0x0) fcntl$lock(r0, 0x24, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) r1 = getpid() r2 = fork() kcmp(r1, r2, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB='\a'], 0x0) perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0xff, 0x5, 0x0, 0x6, 0x0, 0x7, 0x20, 0xf, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x401, 0xa008}, 0x0, 0x80000001, 0x493, 0x2, 0x5, 0x7, 0x101, 0x0, 0x0, 0x0, 0x2}, r1, 0xb, r3, 0x9) clone3(&(0x7f00000004c0)={0x201200000, &(0x7f0000000000), &(0x7f0000000280)=0x0, &(0x7f00000002c0), {0x38}, &(0x7f0000000300)=""/95, 0x5f, &(0x7f0000000380)=""/236, &(0x7f0000000480)=[r1, r1, r1, r1, r2, r1], 0x6, {r3}}, 0x58) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x8, 0x2, 0xde, 0x0, 0x0, 0x41600, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x1f, 0x500000000}, 0x404, 0x401, 0xa27, 0x2, 0x0, 0x7, 0x7fff, 0x0, 0x7fffffff}, r4, 0x8, r3, 0x3) [ 119.777790] loop1: detected capacity change from 0 to 6 [ 119.788863] audit: type=1400 audit(1664706082.056:7): avc: denied { open } for pid=3893 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.791404] audit: type=1400 audit(1664706082.056:8): avc: denied { kernel } for pid=3893 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.803007] ------------[ cut here ]------------ [ 119.803029] [ 119.803033] ====================================================== [ 119.803036] WARNING: possible circular locking dependency detected [ 119.803040] 6.0.0-rc7-next-20220930 #1 Not tainted [ 119.803046] ------------------------------------------------------ [ 119.803049] syz-executor.2/3894 is trying to acquire lock: [ 119.803056] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 119.803094] [ 119.803094] but task is already holding lock: [ 119.803096] ffff88800f5c0c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 119.803122] [ 119.803122] which lock already depends on the new lock. [ 119.803122] [ 119.803125] [ 119.803125] the existing dependency chain (in reverse order) is: [ 119.803128] [ 119.803128] -> #3 (&ctx->lock){....}-{2:2}: [ 119.803141] _raw_spin_lock+0x2a/0x40 [ 119.803153] __perf_event_task_sched_out+0x53b/0x18d0 [ 119.803164] __schedule+0xedd/0x2470 [ 119.803178] schedule+0xda/0x1b0 [ 119.803191] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.803203] syscall_exit_to_user_mode+0x19/0x40 [ 119.803215] do_syscall_64+0x48/0x90 [ 119.803232] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.803244] [ 119.803244] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 119.803258] _raw_spin_lock_nested+0x30/0x40 [ 119.803268] raw_spin_rq_lock_nested+0x1e/0x30 [ 119.803281] task_fork_fair+0x63/0x4d0 [ 119.803297] sched_cgroup_fork+0x3d0/0x540 [ 119.803311] copy_process+0x4183/0x6e20 [ 119.803321] kernel_clone+0xe7/0x890 [ 119.803330] user_mode_thread+0xad/0xf0 [ 119.803340] rest_init+0x24/0x250 [ 119.803352] arch_call_rest_init+0xf/0x14 [ 119.803369] start_kernel+0x4c6/0x4eb [ 119.803384] secondary_startup_64_no_verify+0xe0/0xeb [ 119.803398] [ 119.803398] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 119.803411] _raw_spin_lock_irqsave+0x39/0x60 [ 119.803422] try_to_wake_up+0xab/0x1930 [ 119.803435] up+0x75/0xb0 [ 119.803449] __up_console_sem+0x6e/0x80 [ 119.803464] console_unlock+0x46a/0x590 [ 119.803480] do_con_write+0xc05/0x1d50 [ 119.803490] con_write+0x21/0x40 [ 119.803499] n_tty_write+0x4d4/0xfe0 [ 119.803510] file_tty_write.constprop.0+0x455/0x8a0 [ 119.803521] vfs_write+0x9c3/0xd90 [ 119.803538] ksys_write+0x127/0x250 [ 119.803553] do_syscall_64+0x3b/0x90 [ 119.803569] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.803582] [ 119.803582] -> #0 ((console_sem).lock){....}-{2:2}: [ 119.803595] __lock_acquire+0x2a02/0x5e70 [ 119.803612] lock_acquire+0x1a2/0x530 [ 119.803627] _raw_spin_lock_irqsave+0x39/0x60 [ 119.803638] down_trylock+0xe/0x70 [ 119.803652] __down_trylock_console_sem+0x3b/0xd0 [ 119.803668] vprintk_emit+0x16b/0x560 [ 119.803684] vprintk+0x84/0xa0 [ 119.803699] _printk+0xba/0xf1 [ 119.803711] report_bug.cold+0x72/0xab [ 119.803726] handle_bug+0x3c/0x70 [ 119.803743] exc_invalid_op+0x14/0x50 [ 119.803759] asm_exc_invalid_op+0x16/0x20 [ 119.803771] group_sched_out.part.0+0x2c7/0x460 [ 119.803789] ctx_sched_out+0x8f1/0xc10 [ 119.803805] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.803816] __schedule+0xedd/0x2470 [ 119.803829] schedule+0xda/0x1b0 [ 119.803842] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.803853] syscall_exit_to_user_mode+0x19/0x40 [ 119.803865] do_syscall_64+0x48/0x90 [ 119.803881] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.803894] [ 119.803894] other info that might help us debug this: [ 119.803894] [ 119.803896] Chain exists of: [ 119.803896] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 119.803896] [ 119.803911] Possible unsafe locking scenario: [ 119.803911] [ 119.803913] CPU0 CPU1 [ 119.803915] ---- ---- [ 119.803917] lock(&ctx->lock); [ 119.803923] lock(&rq->__lock); [ 119.803929] lock(&ctx->lock); [ 119.803935] lock((console_sem).lock); [ 119.803941] [ 119.803941] *** DEADLOCK *** [ 119.803941] [ 119.803942] 2 locks held by syz-executor.2/3894: [ 119.803949] #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 119.803978] #1: ffff88800f5c0c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 119.804004] [ 119.804004] stack backtrace: [ 119.804007] CPU: 1 PID: 3894 Comm: syz-executor.2 Not tainted 6.0.0-rc7-next-20220930 #1 [ 119.804019] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.804027] Call Trace: [ 119.804030] [ 119.804034] dump_stack_lvl+0x8b/0xb3 [ 119.804053] check_noncircular+0x263/0x2e0 [ 119.804069] ? format_decode+0x26c/0xb50 [ 119.804085] ? print_circular_bug+0x450/0x450 [ 119.804102] ? simple_strtoul+0x30/0x30 [ 119.804117] ? perf_trace_lock+0x308/0x560 [ 119.804131] ? format_decode+0x26c/0xb50 [ 119.804149] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 119.804167] __lock_acquire+0x2a02/0x5e70 [ 119.804190] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 119.804214] lock_acquire+0x1a2/0x530 [ 119.804231] ? down_trylock+0xe/0x70 [ 119.804248] ? lock_release+0x750/0x750 [ 119.804270] ? vprintk+0x84/0xa0 [ 119.804288] _raw_spin_lock_irqsave+0x39/0x60 [ 119.804300] ? down_trylock+0xe/0x70 [ 119.804316] down_trylock+0xe/0x70 [ 119.804331] ? vprintk+0x84/0xa0 [ 119.804348] __down_trylock_console_sem+0x3b/0xd0 [ 119.804365] vprintk_emit+0x16b/0x560 [ 119.804385] vprintk+0x84/0xa0 [ 119.804402] _printk+0xba/0xf1 [ 119.804414] ? record_print_text.cold+0x16/0x16 [ 119.804431] ? report_bug.cold+0x66/0xab [ 119.804449] ? group_sched_out.part.0+0x2c7/0x460 [ 119.804467] report_bug.cold+0x72/0xab [ 119.804486] handle_bug+0x3c/0x70 [ 119.804504] exc_invalid_op+0x14/0x50 [ 119.804522] asm_exc_invalid_op+0x16/0x20 [ 119.804535] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 119.804555] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 119.804566] RSP: 0018:ffff888040887c48 EFLAGS: 00010006 [ 119.804575] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.804582] RDX: ffff88801a558000 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 119.804590] RBP: ffff888040888000 R08: 0000000000000005 R09: 0000000000000001 [ 119.804597] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800f5c0c00 [ 119.804604] R13: ffff88806cf3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 119.804616] ? group_sched_out.part.0+0x2c7/0x460 [ 119.804636] ? group_sched_out.part.0+0x2c7/0x460 [ 119.804657] ctx_sched_out+0x8f1/0xc10 [ 119.804677] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.804692] ? lock_is_held_type+0xd7/0x130 [ 119.804706] ? __perf_cgroup_move+0x160/0x160 [ 119.804717] ? set_next_entity+0x304/0x550 [ 119.804734] ? update_curr+0x267/0x740 [ 119.804753] ? lock_is_held_type+0xd7/0x130 [ 119.804767] __schedule+0xedd/0x2470 [ 119.804785] ? io_schedule_timeout+0x150/0x150 [ 119.804802] ? __x64_sys_futex_time32+0x480/0x480 [ 119.804817] schedule+0xda/0x1b0 [ 119.804832] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.804845] syscall_exit_to_user_mode+0x19/0x40 [ 119.804858] do_syscall_64+0x48/0x90 [ 119.804876] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.804889] RIP: 0033:0x7f6521657b19 [ 119.804897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.804908] RSP: 002b:00007f651ebcd218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.804918] RAX: 0000000000000001 RBX: 00007f652176af68 RCX: 00007f6521657b19 [ 119.804926] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f652176af6c [ 119.804933] RBP: 00007f652176af60 R08: 000000000000000e R09: 0000000000000000 [ 119.804940] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f652176af6c [ 119.804947] R13: 00007ffe37aeb72f R14: 00007f651ebcd300 R15: 0000000000022000 [ 119.804961] [ 119.863036] WARNING: CPU: 1 PID: 3894 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 119.863726] Modules linked in: [ 119.863968] CPU: 1 PID: 3894 Comm: syz-executor.2 Not tainted 6.0.0-rc7-next-20220930 #1 [ 119.864567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.865397] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 119.865809] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 119.867157] RSP: 0018:ffff888040887c48 EFLAGS: 00010006 [ 119.867558] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.868089] RDX: ffff88801a558000 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 119.868623] RBP: ffff888040888000 R08: 0000000000000005 R09: 0000000000000001 [ 119.869155] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800f5c0c00 [ 119.869685] R13: ffff88806cf3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 119.870220] FS: 00007f651ebcd700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 119.870829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.871262] CR2: 00007feb1c9108b0 CR3: 000000003f8fa000 CR4: 0000000000350ee0 [ 119.871795] Call Trace: [ 119.871992] [ 119.872169] ctx_sched_out+0x8f1/0xc10 [ 119.872478] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.872872] ? lock_is_held_type+0xd7/0x130 [ 119.873203] ? __perf_cgroup_move+0x160/0x160 [ 119.873542] ? set_next_entity+0x304/0x550 [ 119.873871] ? update_curr+0x267/0x740 [ 119.874178] ? lock_is_held_type+0xd7/0x130 [ 119.874526] __schedule+0xedd/0x2470 [ 119.874821] ? io_schedule_timeout+0x150/0x150 [ 119.875177] ? __x64_sys_futex_time32+0x480/0x480 [ 119.875546] schedule+0xda/0x1b0 [ 119.875814] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.876195] syscall_exit_to_user_mode+0x19/0x40 [ 119.876557] do_syscall_64+0x48/0x90 [ 119.876849] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.877239] RIP: 0033:0x7f6521657b19 [ 119.877523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.878876] RSP: 002b:00007f651ebcd218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.879448] RAX: 0000000000000001 RBX: 00007f652176af68 RCX: 00007f6521657b19 [ 119.879981] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f652176af6c [ 119.880518] RBP: 00007f652176af60 R08: 000000000000000e R09: 0000000000000000 [ 119.881048] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f652176af6c [ 119.881579] R13: 00007ffe37aeb72f R14: 00007f651ebcd300 R15: 0000000000022000 [ 119.882118] [ 119.882313] irq event stamp: 602 [ 119.882565] hardirqs last enabled at (601): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 119.883258] hardirqs last disabled at (602): [] __schedule+0x1225/0x2470 [ 119.883871] softirqs last enabled at (420): [] __irq_exit_rcu+0x11b/0x180 [ 119.884508] softirqs last disabled at (411): [] __irq_exit_rcu+0x11b/0x180 [ 119.885150] ---[ end trace 0000000000000000 ]--- [ 119.905068] 9pnet: Could not find request transport: rõˆ [ 119.908401] 9pnet: Could not find request transport: rõˆ 10:21:22 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r1, 0x0) shutdown(r1, 0x1) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x202, 0x0) getsockopt$bt_BT_SNDMTU(r2, 0x112, 0xc, &(0x7f00000001c0)=0x3, &(0x7f0000000200)=0x2) lseek(0xffffffffffffffff, 0x4, 0x6b417b1c08756aa5) sendfile(r0, 0xffffffffffffffff, 0x0, 0x1ff) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) setsockopt$inet_tcp_int(r3, 0x6, 0x11, &(0x7f0000000140)=0x2, 0x4) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) 10:21:22 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r1, 0x0) shutdown(r1, 0x1) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x202, 0x0) getsockopt$bt_BT_SNDMTU(r2, 0x112, 0xc, &(0x7f00000001c0)=0x3, &(0x7f0000000200)=0x2) lseek(0xffffffffffffffff, 0x4, 0x6b417b1c08756aa5) sendfile(r0, 0xffffffffffffffff, 0x0, 0x1ff) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) setsockopt$inet_tcp_int(r3, 0x6, 0x11, &(0x7f0000000140)=0x2, 0x4) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) 10:21:22 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r1, 0x0) shutdown(r1, 0x1) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x202, 0x0) getsockopt$bt_BT_SNDMTU(r2, 0x112, 0xc, &(0x7f00000001c0)=0x3, &(0x7f0000000200)=0x2) lseek(0xffffffffffffffff, 0x4, 0x6b417b1c08756aa5) sendfile(r0, 0xffffffffffffffff, 0x0, 0x1ff) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) setsockopt$inet_tcp_int(r3, 0x6, 0x11, &(0x7f0000000140)=0x2, 0x4) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) 10:21:22 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_9p2000}]}}) r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x2) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'}) openat$cgroup_netprio_ifpriomap(r4, &(0x7f0000000140), 0x2, 0x0) stat(0x0, &(0x7f0000000280)) VM DIAGNOSIS: 10:21:22 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000001 RCX=1ffff11002eddeb6 RDX=1ffff11002eddeb7 RSI=ffff8880176eff50 RDI=ffff8880176ef5c0 RBP=ffff8880176ef5b0 RSP=ffff8880176ef4d8 R8 =ffffffff862445f0 R9 =ffffffff862445f4 R10=ffffed1002eddeb8 R11=ffff8880176ef598 R12=ffff8880176ef599 R13=ffff8880176ef5b8 R14=ffff8880176ef558 R15=ffffffff862445f5 RIP=ffffffff8111ac35 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7cd1f47540 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7cd2421000 CR3=00000000408c2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 00ff000000000000 00000000000000ff YMM01=0000000000000000 0000000000000000 ff00ffffffffffff ffffffffffffff00 YMM02=0000000000000000 0000000000000000 4f0063305f315f31 5f4c53534e45504f YMM03=0000000000000000 0000000000000000 000000000000314e 5341006c756f7472 YMM04=0000000000000000 0000000000000000 65675f454c424154 5f474e495254535f YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823bb0f1 RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff888040887690 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000065 R11=0000000000000001 R12=0000000000000065 R13=ffffffff8765a960 R14=0000000000000010 R15=ffffffff823bb0e0 RIP=ffffffff823bb149 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f651ebcd700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007feb1c9108b0 CR3=000000003f8fa000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f652173e7c0 00007f652173e7c8 YMM02=0000000000000000 0000000000000000 00007f652173e7e0 00007f652173e7c0 YMM03=0000000000000000 0000000000000000 00007f652173e7c8 00007f652173e7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000