
Debian GNU/Linux 11 syzkaller ttyS0

Warning: Permanently added '[localhost]:26758' (ECDSA) to the list of known hosts.
2022/10/03 14:50:16 fuzzer started
2022/10/03 14:50:16 dialing manager at localhost:35095
syzkaller login: [   37.125407] cgroup: Unknown subsys name 'net'
[   37.203868] cgroup: Unknown subsys name 'rlimit'
2022/10/03 14:50:29 syscalls: 2215
2022/10/03 14:50:29 code coverage: enabled
2022/10/03 14:50:29 comparison tracing: enabled
2022/10/03 14:50:29 extra coverage: enabled
2022/10/03 14:50:29 setuid sandbox: enabled
2022/10/03 14:50:29 namespace sandbox: enabled
2022/10/03 14:50:29 Android sandbox: enabled
2022/10/03 14:50:29 fault injection: enabled
2022/10/03 14:50:29 leak checking: enabled
2022/10/03 14:50:29 net packet injection: enabled
2022/10/03 14:50:29 net device setup: enabled
2022/10/03 14:50:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/10/03 14:50:29 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/10/03 14:50:29 USB emulation: enabled
2022/10/03 14:50:29 hci packet injection: enabled
2022/10/03 14:50:29 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930                                          )
2022/10/03 14:50:29 802.15.4 emulation: enabled
2022/10/03 14:50:30 fetching corpus: 50, signal 28556/30359 (executing program)
2022/10/03 14:50:30 fetching corpus: 100, signal 37918/41379 (executing program)
2022/10/03 14:50:30 fetching corpus: 150, signal 46147/51166 (executing program)
2022/10/03 14:50:30 fetching corpus: 200, signal 52957/59487 (executing program)
2022/10/03 14:50:30 fetching corpus: 250, signal 59409/67361 (executing program)
2022/10/03 14:50:30 fetching corpus: 300, signal 62833/72266 (executing program)
2022/10/03 14:50:30 fetching corpus: 350, signal 65594/76483 (executing program)
2022/10/03 14:50:30 fetching corpus: 400, signal 71003/83180 (executing program)
2022/10/03 14:50:30 fetching corpus: 450, signal 74996/88448 (executing program)
2022/10/03 14:50:30 fetching corpus: 500, signal 80073/94677 (executing program)
2022/10/03 14:50:31 fetching corpus: 550, signal 83164/99003 (executing program)
2022/10/03 14:50:31 fetching corpus: 600, signal 85626/102701 (executing program)
2022/10/03 14:50:31 fetching corpus: 650, signal 87797/106150 (executing program)
2022/10/03 14:50:31 fetching corpus: 700, signal 91517/110915 (executing program)
2022/10/03 14:50:31 fetching corpus: 750, signal 92921/113590 (executing program)
2022/10/03 14:50:31 fetching corpus: 800, signal 94998/116860 (executing program)
2022/10/03 14:50:31 fetching corpus: 850, signal 96773/119806 (executing program)
2022/10/03 14:50:31 fetching corpus: 900, signal 99490/123552 (executing program)
2022/10/03 14:50:32 fetching corpus: 950, signal 102295/127427 (executing program)
2022/10/03 14:50:32 fetching corpus: 1000, signal 103523/129802 (executing program)
2022/10/03 14:50:32 fetching corpus: 1050, signal 104742/132187 (executing program)
2022/10/03 14:50:32 fetching corpus: 1100, signal 106900/135353 (executing program)
2022/10/03 14:50:32 fetching corpus: 1150, signal 108575/138058 (executing program)
2022/10/03 14:50:32 fetching corpus: 1200, signal 110086/140586 (executing program)
2022/10/03 14:50:32 fetching corpus: 1250, signal 112053/143490 (executing program)
2022/10/03 14:50:32 fetching corpus: 1300, signal 114835/147121 (executing program)
2022/10/03 14:50:33 fetching corpus: 1350, signal 117059/150202 (executing program)
2022/10/03 14:50:33 fetching corpus: 1400, signal 120769/154510 (executing program)
2022/10/03 14:50:33 fetching corpus: 1450, signal 122986/157541 (executing program)
2022/10/03 14:50:33 fetching corpus: 1500, signal 123825/159411 (executing program)
2022/10/03 14:50:33 fetching corpus: 1550, signal 124951/161468 (executing program)
2022/10/03 14:50:33 fetching corpus: 1600, signal 126106/163571 (executing program)
2022/10/03 14:50:33 fetching corpus: 1650, signal 128238/166371 (executing program)
2022/10/03 14:50:33 fetching corpus: 1700, signal 130070/168971 (executing program)
2022/10/03 14:50:34 fetching corpus: 1750, signal 130905/170745 (executing program)
2022/10/03 14:50:34 fetching corpus: 1800, signal 132029/172728 (executing program)
2022/10/03 14:50:34 fetching corpus: 1850, signal 133818/175237 (executing program)
2022/10/03 14:50:34 fetching corpus: 1900, signal 134746/177018 (executing program)
2022/10/03 14:50:34 fetching corpus: 1950, signal 135505/178743 (executing program)
2022/10/03 14:50:34 fetching corpus: 2000, signal 136453/180580 (executing program)
2022/10/03 14:50:34 fetching corpus: 2050, signal 138409/183125 (executing program)
2022/10/03 14:50:34 fetching corpus: 2100, signal 139745/185187 (executing program)
2022/10/03 14:50:34 fetching corpus: 2150, signal 140884/187094 (executing program)
2022/10/03 14:50:35 fetching corpus: 2200, signal 143764/190235 (executing program)
2022/10/03 14:50:35 fetching corpus: 2250, signal 144502/191818 (executing program)
2022/10/03 14:50:35 fetching corpus: 2300, signal 145668/193706 (executing program)
2022/10/03 14:50:35 fetching corpus: 2350, signal 146390/195285 (executing program)
2022/10/03 14:50:35 fetching corpus: 2400, signal 147099/196794 (executing program)
2022/10/03 14:50:35 fetching corpus: 2450, signal 148123/198509 (executing program)
2022/10/03 14:50:35 fetching corpus: 2500, signal 149476/200427 (executing program)
2022/10/03 14:50:35 fetching corpus: 2550, signal 151247/202630 (executing program)
2022/10/03 14:50:36 fetching corpus: 2600, signal 153142/204854 (executing program)
2022/10/03 14:50:36 fetching corpus: 2650, signal 154210/206554 (executing program)
2022/10/03 14:50:36 fetching corpus: 2700, signal 154986/208053 (executing program)
2022/10/03 14:50:36 fetching corpus: 2750, signal 156794/210166 (executing program)
2022/10/03 14:50:36 fetching corpus: 2800, signal 157185/211362 (executing program)
2022/10/03 14:50:36 fetching corpus: 2850, signal 158324/213043 (executing program)
2022/10/03 14:50:36 fetching corpus: 2900, signal 158809/214333 (executing program)
2022/10/03 14:50:36 fetching corpus: 2950, signal 159643/215839 (executing program)
2022/10/03 14:50:37 fetching corpus: 3000, signal 160385/217314 (executing program)
2022/10/03 14:50:37 fetching corpus: 3050, signal 161338/218888 (executing program)
2022/10/03 14:50:37 fetching corpus: 3100, signal 161839/220179 (executing program)
2022/10/03 14:50:37 fetching corpus: 3150, signal 162606/221512 (executing program)
2022/10/03 14:50:37 fetching corpus: 3200, signal 163613/223049 (executing program)
2022/10/03 14:50:37 fetching corpus: 3250, signal 164525/224522 (executing program)
2022/10/03 14:50:37 fetching corpus: 3300, signal 165375/225850 (executing program)
2022/10/03 14:50:37 fetching corpus: 3350, signal 166662/227539 (executing program)
2022/10/03 14:50:37 fetching corpus: 3400, signal 167378/228828 (executing program)
2022/10/03 14:50:38 fetching corpus: 3450, signal 168649/230401 (executing program)
2022/10/03 14:50:38 fetching corpus: 3500, signal 169823/231930 (executing program)
2022/10/03 14:50:38 fetching corpus: 3550, signal 170453/233170 (executing program)
2022/10/03 14:50:38 fetching corpus: 3600, signal 171591/234667 (executing program)
2022/10/03 14:50:38 fetching corpus: 3650, signal 172533/236053 (executing program)
2022/10/03 14:50:38 fetching corpus: 3700, signal 172973/237148 (executing program)
2022/10/03 14:50:38 fetching corpus: 3750, signal 174924/238992 (executing program)
2022/10/03 14:50:38 fetching corpus: 3800, signal 175603/240180 (executing program)
2022/10/03 14:50:38 fetching corpus: 3850, signal 176442/241444 (executing program)
2022/10/03 14:50:39 fetching corpus: 3900, signal 177245/242675 (executing program)
2022/10/03 14:50:39 fetching corpus: 3950, signal 178526/244181 (executing program)
2022/10/03 14:50:39 fetching corpus: 4000, signal 179235/245357 (executing program)
2022/10/03 14:50:39 fetching corpus: 4050, signal 180426/246722 (executing program)
2022/10/03 14:50:39 fetching corpus: 4100, signal 180984/247802 (executing program)
2022/10/03 14:50:39 fetching corpus: 4150, signal 182076/249178 (executing program)
2022/10/03 14:50:39 fetching corpus: 4200, signal 182957/250348 (executing program)
2022/10/03 14:50:39 fetching corpus: 4250, signal 183523/251430 (executing program)
2022/10/03 14:50:40 fetching corpus: 4300, signal 184253/252555 (executing program)
2022/10/03 14:50:40 fetching corpus: 4350, signal 185304/253761 (executing program)
2022/10/03 14:50:40 fetching corpus: 4400, signal 186038/254886 (executing program)
2022/10/03 14:50:40 fetching corpus: 4450, signal 186445/255888 (executing program)
2022/10/03 14:50:40 fetching corpus: 4500, signal 187255/257030 (executing program)
2022/10/03 14:50:40 fetching corpus: 4550, signal 187971/258045 (executing program)
2022/10/03 14:50:40 fetching corpus: 4600, signal 188637/259108 (executing program)
2022/10/03 14:50:40 fetching corpus: 4650, signal 189117/260031 (executing program)
2022/10/03 14:50:40 fetching corpus: 4700, signal 190047/261152 (executing program)
2022/10/03 14:50:41 fetching corpus: 4750, signal 190644/262109 (executing program)
2022/10/03 14:50:41 fetching corpus: 4800, signal 191750/263234 (executing program)
2022/10/03 14:50:41 fetching corpus: 4850, signal 192329/264183 (executing program)
2022/10/03 14:50:41 fetching corpus: 4900, signal 193724/265415 (executing program)
2022/10/03 14:50:41 fetching corpus: 4950, signal 194345/266418 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/267286 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/268008 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/268729 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/269453 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/270171 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/270907 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/271632 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/272339 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/273099 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/273850 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/274570 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/275331 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/276033 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/276758 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/277458 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/278201 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/278937 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/279681 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/280368 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/281084 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/281842 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/282568 (executing program)
2022/10/03 14:50:41 fetching corpus: 5000, signal 194783/283289 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/284010 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/284721 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/285479 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/286225 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/286955 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/287690 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/288458 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/289162 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/289867 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/290537 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/291243 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/291929 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/292637 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/293337 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/294096 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/294825 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/295567 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/296317 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/297074 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/297820 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/298528 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/299276 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/300048 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/300767 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/301528 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/302291 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/303012 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/303715 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/304091 (executing program)
2022/10/03 14:50:42 fetching corpus: 5000, signal 194783/304091 (executing program)
2022/10/03 14:50:45 starting 8 fuzzer processes
14:50:45 executing program 0:
getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x18, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0x6e)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0)
sendfile(r0, r1, &(0x7f0000000180)=0x5, 0x2e0)
recvfrom$unix(r0, &(0x7f00000001c0)=""/3, 0x3, 0x10163, &(0x7f0000000200)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
r2 = syz_mount_image$msdos(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x10001, 0x4, &(0x7f0000000600)=[{&(0x7f0000000300)="0f759c28be90489a3bcfc7455d0d5bd388417660cb492bb12052adc6db5c2d5ee03122f1ea77f9c991e671571eda8050f993c6f0e4f48c31d4da433d1fd34f929dbc6e5a41188740a761a56aad1ff1a2bddfb4a28e69c538fd22ca8435bf2a3e76843de0009ea56069f136c80310fa740c19e8905cd49f1d1ff2e0aa5b5d3374c1e57eee87b203d14d30ff3ad8086603c1d63d7ee8564868bdad6c8899897ffc752a01c49db2e069", 0xa8, 0x100}, {&(0x7f00000003c0)="4a494823e88c62739fa6bd56c26d08044f86997ca4be980a56fae6fcea4bb9398baea641724cd29a2540014637bfea169fda537de476f6713ea96cc898abd2d85b0baae6742d7b9539824684ea65c996121c20ff41f76c23f29b892308b5b2038d4fe320cfe2f15128903612900d01af8769acc2b1f45c90e06aaad9", 0x7c, 0x7ff}, {&(0x7f0000000440)="f03df46c0fe6a320c0b5719bf1eeebc680e0f52633324164e5dc75a21a4a3462493174998365f2ba8f3a587df9e37e7d52e921bd0a67c3843efede1e2564bef116e865ea9913a0e51bbff5a22e689574a038809186018457cf61634b69a2bb90114ee4de7a1dc9c74c781660d390ea13ecc531c78f4b6734fccdc3ef6836933db373fb211bd3e999e605ec8526d9187bbefe35dddd75e46c544eec7b745db706aea92125d78f81880a3db16f4f6636481d6c46ba4186612075aebfae96", 0xbd, 0x1}, {&(0x7f0000000500)="37f1bd33f8461c421c85feb8b34021a205b00d8483355de19c094a51da5a6d28a7166affc26ac79890359accc57daa93f9a7271d07d8ab5ad46b592ea5342cb04421140e29e41bb72c5679bae99dabd0d81a288f31951f99ccd2bbfea35888f20bac4bec0df45111cbd9db7dfd84003bdfe0724e8d177ccfddc42ca92f723ccf83e5c4f1e21e3000100fdbb7baa8ced741b8ee20351552bb92135d21a67513c3cea6d5d4ea6c1ed1a5aabb42d1b8af8948283dbb6a0958cb0362f9af4beae8fb4bc50a9272725200", 0xc8, 0x3}], 0x800002, &(0x7f0000000680)={[{@nodots}, {@dots}, {}, {@nodots}, {@nodots}, {@nodots}, {@fat=@usefree}, {@dots}, {@fat=@nocase}, {@nodots}], [{@fscontext={'fscontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x30}}, {@fsuuid={'fsuuid', 0x3d, {[0x33, 0x50, 0x31, 0x39, 0x31, 0x65, 0x30, 0x33], 0x2d, [0x33, 0x39, 0x37, 0x35], 0x2d, [0x19, 0x34, 0x52, 0x33], 0x2d, [0x37, 0x35, 0x38, 0x33], 0x2d, [0x34, 0x30, 0x31, 0x64, 0x31, 0x66, 0x35, 0x30]}}}, {@audit}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}]})
r3 = openat(r2, &(0x7f0000000740)='./file0\x00', 0xc0, 0x102)
r4 = openat(r3, &(0x7f0000000780)='./file0\x00', 0x100, 0x20)
mknodat(r4, &(0x7f00000007c0)='./file0\x00', 0x10, 0x4e0)
r5 = open_tree(r3, &(0x7f0000000800)='./file0\x00', 0x1)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000840)={0x6, 0x9, 0xfffffffa, 0x9, 0x16, "feab0f0caee1da41f70670200cc8c81da6cd85"})
ioctl$SNAPSHOT_ATOMIC_RESTORE(r5, 0x3304)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000880)='/sys/class/mac80211_hwsim', 0x200, 0x120)
r7 = getpid()
fcntl$setownex(r6, 0xf, &(0x7f00000008c0)={0x2, r7})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000900)={<r8=>r2, 0xc000000000000000, 0x3, 0x100})
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000940)={'vxcan0\x00'})
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000980)={<r9=>0x0}, &(0x7f00000009c0)=0xc)
sched_getaffinity(r9, 0x8, &(0x7f0000000a00))
openat(r2, &(0x7f0000000a40)='./file0\x00', 0x40640, 0x300)

14:50:45 executing program 1:
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000000)={{0x107, 0x1f, 0x0, 0x4c, 0x41, 0x3, 0x177, 0x6}, "4b59440e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x624)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000640)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x2}}, './file0\x00'})
r1 = openat(r0, &(0x7f0000000680)='./file0\x00', 0x400400, 0x104)
r2 = accept$inet(r1, &(0x7f00000006c0), &(0x7f0000000700)=0x10)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000000740)={{0x1, 0x1, 0x18, <r3=>r2, @out_args}, './file0\x00'})
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000780), 0x0)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r4, 0xf504, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000007c0), 0x80080)
open_by_handle_at(r5, &(0x7f0000000800)=@FILEID_BTRFS_WITH_PARENT={0x28, 0x4e, {0x90a2, 0x1ff, 0x5, 0x3, 0x7, 0x1}}, 0x30080)
accept$unix(r3, &(0x7f0000000840), &(0x7f00000008c0)=0x6e)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)
getsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f0000000940)={@local, @multicast1, <r6=>0x0}, &(0x7f0000000980)=0xc)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000a40)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x34, 0x0, 0x20, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x401}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008}, 0x20008840)
sendmsg$AUDIT_USER_TTY(r4, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x80, 0x464, 0x10, 0x70bd27, 0x25dfdbfe, "00d2a9b10117dac5b70b6c090aa62c6447462c3dee331397241d6818390a1af60ab5963d9d6574370973adf1966deca97c72441edd7f1218bacf6f315b99630c3e79a11a1e26fdf89359e5613d48a1a3ebdb0299e2f5e4facfc15614f368736814b99241e0869693d85ec6b4e2", ["", "", "", "", "", "", ""]}, 0x80}, 0x1, 0x0, 0x0, 0x20004800}, 0x1)
sendmsg$NL80211_CMD_TESTMODE(r5, &(0x7f0000000d00)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x6d9a50957b2dc8f7}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c00)={0x9c, 0x0, 0x8, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TESTDATA={0x7e, 0x45, "defc5f4fc520067bd0322016c54fbb02e849208a39ab4c8fd7131c2f8baa51589dddf17cf31fe5c39c97fa11a4e4d08a0b225347c3ba4f0ee7170d1e2b792a8f52ce4098f97f40faddb24d3e07f685b7d89cc62a4ffb9fe6eb71d00ced4305d0a6899db950dcb31bc5bd8b7a6bcabe996bcb38d2584c34d7180a"}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000091)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000d40)='net/ip6_flowlabel\x00')
sendmsg$NFNL_MSG_ACCT_NEW(r7, &(0x7f0000000ec0)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000e80)={&(0x7f0000000dc0)={0xb8, 0x0, 0x7, 0x401, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFACCT_FILTER={0x2c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x9}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x6}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xfffffffc}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x4}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x98}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x1f}, @NFACCT_FLAGS={0x8}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_FILTER={0x3c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x5}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x2c0c}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x1}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x97}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x5}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x7}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x2}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x41}, 0x8800)
readv(r0, &(0x7f0000001f00)=[{&(0x7f0000000f00)=""/4096, 0x1000}], 0x1)
r8 = openat$incfs(r0, &(0x7f0000001f40)='.pending_reads\x00', 0x100, 0x181)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r8, 0x0, 0x83, &(0x7f00000020c0)={'filter\x00', 0x0, 0x4, 0xf7, [0x3, 0x6, 0x5, 0x26b33af, 0x3ff, 0x4f90], 0x1, &(0x7f0000001f80)=[{}], &(0x7f0000001fc0)=""/247}, &(0x7f0000002140)=0x78)

14:50:45 executing program 2:
process_vm_writev(0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/74, 0x4a}, {&(0x7f0000000080)=""/206, 0xce}, {&(0x7f0000000180)=""/63, 0x3f}, {&(0x7f00000001c0)=""/144, 0x90}, {&(0x7f0000000280)=""/180, 0xb4}, {&(0x7f0000000340)=""/224, 0xe0}], 0x6, &(0x7f0000000500)=[{&(0x7f00000004c0)=""/21, 0x15}], 0x1, 0x0)
process_vm_writev(0x0, &(0x7f0000001cc0)=[{&(0x7f0000000540)=""/86, 0x56}, {&(0x7f00000005c0)=""/193, 0xc1}, {&(0x7f00000006c0)=""/219, 0xdb}, {&(0x7f00000007c0)=""/213, 0xd5}, {&(0x7f00000008c0)=""/191, 0xbf}, {&(0x7f0000000980)=""/210, 0xd2}, {&(0x7f0000000a80)=""/4096, 0x1000}, {&(0x7f0000001a80)=""/133, 0x85}, {&(0x7f0000001b40)=""/120, 0x78}, {&(0x7f0000001bc0)=""/212, 0xd4}], 0xa, &(0x7f0000001fc0)=[{&(0x7f0000001d80)=""/166, 0xa6}, {&(0x7f0000001e40)=""/88, 0x58}, {&(0x7f0000001ec0)=""/206, 0xce}], 0x3, 0x0)
process_vm_writev(0x0, &(0x7f0000002200)=[{&(0x7f0000002000)=""/75, 0x4b}, {&(0x7f0000002080)=""/69, 0x45}, {&(0x7f0000002100)=""/174, 0xae}, {&(0x7f00000021c0)=""/50, 0x32}], 0x4, &(0x7f0000002800)=[{&(0x7f0000002240)=""/240, 0xf0}, {&(0x7f0000002340)=""/252, 0xfc}, {&(0x7f0000002440)=""/82, 0x52}, {&(0x7f00000024c0)=""/242, 0xf2}, {&(0x7f00000025c0)=""/238, 0xee}, {&(0x7f00000026c0)=""/56, 0x38}, {&(0x7f0000002700)=""/52, 0x34}, {&(0x7f0000002740)=""/58, 0x3a}, {&(0x7f0000002780)=""/101, 0x65}], 0x9, 0x0)
process_vm_writev(0xffffffffffffffff, &(0x7f0000003e00)=[{&(0x7f00000028c0)=""/200, 0xc8}, {&(0x7f00000029c0)=""/4096, 0x1000}, {&(0x7f00000039c0)=""/73, 0x49}, {&(0x7f0000003a40)}, {&(0x7f0000003a80)=""/83, 0x53}, {&(0x7f0000003b00)=""/154, 0x9a}, {&(0x7f0000003bc0)=""/213, 0xd5}, {&(0x7f0000003cc0)=""/201, 0xc9}, {&(0x7f0000003dc0)=""/59, 0x3b}], 0x9, &(0x7f0000004380)=[{&(0x7f0000003ec0)=""/112, 0x70}, {&(0x7f0000003f40)=""/41, 0x29}, {&(0x7f0000003f80)=""/86, 0x56}, {&(0x7f0000004000)=""/216, 0xd8}, {&(0x7f0000004100)=""/101, 0x65}, {&(0x7f0000004180)=""/140, 0x8c}, {&(0x7f0000004240)=""/114, 0x72}, {&(0x7f00000042c0)=""/129, 0x81}], 0x8, 0x0)
process_vm_writev(0x0, &(0x7f00000045c0)=[{&(0x7f0000004400)=""/197, 0xc5}, {&(0x7f0000004500)=""/133, 0x85}], 0x2, &(0x7f0000004b40)=[{&(0x7f0000004600)=""/164, 0xa4}, {&(0x7f00000046c0)=""/230, 0xe6}, {&(0x7f00000047c0)=""/86, 0x56}, {&(0x7f0000004840)=""/27, 0x1b}, {&(0x7f0000004880)=""/44, 0x2c}, {&(0x7f00000048c0)=""/219, 0xdb}, {&(0x7f00000049c0)=""/242, 0xf2}, {&(0x7f0000004ac0)=""/82, 0x52}], 0x8, 0x0)
ptrace$getregset(0x4204, 0x0, 0x6, &(0x7f0000005bc0)={&(0x7f0000004bc0)=""/4096, 0x1000})
process_vm_writev(0xffffffffffffffff, &(0x7f0000006dc0)=[{&(0x7f0000005c00)=""/90, 0x5a}, {&(0x7f0000005c80)=""/4096, 0x1000}, {&(0x7f0000006c80)=""/11, 0xb}, {&(0x7f0000006cc0)=""/233, 0xe9}], 0x4, &(0x7f0000008240)=[{&(0x7f0000006e00)=""/136, 0x88}, {&(0x7f0000006ec0)=""/140, 0x8c}, {&(0x7f0000006f80)}, {&(0x7f0000006fc0)=""/6, 0x6}, {&(0x7f0000007000)=""/68, 0x44}, {&(0x7f0000007080)=""/210, 0xd2}, {&(0x7f0000007180)=""/18, 0x12}, {&(0x7f00000071c0)=""/66, 0x42}, {&(0x7f0000007240)=""/4096, 0x1000}], 0x9, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000008300)=<r0=>0x0)
process_vm_writev(r0, &(0x7f0000008500)=[{&(0x7f0000008340)=""/215, 0xd7}, {&(0x7f0000008440)=""/173, 0xad}], 0x2, &(0x7f0000008700)=[{&(0x7f0000008540)=""/83, 0x53}, {&(0x7f00000085c0)=""/151, 0x97}, {&(0x7f0000008680)=""/89, 0x59}], 0x3, 0x0)
ptrace$getregset(0x4204, r0, 0x6, &(0x7f0000008780)={&(0x7f0000008740)=""/43, 0x2b})
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000087c0)=<r1=>0x0)
process_vm_writev(r1, &(0x7f0000009c40)=[{&(0x7f0000008800)=""/223, 0xdf}, {&(0x7f0000008900)=""/218, 0xda}, {&(0x7f0000008a00)=""/4096, 0x1000}, {&(0x7f0000009a00)}, {&(0x7f0000009a40)=""/208, 0xd0}, {&(0x7f0000009b40)=""/232, 0xe8}], 0x6, &(0x7f000000cf40)=[{&(0x7f0000009cc0)}, {&(0x7f0000009d00)=""/4096, 0x1000}, {&(0x7f000000ad00)=""/17, 0x11}, {&(0x7f000000ad40)=""/4096, 0x1000}, {&(0x7f000000bd40)=""/137, 0x89}, {&(0x7f000000be00)=""/4096, 0x1000}, {&(0x7f000000ce00)=""/166, 0xa6}, {&(0x7f000000cec0)=""/69, 0x45}], 0x8, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f000000cfc0)=<r2=>0x0)
process_vm_writev(r2, &(0x7f000000e140)=[{&(0x7f000000d000)=""/4096, 0x1000}, {&(0x7f000000e000)=""/174, 0xae}, {&(0x7f000000e0c0)=""/120, 0x78}], 0x3, &(0x7f000000e2c0)=[{&(0x7f000000e180)=""/107, 0x6b}, {&(0x7f000000e200)=""/91, 0x5b}, {&(0x7f000000e280)=""/49, 0x31}], 0x3, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f000000e300))
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, &(0x7f000000e340), &(0x7f000000e380)=0x4)
pipe2(&(0x7f000000e3c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4000)
ioctl$TCSETS(r3, 0x5402, &(0x7f000000e400)={0x400, 0x7, 0x0, 0x5, 0x0, "c4e212f591d0f7ecc7e1e4b55ac078fba55c98"})
r4 = getpid()
process_vm_writev(r4, &(0x7f000000e500)=[{&(0x7f000000e440)=""/156, 0x9c}], 0x1, &(0x7f000000e840)=[{&(0x7f000000e540)=""/92, 0x5c}, {&(0x7f000000e5c0)=""/189, 0xbd}, {&(0x7f000000e680)=""/154, 0x9a}, {&(0x7f000000e740)=""/223, 0xdf}], 0x4, 0x0)

14:50:45 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000000)=<r0=>0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080), {0x15}, &(0x7f00000000c0)=""/47, 0x2f, &(0x7f0000000100)=""/152, &(0x7f00000001c0)=[0xffffffffffffffff], 0x1}, 0x58)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r1=>r0, {<r2=>0xffffffffffffffff}}, './file0\x00'})
ioctl$HIDIOCGREPORT(r2, 0x400c4807, &(0x7f00000002c0)={0x3, 0x1, 0x1})
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r3=>r2, {0x4}}, './file0\x00'})
r4 = socket$netlink(0x10, 0x3, 0xf)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r4, 0x8008f513, &(0x7f0000000340))
fdatasync(r2)
fcntl$F_SET_RW_HINT(r3, 0x40c, &(0x7f0000000380)=0x4)
fsetxattr$security_evm(r4, &(0x7f00000003c0), &(0x7f0000000400)=@v2={0x3, 0x0, 0xa, 0x3, 0xef, "cf074b096952b3a81db24b94b76a7390fabe1c682abb738da39ffc998640a5fd9d1a07cef2003c030bb7ce0c774e23d8205e6f24e97d63058387deb20aba40c6274426073a0816f5630b0bd1e44821738654ba80446f41c216bbbcb48abe877b223e0cf00e0bfc71e7261f645c7da1712533b724449f5754201784eef74a8d3d962b85c11746052b4b018984eae6a37b2013aa7a599f943a66ab9bff2606621d4531f0d46b8a34f1c8b98517d76c93ec643c45fe67c8a92211429c4665b9f512f95fe8fffa943cbe8634bb2d7e70be113278838d3632ceb7e22d173e13e541c2c2d23a3af0ee5719479af966a3116d"}, 0xf8, 0x2)
r5 = fcntl$dupfd(r3, 0x406, r0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r5, 0xc0189372, &(0x7f0000000500)={{0x1, 0x1, 0x18, <r6=>r2, {0xc}}, './file0\x00'})
read$rfkill(r2, &(0x7f0000000540), 0x8)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000580), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000005c0)={{0x1, 0x1, 0x18, <r7=>0xffffffffffffffff}, './file0\x00'})
ioctl$HIDIOCSUSAGE(r7, 0x4018480c, &(0x7f0000000600)={0x0, 0x100, 0xf79, 0x359, 0x101, 0x8})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r5, 0x10e, 0x8, &(0x7f0000000640)=0x6, 0x4)
ioctl$HIDIOCGVERSION(r7, 0x80044801, &(0x7f0000000680))
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000740)={{0x1, 0x1, 0x18, <r8=>r0}, './file0\x00'})
mount$9p_fd(0x0, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700), 0x80, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@cache_fscache}, {@cache_mmap}, {@posixacl}], [{@uid_eq={'uid', 0x3d, 0xffffffffffffffff}}, {@measure}]}})

14:50:45 executing program 4:
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x120)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r0, 0x941c, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000040), 0x8000, 0x400)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000080)={<r2=>0x0, 0x5, 0x0, [0x6f, 0x4, 0x8, 0x101, 0x7fff], [0x100, 0x7, 0x8, 0x3ff, 0x20, 0x3, 0x1, 0x53, 0x4, 0x2, 0x7, 0x4000, 0xed5, 0xc0, 0x8, 0x5, 0x7, 0x8, 0x100, 0x8000, 0x7fff, 0xffff, 0x3, 0x9, 0x400, 0x5, 0x8, 0x3f, 0x1, 0x100000000, 0x6, 0xffff, 0x4, 0x8, 0x6, 0xdd1, 0x9, 0x200, 0x7ff, 0xfffffffffffffd28, 0xfffffffffffffffa, 0xffffffffffff0001, 0x4, 0x9, 0xd5b, 0x2, 0x3ff, 0x2, 0x3, 0x80000001, 0xffff, 0x3, 0x9, 0x100, 0x3ff, 0xb6, 0xffffffffffffffff, 0xfff, 0x2, 0x6, 0x7, 0x0, 0xbbbc, 0x5, 0x100000000, 0xfffffffffffffffd, 0x3d2, 0xfffffffffffffffe, 0x9, 0x4, 0x68, 0xd3b9, 0x400, 0x5, 0x2, 0x7, 0x0, 0x0, 0x9, 0x100, 0x3, 0x3, 0xb30, 0x1, 0xbf, 0xfffffffffffff358, 0x0, 0x9, 0x3db8, 0x9, 0x0, 0x5, 0x3, 0x9, 0x5, 0xfff, 0x0, 0x101, 0x9, 0x5, 0x8, 0x2, 0x6, 0x3, 0x8, 0x4, 0x700000000000, 0x3, 0x3, 0x4, 0x5120000000, 0x800, 0x0, 0x80000001, 0x9, 0x1, 0x3ff, 0xff, 0x69b2, 0x81]})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f00000004c0)={<r3=>r2, 0x0, 0x937, 0x1})
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f00000008c0)={{0x1, 0x1, 0x18, <r5=>r0, {<r6=>r4}}, './file0\x00'})
setsockopt$inet6_tcp_int(r6, 0x6, 0x11, &(0x7f0000000900)=0x4, 0x4)
read(r6, &(0x7f0000000940)=""/4096, 0x1000)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r5, 0xc400941d, &(0x7f0000001940)={<r7=>r3, 0xffffffffffffffe0, 0x1})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r6, 0xc400941d, &(0x7f0000001d40)={r7, 0x1000, 0x2, 0x1})
r8 = syz_open_procfs(0x0, &(0x7f0000002140)='net/udp\x00')
connect$unix(r6, &(0x7f0000002180)=@file={0x1, './file0\x00'}, 0x6e)
r9 = syz_io_uring_setup(0x635a, &(0x7f0000002200)={0x0, 0x38f6, 0x0, 0x2, 0x2a4, 0x0, r0}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000002280), &(0x7f00000022c0))
fstat(r9, &(0x7f0000002300))
openat$sr(0xffffffffffffff9c, &(0x7f0000002380), 0x40, 0x0)
r10 = openat$hpet(0xffffffffffffff9c, &(0x7f00000023c0), 0x2040, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r10, 0x9, 0x0, 0x0)
copy_file_range(r4, &(0x7f0000002400)=0x2, r8, &(0x7f0000002440)=0xffffffff00000000, 0x4, 0x0)
ioctl$FS_IOC_GETFSLABEL(r4, 0x81009431, &(0x7f0000002480))

14:50:45 executing program 6:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0)
sendmsg$NL80211_CMD_STOP_NAN(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, r1, 0x2, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_QOS_MAP={0xc, 0xc7, {[], "545e490e07ed456b"}}]}, 0x28}}, 0xabc9e1a4492a3264)
r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000280), 0x100, 0x0)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r2, 0x80047210, &(0x7f00000002c0))
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)={0x128, r1, 0x8, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x1f, 0x1}}}}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0x28, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x80}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x5}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x2ef}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x1f}, @NL80211_ATTR_SCAN_SSIDS={0x78, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ibss_ssid}, {0x1f, 0x0, @random="037758a0c56f5f9e9e4353e9ab705e22bf002b6be5fb5007679177"}, {0xa, 0x0, @default_ibss_ssid}]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x4}, @NL80211_ATTR_SCAN_FREQUENCIES={0x54, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x7}, {0x8, 0x0, 0x6}, {0x8, 0x0, 0xfffffff8}, {0x8, 0x0, 0x80000000}, {0x8, 0x0, 0xfffffffe}, {0x8, 0x0, 0xffffffff}, {0x8, 0x0, 0x4}, {0x8, 0x0, 0x3}, {0x8, 0x0, 0x4976}, {0x8, 0x0, 0x6a}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x84}, 0x8840)
sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x4c, r1, 0x200, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x4c}}, 0x48040)
ioctl$RNDADDTOENTCNT(r2, 0x40045201, &(0x7f0000000640)=0x81)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff})
r4 = openat$hpet(0xffffffffffffff9c, &(0x7f00000006c0), 0xc02, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000700)={0xffffffffffffffff, 0x4, 0x8, 0x2800})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r4)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000007c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f00000008c0)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x4c, r5, 0x100, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x4, 0x52}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="d97b65343629"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_REASON_CODE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44}, 0x0)
ioctl$RNDADDTOENTCNT(r2, 0x40045201, &(0x7f0000000900)=0x10000)
r7 = pidfd_open(0xffffffffffffffff, 0x0)
sendfile(r4, r7, 0x0, 0x2)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000980))

14:50:45 executing program 5:
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={@local, @rand_addr=0x64010100}, 0xc)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000040)={@private=0xa010101, @multicast1}, 0xc)
r0 = socket$inet(0x2, 0x80000, 0x9)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000080)={'security\x00', 0x4, [{}, {}, {}, {}]}, 0x68)
r1 = socket$inet(0x2, 0x4, 0x5)
ioctl$BTRFS_IOC_DEFRAG(r1, 0x50009402, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000640)='oom_score\x00')
setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f0000000680)={@loopback, @multicast2}, 0xc)
r3 = openat2(r2, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x40, 0x22, 0xc}, 0x18)
setsockopt$inet_mreqn(r3, 0x0, 0x20, &(0x7f0000000740)={@multicast1, @empty}, 0xc)
r4 = syz_open_dev$vcsn(&(0x7f0000000840), 0x4, 0x110000)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000880)={@initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0xc)
setsockopt$inet_mreqn(r3, 0x0, 0x24, &(0x7f00000008c0)={@remote, @remote}, 0xc)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000900)={{0x2c, @empty, 0x4e20, 0x2, 'sed\x00', 0x24, 0x5, 0x57}, {@remote, 0x4e24, 0x3, 0x7fffffff, 0x7477, 0x2}}, 0x44)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000000, 0x4010, r2, 0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE={0x17, 0x5, 0x4000, @fd_index=0x8, 0x1, &(0x7f0000000980)="3d82c30843b777b9992d0b97fe000f0bf69327755f3a7ac80ca0d12153652fa0d948567ac20cb540b186f4d0d575909ef74cd2c6f5aefd84484d581db07b534f8b98fcef164d0cfbbcd4413fb683f4cfba1c8a31369eb7c0275e48bd1054fa0f29475e28568249ae975ba3cb1331160a9401603463d118083e9ee95e234c69d147", 0x81, 0xd, 0x1, {0x0, r6}}, 0x7ff)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2f, &(0x7f0000000a80)={0x2, {{0x2, 0x4e21, @broadcast}}, {{0x2, 0x4e20, @rand_addr=0x64010101}}}, 0x108)
setsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f0000000bc0)={@initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010102}, 0xc)
ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000c00)={{0x2, 0x4e22, @rand_addr=0x64010101}, {0x306, @remote}, 0x0, {0x2, 0x4e20, @multicast1}, 'syz_tun\x00'})

[   65.594500] audit: type=1400 audit(1664808645.200:6): avc:  denied  { execmem } for  pid=286 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
14:50:45 executing program 7:
prctl$PR_SVE_SET_VL(0x32, 0x2425f)
prctl$PR_SVE_SET_VL(0x32, 0x28929)
prctl$PR_SVE_SET_VL(0x32, 0x3607a)
prctl$PR_SVE_SET_VL(0x32, 0x32260)
prctl$PR_SVE_SET_VL(0x32, 0x11a86)
prctl$PR_SVE_SET_VL(0x32, 0x308f6)
prctl$PR_SVE_SET_VL(0x32, 0x29380)
prctl$PR_SVE_SET_VL(0x32, 0x2aee)
prctl$PR_SVE_SET_VL(0x32, 0x2cb0a)
prctl$PR_SVE_SET_VL(0x32, 0x65ca)
prctl$PR_SVE_SET_VL(0x32, 0x10927)
prctl$PR_SVE_SET_VL(0x32, 0x3add4)
prctl$PR_SVE_SET_VL(0x32, 0x3810d)
prctl$PR_SVE_SET_VL(0x32, 0x10dfd)
prctl$PR_SVE_SET_VL(0x32, 0x135c3)
prctl$PR_SVE_SET_VL(0x32, 0x243e)
prctl$PR_SVE_SET_VL(0x32, 0x157bf)
prctl$PR_SVE_SET_VL(0x32, 0x3004a)
prctl$PR_SVE_SET_VL(0x32, 0x20906)
prctl$PR_SVE_SET_VL(0x32, 0x3d2c3)

[   66.843798] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   66.846034] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   66.847649] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   66.852203] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   66.854491] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   66.856785] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   66.858547] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   66.860628] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   66.869027] Bluetooth: hci0: HCI_REQ-0x0c1a
[   66.886159] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   66.900201] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   66.902665] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   66.910573] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   66.919974] Bluetooth: hci1: HCI_REQ-0x0c1a
[   66.946283] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   66.947922] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   66.949885] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   66.950249] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   66.953597] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   66.953821] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   66.956274] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   66.957948] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   66.962532] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   66.964232] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   66.966339] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   66.967680] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   66.969681] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   66.971293] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   66.977117] Bluetooth: hci4: HCI_REQ-0x0c1a
[   66.978080] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   66.982027] Bluetooth: hci3: HCI_REQ-0x0c1a
[   66.982132] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   66.984951] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   66.989336] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   66.999631] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   67.003259] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   67.006118] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   67.007685] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   67.015450] Bluetooth: hci5: HCI_REQ-0x0c1a
[   67.016557] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   67.020786] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   67.025465] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   67.029532] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   67.029960] Bluetooth: hci6: HCI_REQ-0x0c1a
[   67.038343] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   67.044981] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   67.053360] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   67.073196] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   67.104143] Bluetooth: hci7: HCI_REQ-0x0c1a
[   68.912170] Bluetooth: hci0: command 0x0409 tx timeout
[   68.912905] Bluetooth: hci2: Opcode 0x c03 failed: -110
[   68.975847] Bluetooth: hci1: command 0x0409 tx timeout
[   69.039089] Bluetooth: hci5: command 0x0409 tx timeout
[   69.039105] Bluetooth: hci4: command 0x0409 tx timeout
[   69.040840] Bluetooth: hci3: command 0x0409 tx timeout
[   69.040995] Bluetooth: hci6: command 0x0409 tx timeout
[   69.166841] Bluetooth: hci7: command 0x0409 tx timeout
[   70.959688] Bluetooth: hci0: command 0x041b tx timeout
[   71.022764] Bluetooth: hci1: command 0x041b tx timeout
[   71.086770] Bluetooth: hci6: command 0x041b tx timeout
[   71.087961] Bluetooth: hci4: command 0x041b tx timeout
[   71.087985] Bluetooth: hci3: command 0x041b tx timeout
[   71.088366] Bluetooth: hci5: command 0x041b tx timeout
[   71.214764] Bluetooth: hci7: command 0x041b tx timeout
[   71.994195] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   71.998343] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   72.000231] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   72.007112] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   72.011983] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   72.014307] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   72.022017] Bluetooth: hci2: HCI_REQ-0x0c1a
[   73.006819] Bluetooth: hci0: command 0x040f tx timeout
[   73.071026] Bluetooth: hci1: command 0x040f tx timeout
[   73.134824] Bluetooth: hci5: command 0x040f tx timeout
[   73.134845] Bluetooth: hci6: command 0x040f tx timeout
[   73.134876] Bluetooth: hci3: command 0x040f tx timeout
[   73.135641] Bluetooth: hci4: command 0x040f tx timeout
[   73.263969] Bluetooth: hci7: command 0x040f tx timeout
[   74.031821] Bluetooth: hci2: command 0x0409 tx timeout
[   75.054846] Bluetooth: hci0: command 0x0419 tx timeout
[   75.118791] Bluetooth: hci1: command 0x0419 tx timeout
[   75.183092] Bluetooth: hci4: command 0x0419 tx timeout
[   75.183825] Bluetooth: hci3: command 0x0419 tx timeout
[   75.184299] Bluetooth: hci5: command 0x0419 tx timeout
[   75.184501] Bluetooth: hci6: command 0x0419 tx timeout
[   75.310802] Bluetooth: hci7: command 0x0419 tx timeout
[   76.078917] Bluetooth: hci2: command 0x041b tx timeout
[   78.126800] Bluetooth: hci2: command 0x040f tx timeout
[   80.174886] Bluetooth: hci2: command 0x0419 tx timeout
14:51:40 executing program 1:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f00000029c0)={0xc8, r0, 0x10, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_BSS_BASIC_RATES={0xb, 0x24, [{0x24}, {0x3}, {0xc, 0x1}, {0x18}, {0x30}, {0x12}, {0x1a}]}, @NL80211_ATTR_MCAST_RATE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x20}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x775e}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8c73}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1725}], @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_CONNECTED_TO_GATE={0x5}, @NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x1ff}]}, @NL80211_ATTR_HANDLE_DFS={0x4}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}], @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0xc8}, 0x1, 0x0, 0x0, 0x20000000}, 0xc4004)
r2 = syz_open_dev$loop(&(0x7f0000004e00), 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000002880)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000002980)={&(0x7f0000002840)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000002940)={&(0x7f00000028c0)={0x5c, r0, 0x400, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MEASUREMENT_DURATION={0x6}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_SCAN_SSIDS={0x28, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4044}, 0x10000040)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
r6 = dup3(r3, r5, 0x0)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
ioctl$BTRFS_IOC_SPACE_INFO(r6, 0xc0109414, &(0x7f0000000240)={0x193, 0x3, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000004e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8bd74cd3126be9edd87f9c8bdf4b10418e864f6ed72d42c4e7e2d4415f346cf64a6d7ef7e02865a790b00ef780e1d6a2147b9bd4f34ffb94003182f4ddf5471f", "edf4a0cf9375abd6f3f1fbead25adf7836439e33f3842067516a9d922c043c99ce21ed614196ffeafa48eea727b7572f0253de767bd8acd09204c6e56663e37f", "d99f680e937932cd2ae1b250d331dbcc1f3237cde898896dc1741ef53a4f8252"})

14:51:41 executing program 1:
r0 = pkey_alloc(0x0, 0x2)
pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000018, r0)
r1 = io_uring_setup(0x70e6, &(0x7f0000000040)={0x0, 0x2009e08, 0x1, 0x2, 0x361})
mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x10050, r1, 0x10000000)
pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0xffffffffffffffff)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x4000)=nil)
msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0)

14:51:41 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000180)={'syztnl2\x00', &(0x7f0000001300)=ANY=[@ANYBLOB='syztnl0\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="00107800000000b800000000427f004800660000802f9078ac1e0001ac14140f8307f60000000007042a4c0183277de0000001ac1e0001e0000002ac1e0101ac1414390000000064010102e0000002ac1414bb00b550719e65b4829f0a5ade644ce9a17e5b34633c7654b535e1afc15018bd09f692b473d6fce6e7ca4ae31922eed9b4223de6eb7ee9a6321cbb4a4bd31545ab1444b2e9bee22fb5dd9f79706fa61ef4eb0efa1e5afe8b496fa5c4b88661202cbc8ed1ae5b9f297eac58928885c541eb7e852f7d3bb2c82127a88c6734c9db86384f926205f3b4e4912503f5ae35b8d7e0ba092964c7666e7a7debf7e19d1f705575f1d86c120f86868168554a5c9ca36ac2c4acddebee4f13ee63456ce5722c5cc59336662dfcc29d10db567a4a87"]})
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, r2, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r1, 0x8010671f, &(0x7f0000000000)={&(0x7f0000000300)=""/4096, 0x1000})
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = epoll_create1(0x0)
fcntl$lock(r3, 0x26, &(0x7f0000000040))

[  121.624293] audit: type=1400 audit(1664808701.230:7): avc:  denied  { open } for  pid=3830 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  121.626084] audit: type=1400 audit(1664808701.230:8): avc:  denied  { kernel } for  pid=3830 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  121.632791] ------------[ cut here ]------------
[  121.632811] 
[  121.632813] ======================================================
[  121.632817] WARNING: possible circular locking dependency detected
[  121.632821] 6.0.0-rc7-next-20220930 #1 Not tainted
[  121.632827] ------------------------------------------------------
[  121.632830] syz-executor.4/3838 is trying to acquire lock:
[  121.632836] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  121.632877] 
[  121.632877] but task is already holding lock:
[  121.632880] ffff8880098be420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  121.632907] 
[  121.632907] which lock already depends on the new lock.
[  121.632907] 
[  121.632909] 
[  121.632909] the existing dependency chain (in reverse order) is:
[  121.632913] 
[  121.632913] -> #3 (&ctx->lock){....}-{2:2}:
[  121.632926]        _raw_spin_lock+0x2a/0x40
[  121.632938]        __perf_event_task_sched_out+0x53b/0x18d0
[  121.632949]        __schedule+0xedd/0x2470
[  121.632963]        preempt_schedule_common+0x45/0xc0
[  121.632978]        __cond_resched+0x17/0x30
[  121.632992]        __mutex_lock+0xa3/0x14d0
[  121.633006]        __do_sys_perf_event_open+0x1eec/0x32c0
[  121.633018]        do_syscall_64+0x3b/0x90
[  121.633036]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  121.633048] 
[  121.633048] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  121.633062]        _raw_spin_lock_nested+0x30/0x40
[  121.633073]        raw_spin_rq_lock_nested+0x1e/0x30
[  121.633089]        task_fork_fair+0x63/0x4d0
[  121.633108]        sched_cgroup_fork+0x3d0/0x540
[  121.633122]        copy_process+0x4183/0x6e20
[  121.633133]        kernel_clone+0xe7/0x890
[  121.633142]        user_mode_thread+0xad/0xf0
[  121.633152]        rest_init+0x24/0x250
[  121.633164]        arch_call_rest_init+0xf/0x14
[  121.633182]        start_kernel+0x4c6/0x4eb
[  121.633197]        secondary_startup_64_no_verify+0xe0/0xeb
[  121.633211] 
[  121.633211] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  121.633224]        _raw_spin_lock_irqsave+0x39/0x60
[  121.633235]        try_to_wake_up+0xab/0x1930
[  121.633248]        up+0x75/0xb0
[  121.633262]        __up_console_sem+0x6e/0x80
[  121.633278]        console_unlock+0x46a/0x590
[  121.633294]        vt_ioctl+0x2822/0x2ca0
[  121.633306]        tty_ioctl+0x785/0x16b0
[  121.633317]        __x64_sys_ioctl+0x19a/0x210
[  121.633330]        do_syscall_64+0x3b/0x90
[  121.633347]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  121.633359] 
[  121.633359] -> #0 ((console_sem).lock){....}-{2:2}:
[  121.633373]        __lock_acquire+0x2a02/0x5e70
[  121.633390]        lock_acquire+0x1a2/0x530
[  121.633405]        _raw_spin_lock_irqsave+0x39/0x60
[  121.633416]        down_trylock+0xe/0x70
[  121.633430]        __down_trylock_console_sem+0x3b/0xd0
[  121.633446]        vprintk_emit+0x16b/0x560
[  121.633462]        vprintk+0x84/0xa0
[  121.633478]        _printk+0xba/0xf1
[  121.633489]        report_bug.cold+0x72/0xab
[  121.633505]        handle_bug+0x3c/0x70
[  121.633521]        exc_invalid_op+0x14/0x50
[  121.633538]        asm_exc_invalid_op+0x16/0x20
[  121.633550]        group_sched_out.part.0+0x2c7/0x460
[  121.633568]        ctx_sched_out+0x8f1/0xc10
[  121.633584]        __perf_event_task_sched_out+0x6d0/0x18d0
[  121.633595]        __schedule+0xedd/0x2470
[  121.633608]        preempt_schedule_common+0x45/0xc0
[  121.633623]        __cond_resched+0x17/0x30
[  121.633636]        __mutex_lock+0xa3/0x14d0
[  121.633651]        __do_sys_perf_event_open+0x1eec/0x32c0
[  121.633662]        do_syscall_64+0x3b/0x90
[  121.633678]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  121.633691] 
[  121.633691] other info that might help us debug this:
[  121.633691] 
[  121.633693] Chain exists of:
[  121.633693]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  121.633693] 
[  121.633708]  Possible unsafe locking scenario:
[  121.633708] 
[  121.633711]        CPU0                    CPU1
[  121.633713]        ----                    ----
[  121.633715]   lock(&ctx->lock);
[  121.633721]                                lock(&rq->__lock);
[  121.633727]                                lock(&ctx->lock);
[  121.633733]   lock((console_sem).lock);
[  121.633739] 
[  121.633739]  *** DEADLOCK ***
[  121.633739] 
[  121.633741] 2 locks held by syz-executor.4/3838:
[  121.633748]  #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  121.633776]  #1: ffff8880098be420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  121.633802] 
[  121.633802] stack backtrace:
[  121.633805] CPU: 1 PID: 3838 Comm: syz-executor.4 Not tainted 6.0.0-rc7-next-20220930 #1
[  121.633818] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  121.633826] Call Trace:
[  121.633829]  <TASK>
[  121.633833]  dump_stack_lvl+0x8b/0xb3
[  121.633851]  check_noncircular+0x263/0x2e0
[  121.633867]  ? format_decode+0x26c/0xb50
[  121.633884]  ? print_circular_bug+0x450/0x450
[  121.633900]  ? simple_strtoul+0x30/0x30
[  121.633915]  ? __lockdep_reset_lock+0x180/0x180
[  121.633931]  ? format_decode+0x26c/0xb50
[  121.633948]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  121.633966]  __lock_acquire+0x2a02/0x5e70
[  121.633987]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  121.634009]  lock_acquire+0x1a2/0x530
[  121.634026]  ? down_trylock+0xe/0x70
[  121.634042]  ? lock_release+0x750/0x750
[  121.634061]  ? find_held_lock+0x2c/0x110
[  121.634077]  ? vprintk+0x84/0xa0
[  121.634095]  _raw_spin_lock_irqsave+0x39/0x60
[  121.634106]  ? down_trylock+0xe/0x70
[  121.634122]  down_trylock+0xe/0x70
[  121.634137]  ? vprintk+0x84/0xa0
[  121.634154]  __down_trylock_console_sem+0x3b/0xd0
[  121.634171]  vprintk_emit+0x16b/0x560
[  121.634189]  vprintk+0x84/0xa0
[  121.634206]  _printk+0xba/0xf1
[  121.634218]  ? record_print_text.cold+0x16/0x16
[  121.634231]  ? hrtimer_try_to_cancel+0x163/0x2c0
[  121.634246]  ? lock_downgrade+0x6d0/0x6d0
[  121.634263]  ? report_bug.cold+0x66/0xab
[  121.634281]  ? group_sched_out.part.0+0x2c7/0x460
[  121.634299]  report_bug.cold+0x72/0xab
[  121.634318]  handle_bug+0x3c/0x70
[  121.634335]  exc_invalid_op+0x14/0x50
[  121.634353]  asm_exc_invalid_op+0x16/0x20
[  121.634365] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  121.634385] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  121.634397] RSP: 0018:ffff88803fd3f978 EFLAGS: 00010006
[  121.634406] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  121.634413] RDX: ffff88803fd30000 RSI: ffffffff81565dc7 RDI: 0000000000000005
[  121.634421] RBP: ffff88803fd40000 R08: 0000000000000005 R09: 0000000000000001
[  121.634428] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880098be400
[  121.634436] R13: ffff88806cf3d2c0 R14: ffffffff8547c960 R15: 0000000000000002
[  121.634446]  ? group_sched_out.part.0+0x2c7/0x460
[  121.634466]  ? group_sched_out.part.0+0x2c7/0x460
[  121.634486]  ctx_sched_out+0x8f1/0xc10
[  121.634505]  __perf_event_task_sched_out+0x6d0/0x18d0
[  121.634519]  ? lock_is_held_type+0xd7/0x130
[  121.634533]  ? __perf_cgroup_move+0x160/0x160
[  121.634543]  ? set_next_entity+0x304/0x550
[  121.634561]  ? update_curr+0x267/0x740
[  121.634579]  ? lock_is_held_type+0xd7/0x130
[  121.634593]  __schedule+0xedd/0x2470
[  121.634610]  ? io_schedule_timeout+0x150/0x150
[  121.634624]  ? find_held_lock+0x2c/0x110
[  121.634641]  ? lock_is_held_type+0xd7/0x130
[  121.634653]  ? __cond_resched+0x17/0x30
[  121.634669]  preempt_schedule_common+0x45/0xc0
[  121.634685]  __cond_resched+0x17/0x30
[  121.634699]  __mutex_lock+0xa3/0x14d0
[  121.634716]  ? lock_is_held_type+0xd7/0x130
[  121.634728]  ? __do_sys_perf_event_open+0x1eec/0x32c0
[  121.634742]  ? mutex_lock_io_nested+0x1310/0x1310
[  121.634758]  ? lock_release+0x3b2/0x750
[  121.634775]  ? __up_read+0x192/0x730
[  121.634790]  ? up_write+0x520/0x520
[  121.634807]  __do_sys_perf_event_open+0x1eec/0x32c0
[  121.634822]  ? perf_compat_ioctl+0x130/0x130
[  121.634833]  ? xfd_validate_state+0x59/0x180
[  121.634856]  ? syscall_enter_from_user_mode+0x1d/0x50
[  121.634870]  ? syscall_enter_from_user_mode+0x1d/0x50
[  121.634886]  do_syscall_64+0x3b/0x90
[  121.634903]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  121.634916] RIP: 0033:0x7f223cf79b19
[  121.634925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  121.634935] RSP: 002b:00007f223a4ce188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  121.634946] RAX: ffffffffffffffda RBX: 00007f223d08d020 RCX: 00007f223cf79b19
[  121.634954] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280
[  121.634961] RBP: 00007f223cfd3f6d R08: 0000000000000000 R09: 0000000000000000
[  121.634968] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  121.634975] R13: 00007fff47853f5f R14: 00007f223a4ce300 R15: 0000000000022000
[  121.634988]  </TASK>
[  121.696654] WARNING: CPU: 1 PID: 3838 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  121.697365] Modules linked in:
[  121.697614] CPU: 1 PID: 3838 Comm: syz-executor.4 Not tainted 6.0.0-rc7-next-20220930 #1
[  121.698212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  121.699060] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  121.699482] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  121.700849] RSP: 0018:ffff88803fd3f978 EFLAGS: 00010006
[  121.701250] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  121.701783] RDX: ffff88803fd30000 RSI: ffffffff81565dc7 RDI: 0000000000000005
[  121.702316] RBP: ffff88803fd40000 R08: 0000000000000005 R09: 0000000000000001
[  121.702852] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880098be400
[  121.703383] R13: ffff88806cf3d2c0 R14: ffffffff8547c960 R15: 0000000000000002
[  121.703920] FS:  00007f223a4ce700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  121.704532] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  121.704983] CR2: 00007f0a4cab28e0 CR3: 000000001d7b2000 CR4: 0000000000350ee0
[  121.705516] Call Trace:
[  121.705715]  <TASK>
[  121.705893]  ctx_sched_out+0x8f1/0xc10
[  121.706201]  __perf_event_task_sched_out+0x6d0/0x18d0
[  121.706596]  ? lock_is_held_type+0xd7/0x130
[  121.706927]  ? __perf_cgroup_move+0x160/0x160
[  121.707263]  ? set_next_entity+0x304/0x550
[  121.707589]  ? update_curr+0x267/0x740
[  121.707889]  ? lock_is_held_type+0xd7/0x130
[  121.708219]  __schedule+0xedd/0x2470
[  121.708513]  ? io_schedule_timeout+0x150/0x150
[  121.708865]  ? find_held_lock+0x2c/0x110
[  121.709181]  ? lock_is_held_type+0xd7/0x130
[  121.709508]  ? __cond_resched+0x17/0x30
[  121.709815]  preempt_schedule_common+0x45/0xc0
[  121.710162]  __cond_resched+0x17/0x30
[  121.710452]  __mutex_lock+0xa3/0x14d0
[  121.710749]  ? lock_is_held_type+0xd7/0x130
[  121.711076]  ? __do_sys_perf_event_open+0x1eec/0x32c0
[  121.711464]  ? mutex_lock_io_nested+0x1310/0x1310
[  121.711837]  ? lock_release+0x3b2/0x750
[  121.712150]  ? __up_read+0x192/0x730
[  121.712443]  ? up_write+0x520/0x520
[  121.712735]  __do_sys_perf_event_open+0x1eec/0x32c0
[  121.713115]  ? perf_compat_ioctl+0x130/0x130
[  121.713454]  ? xfd_validate_state+0x59/0x180
[  121.713802]  ? syscall_enter_from_user_mode+0x1d/0x50
[  121.714189]  ? syscall_enter_from_user_mode+0x1d/0x50
[  121.714585]  do_syscall_64+0x3b/0x90
[  121.714887]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  121.715280] RIP: 0033:0x7f223cf79b19
[  121.715563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  121.716929] RSP: 002b:00007f223a4ce188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  121.717491] RAX: ffffffffffffffda RBX: 00007f223d08d020 RCX: 00007f223cf79b19
[  121.718028] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280
[  121.718559] RBP: 00007f223cfd3f6d R08: 0000000000000000 R09: 0000000000000000
[  121.719088] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  121.719616] R13: 00007fff47853f5f R14: 00007f223a4ce300 R15: 0000000000022000
[  121.720148]  </TASK>
[  121.720329] irq event stamp: 612
[  121.720587] hardirqs last  enabled at (611): [<ffffffff84400d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20
[  121.721310] hardirqs last disabled at (612): [<ffffffff8425caa5>] __schedule+0x1225/0x2470
[  121.721926] softirqs last  enabled at (496): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  121.722564] softirqs last disabled at (307): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  121.723199] ---[ end trace 0000000000000000 ]---
14:51:41 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = dup3(r0, r1, 0x0)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0xfeffffff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
setsockopt$inet_tcp_int(r2, 0x6, 0x17, &(0x7f0000000000)=0x6, 0x4)
ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000080))

14:51:41 executing program 1:
clock_getres(0x2, &(0x7f00000003c0))

14:51:41 executing program 4:
syslog(0x3, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x10000027f)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0)
perf_event_open(&(0x7f0000000440)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x1340, 0x7, 0x2c5}, 0xffffffffffffffff, 0xe, r0, 0x8)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x110, 0xffffffffffffffff, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
dup3(r3, r4, 0x0)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r3, 0x40047211, &(0x7f0000000100))
syz_io_uring_complete(r2)

14:51:41 executing program 1:
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000009ec0), 0x0, 0x0)
r1 = mq_open(&(0x7f0000000080)='\'$]\x00', 0x800, 0x4, &(0x7f00000000c0)={0x8, 0x7fff, 0x6, 0x7})
fcntl$getflags(r1, 0x40a)
pread64(r0, &(0x7f0000000040)=""/19, 0x13, 0x4)
openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x7041, 0x0)

[  122.005167] loop0: detected capacity change from 0 to 128
[  122.007185] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
14:51:41 executing program 3:
r0 = syz_open_pts(0xffffffffffffffff, 0x2)
ioctl$TCSBRK(r0, 0x5409, 0x6)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001e00), 0x0, 0x0)
lseek(r1, 0x43, 0x1)
r2 = fsmount(0xffffffffffffffff, 0x1, 0x0)
lseek(r1, 0x80000000, 0x3)
write$eventfd(r2, &(0x7f0000000000)=0x246, 0x8)

[  122.111562] loop0: detected capacity change from 0 to 128
[  122.112171] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[  124.318358] audit: type=1400 audit(1664808703.924:9): avc:  denied  { map } for  pid=3982 comm="syz-executor.5" path="/proc/3982/task/3989/oom_score" dev="proc" ino=14664 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file permissive=1

VM DIAGNOSIS:
14:51:41  Registers:
info registers vcpu 0
RAX=dffffc0000000000 RBX=0000000000000001 RCX=1ffffffff0e0c0d8 RDX=1ffff11002014c74
RSI=ffffffff8424eb7b RDI=ffff8880100a63a0 RBP=ffff88803fc573f8 RSP=ffff88803fc57320
R8 =ffffffff85ed04d2 R9 =ffffffff85ed04d6 R10=ffffed1007f8ae81 R11=ffff88803fc573e0
R12=ffff88803fc57468 R13=0000000000000000 R14=ffff88803fc573a0 R15=0000000000000000
RIP=ffffffff8111a26c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd31a80a028 CR3=0000000035c2a000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f
YMM01=0000000000000000 0000000000000000 6f732e616d7a6c62 696c2f756e672d78
YMM02=0000000000000000 0000000000000000 00352e6f732e616d 7a6c62696c2f756e
YMM03=0000000000000000 0000000000000000 672d78756e696c2d 34365f3638782f62
YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000072 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff823bb0f1 RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff88803fd3f3c0
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000072 R11=0000000000000001
R12=0000000000000072 R13=ffffffff8765a960 R14=0000000000000010 R15=ffffffff823bb0e0
RIP=ffffffff823bb149 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f223a4ce700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0a4cab28e0 CR3=000000001d7b2000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f
YMM01=0000000000000000 0000000000000000 00362e6f732e6362 696c2f756e672d78
YMM02=0000000000000000 0000000000000000 ffff0000000000ff ffffffffffffffff
YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000