syzkaller login: [ 42.578522] sshd (245) used greatest stack depth: 24792 bytes left Warning: Permanently added '[localhost]:15065' (ECDSA) to the list of known hosts. 2022/10/03 18:41:54 fuzzer started 2022/10/03 18:41:54 dialing manager at localhost:35095 [ 44.448131] cgroup: Unknown subsys name 'net' [ 44.635007] cgroup: Unknown subsys name 'rlimit' 2022/10/03 18:42:10 syscalls: 2215 2022/10/03 18:42:10 code coverage: enabled 2022/10/03 18:42:10 comparison tracing: enabled 2022/10/03 18:42:10 extra coverage: enabled 2022/10/03 18:42:10 setuid sandbox: enabled 2022/10/03 18:42:10 namespace sandbox: enabled 2022/10/03 18:42:10 Android sandbox: enabled 2022/10/03 18:42:10 fault injection: enabled 2022/10/03 18:42:10 leak checking: enabled 2022/10/03 18:42:10 net packet injection: enabled 2022/10/03 18:42:10 net device setup: enabled 2022/10/03 18:42:10 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/03 18:42:10 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/03 18:42:10 USB emulation: enabled 2022/10/03 18:42:10 hci packet injection: enabled 2022/10/03 18:42:10 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930) 2022/10/03 18:42:10 802.15.4 emulation: enabled 2022/10/03 18:42:10 fetching corpus: 50, signal 27757/29565 (executing program) 2022/10/03 18:42:10 fetching corpus: 100, signal 36104/39634 (executing program) 2022/10/03 18:42:10 fetching corpus: 150, signal 43232/48424 (executing program) 2022/10/03 18:42:10 fetching corpus: 200, signal 47084/53893 (executing program) 2022/10/03 18:42:10 fetching corpus: 250, signal 53969/62288 (executing program) 2022/10/03 18:42:10 fetching corpus: 300, signal 59653/69382 (executing program) 2022/10/03 18:42:10 fetching corpus: 350, signal 62365/73547 (executing program) 2022/10/03 18:42:10 fetching corpus: 400, signal 65324/77905 (executing program) 2022/10/03 18:42:10 fetching corpus: 450, signal 70279/84151 (executing program) 2022/10/03 18:42:11 fetching corpus: 500, signal 72905/88127 (executing program) 2022/10/03 18:42:11 fetching corpus: 550, signal 77800/94193 (executing program) 2022/10/03 18:42:11 fetching corpus: 600, signal 81613/99175 (executing program) 2022/10/03 18:42:11 fetching corpus: 650, signal 85775/104459 (executing program) 2022/10/03 18:42:11 fetching corpus: 700, signal 88902/108767 (executing program) 2022/10/03 18:42:11 fetching corpus: 750, signal 94042/114819 (executing program) 2022/10/03 18:42:11 fetching corpus: 800, signal 97523/119332 (executing program) 2022/10/03 18:42:12 fetching corpus: 850, signal 99207/122188 (executing program) 2022/10/03 18:42:12 fetching corpus: 900, signal 100992/125140 (executing program) 2022/10/03 18:42:12 fetching corpus: 950, signal 102554/127830 (executing program) 2022/10/03 18:42:12 fetching corpus: 1000, signal 105664/131866 (executing program) 2022/10/03 18:42:12 fetching corpus: 1050, signal 107724/134984 (executing program) 2022/10/03 18:42:12 fetching corpus: 1100, signal 109093/137425 (executing program) 2022/10/03 18:42:12 fetching corpus: 1150, signal 111236/140527 (executing program) 2022/10/03 18:42:12 fetching corpus: 1200, signal 113094/143377 (executing program) 2022/10/03 18:42:12 fetching corpus: 1250, signal 114283/145616 (executing program) 2022/10/03 18:42:13 fetching corpus: 1300, signal 115753/148073 (executing program) 2022/10/03 18:42:13 fetching corpus: 1350, signal 117150/150497 (executing program) 2022/10/03 18:42:13 fetching corpus: 1400, signal 120309/154275 (executing program) 2022/10/03 18:42:13 fetching corpus: 1450, signal 121293/156328 (executing program) 2022/10/03 18:42:13 fetching corpus: 1500, signal 123547/159385 (executing program) 2022/10/03 18:42:13 fetching corpus: 1550, signal 125933/162450 (executing program) 2022/10/03 18:42:13 fetching corpus: 1600, signal 127204/164625 (executing program) 2022/10/03 18:42:13 fetching corpus: 1650, signal 128645/166941 (executing program) 2022/10/03 18:42:13 fetching corpus: 1700, signal 129255/168544 (executing program) 2022/10/03 18:42:14 fetching corpus: 1750, signal 130341/170536 (executing program) 2022/10/03 18:42:14 fetching corpus: 1800, signal 131749/172753 (executing program) 2022/10/03 18:42:14 fetching corpus: 1850, signal 133354/175146 (executing program) 2022/10/03 18:42:14 fetching corpus: 1900, signal 136296/178424 (executing program) 2022/10/03 18:42:14 fetching corpus: 1950, signal 138235/180992 (executing program) 2022/10/03 18:42:14 fetching corpus: 2000, signal 139247/182842 (executing program) 2022/10/03 18:42:14 fetching corpus: 2050, signal 140885/185190 (executing program) 2022/10/03 18:42:15 fetching corpus: 2100, signal 142450/187440 (executing program) 2022/10/03 18:42:15 fetching corpus: 2150, signal 143411/189177 (executing program) 2022/10/03 18:42:15 fetching corpus: 2200, signal 144333/190905 (executing program) 2022/10/03 18:42:15 fetching corpus: 2250, signal 145019/192467 (executing program) 2022/10/03 18:42:15 fetching corpus: 2300, signal 146223/194410 (executing program) 2022/10/03 18:42:15 fetching corpus: 2350, signal 146937/195955 (executing program) 2022/10/03 18:42:15 fetching corpus: 2400, signal 148088/197850 (executing program) 2022/10/03 18:42:15 fetching corpus: 2450, signal 148850/199402 (executing program) 2022/10/03 18:42:15 fetching corpus: 2500, signal 149621/200992 (executing program) 2022/10/03 18:42:15 fetching corpus: 2550, signal 150798/202879 (executing program) 2022/10/03 18:42:16 fetching corpus: 2600, signal 152006/204700 (executing program) 2022/10/03 18:42:16 fetching corpus: 2650, signal 153110/206445 (executing program) 2022/10/03 18:42:16 fetching corpus: 2700, signal 154334/208249 (executing program) 2022/10/03 18:42:16 fetching corpus: 2750, signal 155660/210121 (executing program) 2022/10/03 18:42:16 fetching corpus: 2800, signal 156974/211968 (executing program) 2022/10/03 18:42:16 fetching corpus: 2850, signal 158365/213866 (executing program) 2022/10/03 18:42:16 fetching corpus: 2900, signal 158970/215218 (executing program) 2022/10/03 18:42:16 fetching corpus: 2950, signal 160259/216978 (executing program) 2022/10/03 18:42:17 fetching corpus: 3000, signal 161657/218803 (executing program) 2022/10/03 18:42:17 fetching corpus: 3050, signal 162767/220398 (executing program) 2022/10/03 18:42:17 fetching corpus: 3100, signal 164367/222309 (executing program) 2022/10/03 18:42:17 fetching corpus: 3150, signal 165168/223687 (executing program) 2022/10/03 18:42:17 fetching corpus: 3200, signal 165916/225028 (executing program) 2022/10/03 18:42:17 fetching corpus: 3250, signal 166848/226452 (executing program) 2022/10/03 18:42:17 fetching corpus: 3300, signal 168304/228169 (executing program) 2022/10/03 18:42:17 fetching corpus: 3350, signal 169349/229650 (executing program) 2022/10/03 18:42:18 fetching corpus: 3400, signal 170401/231179 (executing program) 2022/10/03 18:42:18 fetching corpus: 3450, signal 171190/232522 (executing program) 2022/10/03 18:42:18 fetching corpus: 3500, signal 172279/234083 (executing program) 2022/10/03 18:42:18 fetching corpus: 3550, signal 173196/235412 (executing program) 2022/10/03 18:42:18 fetching corpus: 3600, signal 174143/236772 (executing program) 2022/10/03 18:42:18 fetching corpus: 3650, signal 174749/237981 (executing program) 2022/10/03 18:42:18 fetching corpus: 3700, signal 176151/239544 (executing program) 2022/10/03 18:42:18 fetching corpus: 3750, signal 176705/240681 (executing program) 2022/10/03 18:42:19 fetching corpus: 3800, signal 177814/242079 (executing program) 2022/10/03 18:42:19 fetching corpus: 3850, signal 178234/243133 (executing program) 2022/10/03 18:42:19 fetching corpus: 3900, signal 178981/244368 (executing program) 2022/10/03 18:42:19 fetching corpus: 3950, signal 179820/245592 (executing program) 2022/10/03 18:42:19 fetching corpus: 4000, signal 180346/246693 (executing program) 2022/10/03 18:42:19 fetching corpus: 4050, signal 181364/247992 (executing program) 2022/10/03 18:42:19 fetching corpus: 4100, signal 181931/249030 (executing program) 2022/10/03 18:42:19 fetching corpus: 4150, signal 183317/250535 (executing program) 2022/10/03 18:42:20 fetching corpus: 4200, signal 184758/252030 (executing program) 2022/10/03 18:42:20 fetching corpus: 4250, signal 185380/253121 (executing program) 2022/10/03 18:42:20 fetching corpus: 4300, signal 186022/254209 (executing program) 2022/10/03 18:42:20 fetching corpus: 4350, signal 186548/255236 (executing program) 2022/10/03 18:42:20 fetching corpus: 4400, signal 187136/256320 (executing program) 2022/10/03 18:42:20 fetching corpus: 4450, signal 187708/257338 (executing program) 2022/10/03 18:42:20 fetching corpus: 4500, signal 188217/258353 (executing program) 2022/10/03 18:42:20 fetching corpus: 4550, signal 189100/259568 (executing program) 2022/10/03 18:42:21 fetching corpus: 4600, signal 190078/260735 (executing program) 2022/10/03 18:42:21 fetching corpus: 4650, signal 190762/261789 (executing program) 2022/10/03 18:42:21 fetching corpus: 4700, signal 191239/262721 (executing program) 2022/10/03 18:42:21 fetching corpus: 4750, signal 191771/263673 (executing program) 2022/10/03 18:42:21 fetching corpus: 4800, signal 192367/264694 (executing program) 2022/10/03 18:42:21 fetching corpus: 4850, signal 193157/265765 (executing program) 2022/10/03 18:42:21 fetching corpus: 4900, signal 193567/266672 (executing program) 2022/10/03 18:42:21 fetching corpus: 4950, signal 194194/267675 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/268586 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/269320 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/270070 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/270791 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/271538 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/272269 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/273016 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/273728 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/274498 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/275246 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/276012 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/276771 (executing program) 2022/10/03 18:42:21 fetching corpus: 5000, signal 194783/277522 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/278235 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/278990 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/279736 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/280487 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/281207 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/281887 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/282633 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/283376 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/284127 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/284854 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/285607 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/286369 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/287089 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/287848 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/288617 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/289339 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/290081 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/290808 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/291555 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/292275 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/293026 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/293784 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/294525 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/295248 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/296040 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/296820 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/297563 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/298296 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/299062 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/299822 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/300557 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/301298 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/302058 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/302813 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/303549 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/304258 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/304962 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/305666 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/306414 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/307126 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/307168 (executing program) 2022/10/03 18:42:22 fetching corpus: 5000, signal 194783/307168 (executing program) 2022/10/03 18:42:25 starting 8 fuzzer processes 18:42:25 executing program 0: sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x1cc, 0x0, 0x100, 0x70bd28, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}]}, 0x1cc}, 0x1, 0x0, 0x0, 0x20000880}, 0x20008800) r0 = signalfd4(0xffffffffffffffff, &(0x7f00000002c0)={[0x2]}, 0x8, 0x0) sendmsg$NL80211_CMD_SET_WDS_PEER(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x38, 0x0, 0x8, 0x70bd25, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x800, 0x43}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, 0x0, 0x2, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0x16}, @void, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000540), r0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000680)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000580)={0x84, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xa5af}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xbc}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x80000000}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000800) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f00000006c0)={0x4}) epoll_pwait(r0, &(0x7f0000000700)=[{}, {}, {}, {}, {}, {}], 0x6, 0x3, &(0x7f0000000780)={[0x7f]}, 0x8) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x3c, r2, 0x2, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8001}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000800) r3 = signalfd4(r0, &(0x7f0000000900), 0x8, 0x80000) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000980), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x2c, r4, 0x0, 0x70bd27, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000040}, 0x80) signalfd4(r0, &(0x7f0000000a80)={[0x7]}, 0x8, 0x80000) r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000ac0)={[0xfffffffffffffff8]}, 0x8, 0x80800) sendmsg$NFNL_MSG_ACCT_GET(r5, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b40)={0x90, 0x1, 0x7, 0x5, 0x0, 0x0, {0xc}, [@NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_FILTER={0x14, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xfffff801}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x6}]}, @NFACCT_FILTER={0x54, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3bd}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x9}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xffff}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x28a}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3ff}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x5}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x80000000}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xfffffffc}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x20004}, 0x1) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f0000000c80), r6) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000d00)={r6, 0xffffffffffff8000, 0x5, 0x1}) sendmsg$IPVS_CMD_GET_DAEMON(r7, &(0x7f0000000e80)={&(0x7f0000000d40), 0xc, &(0x7f0000000e40)={&(0x7f0000000d80)={0xb8, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7fff}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@remote}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1f}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x58}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x4}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xffffff00}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x7f}]}, @IPVS_CMD_ATTR_DEST={0x50, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7f}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DEST_ATTR_INACT_CONNS={0x8}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x7}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x840}, 0x20008804) 18:42:25 executing program 1: ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000000)=0x5) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'batadv_slave_0\x00'}) ioctl$sock_inet_SIOCGIFADDR(0xffffffffffffffff, 0x8915, &(0x7f0000000080)={'\x00', {0x2, 0x0, @multicast1}}) r0 = accept4$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs, &(0x7f0000000140)=0x6e, 0x100800) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) ioctl$VFAT_IOCTL_READDIR_SHORT(0xffffffffffffffff, 0x82307202, &(0x7f00000001c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) r1 = open_tree(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0x80100) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000440)={0x64ec, {{0xa, 0x4e22, 0xffff, @remote, 0x7}}, 0x1, 0x5, [{{0xa, 0x4e23, 0x7fff, @mcast1, 0x6}}, {{0xa, 0x4e22, 0x40, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}}, {{0xa, 0x4e24, 0x2, @mcast1, 0x9}}, {{0xa, 0x4e21, 0x6, @loopback, 0x40}}, {{0xa, 0x4e20, 0x2, @dev={0xfe, 0x80, '\x00', 0xf}, 0x10001}}]}, 0x310) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000780)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r1) sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x2c, r2, 0x400, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x6}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x4008001) r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000980), 0x7e800e278e3e2880, 0x0) mount$9p_fd(0x0, &(0x7f0000000900)='./file0\x00', &(0x7f0000000940), 0x100a40a, &(0x7f00000009c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@mmap}, {@mmap}, {@mmap}, {@afid={'afid', 0x3d, 0x3}}, {@cache_fscache}], [{@fowner_lt={'fowner<', 0xee00}}]}}) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000a80)={0x9, {{0xa, 0x4e20, 0x4, @local, 0x7f}}, 0x0, 0x5, [{{0xa, 0x4e23, 0x800, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}}, {{0xa, 0x4e22, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7}}, {{0xa, 0x4e20, 0x100, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}}, {{0xa, 0x4e24, 0x1c12c563, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x7}}, {{0xa, 0x4e23, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xff}}]}, 0x310) setsockopt$sock_void(r0, 0x1, 0x24, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), r3) sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000dc0), 0xc, &(0x7f0000000e80)={&(0x7f0000000e40)={0x24, r4, 0x300, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x80}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x6a}]}, 0x24}}, 0x4080) r5 = memfd_secret(0x80000) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000f00)={r3, 0x100000001, 0x2, 0x1b1}) pidfd_getfd(r5, r6, 0x0) 18:42:25 executing program 2: setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000000), 0x4) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/rfkill', 0x400000, 0x2) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000080), 0x4) r1 = openat$sr(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) r2 = accept4$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000140)=0x1c, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r2, 0x29, 0x2d, &(0x7f0000000180)={0x6, {{0xa, 0x4e23, 0x9, @loopback, 0x7}}}, 0x88) ioctl$BTRFS_IOC_QGROUP_LIMIT(r1, 0x8030942b, &(0x7f0000000240)={0x6, {0x8, 0x465f, 0x100000001, 0x1, 0x80}}) r3 = socket$inet6_icmp(0xa, 0x2, 0x3a) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000280)={{{@in6=@local, @in6=@private2}}, {{@in6=@initdev}, 0x0, @in6=@private0}}, &(0x7f0000000380)=0xe8) accept4$packet(r1, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000400)=0x14, 0x80000) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000440)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', r4}, 0x14) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000480)={0x0, @empty, @remote}, &(0x7f00000004c0)=0xc) connect$inet6(r1, &(0x7f0000000500)={0xa, 0x4e22, 0x9, @remote, 0x8053}, 0x1c) ioctl$CDROMPAUSE(r1, 0x5301) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f0000000540)="7f6b0aadd893fa85106a3034b39d21ef34a7ffbece2dbec0833d19c4eed240de53dc20c49dc16048c6f199f7c4d87ad832847e9c7f4f082c621c3b72739481eb5f20548045fb282422596853c59e40144adee139ac81acb65ffdd354c178821c3f58335f06548ab4f64de5e16db2a1853bcafb08b6983e5380e5c4ff9c400819cd79b67284066b4a8d5544fda2bc6e2a25aa0e74b7eb7f9e6aa5116c77c110531afd51f5caeb7ca0001fa4b67ee70a7b99529f63768796e4475e62a070d053b1e485e5b1da1ea78a04e203f0b26b20422794fe0a45bb52e6acffd9c51b4b6afc17ec3f320632b8fecb96c4d7bf84ad6bf460bc2e90477ec9fc116d9b39157cab") ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000640)={0xb6, 0x3f, 0x0, 0x4}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f0000000680)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x8}}, './file0\x00'}) open_by_handle_at(r5, &(0x7f00000006c0)=@reiserfs_2={0x8, 0x2, {0x3, 0x8}}, 0x14040) connect$inet6(r1, &(0x7f0000000700)={0xa, 0x4e21, 0x5, @mcast1, 0x2}, 0x1c) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(0xffffffffffffffff, 0x80089419, &(0x7f0000000740)) 18:42:25 executing program 3: arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) arch_prctl$ARCH_GET_CPUID(0x1011) 18:42:25 executing program 6: sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2408a47ba4a51c22}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x0, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xfcbb}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4048000}, 0x4000000) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40084}, 0xc800) sendmsg$AUDIT_ADD_RULE(r0, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000006c0)={&(0x7f0000000280)={0x424, 0x3f3, 0x200, 0x70bd25, 0x25dfdbfb, {0x1, 0x0, 0x13, [0xc25c, 0x7f, 0x9, 0x7, 0xe8a, 0x80000001, 0x2, 0x48e00, 0x6, 0x401, 0x64fb, 0x10001, 0x1, 0x1000, 0x3, 0x7, 0x4, 0x9, 0x7fff, 0xffffffe0, 0x4, 0x49d, 0x80, 0x5, 0x1, 0x8000, 0x0, 0xfffffffa, 0x4, 0x4, 0x4, 0x0, 0x9, 0x2, 0x8, 0x2, 0x8, 0x870, 0x8492, 0xbaa, 0x7, 0x2, 0x1, 0x6, 0x10000, 0x401, 0x80, 0x40, 0x400, 0x9, 0xffffffff, 0x9d9, 0xfff, 0x8, 0xff, 0x80000000, 0x2, 0x0, 0x0, 0x101, 0x9, 0x3, 0x8, 0xb53], [0x5, 0xf2c, 0x4, 0x8000, 0x7fff, 0x80, 0x6, 0x4, 0x2, 0x10001, 0xfffffffd, 0xc3, 0x1, 0x3, 0x649, 0x3, 0x7, 0x3ff, 0x1ed, 0x5, 0x401, 0x1f, 0x400, 0xc000, 0x6, 0x2, 0xfffffffd, 0x8000, 0xaa, 0x8, 0x6, 0x9, 0x7, 0x4, 0x7, 0x6, 0x3ff, 0x7fff, 0x8, 0x7ff, 0x7, 0x6, 0x10000, 0xf580, 0x1000, 0x800, 0x1, 0x593, 0x5, 0x9, 0x1, 0x8b4db79c, 0x9, 0x982, 0x18e, 0x20, 0x80000001, 0x401, 0x8, 0x12abab11, 0x5, 0x1, 0xffffffff, 0x1], [0x1, 0x401000, 0x8, 0x7, 0x8001, 0x0, 0x5, 0x675fdbc4, 0x800, 0x30000, 0x15, 0x7fff, 0x3, 0x8, 0x5, 0x2, 0x1000, 0x5, 0x5, 0x8, 0xffffffb5, 0x8, 0x114, 0x6, 0x6, 0x4, 0x40, 0x8fa9, 0xe0000, 0x6, 0x6f, 0x6, 0x7, 0x1, 0xffffffff, 0x24, 0x20, 0x10000, 0x7fffffff, 0x1, 0xbc, 0x6, 0xfffff001, 0x10001, 0x3, 0x7, 0x1, 0x80000000, 0x3ff, 0x9, 0x96, 0x2, 0x101, 0xa200, 0x1, 0xcf2, 0x1, 0x8, 0x1f, 0x8, 0x7ff, 0x2, 0xfff, 0x2], [0x6, 0x9, 0x949, 0x40, 0x19ec, 0x0, 0xfffffff8, 0xe1, 0x0, 0xcea9, 0xca, 0x7, 0x2, 0x20, 0x10000, 0x1, 0x0, 0x5, 0x7fffffff, 0x3, 0x1, 0x5, 0x0, 0x3ff, 0x8, 0x400, 0x2, 0x4, 0x9, 0x2, 0x5, 0x44d, 0x5, 0x0, 0x8d, 0x1, 0x7, 0x1, 0x200, 0x1f, 0x4, 0x6, 0x67a, 0x5, 0x67, 0x7fff, 0xac, 0xfffff2c2, 0x4, 0x101, 0x9, 0x2, 0x2, 0xffff7fff, 0x7, 0x0, 0x1, 0xfffffe01, 0xa25, 0x1, 0x30ed, 0x7f, 0x2a, 0xfffffff8], 0x4, ['pci\x00']}, [""]}, 0x424}, 0x1, 0x0, 0x0, 0x40000}, 0x4) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x100) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000780)={'wpan3\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000007c0)={'wpan3\x00', 0x0}) sendmsg$IEEE802154_LLSEC_GETPARAMS(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x78, 0x0, 0x10, 0x70bd2d, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x20044001}, 0x0) r3 = accept4$unix(r0, 0x0, &(0x7f0000000900), 0x80800) ioctl$BTRFS_IOC_LOGICAL_INO(r3, 0xc0389424, &(0x7f00000009c0)={0x217a, 0x50, '\x00', 0x1, &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) pipe(&(0x7f0000000a00)={0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r4, 0xc018937a, &(0x7f0000000a40)={{0x1, 0x1, 0x18, r0, {0x40}}, './file0\x00'}) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000a80), 0xffffffffffffffff) r6 = accept4$bt_l2cap(r4, &(0x7f0000000ac0), &(0x7f0000000b00)=0xe, 0x800) fgetxattr(r6, &(0x7f0000000b40)=@random={'btrfs.', 'wpan4\x00'}, &(0x7f0000000b80)=""/178, 0xb2) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000c80), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000d40)={&(0x7f0000000cc0)={0x4c, r7, 0x4, 0x70bd27, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x40080) sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000000e80)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000e00)={0x28, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40048c0}, 0xd78c0d90041fa56c) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r5, 0x8982, &(0x7f0000000ec0)={0x6, 'syzkaller0\x00', {0x1}, 0x6}) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f80)={0x24, 0x0, 0x400, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x8000) 18:42:25 executing program 4: r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan3\x00', 0x0}) sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r0, 0x2, 0x70bd27, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r1}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x24}}, 0xc0000) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x64, 0x0, 0x10, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_PAGE={0x5, 0x7, 0x12}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x12}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0xb}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x9}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x64}, 0x1, 0x0, 0x0, 0x40050}, 0x4) r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_MPATH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x40, 0x0, 0x10, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x20004801) syz_genetlink_get_family_id$nl802154(&(0x7f0000000440), 0xffffffffffffffff) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_SET_MACPARAMS(r4, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, r0, 0x20, 0x70bd27, 0x25dfdbfe, {}, [@IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x300}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4048010}, 0x4801) r5 = socket(0x0, 0x6, 0x9) sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f00000005c0)={0xa4, 0x1, 0x1, 0x305, 0x0, 0x0, {0x1}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x1002}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SYNPROXY={0x4c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x10000}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x7fff}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x3f}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x400}]}, @CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xe, 0x1, 'irc-20000\x00'}}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}, @CTA_LABELS={0x18, 0x16, 0x1, 0x0, [0x4, 0x1, 0x1f4, 0x80000001, 0x10000]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4040800}, 0x24000000) r6 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000740), r4) sendmsg$NLBL_CALIPSO_C_REMOVE(r4, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x4c, r6, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000081}, 0x41011) sendmsg$IEEE802154_ASSOCIATE_REQ(r4, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x4c, r0, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x13}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x1e}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x10}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20044800}, 0x40) sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000b00)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x4040}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a00)={0xb4, r3, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MLSCATLST={0x60, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4b0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x81b8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4335}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xadca}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x228d13a6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb610}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc6a6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8b82}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4ab7e48b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xfb3b}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x30, 0xc, 0x0, 0x1, [{0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3a536fd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4f794928}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x39c41c6a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa18a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf78a}]}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x24004000}, 0x20000000) syz_genetlink_get_family_id$nl802154(&(0x7f0000000b40), r4) r7 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000bc0), r4) sendmsg$NLBL_CALIPSO_C_REMOVE(r4, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x54, r7, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x54}, 0x1, 0x0, 0x0, 0x400080d}, 0xc850) sendmsg$NL802154_CMD_GET_SEC_KEY(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e00)={0x50, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000000}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x50}, 0x1, 0x0, 0x0, 0x4010}, 0x8000) [ 75.154016] audit: type=1400 audit(1664822545.517:6): avc: denied { execmem } for pid=288 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 18:42:25 executing program 5: sendmsg$NL80211_CMD_EXTERNAL_AUTH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x74, 0x0, 0x100, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x1a}, @NL80211_ATTR_PMKID={0x14, 0x55, "1d7c477c4e87b2062125da76cc60bb38"}, @NL80211_ATTR_BSSID={0xa, 0xf5, @random="8ed51f4db154"}, @NL80211_ATTR_PMKID={0x14, 0x55, "0a3bf94ef56b8bdf319c1a34a829f273"}, @NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac=@device_b}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x74}, 0x1, 0x0, 0x0, 0x4040000}, 0x85) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000140), 0x100, 0x0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x8800) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000500)={&(0x7f00000002c0)={0x204, 0x0, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9f0}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x800}]}, @TIPC_NLA_LINK={0xd4, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6af}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb35}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}]}]}, @TIPC_NLA_LINK={0xa0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1407}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x90}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}]}]}, 0x204}, 0x1, 0x0, 0x0, 0x40000000}, 0x4040) sendmsg$NL80211_CMD_SET_MAC_ACL(r0, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f00000005c0)={0x84, 0x0, 0x300, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x3, 0x7f}}}}, [@NL80211_ATTR_MAC_ADDRS={0x34, 0xa6, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa}]}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_MAC_ADDRS={0x10, 0xa6, 0x0, 0x1, [{0xa}]}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}]}, 0x84}, 0x1, 0x0, 0x0, 0x3}, 0x24000804) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000700)='attr/fscreate\x00') sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000840)={&(0x7f0000000780)={0xa0, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3000, 0x48}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x26}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xed2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x38}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1c}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xe9}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3ff}]]}, 0xa0}, 0x1, 0x0, 0x0, 0x4}, 0x800) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900), r0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x14, r2, 0x10, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x8004) sendmsg$IPVS_CMD_NEW_DEST(r1, &(0x7f0000000c40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000c00)={&(0x7f0000000a40)={0x190, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x5c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x41}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7c}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x30}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x19, 0x4}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7d}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x28, 0x4}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x78, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_macvtap\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1000}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x401}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010100}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'dummy0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2c}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xf56}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'rr\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}]}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x2}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge_slave_1\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0x190}, 0x1, 0x0, 0x0, 0x8001}, 0xc0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000d40)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x1c, 0x2, 0x6, 0x880, 0x0, 0x0, {0x2, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0xa1747533b5eac689}, 0x40044) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000d80)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x0, 0x0) sendmsg$NL80211_CMD_RADAR_DETECT(r3, &(0x7f0000000ec0)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e00)={0x58, r2, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8001, 0xa}}}}, [@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x11c}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x99e}]}, 0x58}, 0x1, 0x0, 0x0, 0x40800}, 0x20000004) r4 = socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x200000c, 0x10, r4, 0xfae0000) sendmsg$NFNL_MSG_CTHELPER_DEL(r0, &(0x7f0000001040)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001000)={&(0x7f0000000f40)={0x88, 0x2, 0x9, 0x201, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1b}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x14}, @NFCTH_TUPLE={0x20, 0x2, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xd0bb}}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x17}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x88}, 0x1, 0x0, 0x0, 0x80}, 0x5) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup2(r5, r3) r6 = openat(r1, &(0x7f00000010c0)='./file0\x00', 0x1c0, 0x62) syz_genetlink_get_family_id$nl80211(&(0x7f0000001080), r6) 18:42:25 executing program 7: sysfs$1(0x1, &(0x7f0000000000)='}\x00') sysfs$1(0x1, &(0x7f0000000040)='\x00') sysfs$1(0x1, &(0x7f0000000080)='}\x00') sysfs$1(0x1, &(0x7f00000000c0)='}\x00') sysfs$1(0x1, &(0x7f0000000100)=']/\x00') sysfs$1(0x1, &(0x7f0000000140)=']/\x00') sysfs$1(0x1, &(0x7f0000000180)='}\x00') sysfs$1(0x1, &(0x7f00000001c0)='\x00') sysfs$1(0x1, &(0x7f0000000200)='!%\x00') sysfs$1(0x1, &(0x7f0000000240)='!%\x00') sysfs$1(0x1, &(0x7f0000000280)='\x00') sysfs$1(0x1, &(0x7f00000002c0)='\x00') sysfs$1(0x1, &(0x7f0000000300)='Y/\x00') sysfs$1(0x1, &(0x7f0000000340)=']/\x00') sysfs$1(0x1, &(0x7f0000000380)='Y/\x00') sysfs$1(0x1, &(0x7f00000003c0)=']/\x00') sysfs$1(0x1, &(0x7f0000000400)='}\x00') sysfs$1(0x1, &(0x7f0000000440)='!\x00') sysfs$1(0x1, &(0x7f0000000480)='&%,&\x00') sysfs$1(0x1, &(0x7f00000004c0)='\x00') [ 76.508380] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.510371] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.511913] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.513979] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.515171] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.521218] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.522300] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.547606] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.549020] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.550703] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.552449] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.556229] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.557643] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 76.558812] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.559868] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.561242] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.563447] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.564481] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.565629] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.566800] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.567981] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 76.570624] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.572146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 76.574482] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 76.575730] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.579026] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.580324] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.580860] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 76.583937] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 76.584487] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.586568] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.588139] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.589207] Bluetooth: hci5: HCI_REQ-0x0c1a [ 76.590468] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 76.592628] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 76.594311] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.596227] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.597823] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 76.601425] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 76.603378] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 76.604867] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 76.610214] Bluetooth: hci7: HCI_REQ-0x0c1a [ 76.612872] Bluetooth: hci4: HCI_REQ-0x0c1a [ 76.614048] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.620842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.622523] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.624292] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 76.625735] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.627162] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.633611] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 76.646544] Bluetooth: hci3: HCI_REQ-0x0c1a [ 76.651583] Bluetooth: hci1: HCI_REQ-0x0c1a [ 76.663528] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 76.666707] Bluetooth: hci2: HCI_REQ-0x0c1a [ 76.694219] Bluetooth: hci6: HCI_REQ-0x0c1a [ 76.708796] Bluetooth: hci0: HCI_REQ-0x0c1a [ 78.629448] Bluetooth: hci7: command 0x0409 tx timeout [ 78.629463] Bluetooth: hci5: command 0x0409 tx timeout [ 78.693323] Bluetooth: hci3: command 0x0409 tx timeout [ 78.694006] Bluetooth: hci2: command 0x0409 tx timeout [ 78.694872] Bluetooth: hci4: command 0x0409 tx timeout [ 78.695509] Bluetooth: hci1: command 0x0409 tx timeout [ 78.757154] Bluetooth: hci6: command 0x0409 tx timeout [ 78.758208] Bluetooth: hci0: command 0x0409 tx timeout [ 80.677135] Bluetooth: hci5: command 0x041b tx timeout [ 80.677617] Bluetooth: hci7: command 0x041b tx timeout [ 80.741149] Bluetooth: hci1: command 0x041b tx timeout [ 80.741602] Bluetooth: hci4: command 0x041b tx timeout [ 80.741971] Bluetooth: hci2: command 0x041b tx timeout [ 80.742384] Bluetooth: hci3: command 0x041b tx timeout [ 80.806171] Bluetooth: hci0: command 0x041b tx timeout [ 80.806612] Bluetooth: hci6: command 0x041b tx timeout [ 82.726179] Bluetooth: hci7: command 0x040f tx timeout [ 82.726625] Bluetooth: hci5: command 0x040f tx timeout [ 82.789153] Bluetooth: hci3: command 0x040f tx timeout [ 82.789598] Bluetooth: hci2: command 0x040f tx timeout [ 82.789999] Bluetooth: hci4: command 0x040f tx timeout [ 82.790441] Bluetooth: hci1: command 0x040f tx timeout [ 82.853131] Bluetooth: hci6: command 0x040f tx timeout [ 82.853575] Bluetooth: hci0: command 0x040f tx timeout [ 84.773163] Bluetooth: hci5: command 0x0419 tx timeout [ 84.774040] Bluetooth: hci7: command 0x0419 tx timeout [ 84.837218] Bluetooth: hci1: command 0x0419 tx timeout [ 84.838045] Bluetooth: hci4: command 0x0419 tx timeout [ 84.839503] Bluetooth: hci2: command 0x0419 tx timeout [ 84.840278] Bluetooth: hci3: command 0x0419 tx timeout [ 84.901164] Bluetooth: hci0: command 0x0419 tx timeout [ 84.901964] Bluetooth: hci6: command 0x0419 tx timeout 18:43:20 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = dup(r1) setsockopt$inet_int(r2, 0x0, 0x32, &(0x7f0000000440)=0xae73, 0x4) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001000000180000007f0c3241e23866ff209c7509087479ed254619946605", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file1\x00']) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r3, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) [ 130.253320] audit: type=1400 audit(1664822600.617:7): avc: denied { open } for pid=3785 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 130.254863] audit: type=1400 audit(1664822600.617:8): avc: denied { kernel } for pid=3785 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 130.276954] ------------[ cut here ]------------ [ 130.276977] [ 130.276981] ====================================================== [ 130.276985] WARNING: possible circular locking dependency detected [ 130.276989] 6.0.0-rc7-next-20220930 #1 Not tainted [ 130.276997] ------------------------------------------------------ [ 130.277000] syz-executor.5/3786 is trying to acquire lock: [ 130.277007] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 130.277048] [ 130.277048] but task is already holding lock: [ 130.277051] ffff88800fcccc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 130.277081] [ 130.277081] which lock already depends on the new lock. [ 130.277081] [ 130.277084] [ 130.277084] the existing dependency chain (in reverse order) is: [ 130.277087] [ 130.277087] -> #3 (&ctx->lock){....}-{2:2}: [ 130.277101] _raw_spin_lock+0x2a/0x40 [ 130.277113] __perf_event_task_sched_out+0x53b/0x18d0 [ 130.277124] __schedule+0xedd/0x2470 [ 130.277138] schedule+0xda/0x1b0 [ 130.277152] exit_to_user_mode_prepare+0x114/0x1a0 [ 130.277164] syscall_exit_to_user_mode+0x19/0x40 [ 130.277178] do_syscall_64+0x48/0x90 [ 130.277195] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.277208] [ 130.277208] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 130.277221] _raw_spin_lock_nested+0x30/0x40 [ 130.277232] raw_spin_rq_lock_nested+0x1e/0x30 [ 130.277245] task_fork_fair+0x63/0x4d0 [ 130.277262] sched_cgroup_fork+0x3d0/0x540 [ 130.277276] copy_process+0x4183/0x6e20 [ 130.277287] kernel_clone+0xe7/0x890 [ 130.277297] user_mode_thread+0xad/0xf0 [ 130.277307] rest_init+0x24/0x250 [ 130.277319] arch_call_rest_init+0xf/0x14 [ 130.277337] start_kernel+0x4c6/0x4eb [ 130.277352] secondary_startup_64_no_verify+0xe0/0xeb [ 130.277366] [ 130.277366] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 130.277379] _raw_spin_lock_irqsave+0x39/0x60 [ 130.277390] try_to_wake_up+0xab/0x1930 [ 130.277403] up+0x75/0xb0 [ 130.277417] __up_console_sem+0x6e/0x80 [ 130.277433] console_unlock+0x46a/0x590 [ 130.277449] do_con_write+0xc05/0x1d50 [ 130.277460] con_write+0x21/0x40 [ 130.277469] n_tty_write+0x4d4/0xfe0 [ 130.277481] file_tty_write.constprop.0+0x455/0x8a0 [ 130.277493] vfs_write+0x9c3/0xd90 [ 130.277509] ksys_write+0x127/0x250 [ 130.277525] do_syscall_64+0x3b/0x90 [ 130.277541] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.277554] [ 130.277554] -> #0 ((console_sem).lock){....}-{2:2}: [ 130.277567] __lock_acquire+0x2a02/0x5e70 [ 130.277584] lock_acquire+0x1a2/0x530 [ 130.277600] _raw_spin_lock_irqsave+0x39/0x60 [ 130.277611] down_trylock+0xe/0x70 [ 130.277626] __down_trylock_console_sem+0x3b/0xd0 [ 130.277641] vprintk_emit+0x16b/0x560 [ 130.277657] vprintk+0x84/0xa0 [ 130.277673] _printk+0xba/0xf1 [ 130.277685] report_bug.cold+0x72/0xab [ 130.277700] handle_bug+0x3c/0x70 [ 130.277717] exc_invalid_op+0x14/0x50 [ 130.277733] asm_exc_invalid_op+0x16/0x20 [ 130.277745] group_sched_out.part.0+0x2c7/0x460 [ 130.277763] ctx_sched_out+0x8f1/0xc10 [ 130.277780] __perf_event_task_sched_out+0x6d0/0x18d0 [ 130.277791] __schedule+0xedd/0x2470 [ 130.277804] schedule+0xda/0x1b0 [ 130.277817] exit_to_user_mode_prepare+0x114/0x1a0 [ 130.277828] syscall_exit_to_user_mode+0x19/0x40 [ 130.277840] do_syscall_64+0x48/0x90 [ 130.277857] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.277869] [ 130.277869] other info that might help us debug this: [ 130.277869] [ 130.277872] Chain exists of: [ 130.277872] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 130.277872] [ 130.277886] Possible unsafe locking scenario: [ 130.277886] [ 130.277889] CPU0 CPU1 [ 130.277891] ---- ---- [ 130.277893] lock(&ctx->lock); [ 130.277899] lock(&rq->__lock); [ 130.277906] lock(&ctx->lock); [ 130.277912] lock((console_sem).lock); [ 130.277917] [ 130.277917] *** DEADLOCK *** [ 130.277917] [ 130.277919] 2 locks held by syz-executor.5/3786: [ 130.277926] #0: ffff88806ce37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 130.277955] #1: ffff88800fcccc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 130.277981] [ 130.277981] stack backtrace: [ 130.277984] CPU: 0 PID: 3786 Comm: syz-executor.5 Not tainted 6.0.0-rc7-next-20220930 #1 [ 130.277996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 130.278004] Call Trace: [ 130.278008] [ 130.278012] dump_stack_lvl+0x8b/0xb3 [ 130.278030] check_noncircular+0x263/0x2e0 [ 130.278047] ? format_decode+0x26c/0xb50 [ 130.278063] ? print_circular_bug+0x450/0x450 [ 130.278080] ? simple_strtoul+0x30/0x30 [ 130.278096] ? format_decode+0x26c/0xb50 [ 130.278113] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 130.278130] __lock_acquire+0x2a02/0x5e70 [ 130.278151] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 130.278173] lock_acquire+0x1a2/0x530 [ 130.278190] ? down_trylock+0xe/0x70 [ 130.278207] ? lock_release+0x750/0x750 [ 130.278227] ? vprintk+0x84/0xa0 [ 130.278244] _raw_spin_lock_irqsave+0x39/0x60 [ 130.278256] ? down_trylock+0xe/0x70 [ 130.278272] down_trylock+0xe/0x70 [ 130.278287] ? vprintk+0x84/0xa0 [ 130.278304] __down_trylock_console_sem+0x3b/0xd0 [ 130.278321] vprintk_emit+0x16b/0x560 [ 130.278339] vprintk+0x84/0xa0 [ 130.278356] _printk+0xba/0xf1 [ 130.278368] ? record_print_text.cold+0x16/0x16 [ 130.278383] ? report_bug.cold+0x66/0xab [ 130.278401] ? group_sched_out.part.0+0x2c7/0x460 [ 130.278419] report_bug.cold+0x72/0xab [ 130.278438] handle_bug+0x3c/0x70 [ 130.278455] exc_invalid_op+0x14/0x50 [ 130.278473] asm_exc_invalid_op+0x16/0x20 [ 130.278485] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 130.278506] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 130.278517] RSP: 0018:ffff8880201a7c48 EFLAGS: 00010006 [ 130.278526] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 130.278534] RDX: ffff88801dca0000 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 130.278542] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 130.278549] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88800fcccc00 [ 130.278557] R13: ffff88806ce3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 130.278567] ? group_sched_out.part.0+0x2c7/0x460 [ 130.278587] ? group_sched_out.part.0+0x2c7/0x460 [ 130.278607] ctx_sched_out+0x8f1/0xc10 [ 130.278626] __perf_event_task_sched_out+0x6d0/0x18d0 [ 130.278640] ? lock_is_held_type+0xd7/0x130 [ 130.278654] ? __perf_cgroup_move+0x160/0x160 [ 130.278664] ? set_next_entity+0x304/0x550 [ 130.278682] ? update_curr+0x267/0x740 [ 130.278700] ? lock_is_held_type+0xd7/0x130 [ 130.278714] __schedule+0xedd/0x2470 [ 130.278730] ? io_schedule_timeout+0x150/0x150 [ 130.278747] ? rcu_read_lock_sched_held+0x3e/0x80 [ 130.278768] schedule+0xda/0x1b0 [ 130.278782] exit_to_user_mode_prepare+0x114/0x1a0 [ 130.278794] syscall_exit_to_user_mode+0x19/0x40 [ 130.278808] do_syscall_64+0x48/0x90 [ 130.278825] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.278838] RIP: 0033:0x7fce106dab19 [ 130.278847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 130.278857] RSP: 002b:00007fce0dc50218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 130.278868] RAX: 0000000000000001 RBX: 00007fce107edf68 RCX: 00007fce106dab19 [ 130.278875] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fce107edf6c [ 130.278883] RBP: 00007fce107edf60 R08: 000000000000000e R09: 0000000000000000 [ 130.278890] R10: 0000000000000007 R11: 0000000000000246 R12: 00007fce107edf6c [ 130.278897] R13: 00007fff8d37c14f R14: 00007fce0dc50300 R15: 0000000000022000 [ 130.278909] [ 130.335581] WARNING: CPU: 0 PID: 3786 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 130.336302] Modules linked in: [ 130.336551] CPU: 0 PID: 3786 Comm: syz-executor.5 Not tainted 6.0.0-rc7-next-20220930 #1 [ 130.337166] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 130.338001] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 130.338406] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 130.339786] RSP: 0018:ffff8880201a7c48 EFLAGS: 00010006 [ 130.340198] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 130.340744] RDX: ffff88801dca0000 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 130.341299] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 130.341836] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88800fcccc00 [ 130.342373] R13: ffff88806ce3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 130.342914] FS: 00007fce0dc50700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 130.343520] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.343985] CR2: 00007fa5ee227368 CR3: 000000002005e000 CR4: 0000000000350ef0 [ 130.344542] Call Trace: [ 130.344742] [ 130.344914] ctx_sched_out+0x8f1/0xc10 [ 130.345220] __perf_event_task_sched_out+0x6d0/0x18d0 [ 130.345604] ? lock_is_held_type+0xd7/0x130 [ 130.345930] ? __perf_cgroup_move+0x160/0x160 [ 130.346263] ? set_next_entity+0x304/0x550 [ 130.346594] ? update_curr+0x267/0x740 [ 130.346899] ? lock_is_held_type+0xd7/0x130 [ 130.347222] __schedule+0xedd/0x2470 [ 130.347514] ? io_schedule_timeout+0x150/0x150 [ 130.347862] ? rcu_read_lock_sched_held+0x3e/0x80 [ 130.348242] schedule+0xda/0x1b0 [ 130.348509] exit_to_user_mode_prepare+0x114/0x1a0 [ 130.348880] syscall_exit_to_user_mode+0x19/0x40 [ 130.349248] do_syscall_64+0x48/0x90 [ 130.349535] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.349916] RIP: 0033:0x7fce106dab19 [ 130.350194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 130.351528] RSP: 002b:00007fce0dc50218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 130.352093] RAX: 0000000000000001 RBX: 00007fce107edf68 RCX: 00007fce106dab19 [ 130.352622] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fce107edf6c [ 130.353148] RBP: 00007fce107edf60 R08: 000000000000000e R09: 0000000000000000 [ 130.353682] R10: 0000000000000007 R11: 0000000000000246 R12: 00007fce107edf6c [ 130.354217] R13: 00007fff8d37c14f R14: 00007fce0dc50300 R15: 0000000000022000 [ 130.354754] [ 130.354932] irq event stamp: 1604 [ 130.355185] hardirqs last enabled at (1603): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 130.355874] hardirqs last disabled at (1604): [] __schedule+0x1225/0x2470 [ 130.356500] softirqs last enabled at (1460): [] __irq_exit_rcu+0x11b/0x180 [ 130.357126] softirqs last disabled at (1451): [] __irq_exit_rcu+0x11b/0x180 [ 130.357758] ---[ end trace 0000000000000000 ]--- [ 130.760741] syz-executor.5 (3786) used greatest stack depth: 24344 bytes left 18:43:21 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = dup(r1) setsockopt$inet_int(r2, 0x0, 0x32, &(0x7f0000000440)=0xae73, 0x4) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001000000180000007f0c3241e23866ff209c7509087479ed254619946605", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file1\x00']) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r3, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) [ 131.240072] hrtimer: interrupt took 19366 ns 18:43:21 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = dup(r1) setsockopt$inet_int(r2, 0x0, 0x32, &(0x7f0000000440)=0xae73, 0x4) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001000000180000007f0c3241e23866ff209c7509087479ed254619946605", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file1\x00']) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r3, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) 18:43:21 executing program 6: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/keycreate\x00', 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="1bf7ff000000000200e61f"], 0x1c}}, 0x0) readv(r1, &(0x7f0000001440)=[{&(0x7f0000000240)=""/222, 0xde}], 0x1) ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f0000000080)={0x0, 0x800, 0x0, [0x3f, 0x1, 0x8, 0xff, 0xffffffff80d894d4], [0x3, 0x100000001, 0x84e, 0x5d83, 0xfffffffffffffffc, 0x1, 0x4, 0x7, 0x7fff, 0x2, 0x6, 0x7, 0x2e, 0x1, 0x2, 0x5, 0x6e8b, 0x6, 0x1, 0x8, 0x2, 0x9, 0x0, 0x60, 0xfff, 0x3, 0x5, 0x60, 0x5, 0x8, 0x10001, 0x0, 0xfffffffffffffffb, 0x3f, 0x6, 0x100000001, 0xfff, 0x2, 0x6, 0x1de, 0x7fff, 0x29, 0x101, 0x200, 0x9, 0x9, 0xff, 0xfa, 0x400, 0x1e, 0x4, 0xb3, 0x28e4, 0xffffffffffffff00, 0x5, 0x1, 0xe8, 0x3ff, 0x6, 0x3f, 0xa800000000000000, 0x1, 0x7, 0xc1, 0x90f, 0xfffffffffffff801, 0x4faa, 0x2, 0x9, 0x8337, 0x1000, 0xffffffffffffff2b, 0x6, 0x8, 0x100000001, 0xbe7, 0x9, 0x0, 0x6, 0x8, 0x7ff, 0x0, 0x7928, 0x15, 0x1, 0x3ff, 0x0, 0x2d, 0x1f, 0x27d, 0x9, 0x3, 0x8, 0x0, 0x0, 0x6, 0x5, 0x4, 0x1f, 0x4, 0x5, 0x9, 0x3, 0x3f, 0x7, 0x2, 0x100000000, 0xfffffffffffffffa, 0xab86, 0x7c, 0x3, 0x100000001, 0x0, 0x6, 0x1, 0x10001, 0x1, 0x1f, 0x6, 0x348d, 0x80]}) write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:sendmail_exec_t:s0\x00', 0x25) [ 131.506498] audit: type=1400 audit(1664822601.870:9): avc: denied { create } for pid=3884 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=key permissive=1 18:43:21 executing program 3: r0 = msgget$private(0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="1bf7ff000000000200e61f"], 0x1c}}, 0x0) readv(r1, &(0x7f0000001440)=[{&(0x7f0000000240)=""/222, 0xde}], 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="1bf7ff000000000200e61f"], 0x1c}}, 0x0) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='3', @ANYRES64=r1, @ANYRES64], 0xdd, 0x0) msgrcv(r0, 0x0, 0x0, 0x2, 0x3800) 18:43:21 executing program 6: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7dff0000}]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000024c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x18}}], 0x2, 0x0) lstat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000380)={0x0}, &(0x7f0000000480)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@broadcast, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}}}, &(0x7f00000005c0)=0xe8) r5 = perf_event_open(&(0x7f0000000700)={0x0, 0x80, 0x83, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x42000, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000180)=ANY=[@ANYRES32=r9, @ANYRES32=r5, @ANYRES32=r8, @ANYRESHEX=r7, @ANYRES64, @ANYRESOCT, @ANYRES64=r6, @ANYRES32, @ANYRESOCT]) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r10, 0x0) r11 = getpgid(0xffffffffffffffff) r12 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, r12}, './file0\x00'}) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x7fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x7, 0x7, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r11, 0xe, r12, 0x2) sendmsg$unix(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000000c0)=[{&(0x7f0000000140)="4b96c1bbb25f2c618291b40d812a915d026df85b56c54e06a0f1630baa311b91b42c8db75abc851bea1fa8af0fd8ddec29b72df6c7045eb204a8b130ba209605cde276f36e36dc91bcf3eea886a21ff87eb74a8c08c6e15c7c26735efcd9cc44084a4216d0b661d0198048493633431d1b8c24478d3b8fb9d57ec3b23b3a040815382124d2fa5882ebacd85481661966879bbf2984dcf9cc2025659cb6b88b56da47c2cc5d44cc10350484db3742befe83d01639765348f9263fa9eccc7881526f68bb8c86bd1382fd8db6a8c768d796be0bad09bbaf71dad8abf2dbb18d6df010ac608485dd293747943ad49171e1", 0xef}, {&(0x7f0000000240)="09dde1bdaf84fe910c810968ce30604bbf4740715d9038a8493c5afa1d8d16ba4dffa750814d95a9482e68f5c395c64aed707d13c076c020e69d7e6524a677d45fa94d712d1ad39be0d2b32e1b8356a75f65", 0x52}, {&(0x7f00000002c0)="b1396fc65c435b225992c424019aea43d4bee957b30cf1440fa3055d1be4f9ab5dad2908cc2b7291b365d53b019e39780fccaa9367174392774cd36b2bfe077caf8a9bafee7c7fb7232a89fb757e199490f76674cb93643d08c56c7dc0cd9890980187", 0x63}], 0x3, &(0x7f0000000600)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff, r2}}}, @cred={{0x1c, 0x1, 0x2, {r3, r4, r9}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r10, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @cred={{0x1c, 0x1, 0x2, {r11, 0xee00, 0xee00}}}], 0x98, 0x20000000}, 0x4044000) syncfs(r1) [ 131.633656] audit: type=1326 audit(1664822601.997:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3896 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1be6e3fb19 code=0x7dff0000 18:43:22 executing program 3: r0 = msgget$private(0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="1bf7ff000000000200e61f"], 0x1c}}, 0x0) readv(r1, &(0x7f0000001440)=[{&(0x7f0000000240)=""/222, 0xde}], 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="1bf7ff000000000200e61f"], 0x1c}}, 0x0) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='3', @ANYRES64=r1, @ANYRES64], 0xdd, 0x0) msgrcv(r0, 0x0, 0x0, 0x2, 0x3800) 18:43:22 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x81) VM DIAGNOSIS: 18:43:20 Registers: info registers vcpu 0 RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823bb0f1 RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff8880201a7690 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000035 R11=0000000000000001 R12=0000000000000035 R13=ffffffff8765a960 R14=0000000000000010 R15=ffffffff823bb0e0 RIP=ffffffff823bb149 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fce0dc50700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa5ee227368 CR3=000000002005e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fce107c17c0 00007fce107c17c8 YMM02=0000000000000000 0000000000000000 00007fce107c17e0 00007fce107c17c0 YMM03=0000000000000000 0000000000000000 00007fce107c17c8 00007fce107c17c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=ffffed100d9e7b24 RBX=0000000000000001 RCX=ffff88806cf3d8c0 RDX=0000000000000000 RSI=0000000000000001 RDI=ffff88806cf3d90c RBP=ffff88807ffdc980 RSP=ffff8880200b7a38 R8 =0000000000000000 R9 =ffffffff85b06ed7 R10=fffffbfff0b60dda R11=0000000000000001 R12=0000000000000001 R13=dffffc0000000000 R14=ffff88806cf3d8d0 R15=ffff88807ffdc500 RIP=ffffffff8170edde RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd512653540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd512b09018 CR3=000000000eb24000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffff00ffffffffff ffffffffffff00ff YMM02=0000000000000000 0000000000000000 4c4700362e322e32 5f4342494c470035 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000470035 YMM04=0000000000000000 0000000000000000 4342494c4700362e 322e325f4342494c YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000