Warning: Permanently added '[localhost]:31820' (ECDSA) to the list of known hosts. 2022/10/05 22:18:48 fuzzer started 2022/10/05 22:18:49 dialing manager at localhost:37193 syzkaller login: [ 40.671783] cgroup: Unknown subsys name 'net' [ 40.764065] cgroup: Unknown subsys name 'rlimit' 2022/10/05 22:19:03 syscalls: 2215 2022/10/05 22:19:03 code coverage: enabled 2022/10/05 22:19:03 comparison tracing: enabled 2022/10/05 22:19:03 extra coverage: enabled 2022/10/05 22:19:03 setuid sandbox: enabled 2022/10/05 22:19:03 namespace sandbox: enabled 2022/10/05 22:19:03 Android sandbox: enabled 2022/10/05 22:19:03 fault injection: enabled 2022/10/05 22:19:03 leak checking: enabled 2022/10/05 22:19:03 net packet injection: enabled 2022/10/05 22:19:03 net device setup: enabled 2022/10/05 22:19:03 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/05 22:19:03 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/05 22:19:03 USB emulation: enabled 2022/10/05 22:19:03 hci packet injection: enabled 2022/10/05 22:19:03 wifi device emulation: failed to parse kernel version (6.0.0-next-20221005) 2022/10/05 22:19:03 802.15.4 emulation: enabled 2022/10/05 22:19:03 fetching corpus: 50, signal 30889/32598 (executing program) 2022/10/05 22:19:04 fetching corpus: 100, signal 43172/46348 (executing program) 2022/10/05 22:19:04 fetching corpus: 150, signal 48659/53186 (executing program) 2022/10/05 22:19:04 fetching corpus: 200, signal 56626/62402 (executing program) 2022/10/05 22:19:04 fetching corpus: 250, signal 60874/67908 (executing program) 2022/10/05 22:19:04 fetching corpus: 300, signal 64055/72280 (executing program) 2022/10/05 22:19:04 fetching corpus: 350, signal 67148/76539 (executing program) 2022/10/05 22:19:04 fetching corpus: 400, signal 70917/81368 (executing program) 2022/10/05 22:19:04 fetching corpus: 450, signal 73262/84833 (executing program) 2022/10/05 22:19:04 fetching corpus: 500, signal 77690/90087 (executing program) 2022/10/05 22:19:04 fetching corpus: 550, signal 80143/93504 (executing program) 2022/10/05 22:19:05 fetching corpus: 600, signal 82479/96752 (executing program) 2022/10/05 22:19:05 fetching corpus: 650, signal 84185/99446 (executing program) 2022/10/05 22:19:05 fetching corpus: 700, signal 86560/102688 (executing program) 2022/10/05 22:19:05 fetching corpus: 750, signal 88807/105753 (executing program) 2022/10/05 22:19:05 fetching corpus: 800, signal 92968/110377 (executing program) 2022/10/05 22:19:05 fetching corpus: 850, signal 94754/112953 (executing program) 2022/10/05 22:19:05 fetching corpus: 900, signal 96511/115491 (executing program) 2022/10/05 22:19:05 fetching corpus: 950, signal 98267/117976 (executing program) 2022/10/05 22:19:05 fetching corpus: 1000, signal 99788/120216 (executing program) 2022/10/05 22:19:05 fetching corpus: 1050, signal 101695/122803 (executing program) 2022/10/05 22:19:05 fetching corpus: 1100, signal 103501/125210 (executing program) 2022/10/05 22:19:06 fetching corpus: 1150, signal 106991/128868 (executing program) 2022/10/05 22:19:06 fetching corpus: 1200, signal 108065/130663 (executing program) 2022/10/05 22:19:06 fetching corpus: 1250, signal 109590/132725 (executing program) 2022/10/05 22:19:06 fetching corpus: 1300, signal 111442/135008 (executing program) 2022/10/05 22:19:06 fetching corpus: 1350, signal 112790/136905 (executing program) 2022/10/05 22:19:06 fetching corpus: 1400, signal 115373/139668 (executing program) 2022/10/05 22:19:06 fetching corpus: 1450, signal 117077/141784 (executing program) 2022/10/05 22:19:06 fetching corpus: 1500, signal 119196/144159 (executing program) 2022/10/05 22:19:06 fetching corpus: 1550, signal 120836/146212 (executing program) 2022/10/05 22:19:06 fetching corpus: 1600, signal 122178/147978 (executing program) 2022/10/05 22:19:07 fetching corpus: 1650, signal 123849/149931 (executing program) 2022/10/05 22:19:07 fetching corpus: 1700, signal 125817/152035 (executing program) 2022/10/05 22:19:07 fetching corpus: 1750, signal 127229/153735 (executing program) 2022/10/05 22:19:07 fetching corpus: 1800, signal 129186/155804 (executing program) 2022/10/05 22:19:07 fetching corpus: 1850, signal 130962/157651 (executing program) 2022/10/05 22:19:07 fetching corpus: 1900, signal 131947/158959 (executing program) 2022/10/05 22:19:07 fetching corpus: 1950, signal 133383/160533 (executing program) 2022/10/05 22:19:07 fetching corpus: 2000, signal 134340/161803 (executing program) 2022/10/05 22:19:08 fetching corpus: 2050, signal 136029/163469 (executing program) 2022/10/05 22:19:08 fetching corpus: 2100, signal 136890/164651 (executing program) 2022/10/05 22:19:08 fetching corpus: 2150, signal 138264/166099 (executing program) 2022/10/05 22:19:08 fetching corpus: 2200, signal 140059/167716 (executing program) 2022/10/05 22:19:08 fetching corpus: 2250, signal 141638/169234 (executing program) 2022/10/05 22:19:08 fetching corpus: 2300, signal 142510/170288 (executing program) 2022/10/05 22:19:08 fetching corpus: 2350, signal 143574/171491 (executing program) 2022/10/05 22:19:08 fetching corpus: 2400, signal 144493/172610 (executing program) 2022/10/05 22:19:08 fetching corpus: 2450, signal 145287/173593 (executing program) 2022/10/05 22:19:08 fetching corpus: 2500, signal 145810/174451 (executing program) 2022/10/05 22:19:08 fetching corpus: 2550, signal 146443/175323 (executing program) 2022/10/05 22:19:09 fetching corpus: 2600, signal 147230/176267 (executing program) 2022/10/05 22:19:09 fetching corpus: 2650, signal 148960/177694 (executing program) 2022/10/05 22:19:09 fetching corpus: 2700, signal 150405/178892 (executing program) 2022/10/05 22:19:09 fetching corpus: 2750, signal 150875/179614 (executing program) 2022/10/05 22:19:09 fetching corpus: 2800, signal 151975/180600 (executing program) 2022/10/05 22:19:09 fetching corpus: 2850, signal 152866/181513 (executing program) 2022/10/05 22:19:09 fetching corpus: 2900, signal 153672/182396 (executing program) 2022/10/05 22:19:09 fetching corpus: 2950, signal 154620/183283 (executing program) 2022/10/05 22:19:09 fetching corpus: 3000, signal 156164/184447 (executing program) 2022/10/05 22:19:09 fetching corpus: 3050, signal 156793/185171 (executing program) 2022/10/05 22:19:10 fetching corpus: 3100, signal 157266/185830 (executing program) 2022/10/05 22:19:10 fetching corpus: 3150, signal 157522/186367 (executing program) 2022/10/05 22:19:10 fetching corpus: 3200, signal 158501/187211 (executing program) 2022/10/05 22:19:10 fetching corpus: 3250, signal 159428/188054 (executing program) 2022/10/05 22:19:10 fetching corpus: 3300, signal 160135/188766 (executing program) 2022/10/05 22:19:10 fetching corpus: 3350, signal 161062/189509 (executing program) 2022/10/05 22:19:10 fetching corpus: 3400, signal 161623/190116 (executing program) 2022/10/05 22:19:10 fetching corpus: 3450, signal 162368/190747 (executing program) 2022/10/05 22:19:10 fetching corpus: 3500, signal 162893/191317 (executing program) 2022/10/05 22:19:10 fetching corpus: 3550, signal 163512/191930 (executing program) 2022/10/05 22:19:11 fetching corpus: 3600, signal 164431/192652 (executing program) 2022/10/05 22:19:11 fetching corpus: 3650, signal 165496/193426 (executing program) 2022/10/05 22:19:11 fetching corpus: 3700, signal 165950/193950 (executing program) 2022/10/05 22:19:11 fetching corpus: 3750, signal 166543/194474 (executing program) 2022/10/05 22:19:11 fetching corpus: 3800, signal 167296/195021 (executing program) 2022/10/05 22:19:11 fetching corpus: 3850, signal 168320/195665 (executing program) 2022/10/05 22:19:11 fetching corpus: 3900, signal 168744/196104 (executing program) 2022/10/05 22:19:11 fetching corpus: 3950, signal 169472/196723 (executing program) 2022/10/05 22:19:11 fetching corpus: 4000, signal 170071/197228 (executing program) 2022/10/05 22:19:11 fetching corpus: 4050, signal 170837/197732 (executing program) 2022/10/05 22:19:12 fetching corpus: 4100, signal 171529/198210 (executing program) 2022/10/05 22:19:12 fetching corpus: 4150, signal 172167/198626 (executing program) 2022/10/05 22:19:12 fetching corpus: 4200, signal 172637/199038 (executing program) 2022/10/05 22:19:12 fetching corpus: 4250, signal 173909/199589 (executing program) 2022/10/05 22:19:12 fetching corpus: 4300, signal 175470/200078 (executing program) 2022/10/05 22:19:12 fetching corpus: 4350, signal 175872/200407 (executing program) 2022/10/05 22:19:12 fetching corpus: 4400, signal 176360/200733 (executing program) 2022/10/05 22:19:12 fetching corpus: 4450, signal 176888/201112 (executing program) 2022/10/05 22:19:12 fetching corpus: 4500, signal 177749/201497 (executing program) 2022/10/05 22:19:13 fetching corpus: 4550, signal 178341/201790 (executing program) 2022/10/05 22:19:13 fetching corpus: 4600, signal 179098/202122 (executing program) 2022/10/05 22:19:13 fetching corpus: 4650, signal 180179/202455 (executing program) 2022/10/05 22:19:13 fetching corpus: 4700, signal 180709/202720 (executing program) 2022/10/05 22:19:13 fetching corpus: 4750, signal 181215/203012 (executing program) 2022/10/05 22:19:13 fetching corpus: 4800, signal 181546/203263 (executing program) 2022/10/05 22:19:13 fetching corpus: 4850, signal 182198/203487 (executing program) 2022/10/05 22:19:13 fetching corpus: 4900, signal 182689/203706 (executing program) 2022/10/05 22:19:13 fetching corpus: 4950, signal 183605/203995 (executing program) 2022/10/05 22:19:13 fetching corpus: 5000, signal 183872/204190 (executing program) 2022/10/05 22:19:14 fetching corpus: 5050, signal 184497/204410 (executing program) 2022/10/05 22:19:14 fetching corpus: 5100, signal 185316/204518 (executing program) 2022/10/05 22:19:14 fetching corpus: 5150, signal 186056/204522 (executing program) 2022/10/05 22:19:14 fetching corpus: 5200, signal 186418/204523 (executing program) 2022/10/05 22:19:14 fetching corpus: 5250, signal 186671/204535 (executing program) 2022/10/05 22:19:14 fetching corpus: 5253, signal 186693/204535 (executing program) 2022/10/05 22:19:14 fetching corpus: 5253, signal 186693/204535 (executing program) 2022/10/05 22:19:16 starting 8 fuzzer processes 22:19:16 executing program 1: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xc000000c}) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=@v1={0x1000000, [{0xfff, 0x8}]}, 0xc, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'}) r1 = eventfd(0x3c) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x70002008}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x810, r2, 0xbd8cf000) getpeername$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000180)=0x14) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000001c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x27}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x20, 0x4e20, 0x1, 0xa, 0x0, 0x0, 0x67, r3, 0xffffffffffffffff}, {0x0, 0x1, 0x7fff, 0x8, 0xffffffffffff8001, 0x6, 0x4, 0x2}, {0x804b, 0xffffffff, 0x2, 0x1}, 0xffffffff, 0x6e6bb0, 0x0, 0x1, 0x2, 0x2}, {{@in=@dev={0xac, 0x14, 0x14, 0x39}, 0x4d5, 0x3c}, 0x2, @in6=@private2, 0x3506, 0x4, 0x2, 0x5, 0xfffffffe, 0x7fc, 0xd2}}, 0xe8) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5, 0x110, r2, 0x39011000) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000300)={0x3, &(0x7f00000002c0)=[{0x8, 0xa4, 0x6, 0x3f}, {0xffff, 0x6, 0x4, 0xa0}, {0x7, 0xe5, 0x1, 0x81}]}, 0x10) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000000340)) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000640)={{0x1, 0x1, 0x18, r2, {0x7fff}}, './file0\x00'}) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r6 = ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) sendmsg$unix(r0, &(0x7f00000006c0)={&(0x7f0000000380)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000400)="92154eb3f054852fdca26d67dfe4bb7e41a1f1ffaea9d8aa440b60fab752fefa45e7c389f1307ea73beb65f78c85116cf28310f8c7fabe98f958494a07747fe3ee80806979dd51446421736ef73f60824c2d580a605bf1200442b7ebd2546dc3f8f77e1bdbb5837eccb4378d3f493b0f1b9694796559698563fb398a2d5760e5a264fbd534a9488178d73dda753a4fb05e2649b46531d81cbac5190c450a0d2819f4e49a5b146ffde637cb77677844b393ba8805a620085a579defee851a64c391a14a2f436f01b30d61a5081f65a50793", 0xd1}, {&(0x7f0000000500)="eda3d2ef389488cd3a9cf5fc78ba23e811089494774d92ede5505e802f73aee1ef3215c908e25f9410e13bc16d500b9bc5a2d869c903dcf4cb9aa933bf670cee681459a7c4f3f458d3cae48d0fb0b78806cf5e224f20a1927c9ccd4267e1ee608b9fe6ffafca2f1ba4b4381d5d634a81568ea0559e773199746f8d15199694259f84a408dea7fef95ce8f273a27fe3f1ebd39bba911f99e026255add85f252d5ed24f6a2e633511953140f53522cea7f84862948a1c8bc298c3fc683a5dd9f0fc73ea333544057bc108dfa63f1e661f0ae1c6677160e0afbb68225e9a01a801cc5def79ba9c0a1468a3238210d9729c1a492", 0xf2}], 0x2, &(0x7f0000000680)=[@rights={{0x38, 0x1, 0x1, [r2, r4, r1, r2, r1, r1, r0, r5, r6, r0]}}], 0x38, 0x4008000}, 0x8914) setsockopt$inet_mreqsrc(r4, 0x0, 0x25, &(0x7f0000000700)={@multicast2, @remote, @broadcast}, 0xc) r7 = dup2(0xffffffffffffffff, r4) r8 = syz_genetlink_get_family_id$gtp(&(0x7f0000000780), r4) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x24, r8, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r7}, @GTPA_FLOW={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x4840) 22:19:16 executing program 0: r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x4000, 0x1) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x1e}}}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xc4, 0x0, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}]}, 0xc4}}, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000300), 0x423bcd857ec204e3, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000640)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000600)={&(0x7f0000000380)={0x280, 0x0, 0x10, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_TX_RATES={0x258, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x8c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x23, 0x2, [{0x6}, {0x0, 0x5}, {0x2, 0xc}, {0x4}, {0x6, 0x8}, {0x4, 0x8}, {0x4, 0x6}, {0x7, 0x6}, {0x1, 0x3}, {0x1, 0x1}, {0x6, 0xa}, {0x0, 0x9}, {0x0, 0x8}, {0x4, 0x1}, {0x4, 0x9}, {0x4, 0x6}, {0x6}, {0x1, 0x6}, {0x1, 0x9}, {0x1, 0x9}, {0x0, 0x4}, {0x6, 0x2}, {0x1, 0x8}, {0x7, 0x7}, {0x7, 0x1}, {0x5, 0x9}, {0x7, 0x9}, {0x4, 0x8}, {0x3, 0x9}, {0x1, 0x5}, {0x6, 0x6}]}, @NL80211_TXRATE_HT={0x4c, 0x2, [{0x3, 0x2}, {0x6, 0x8}, {0x1, 0xa}, {0x0, 0xa}, {0x4, 0x1}, {0x0, 0x6}, {0x2, 0x4}, {0x3, 0x3}, {0x7, 0x7}, {0x5, 0x8}, {0x7, 0x1}, {0x5, 0x5}, {0x0, 0x7}, {0x2, 0x5}, {0x6}, {0x1, 0x6}, {0x2, 0x3}, {}, {0x7, 0x1}, {0x3}, {0x4}, {0x0, 0x6}, {0x4, 0x9}, {0x1}, {0x0, 0x1}, {0x1, 0x3}, {0x2}, {0x5, 0x9}, {0x4, 0x4}, {0x4, 0x3}, {0x5, 0x7}, {0x7}, {0x2, 0x5}, {0x5, 0x4}, {0x1, 0x2}, {0x1}, {0x0, 0x6}, {0x4, 0x9}, {0x0, 0x3}, {0x0, 0x9}, {0x6, 0x5}, {0x0, 0x3}, {0x4, 0x1}, {0x6}, {0x5, 0x8}, {0x3, 0x3}, {0x1, 0x6}, {0x1, 0x8}, {0x6, 0x8}, {0x6, 0xa}, {0x1, 0x8}, {0x0, 0x6}, {0x2, 0x1}, {0x7, 0xa}, {0x7, 0x5}, {0x5, 0x3}, {0x2, 0x7}, {0x7, 0x9}, {0x7, 0x8}, {0x5, 0x4}, {0x3, 0x2}, {0x0, 0x3}, {0x4, 0x1}, {0x6, 0x7}, {0x1, 0x3}, {0x7, 0x8}, {0x5, 0x3}, {0x0, 0x7}, {0x1, 0x8}, {0x1, 0x7}, {0x0, 0x6}, {0x4, 0x3}]}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x4, 0x60, 0x30, 0x12, 0x48, 0x2, 0x30, 0x1b, 0x18, 0x16]}]}, @NL80211_BAND_5GHZ={0x50, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x3a, 0x2, [{0x0, 0x8}, {0x2, 0x9}, {0x1, 0x3}, {0x3, 0x8}, {0x7, 0x8}, {0x3}, {0x3, 0x2}, {0x4, 0x9}, {0x5, 0x6}, {0x1, 0x7}, {0x6, 0x4}, {0x1, 0xa}, {0x6, 0x2}, {0x7, 0x5}, {0x4, 0x2}, {0x4, 0x9}, {0x2, 0x8}, {0x1, 0xa}, {0x3, 0x6}, {0x6, 0xa}, {0x1, 0x3}, {0x0, 0x3}, {0x3, 0x2}, {0x5, 0x7}, {0x1}, {0x1, 0x7}, {0x4, 0x1}, {0x6, 0x7}, {0x0, 0x9}, {0x0, 0x8}, {0x1, 0x7}, {0x5, 0x2}, {0x1, 0x1}, {0x4, 0x1}, {0x3, 0x6}, {0x0, 0x5}, {0x4, 0x7}, {0x3, 0x5}, {0x5, 0x9}, {0x1, 0x3}, {0x1, 0x9}, {0x1, 0x3}, {0x5, 0xa}, {0x5, 0x3}, {0x4, 0x4}, {0x6, 0x6}, {0x2, 0x3}, {0x1, 0x1}, {0x4, 0x2}, {0x3, 0x4}, {0x3, 0x4}, {0x1, 0x9}, {0x0, 0x6}, {0x2, 0x6}]}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x7, 0x6}, {0x4, 0x3}, {0x1, 0x6}, {0x0, 0x1}, {0x3, 0x2}, {0x6, 0xa}, {0x4, 0x6}, {0x2, 0x4}, {0x3, 0x5}, {0x1, 0x1}, {0x7, 0x4}, {0x2, 0x8}]}]}, @NL80211_BAND_5GHZ={0x68, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xb, 0x1, [0x36, 0xb, 0x16, 0x6c, 0x60, 0x60, 0x36]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x40, 0x9, 0x9, 0x1, 0x4, 0x5, 0x3f, 0x7f]}}, @NL80211_TXRATE_HT={0xd, 0x2, [{0x2, 0x2}, {0x3, 0x8}, {0x0, 0x3}, {0x3, 0x2}, {0x0, 0x9}, {0x0, 0x6}, {0x6, 0x1c}, {0x2, 0xa}, {0x5, 0x4}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x1e, 0x2, [{0x1, 0x9}, {0x0, 0x2}, {0x0, 0x4}, {0x4, 0x5}, {0x5, 0x3}, {0x2, 0x8}, {0x2, 0x5}, {0x0, 0x1f}, {0x4, 0x2}, {0x3, 0x9}, {0x3, 0x5}, {0x7, 0x5}, {0x5, 0x4}, {0x7, 0x4}, {0x7, 0x3}, {0x1, 0x7}, {0x0, 0x4}, {0x7, 0xa}, {0x0, 0x7}, {0x3, 0x9}, {0x4, 0x4}, {0x5, 0x5}, {0x5, 0x4}, {0x7, 0x5}, {0x1, 0x5}, {0x2, 0x9}]}, @NL80211_TXRATE_HT={0x9, 0x2, [{0x2, 0x1}, {0x5, 0xa}, {0x2, 0x4}, {0x4, 0x1}, {0x7, 0x6}]}]}, @NL80211_BAND_2GHZ={0x74, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0xf, 0x2, [{0x4, 0x7}, {0x3, 0x7}, {0x5}, {0x6, 0x8}, {0x6, 0x3}, {0x1, 0x5}, {0x3, 0xa}, {0x6, 0x7}, {0x6, 0x8}, {0x6, 0x9}, {0x3, 0x1}]}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x2, 0x1b, 0x1, 0x32, 0x6c, 0x6, 0xb, 0x12, 0x4, 0x1]}, @NL80211_TXRATE_HT={0x9, 0x2, [{0x0, 0x7}, {0x6, 0x8}, {0x1, 0x1}, {0x7, 0x1}, {0x7, 0x4}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x6, 0xb9cc, 0x0, 0xa7de, 0x0, 0x20, 0x6f48]}}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0xb, 0x36, 0x4, 0x6, 0x30, 0xb]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0xf800, 0x6, 0x1000, 0x8, 0x3, 0x3f, 0x571]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_60GHZ={0x9c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x13, 0x1, [0x48, 0x1b, 0x6, 0x6c, 0xc, 0x36, 0x4, 0x4, 0x24, 0xc, 0x3, 0x9, 0x6, 0xc, 0x1]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x6, 0x4, 0x7fff, 0x1, 0x1f, 0x1, 0x40]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0xf, 0x2, [{0x7, 0x1}, {0x0, 0xa}, {0x0, 0x3}, {0x3, 0x1}, {0x4, 0x8}, {0x5, 0x8}, {0x4}, {0x3, 0xa}, {0x3, 0xa}, {0x3, 0x1}, {}]}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x36, 0x4, 0x6, 0x16, 0x36, 0x1b, 0xb, 0x2, 0x4, 0x24]}, @NL80211_TXRATE_HT={0x3d, 0x2, [{0x3, 0xa}, {0x1, 0x7}, {0x5, 0x2}, {0x4, 0x7}, {0x5, 0xa}, {0x1}, {0x1, 0x9}, {0x6, 0x2}, {0x2, 0x9}, {0x7, 0x6}, {0x1, 0x8}, {0x7, 0x5}, {0x5, 0x8}, {0x1, 0x6}, {0x0, 0x1}, {0x5, 0x6}, {0x4, 0x2}, {0x6, 0xa}, {0x7, 0x6}, {0x7, 0xa}, {0x2, 0x8}, {0x6, 0x2}, {0x2, 0xa}, {0x7, 0x1}, {0x0, 0x8}, {0x5, 0x4}, {0x6, 0xa}, {0x7, 0x2}, {0x6, 0x2}, {0x5, 0x9}, {0x0, 0x2}, {0x0, 0x8}, {0x7, 0x8}, {0x1, 0x2}, {0x4, 0x1}, {0x1}, {}, {0x4, 0xa}, {0x1, 0x7}, {0x1, 0x1}, {0x4, 0x1}, {0x2, 0x9}, {0x0, 0x9}, {0x1, 0x9}, {0x7, 0x5}, {}, {0x6, 0x5}, {0x6, 0x6}, {0x5, 0x1f}, {0x0, 0x1}, {0x1, 0x2}, {0x3, 0x7}, {0x0, 0x9}, {0x4, 0xa}, {0x0, 0x1}, {0x0, 0x9}, {0x5, 0x5}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}]}, 0x280}, 0x1, 0x0, 0x0, 0x1}, 0x0) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000680)={@mcast2}, 0x14) name_to_handle_at(r1, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)=@orangefs={0x14, 0x1, {"c34e7728e055cb8a9d6b679cac1e2361", 0x2}}, &(0x7f0000000740), 0x400) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000780), 0x10000, 0x0) openat$incfs(r2, &(0x7f00000007c0)='.log\x00', 0x341000, 0x1b0) pipe2(&(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) sendmsg$NL80211_CMD_REQ_SET_REG(r3, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x4c, 0x0, 0x0, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x9}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000009c0), r3) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000ac0)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x44, r4, 0x2, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x55}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008801) syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), r0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000000b40)={'vcan0\x00', {0x2, 0x0, @initdev}}) r6 = memfd_secret(0x0) linkat(r1, &(0x7f0000000b80)='./file0\x00', r6, &(0x7f0000000bc0)='./file0\x00', 0x1400) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000c00)={0x1, 0x2, 0x6, 0x10001, 0x20, "16c7f62991cac54771a2a73c50a01babc4d9cb", 0xaa, 0x5}) setsockopt$bt_hci_HCI_FILTER(r2, 0x0, 0x2, &(0x7f0000000c40)={0x6, [0xffff14b3, 0x4], 0x82}, 0x10) 22:19:16 executing program 2: bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x400, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x0, 0x2}, 0xe) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x0, 'sit0\x00', {0x4}, 0x683a}) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x4c402, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FLUSH_PMKSA(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x4000) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000240)=@req={0x28, &(0x7f0000000200)={'tunl0\x00', @ifru_names}}) sendfile(r0, r0, &(0x7f0000000280)=0x6, 0x9) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/module/acpi_cpufreq', 0x20100, 0x0) r3 = syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3, 0x6, &(0x7f0000000680)=[{&(0x7f0000000380)="b5be87cafe11af338af518a143508ca56016b996fe58c7401c1cf662cd191ad93fe492c357e1e3dab2f5467429", 0x2d, 0x1}, {&(0x7f00000003c0)="1a373a9b61865bcfb1c6f313606ccd41aa59fe01ecd9ca3a55375936ea66d258e195c5f869a75aa0268a83904348cf5853b68f6692f217fb8212ff4d1f378391f119ac5159e3236a052be42127cdb5634c895b1cf4aa2a78d7e913bf7014518d9e5d1343292b1a3b213bb01379d1d4a5adca55d5097b1fc36c5695e6f8f73521026997", 0x83, 0x7fffffff}, {&(0x7f0000000480)="6b46bfafc5bb2bde14eddc759d10b3233454da55b4f0112b7bbb76ac1236f70f5eeda87e7c31917907a951a3f34d203fbad4e79db341de3ab86687a7e297fe5e315382214c81977a96", 0x49, 0x4}, {&(0x7f0000000500)="698a", 0x2, 0x7}, {&(0x7f0000000540)="2f5065b0008c24336e47ae7dcaee25ea36230c3b7f7322f14c3ff6989a052aa2d39600c63530873d18f785defc4c2340e008d8946f6d1ee2f53ca7c3c5bd8b190a4ed7fd485385e59d9e6e39fcc7677e1612620f5e39477e03b36d1ebf20341e99fc84c5ebf10465361aac2bf28d59d5", 0x70, 0x4}, {&(0x7f00000005c0)="a5a6b9db5f7b91ad05ad43a4992779d4870b27ab85df420ab36ea626b6fc98382fa43222c5268a72cca671fc1fb458f7f6ea39ae6b2860639ee49a1fb048d025a8d400ee162d7422d8820990ee71210195c7954df7ea25db6fec39b313158521635242566212e8d895e8c7397fb02a92aa96b5129925b9c391fe024052107d0a42486999cc2f020a983c387412cf076fae528dccb6", 0x95, 0x9}], 0x2000, &(0x7f0000000740)={[{@numtail}, {@nonumtail}, {@shortname_win95}, {@shortname_lower}, {@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'maccyrillic'}}, {@shortname_mixed}], [{@uid_lt={'uid<', 0xee01}}, {@seclabel}, {@fowner_lt={'fowner<', 0xee01}}, {@euid_gt={'euid>', 0xee01}}, {@fowner_eq={'fowner', 0x3d, 0xee00}}, {@subj_user={'subj_user', 0x3d, 'wlan1\x00'}}, {@euid_lt={'euid<', 0xee00}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@uid_lt={'uid<', 0xee01}}, {@obj_role={'obj_role', 0x3d, 'tunl0\x00'}}]}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f00000008c0)={{0x1, 0x1, 0x18, r3, {0xcbd8}}, './file0\x00'}) r5 = epoll_create(0x8000) pwrite64(r5, &(0x7f0000000900)="ba1cb934e4658deee030ab7f5dc8e5620172e864345d7c7e87d0e799dcf25d633a596408404bd7abb20e0fccb0398cdc80fefd86d8548d1d64e4a2f30e1e02772e7a7b2ac71779ba46c24f9f4a9569f8f25e384c78724968cc02fae07901309116e75534aa0a2e4e0789285beec428fef237f8f020b8e7f254b5ac338f1597228adfb7b87c31a2a14473687fca7459e95101f82f55f70d17f874b2d585c6f33cc488a742bdc75c940281ebf67f1f6d1dbca30973353234107471a53f460194c885f4d8cacbf6f598eacb24632fa737685c4f9d85662ba2930ae4de343a9e4c967e4af124ad85992b057cc10cdb0983927b639274319e7a03f4ed596cacaf7133184acb7e324dfb573b40485f31fb9490deb2a198313089cecfe80840eecae7c8573e1aac2af2e89589d5a7e4e22f784201d9c89d0507b256c2c5711e2aea800ae0336b1b46f989acb6616967df002367ad4826a71c54714f96145825714b2b0e9eac3997c70a1f4f1510a79307f3d6b79d3d92da13ed15e1bdaeb0de5786fc58a32559bd16ab2ab398c5b1cbe8e70c8d0dc38d23e0dd944186df9219c79a9902be52f00e5cc91ae5990104a046a6c7880359d69e2de2a3cb813c34fe0b0440d16ffff96c851e0bc9f93caa24f071943e5e3b0772f084b98696ec0b7774adb27ab0c6e96ab469363ad04359f104420efae80c17a854c6cca46ae9c5e96b9ad97e1c7267332f3a699a0540e63ac1ba607f6f2fd3e33911d13fd4bdd8f1386804610c169735bf2ed2dab0155d0e8a1cbed1a95d29f4fae5c915f1e4b02443413c9326f83f78f21ec47da3f2f2ad6e6db58be0c5cbb3ecfa6033f44e5d347331c6de84677d0a0caa43517f4293b6ed57ad2d8187116ef54488a61ffda98386645711110146d325eb98c7f0cc7a6018e4637c56a1ab3212a3c98f983bb9c0eaea5f3b0789ee543b5a97da03d57fdcaf30928c60f69e6980a632e7e893e17ea27738de70588e81a95b30aa55a99823c33403330867ef1a246d10607ea6703a3987931e1e16f383a39325fef9ff6bd5ebcd96047ba8f63e62c1802eae8218deb7f77ed382904ed46fb05bcf2556df4409d9b7962125e69d66634bde0baa802c3b5583e57348f99eda2ea9bb0bf920079970d061b1a99cfd6162c2ddbf8f4a98add7b23d1b9b82d67a9411cf91b3f18c2ec6d3b8f6b86d70166d21b96bfd5f9f5ddfa1ced6ab43fd00e7529c733cae8e2f07c2a49126ffae3b9578123a88828280d51f046b9b333c61ded9127cc7e28bb3fea758eada9f4bdad8425b8c61eba54a99ee43b0c2bdf12b9c4f7ff002a298c00e520d842e300aa9aca92eef5bfaf128db3f3138998d6673a0f548f79027e972782ed51c0232a16ebe3ded590588efaabf8ca758622505c54f21a925307258224615a1e1ab3ad46037d4abdd8c19337085cf54566cb753087da7192fb3235f857f80822c592f7bb6137cdd0c5a55eb4849aa27951a916cbc712c441ab6cf709dd094e2207bbaea2394b43fa8177095b54bea81289b145066979c922018814edbbcd19b493243d69d47387cb8569d5c260744f02a5eec9cab800727f95138205abd5f10fda98f7c0ed22727594c2ee6f73469cebb285cbfdd0d70292897960d9e3fa6c96294902e222af3cbf72dec25cdef91cd512a5291699f55e64e7f0f59130025ce097b76a9ec8ccf43ce4d3616ca87edd77401393cb5edfe29708312e848d508c0b9490882aafc471545a013ad4ec98940d762d5588d07852dbad365a1d40d3ce248039537a98fdeb9e4dff05c4281821d2acf00752ef812d7815c68c8640311304bf4d638f93a6490ad1132c5d6be5df0dbbadad8d6e7bed186a47d181f4b7db38e8535b6d9ccd1aaeb8af009f831eeb3f914ff5d7d4892ae3f14ed5c624b50662a1eda7712e7c54b1538f73946598f542b9807b387f9165ed2989ba635de9d651611fc52fff65e13d1797e7476dea3d358f64869abb88d32207a54c756c8951b785726bd219fea2fb8723044e4517cc264e56b0ac233f9857ee8b91aeba1a78886be9b69ff8b58c0e4ad1e6d39b4cffb7a4c7876913e2843807cdc661d8c2c7efd74b074d22e0038b1f30592bd68da745bec866960840ec3dd272cc7abf522741a76aeb030d063128fa679b03ac250eca505f5c0d3f80fcebb8777b16b958f064b5adaaa22d72601337b4d91a4a33549c9d85b49d8ee825b20d4faa43e059379f30e5c499614d517d60f9427d7abf2d515b48afb05fb76f7da5de213500dd2d05e33e8609552f4703a58475de132a0a6d3e171e2f4b900f5ff38977cb8c6dcbcad5a13bec603d623b82783e3f0e0053380a87eb8c42b3a78caa1ea1c440ac0c44e13e16bfd60f83549910f09134149bdb68ca78c54be310b473ac10b00b5ecc6f5a7bb0951fbafb2db1b45df223091d2e7735b46e907b252121ccd782a99c5cca50ac98748b866818fae63d39a875ae7a659348d82425728d04800a4d264313d09ec1aa893544f05f0c94cfab63cc3739e6d08184f86b7b1919fff8cb160915a671bafe14da33cdd1cf29d4138586c0308859790972100978545649667ad64ee93d25b05462004c7fc3481486ec8456bdcc866ea511c428fea3cb06934138e3bd8aaeb348ae4b45bd6cbba2594d22afda05fa91758a82976cca321ab61f262eb9ba9196b1c584aae0732fe6e3a16b6b7778833eaa584d45dc8363fa32f6d9394b8b55e588595d62602baaae24e32bdbad84d715eb4900e374a36ee725563a773dc9003ba731a0a47443e730865900a175efd5a43026859814a77c17abdbf96a8e4e4c55a3c481a84cc90904456ce6c1dc3ed74743fd6ea87fce375ba9b30a2d23fcd16552d6d71109b018ce5f54f26962274f6dddb8dd9ceeeaae4389b5ec54a3239d707a4a8479b5fb00c3940805c0ca6e092402076e6bc5af958bbce64d66978b9fa69be9759b28b8ad821ff4121c0da193bbc8955e3e1ee29fb2c3e903c5fe18b7997bbb42fd13564edea2b85003340ce6bbf2d99b370e24e7c25ba24d976577a09cbee7faa5df21a35c54e963c2cc4f6f3f25a9eb46a8202d73c73ce8fa9c5d4d1c9ff7b9bab6c5d5e174e2142a84843b16453fb8db083e4cefaf021021ceec1ad06b1a900498f9194d0a5f5097a554e72f87374100a7fdcbb2bce414cb87272bb2146d98b12a9ce5ab25ac3f21750639c898577c0e425b6add44f1792bb31a45872d5380c33190bec88fbe5ee585fe7596b145f78b94a5d0c8d9be1161c3dde7e47d88b3fb5e9338a06682d31adbd8d7fc00e57fa59b72d2837d2054d01177068dbf886f8756abeccf342294c7dc3ac477cab15bf2afa8b2fab85317f2bacf5c1cf10d95bd4aa3a23b2690104dacde9a4c91e7265c07035f09e4bbddf684ff0afb9626977cf627f90b57d2628e2fcee0ba1ecef172fa356b19c72b384cfff20fc39125e66b09f044b4504b8396c722cbf22e6410a86e71cc6922add5c1b5334773b480857647b3d0963cd1b1ea37c97d806afda1fcdedb03cf5c208e1a4236eb98f50be22183c7d4af54285f9c340a55d61a51b365449e972891fee57aacdafbb221f5c9dc29fd099fb070dd26b09a2030c02e46f566a077e42eba259cae863a1cd861fa6bdf7bd65711da5f87419982180b0320c8a2cabae48c6fed5169182e7bc0829dbc7ea47717f053f2310ee8be5a8b1e20ef459e0786823e4fb8b4ad90274ea1d265b2b877124faacc7a1a0a2d29d5deaa7497f8f73bf112f4b3614a4f04871650dc4717d6e311fa7ca8648e130d02f4926d1c8bb3b5e195490a09bf658c93846a2a2ba7b78b1dd94735fe93adc868ff63f54da9b3189d640181af7ecc37ad6151240ead407f2182b119de9bff3a4d4fb7839b2f863c487a691761e8663c786593811e822768b8bff35a69b1661132d0528a51a14babdc4d12fbe98126e5cdc40c6a2b1a700c1ab61979fed7e130e1eac0d20a76ecb891c092ac02db7a9b4b5022dffe7fed72338f51cae195b5b1542972a2699b2e934b36a5d6ae7d4b968593b45b659875d090bb91626792e0c6d33c90e017d981cc09798fa54b446fdbae0be1627ff4668734e113d5b73a44517d363d670b838150c0610c8057f1eeaab289d9f917d0995dbed42dc08c39465ff9f6cbfc5f199b441376ca8e1f6b1bd295727bf918f95ae7d8866d2534de27303def8709d2ee927fde35cbf1f55ab0aed5feacaea8ffd4d9a8bda1be5039bb5e1ec3cd68375db7352b0f893608d9978560d4bcbdbb942ade1eaaf898e6429274fb79d88db6899bee93e10ce34c69750737294b5c8aa6559bf76fd3ea2eb5734559de7c7adbe783a2b9e087dead465b95c167510895eb1d198a43baca65806bd588fd5d01bb024f39a2b1999401dd2eaacd365af66a4e3a82bbaac2e9d1044365f8390908f9fcb117df76363e3d534502bc9d08baed2179323cd690303f7b853ff9e5015812f7e885415a7dc26be1471cb377920cd2e1da933b1ff85e19ea19f9ade3528cc3c2b515bdac2596d8bab506d297b33aa0d6219ba805b7c976cdb596f0c651b197107fed26284f21c2c4f565d2105539c249f0e21aaaafe5fc2284867d70634497902bd5fcad6103089f4e42647fa014701e40c92fa7a7fdc42be69a7a0341d9497f4a1c7367b4f2484bdf25f965a3f4257e04b9c7db26fb86fa31de069b1e98f63dbee2fff8f18358eaed10b6bb027b182c66a5356afa666aac8098e588faec381c275583f36b1cb2cbbcd44b1c7e6b83e26b07f9960c035577ee618b1fc0bc97a5ea16cfdea6bc6b07ea112a04a3241369f8dbcde8e025161e9436ed8d7f1331c9da0b02df72a31baa06c0802cc4ffd7f07a1c0493256f5811a29b362619fb98018525d9d0f6a6db65809f9d624eb81539a355d14f0e9d29c98198337387db1422923b0537aaf31de6996392d228d1b5fda7a4de3a0df65c0726729c1f7750bd439ab143272b07d7dadd370057797b2530edeaaa2a6dfd4c4eef4839306bff2e1b62544fea35b758dffe7c0cf5fc5ad2a4672292d08ce9c07f7c1d15707f76d2c7ede2ef93dd1c46379907dca349b798db176790a1b751cd14390be4841349d8df5191b4be91034ff221f17da236b68062ea36007c8c416f4540b85e139a24f52fc0fee8f689586cca8f158ac67c4b52ed41d186a3b8c561de4d43ff967f7f1ba71ca2bc55c79d7b71b465ae3e96050e4ed3545ebda9d823778f8fbddd2e7002173a2cddae37373c86cc7fd1911c8439d29430c09ccad7ab1ecb78d8966b38b4d64172cc078d3bf07ecc3e354c2e64fc8d64cf01a567ea7e93169348a42a3bc99e82f90f5c0c69e7a323d9ea3e1c5a4297e6d5c14b8544e1f1d47b2a62d43d4dea56ab86dfb146b7f145c1effc6b0cc55fb71a59f7b3ac851e66ff326eb7836b52818d5ad2024fbec5d55e2d6aaa31b0c3ba088d9f79c94ecabe16884ff7e157b4b1040501a4bff11b56ad7b84989358199871395cac553f269cabf4bf7b7025ca8f6d9db57ed49d3e6b3a1df217cfa2f9d998da1ff200429ea885b0a95f728911d041da782711b05eff03fef21197ab725c421db6bc2239fc0a99eea92ace1125a46757b9da5ca3d05bda9c3c48a2627d1f33b2e9a18cbf1ae8479f924db43a23f9641f674925df953ff57d7bca8e92ada21f6bbc3ca35a84a5b9cba45f603ec69877ae844883947563a6c00da3f23c43ba978c34bb548b9a4e6a0ff439b46bc7bdb0a6b7e250ba728161dd691ae976f13027fa956cdb0", 0x1000, 0xc3c) sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f0000001a00)={&(0x7f0000001900)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000019c0)={&(0x7f0000001940)={0x4c, 0x0, 0x200, 0x70bd26, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xe7e, 0x1a}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "5253da2a99"}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x1c, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_DEFAULT={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0x4) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001a80), r2) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001ac0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f0000001b80)={&(0x7f0000001a40)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001b40)={&(0x7f0000001b00)={0x28, r6, 0x203, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4000800) r8 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x12, 0xffffffffffffffff, 0x10000000) r9 = openat$incfs(r3, &(0x7f0000001bc0)='.pending_reads\x00', 0x0, 0x108) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r8, &(0x7f0000001d00)=@IORING_OP_SEND={0x1a, 0x5, 0x0, r9, 0x0, &(0x7f0000001c00)="9c6f244a2338c48f4492665d4d7c02f1ba9239c2ce518497485a0a60a47f4406a5e15296768eb54bf29be41895a5896707b1305f23eb520eba8ad0eb48e729841baff9c96d66820a5a3f40f7e4d5dbd03f922c107d247c7858575b068f96a52a898680d2ea6ac06060437bbcc46182c5c74bd0fc3e11c7d8e76a271cddff83ef9ed09f320d821ad84965871f17e25215573942fa8d8fd132fba73537972a10fa5004c46fe814ddc90e01338aa2371e7501af2c39f99b238d0a287806417e596976f22af7b68d5b2c7347d71d7efa86c3b3be1ff86336324c40b7aa50bd510ba3d83dec84081d841fdd34db69b983b67184e4a5ff4cf16e94e5ac5a", 0xfb, 0x1, 0x1, {0x0, r10}}, 0x8) [ 68.049320] audit: type=1400 audit(1665008356.798:6): avc: denied { execmem } for pid=283 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 22:19:16 executing program 3: r0 = accept$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000014c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000001580)={'syztnl1\x00', &(0x7f0000001500)={'ip6tnl0\x00', 0x0, 0x4, 0x7, 0x4, 0x3, 0x18, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, @mcast2, 0x8, 0x40, 0x1f, 0x5}}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000015c0)={'team0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000001880)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001840)={&(0x7f0000001600)={0x224, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {}, [@HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}, @HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x224}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000001b00)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001ac0)={&(0x7f0000001900)={0x188, 0x0, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_OURS={0xd8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0xcd, 0x4, "018a49a03927a91f4dd59d1f5f7fc95c3378652aa72296989de6bc7fae33f0c46278470082980effdef8c8574602d8cf7d53823a30509e450748341627f781a667d42af44ee18c3293c011497b3ea04ef948bf5d1987cf1d1476ff874401219bf1f11bad27a802f63819952e17311d00342379b60122fdd4d947f9d79abc32c4094d5a2c8c9cc363a7ac37a6a44707d42820ce448e544bd8f24eefe0146eb6a1f98431e24e169307a3d42d4efe43f99e028101d0bc8ac239485e2471b9af3c1c841f6a88d9e000ab85"}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xfffffb91}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xffff}, @ETHTOOL_A_LINKMODES_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_LINKMODES_OURS={0x3c, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}, @ETHTOOL_A_BITSET_BITS={0x30, 0x3, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1b9}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '{]}\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}]}]}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x9}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x2}]}, 0x188}, 0x1, 0x0, 0x0, 0x84085}, 0x4004944) connect(0xffffffffffffffff, &(0x7f0000001b40)=@pppoe={0x18, 0x0, {0x3, @broadcast, 'macvtap0\x00'}}, 0x80) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3000000, 0x100010, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r6, 0x0, &(0x7f0000001bc0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x4004, @fd_index=0x2, 0x1, 0x0, 0x0, 0x4, 0x1, {0x3}}, 0xab30) r7 = inotify_init() r8 = openat2(0xffffffffffffffff, &(0x7f0000001c00)='./file0\x00', &(0x7f0000001c40)={0x200000, 0x1e0}, 0x18) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000001c80)=[r0, r7, r0, r0, r0, r0, r8], 0x7) inotify_add_watch(r7, &(0x7f0000001cc0)='./file0\x00', 0x10000492) open_by_handle_at(0xffffffffffffffff, &(0x7f0000001d00)=@isofs_parent={0x14, 0x2, {0x5, 0x2, 0x0, 0x101, 0x8001, 0x2ceb}}, 0x2040) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000001d40)=@gcm_128={{0x303}, "8d46ceee7c497658", "38f6f2f06c297f8a1f287d9bb2bd094d", "704c5f95", "e5db22e58aa7b133"}, 0x28) openat(r8, &(0x7f0000001d80)='./file0\x00', 0x400, 0x103) r9 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000001dc0), 0x1, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r9, 0x80047213, &(0x7f0000001e00)) sendmsg$IPVS_CMD_FLUSH(r8, &(0x7f0000001f80)={&(0x7f0000001e40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001f40)={&(0x7f0000001ec0)={0x6c, 0x0, 0x8, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x44, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1f}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xbd8}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xfc01}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xf4}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xe6b}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20044041}, 0x20000004) 22:19:16 executing program 4: r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0xc0182, 0x0) tee(0xffffffffffffffff, r0, 0x3ff, 0x0) getdents(r0, &(0x7f0000000040)=""/42, 0x2a) faccessat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x80) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x2}}, '\x00'}) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f0000000100)=""/176) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000001c0)=@v1={0x0, @adiantum, 0x0, @desc1}) ioctl$FITHAW(r1, 0xc0045878) fstat(r0, &(0x7f0000000200)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x480002, 0x2d) ioctl$SG_GET_SG_TABLESIZE(r2, 0x227f, &(0x7f00000002c0)) accept4$unix(r1, 0x0, &(0x7f0000000300), 0x80c00) r3 = eventfd2(0x0, 0x800) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {r4}}, './file0\x00'}) r6 = accept$inet(r2, &(0x7f0000000380), &(0x7f00000003c0)=0x10) close(r1) splice(r5, &(0x7f0000000400)=0x20, r6, &(0x7f0000000440)=0x6, 0xffffffffffffbf81, 0x2) stat(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000540)={0x0, 0x7, 0x101}) 22:19:16 executing program 6: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) socketpair(0x29, 0x5, 0xffffffff, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000080), &(0x7f00000000c0)=0x8) getsockname$inet(r0, &(0x7f0000000100)={0x2, 0x0, @multicast1}, &(0x7f0000000140)=0x10) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f0000000180)=0x2) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext3\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x9, 0x0, 0x0, 0xb, &(0x7f0000000280)={[{@usrquota}, {}, {@nodiscard}], [{@obj_role={'obj_role', 0x3d, '.-\\\xed!$@-'}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}]}) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x68b2eed6fb3adc92}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x30, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {{}, {}, {0x14, 0x19, {0x1000, 0xe94d, 0x8}}}, ["", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000400), 0x8, 0x488000) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000440)={{0x1, 0x1, 0x18, r2, {0x6}}, './file0/../file0\x00'}) sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000640)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000600)={&(0x7f0000000480)={0x16c, 0x0, 0x100, 0x70bd2d, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r4}}]}, 0x16c}}, 0xcf786c93fd7b43ac) recvmmsg$unix(r3, &(0x7f0000005bc0)=[{{&(0x7f0000000680), 0x6e, &(0x7f0000000d00)=[{&(0x7f0000000700)=""/156, 0x9c}, {&(0x7f00000007c0)=""/226, 0xe2}, {&(0x7f00000008c0)=""/205, 0xcd}, {&(0x7f00000009c0)=""/183, 0xb7}, {&(0x7f0000000a80)=""/255, 0xff}, {&(0x7f0000000b80)=""/181, 0xb5}, {&(0x7f0000000c40)=""/34, 0x22}, {&(0x7f0000000c80)=""/36, 0x24}, {&(0x7f0000000cc0)=""/48, 0x30}], 0x9, &(0x7f0000000dc0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68}}, {{0x0, 0x0, &(0x7f0000000fc0)=[{&(0x7f0000000e40)=""/249, 0xf9}, {&(0x7f0000000f40)}, {&(0x7f0000000f80)}], 0x3}}, {{&(0x7f0000001000)=@abs, 0x6e, &(0x7f00000015c0)=[{&(0x7f0000001080)=""/135, 0x87}, {&(0x7f0000001140)=""/152, 0x98}, {&(0x7f0000001200)=""/11, 0xb}, {&(0x7f0000001240)=""/198, 0xc6}, {&(0x7f0000001340)=""/174, 0xae}, {&(0x7f0000001400)=""/161, 0xa1}, {&(0x7f00000014c0)=""/47, 0x2f}, {&(0x7f0000001500)=""/157, 0x9d}], 0x8, &(0x7f0000001640)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{&(0x7f0000001680)=@abs, 0x6e, &(0x7f0000002700)=[{&(0x7f0000001700)=""/4096, 0x1000}], 0x1, &(0x7f0000002740)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xf8}}, {{&(0x7f0000002840)=@abs, 0x6e, &(0x7f0000005b40)=[{&(0x7f00000028c0)=""/4096, 0x1000}, {&(0x7f00000038c0)=""/4096, 0x1000}, {&(0x7f00000048c0)=""/80, 0x50}, {&(0x7f0000004940)=""/87, 0x57}, {&(0x7f00000049c0)=""/217, 0xd9}, {&(0x7f0000004ac0)=""/10, 0xa}, {&(0x7f0000004b00)=""/4096, 0x1000}, {&(0x7f0000005b00)=""/40, 0x28}], 0x8}}], 0x5, 0x40000000, &(0x7f0000005d00)={0x77359400}) r7 = openat$hpet(0xffffffffffffff9c, &(0x7f0000005d40), 0x40900, 0x0) getsockopt$EBT_SO_GET_ENTRIES(r7, 0x0, 0x81, &(0x7f0000005ec0)={'broute\x00', 0x0, 0x4, 0xb2, [0x100, 0x23a, 0x2, 0x8, 0x10001, 0x9], 0x6, &(0x7f0000005d80)=[{}, {}, {}, {}, {}, {}], &(0x7f0000005e00)=""/178}, &(0x7f0000005f40)=0x78) sendmmsg$inet(r5, &(0x7f0000005f80), 0x0, 0x91) r8 = openat$nvram(0xffffffffffffff9c, &(0x7f0000005fc0), 0x14040, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(r8, &(0x7f00000061c0)={&(0x7f0000006000), 0xc, &(0x7f0000006180)={&(0x7f0000006040)={0x134, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @void, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "7d37e7db6ce01a2e2223b3a67e433b1b04cc9c2336c83c37"}, @NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x20, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "127795c2848d09b1811a70b147a2fe8fbf3d30930bc14e16"}], @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "d222f8de51294f0a41cde723d83a94ac96303c95683ec194"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "40f27f7b301c49b5d84df527968c4cfabf5f79b63107d25b"}, @NL80211_ATTR_MNTR_FLAGS={0x20, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "f26631752fc72eb7d9982b95be65782a4947ac09fee2bdc5"}], @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x134}, 0x1, 0x0, 0x0, 0x20000000}, 0x801) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000006240)={{0x1, 0x1, 0x18, r6, {0x10001}}, './file0\x00'}) 22:19:16 executing program 5: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x148) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) r3 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x202a81, 0x108, 0x8}, 0x18) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000140)) io_setup(0x3, &(0x7f0000000180)=0x0) r5 = pidfd_getfd(r1, r3, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x2200) r7 = timerfd_create(0x0, 0x80800) r8 = pidfd_getfd(r2, 0xffffffffffffffff, 0x0) r9 = open(&(0x7f0000000840)='./file0\x00', 0x0, 0x2) io_submit(r4, 0x9, &(0x7f0000000ac0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x7, 0x4, r0, &(0x7f00000001c0)="57b8f3c292541ba8e6d3ea17675b66581069cc929f4cb2c960643a3a0e09c51872e97393866670592e58b09b235fa55f7b1e5550e38c05135263d3be6fb715ef803dc7829351b3c6c9aae6dbb40b1fc087c7f389b51c52120331449c50f6076ad96a9700accf82ce9bff4b0320c14f871d2cd9eda01798ab5253275a485fef400d71dcc63f65963073ea2d58473475da3b92d0999d743486fe6b", 0x9a, 0x100000001, 0x0, 0x2, r2}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x6, 0x7, r3, &(0x7f00000002c0)="b8d4b016acb0ccc5a2806eb5507e582840a01ac896656b7cee0e95e9608f60793a8f195d8ef71a6f391d94efbe53f59bb5a4206c29fc8f9e49031b488e16588c3aa7b9fe017aa952274b836ac1e103c6efec3fe346b9ff8b90c516012931071bdc76a09df5a5e095fa9833ef6a04c42a6d", 0x71, 0x80000001, 0x0, 0x1, r5}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x6, 0x8, r3, &(0x7f0000000380)="3e0fbf67baaacfc78fa46154e598dfd3cc8a45b83d6b4e8ef47c63e90a7ea7c1b8fb4159e3b1bb47ad6bc8909fd47724469dbfbf73258b144add96f3f9e39315a9cbabab88210048f1231d71cea942784dae27dffc17f7ea06c6a48f7fb4fec86f7aa42e7c260bece6e13eeb181ea0843f638186d2e0c56d71b247a6c887afa6d9361d5730a922f1e43ba4507cdb43fccd018793d2f5911f3d0875a2d81b9b9449a9c130e694870806f9f6a2c190fe9756ba14e2e9f76dab4ac278df9986e967292d40690dbe6e", 0xc7, 0x80000001, 0x0, 0x2}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x8, 0x401, r6, &(0x7f0000000500)="426f46ba93e453cff2f2a2973d2dc7205d85a1ba94b281011a04310aa15eb46c", 0x20, 0x9, 0x0, 0x1}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x5, r7, &(0x7f0000000580)="c450cf3c1bf54968444515d25d400d3c874b085fadf51c29c0eb681039589e0b8fda3e61ea38a9d0bbcb652f205c64f5e5b763675aab0cb64071e2be8d86df98e4eea50bb1b53c0d9a72dcc2abbefb6aae7772a7ab472280b66358adbd2aa3ebb880b34f80cd95aa2f78a3a7ce5fb7c785d51953a4c771a1816fa739be935a1d17050832b50f0c3a10dafc5a2e38ba9f23a854653b1e19d8ee87f48b0451498183d192b238aca122cdf3dd2287b6a8d57128229f10aa12a09bf7e85bde34f0f54c0a5754370606e39f6f", 0xca, 0x3, 0x0, 0x1, r0}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x2, 0x0, r8, &(0x7f00000006c0)="540cf3e0e2299c040f0b97a2c3a8db8aa50547a9e0a6279dec40fd0dda0f4e3bd542f890f51736a34cf5005c7fc9099edb5bc22ca64bb4db9de6767d5b16ef9104736d540ab6e35559dccbad204479d6c38ef9dbb509", 0x56, 0x4, 0x0, 0x1, r2}, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x6, 0xce, r2, &(0x7f0000000780)="529729c61e6f7149b4402f5928b6ebecdbd89a948c0904084461181520a54f05747601c776c609fdf533a19c7c5fd13c21a5620561272e5d61b4a6ebbbf533fcc2e5f5a0d6c6c9291a09bafadc66ed0b308b61ae79d601eed5663ef2f641f364b2e5f628c1609752dc12966ad1d3cdddc4b20e1dc300436e90ba0bd1f342839168fb75209e8ce7d7141f82d640feb12b48466535957566bbd85627f712edcafbb97c80c7cf8d874c", 0xa8, 0x9, 0x0, 0x0, r9}, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x3, 0x8, r3, &(0x7f00000008c0)="d1cb3c8cd03a901d178831a70c451e3410cf285604e73e99a215be99b8a79a323efbb7171eefc0e6d40863c4949faf9f92da09b7c983328b2cc5eb02378994bba8621ebc7b0124f2a11a92d287a6b84007bbf0f0ffe9c0a8c872c12d5c907656358f4d565fedeb9b3e5252b86c6baffd680dc35c92ddd4d45b5233de76e95f1a93b3ca79b282a9cd593ac772111c83d333300e319e87c3eeb9e3ba68e275d45a1eb5bc1b7daf58e5444c7ade0ddeb7c00d3d567ea06616e42046f00d1a71195d867971e80d", 0xc5, 0x9, 0x0, 0x0, r0}, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x5, 0x4, r2, &(0x7f0000000a00)="fcbf83d35640a5eda06d046362b7fbf1d463747ba7b308ddd8c6fa3e8d3a8e8c62f9c143d2ca2e852e8c35900f9bb98d9d46e3244783fefab1cdac1b50b5d6d47703e1aaec854382bbe536a5e79740180b0553f332b877ca1f9a67e194b0", 0x5e, 0x10000, 0x0, 0x3}]) syz_open_dev$vcsu(&(0x7f0000000b40), 0x9, 0xa000) fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000b80)=0x5) r10 = syz_open_pts(0xffffffffffffffff, 0x80002) ioctl$FS_IOC_FSGETXATTR(r10, 0x801c581f, &(0x7f0000000bc0)={0x80000000, 0xf9, 0x80, 0x101, 0x35}) getpeername(r5, &(0x7f0000000c00)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f0000000c80)=0x80) fsetxattr$trusted_overlay_nlink(r11, &(0x7f0000000cc0), &(0x7f0000000d00)={'L-', 0x1}, 0x16, 0x0) r12 = openat$zero(0xffffffffffffff9c, &(0x7f0000000d40), 0x40000, 0x0) fsconfig$FSCONFIG_SET_FD(r12, 0x5, &(0x7f0000000d80)='t\x00', 0x0, 0xffffffffffffffff) 22:19:16 executing program 7: sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x6c, 0x0, 0x300, 0x70bd2b, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x2c, 0x7, 'system_u:object_r:ssh_keysign_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}]}, 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x20000800) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000140), 0x20000, 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x10c, 0x0, 0x200, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x35}}}}, [@NL80211_ATTR_QOS_MAP={0x32, 0xc7, {[{0x3, 0x2}, {0x6, 0x3}, {0x2}, {0x6, 0x4}, {0x81, 0x2}, {0x4, 0x5}, {0x7, 0x2}, {0x9, 0x4}, {0x4, 0x2}, {0x7f, 0x3}, {0x46, 0x6}, {0x80, 0x5}, {0x0, 0x2}, {0xe0, 0x7}, {0x1, 0x2}, {0x1e, 0x7}, {0x3f, 0x1}, {0x3, 0x6}, {0x9, 0x7}], "cbd627a96cf50056"}}, @NL80211_ATTR_QOS_MAP={0x34, 0xc7, {[{0xc8}, {0x81, 0x1}, {0xf9, 0x2}, {0x8, 0x7}, {0xfc, 0x2}, {0x81, 0x4}, {0x6, 0x7}, {0x40, 0x7}, {0x20, 0x1}, {0x1f, 0x3}, {0x0, 0x7}, {0x8, 0x2}, {0x1, 0x1}, {0x1, 0x5}, {0x7f, 0x1}, {0x9, 0x7}, {0x5, 0x4}, {0x5, 0x4}, {0x1f}, {0xff}], "73e22baf50286837"}}, @NL80211_ATTR_QOS_MAP={0x12, 0xc7, {[{0x5, 0x1}, {0x4, 0x7}, {0x50, 0x1}], "24a303a30971652b"}}, @NL80211_ATTR_QOS_MAP={0x24, 0xc7, {[{0x2}, {0x80, 0x3}, {0x0, 0x7}, {0x0, 0x6}, {0x3f, 0x3}, {0x2, 0x2}, {0x11}, {0x0, 0x2}, {0x4, 0x5}, {0x0, 0x2}, {0x1, 0x3}, {0x1, 0x1}], "2183f956525ba7b7"}}, @NL80211_ATTR_QOS_MAP={0x30, 0xc7, {[{0x1, 0x1}, {0x81, 0x6}, {0x7, 0x7}, {0x9, 0x7}, {0x0, 0x3}, {0x80, 0x6}, {0x1, 0x4}, {0x6, 0x6}, {0x40, 0x4}, {0x2c, 0x5}, {0xfd, 0x4}, {0x0, 0x4}, {0x9, 0x3}, {0x3, 0x2}, {0x5, 0x2}, {0x40, 0x1}, {}, {0xff, 0x7}], "71eb983034ac0d68"}}, @NL80211_ATTR_QOS_MAP={0x1c, 0xc7, {[{0x7f, 0x4}, {0x96, 0x4}, {0x1, 0x2}, {0x7, 0x1}, {0x1, 0x2}, {0x3f, 0x1}, {0xf6, 0x4}, {0x6, 0x6}], "ad093a3e44cf851d"}}]}, 0x10c}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x38, r1, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x2}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x10040000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$NET_DM_CMD_STOP(r3, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, r4, 0x8, 0x70bd26, 0x25dfdbfc, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000044}, 0x40014) sendmsg$IEEE802154_ADD_IFACE(r3, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x38, 0x0, 0x2, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy2\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy2\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy2\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040804}, 0x200000c0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000740), r3) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x54, 0x3, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_PROTOINFO={0x40, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x3c, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0xbf}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0x40}, @CTA_PROTOINFO_DCCP_ROLE={0x5}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0x3f}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x10001}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x739}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x54}, 0xc0c1) r5 = open_tree(r0, &(0x7f00000008c0)='./file0\x00', 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000940)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r5, &(0x7f0000000a80)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000980)={0x94, 0x0, 0xa, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="e8d669c0d34a"}, @NL80211_ATTR_PMK={0x14, 0xfe, "95e0c79f33d4b3f62e3c8efc174a4c9c"}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x1}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x43}, @NL80211_ATTR_PMKID={0x14, 0x55, "b8d81691caf37a17bbd331896259c1f7"}, @NL80211_ATTR_PMK={0x14, 0xfe, "db11f215d2f50634859167677a10ec8e"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x1e}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000881}, 0x20000000) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000ac0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b40), r5) sendmsg$NL80211_CMD_DISCONNECT(r7, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x48, r8, 0x4, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x4, 0x76}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x35}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x33}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x14}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x30}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x34}]}, 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x880) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_INTERFACE(r9, &(0x7f0000000e00)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x10040000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d40)={0x50, 0x0, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@NL802154_ATTR_IFTYPE={0x8, 0x5, 0xffffffffffffffff}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x10008004}, 0x40800) [ 69.338175] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.340334] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.342424] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.346186] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.352901] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 69.354629] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.359324] Bluetooth: hci0: HCI_REQ-0x0c1a [ 69.459797] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 69.462596] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 69.463890] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 69.467978] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 69.471578] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 69.472730] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.480231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 69.481032] Bluetooth: hci2: HCI_REQ-0x0c1a [ 69.492483] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 69.495060] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.522563] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.542797] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 69.545079] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.546718] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 69.548280] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 69.550422] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 69.551843] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 69.552886] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 69.554418] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 69.555387] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 69.556539] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 69.557794] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 69.564373] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 69.565441] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 69.566561] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 69.568366] Bluetooth: hci3: HCI_REQ-0x0c1a [ 69.591345] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 69.592715] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 69.594148] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 69.594551] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 69.597267] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 69.607392] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 69.608396] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 69.609606] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 69.610712] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 69.613455] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.614817] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 69.615872] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 69.627842] Bluetooth: hci7: HCI_REQ-0x0c1a [ 69.633435] Bluetooth: hci4: HCI_REQ-0x0c1a [ 69.634259] Bluetooth: hci5: HCI_REQ-0x0c1a [ 69.635524] Bluetooth: hci6: HCI_REQ-0x0c1a [ 71.421778] Bluetooth: hci0: command 0x0409 tx timeout [ 71.485326] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 71.549199] Bluetooth: hci2: command 0x0409 tx timeout [ 71.613332] Bluetooth: hci3: command 0x0409 tx timeout [ 71.677243] Bluetooth: hci4: command 0x0409 tx timeout [ 71.678349] Bluetooth: hci5: command 0x0409 tx timeout [ 71.679618] Bluetooth: hci6: command 0x0409 tx timeout [ 71.680467] Bluetooth: hci7: command 0x0409 tx timeout [ 73.469203] Bluetooth: hci0: command 0x041b tx timeout [ 73.597247] Bluetooth: hci2: command 0x041b tx timeout [ 73.661206] Bluetooth: hci3: command 0x041b tx timeout [ 73.725214] Bluetooth: hci7: command 0x041b tx timeout [ 73.725647] Bluetooth: hci6: command 0x041b tx timeout [ 73.726003] Bluetooth: hci5: command 0x041b tx timeout [ 73.726475] Bluetooth: hci4: command 0x041b tx timeout [ 74.830420] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.831763] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.832740] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.834581] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.835626] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 74.836345] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.842180] Bluetooth: hci1: HCI_REQ-0x0c1a [ 75.517205] Bluetooth: hci0: command 0x040f tx timeout [ 75.645211] Bluetooth: hci2: command 0x040f tx timeout [ 75.709248] Bluetooth: hci3: command 0x040f tx timeout [ 75.773229] Bluetooth: hci4: command 0x040f tx timeout [ 75.773671] Bluetooth: hci5: command 0x040f tx timeout [ 75.774026] Bluetooth: hci6: command 0x040f tx timeout [ 75.774450] Bluetooth: hci7: command 0x040f tx timeout [ 76.925221] Bluetooth: hci1: command 0x0409 tx timeout [ 77.565212] Bluetooth: hci0: command 0x0419 tx timeout [ 77.693189] Bluetooth: hci2: command 0x0419 tx timeout [ 77.757181] Bluetooth: hci3: command 0x0419 tx timeout [ 77.821196] Bluetooth: hci7: command 0x0419 tx timeout [ 77.821620] Bluetooth: hci6: command 0x0419 tx timeout [ 77.821991] Bluetooth: hci5: command 0x0419 tx timeout [ 77.822414] Bluetooth: hci4: command 0x0419 tx timeout [ 78.973236] Bluetooth: hci1: command 0x041b tx timeout [ 81.021363] Bluetooth: hci1: command 0x040f tx timeout [ 83.069137] Bluetooth: hci1: command 0x0419 tx timeout [ 124.372787] loop2: detected capacity change from 0 to 264192 [ 124.447563] loop2: detected capacity change from 0 to 264192 22:20:13 executing program 2: capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000580)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=0x0) capset(&(0x7f00000001c0)={0x20080522, r0}, &(0x7f0000000200)={0x54f5, 0xeb3c, 0x8, 0x80000000, 0x436, 0x81}) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)={0x3f, 0x0, 0x9, 0x81, 0xfff, 0xc4}) ioctl$TCGETA(r1, 0x5405, &(0x7f0000000000)) capset(&(0x7f00000002c0)={0x20080522, r0}, &(0x7f0000000300)={0x40, 0x400, 0xdfb, 0x3, 0x2, 0xfffffffc}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, {0x401}}, './file0\x00'}) ioctl$TIOCL_SELLOADLUT(r2, 0x541c, &(0x7f0000000280)={0x5, 0x6, 0x8184, 0x9, 0x4}) capset(&(0x7f0000000100)={0x19980330, 0xffffffffffffffff}, &(0x7f0000000140)={0x8001, 0x1, 0x7, 0x2, 0x9, 0x200}) [ 124.714706] capability: warning: `syz-executor.2' uses 32-bit capabilities (legacy support in use) 22:20:13 executing program 2: r0 = open$dir(&(0x7f0000000200)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getdents(r0, &(0x7f0000000000)=""/42, 0x2a) [ 124.975409] audit: type=1400 audit(1665008413.724:7): avc: denied { open } for pid=3747 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 124.978652] audit: type=1400 audit(1665008413.725:8): avc: denied { kernel } for pid=3747 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.000779] ------------[ cut here ]------------ [ 125.000813] [ 125.000819] ====================================================== [ 125.000825] WARNING: possible circular locking dependency detected [ 125.000831] 6.0.0-next-20221005 #1 Not tainted [ 125.000843] ------------------------------------------------------ [ 125.000848] syz-executor.2/3752 is trying to acquire lock: [ 125.000859] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 125.000925] [ 125.000925] but task is already holding lock: [ 125.000930] ffff88803fdc2c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 125.000978] [ 125.000978] which lock already depends on the new lock. [ 125.000978] [ 125.000983] [ 125.000983] the existing dependency chain (in reverse order) is: [ 125.000988] [ 125.000988] -> #3 (&ctx->lock){....}-{2:2}: [ 125.001013] _raw_spin_lock+0x2a/0x40 [ 125.001035] __perf_event_task_sched_out+0x53b/0x18d0 [ 125.001056] __schedule+0xedd/0x2470 [ 125.001088] schedule+0xda/0x1b0 [ 125.001115] exit_to_user_mode_prepare+0x114/0x1a0 [ 125.001136] syscall_exit_to_user_mode+0x19/0x40 [ 125.001161] do_syscall_64+0x48/0x90 [ 125.001178] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.001202] [ 125.001202] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 125.001227] _raw_spin_lock_nested+0x30/0x40 [ 125.001248] raw_spin_rq_lock_nested+0x1e/0x30 [ 125.001271] task_fork_fair+0x63/0x4d0 [ 125.001302] sched_cgroup_fork+0x3d0/0x540 [ 125.001328] copy_process+0x4183/0x6e20 [ 125.001346] kernel_clone+0xe7/0x890 [ 125.001364] user_mode_thread+0xad/0xf0 [ 125.001383] rest_init+0x24/0x250 [ 125.001406] arch_call_rest_init+0xf/0x14 [ 125.001439] start_kernel+0x4c6/0x4eb [ 125.001471] secondary_startup_64_no_verify+0xe0/0xeb [ 125.001496] [ 125.001496] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 125.001521] _raw_spin_lock_irqsave+0x39/0x60 [ 125.001542] try_to_wake_up+0xab/0x1930 [ 125.001567] up+0x75/0xb0 [ 125.001594] __up_console_sem+0x6e/0x80 [ 125.001622] console_unlock+0x46a/0x590 [ 125.001651] vprintk_emit+0x1bd/0x560 [ 125.001680] vprintk+0x84/0xa0 [ 125.001709] _printk+0xba/0xf1 [ 125.001731] regdb_fw_cb.cold+0x6c/0xa7 [ 125.001763] request_firmware_work_func+0x12e/0x240 [ 125.001798] process_one_work+0xa17/0x16a0 [ 125.001829] worker_thread+0x637/0x1260 [ 125.001860] kthread+0x2ed/0x3a0 [ 125.001886] ret_from_fork+0x22/0x30 [ 125.001908] [ 125.001908] -> #0 ((console_sem).lock){....}-{2:2}: [ 125.001933] __lock_acquire+0x2a02/0x5e70 [ 125.001963] lock_acquire+0x1a2/0x530 [ 125.001993] _raw_spin_lock_irqsave+0x39/0x60 [ 125.002014] down_trylock+0xe/0x70 [ 125.002043] __down_trylock_console_sem+0x3b/0xd0 [ 125.002073] vprintk_emit+0x16b/0x560 [ 125.002102] vprintk+0x84/0xa0 [ 125.002131] _printk+0xba/0xf1 [ 125.002151] report_bug.cold+0x72/0xab [ 125.002182] handle_bug+0x3c/0x70 [ 125.002199] exc_invalid_op+0x14/0x50 [ 125.002217] asm_exc_invalid_op+0x16/0x20 [ 125.002240] group_sched_out.part.0+0x2c7/0x460 [ 125.002272] ctx_sched_out+0x8f1/0xc10 [ 125.002303] __perf_event_task_sched_out+0x6d0/0x18d0 [ 125.002323] __schedule+0xedd/0x2470 [ 125.002349] schedule+0xda/0x1b0 [ 125.002375] exit_to_user_mode_prepare+0x114/0x1a0 [ 125.002395] syscall_exit_to_user_mode+0x19/0x40 [ 125.002419] do_syscall_64+0x48/0x90 [ 125.002437] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.002461] [ 125.002461] other info that might help us debug this: [ 125.002461] [ 125.002466] Chain exists of: [ 125.002466] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 125.002466] [ 125.002493] Possible unsafe locking scenario: [ 125.002493] [ 125.002497] CPU0 CPU1 [ 125.002501] ---- ---- [ 125.002505] lock(&ctx->lock); [ 125.002515] lock(&rq->__lock); [ 125.002526] lock(&ctx->lock); [ 125.002537] lock((console_sem).lock); [ 125.002548] [ 125.002548] *** DEADLOCK *** [ 125.002548] [ 125.002551] 2 locks held by syz-executor.2/3752: [ 125.002564] #0: ffff88806ce37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 125.002619] #1: ffff88803fdc2c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 125.002676] [ 125.002676] stack backtrace: [ 125.002681] CPU: 0 PID: 3752 Comm: syz-executor.2 Not tainted 6.0.0-next-20221005 #1 [ 125.002704] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.002715] Call Trace: [ 125.002720] [ 125.002728] dump_stack_lvl+0x8b/0xb3 [ 125.002764] check_noncircular+0x263/0x2e0 [ 125.002795] ? format_decode+0x26c/0xb50 [ 125.002826] ? print_circular_bug+0x450/0x450 [ 125.002858] ? simple_strtoul+0x30/0x30 [ 125.002889] ? format_decode+0x26c/0xb50 [ 125.002923] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 125.002956] __lock_acquire+0x2a02/0x5e70 [ 125.002997] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 125.003039] lock_acquire+0x1a2/0x530 [ 125.003071] ? down_trylock+0xe/0x70 [ 125.003105] ? lock_release+0x750/0x750 [ 125.003143] ? vprintk+0x84/0xa0 [ 125.003177] _raw_spin_lock_irqsave+0x39/0x60 [ 125.003200] ? down_trylock+0xe/0x70 [ 125.003232] down_trylock+0xe/0x70 [ 125.003263] ? vprintk+0x84/0xa0 [ 125.003295] __down_trylock_console_sem+0x3b/0xd0 [ 125.003328] vprintk_emit+0x16b/0x560 [ 125.003368] vprintk+0x84/0xa0 [ 125.003401] _printk+0xba/0xf1 [ 125.003424] ? record_print_text.cold+0x16/0x16 [ 125.003455] ? report_bug.cold+0x66/0xab [ 125.003490] ? group_sched_out.part.0+0x2c7/0x460 [ 125.003525] report_bug.cold+0x72/0xab [ 125.003562] handle_bug+0x3c/0x70 [ 125.003581] exc_invalid_op+0x14/0x50 [ 125.003601] asm_exc_invalid_op+0x16/0x20 [ 125.003626] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 125.003664] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 2b 08 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 125.003685] RSP: 0018:ffff88804085fc48 EFLAGS: 00010006 [ 125.003702] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 125.003716] RDX: ffff88802101b580 RSI: ffffffff81566da7 RDI: 0000000000000005 [ 125.003730] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 125.003743] R10: 0000000000000000 R11: ffffffff865b601b R12: ffff88803fdc2c00 [ 125.003757] R13: ffff88806ce3d2c0 R14: ffffffff8547d040 R15: 0000000000000002 [ 125.003778] ? group_sched_out.part.0+0x2c7/0x460 [ 125.003815] ? group_sched_out.part.0+0x2c7/0x460 [ 125.003851] ctx_sched_out+0x8f1/0xc10 [ 125.003887] __perf_event_task_sched_out+0x6d0/0x18d0 [ 125.003913] ? lock_is_held_type+0xd7/0x130 [ 125.003940] ? __perf_cgroup_move+0x160/0x160 [ 125.003960] ? set_next_entity+0x304/0x550 [ 125.003992] ? update_curr+0x267/0x740 [ 125.004026] ? lock_is_held_type+0xd7/0x130 [ 125.004053] __schedule+0xedd/0x2470 [ 125.004086] ? io_schedule_timeout+0x150/0x150 [ 125.004118] ? rcu_read_lock_sched_held+0x3e/0x80 [ 125.004155] schedule+0xda/0x1b0 [ 125.004184] exit_to_user_mode_prepare+0x114/0x1a0 [ 125.004207] syscall_exit_to_user_mode+0x19/0x40 [ 125.004233] do_syscall_64+0x48/0x90 [ 125.004253] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.004279] RIP: 0033:0x7ff87dbceb19 [ 125.004293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.004313] RSP: 002b:00007ff87b144218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.004333] RAX: 0000000000000001 RBX: 00007ff87dce1f68 RCX: 00007ff87dbceb19 [ 125.004347] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff87dce1f6c [ 125.004361] RBP: 00007ff87dce1f60 R08: 000000000000000e R09: 0000000000000000 [ 125.004374] R10: 0000000000000004 R11: 0000000000000246 R12: 00007ff87dce1f6c [ 125.004387] R13: 00007ffc900a3bbf R14: 00007ff87b144300 R15: 0000000000022000 [ 125.004411] [ 125.097868] WARNING: CPU: 0 PID: 3752 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 125.099042] Modules linked in: [ 125.099456] CPU: 0 PID: 3752 Comm: syz-executor.2 Not tainted 6.0.0-next-20221005 #1 [ 125.100417] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.101436] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 125.102140] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 2b 08 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 125.104441] RSP: 0018:ffff88804085fc48 EFLAGS: 00010006 [ 125.105127] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 125.106051] RDX: ffff88802101b580 RSI: ffffffff81566da7 RDI: 0000000000000005 [ 125.106961] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 125.107860] R10: 0000000000000000 R11: ffffffff865b601b R12: ffff88803fdc2c00 [ 125.108762] R13: ffff88806ce3d2c0 R14: ffffffff8547d040 R15: 0000000000000002 [ 125.109647] FS: 00007ff87b144700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 125.110658] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.111417] CR2: 00007f7a07d698e0 CR3: 000000001b47c000 CR4: 0000000000350ef0 [ 125.112303] Call Trace: [ 125.112630] [ 125.112926] ctx_sched_out+0x8f1/0xc10 [ 125.113435] __perf_event_task_sched_out+0x6d0/0x18d0 [ 125.114110] ? lock_is_held_type+0xd7/0x130 [ 125.114674] ? __perf_cgroup_move+0x160/0x160 [ 125.115261] ? set_next_entity+0x304/0x550 [ 125.115817] ? update_curr+0x267/0x740 [ 125.116341] ? lock_is_held_type+0xd7/0x130 [ 125.116904] __schedule+0xedd/0x2470 [ 125.117398] ? io_schedule_timeout+0x150/0x150 [ 125.117973] ? rcu_read_lock_sched_held+0x3e/0x80 [ 125.118579] schedule+0xda/0x1b0 [ 125.119047] exit_to_user_mode_prepare+0x114/0x1a0 [ 125.119649] syscall_exit_to_user_mode+0x19/0x40 [ 125.120225] do_syscall_64+0x48/0x90 [ 125.120679] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.121303] RIP: 0033:0x7ff87dbceb19 [ 125.121756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.123916] RSP: 002b:00007ff87b144218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.124810] RAX: 0000000000000001 RBX: 00007ff87dce1f68 RCX: 00007ff87dbceb19 [ 125.125645] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff87dce1f6c [ 125.126479] RBP: 00007ff87dce1f60 R08: 000000000000000e R09: 0000000000000000 [ 125.127343] R10: 0000000000000004 R11: 0000000000000246 R12: 00007ff87dce1f6c [ 125.128178] R13: 00007ffc900a3bbf R14: 00007ff87b144300 R15: 0000000000022000 [ 125.129024] [ 125.129310] irq event stamp: 684 [ 125.129713] hardirqs last enabled at (683): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 125.130835] hardirqs last disabled at (684): [] __schedule+0x1225/0x2470 [ 125.131810] softirqs last enabled at (546): [] __irq_exit_rcu+0x11b/0x180 [ 125.132815] softirqs last disabled at (541): [] __irq_exit_rcu+0x11b/0x180 [ 125.133810] ---[ end trace 0000000000000000 ]--- 22:20:14 executing program 2: r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x40200, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={0x0, @nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x400000}, @ethernet={0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, @hci={0x1f, 0x2, 0x1}, 0x4, 0x0, 0x0, 0x0, 0xf800, &(0x7f0000000340)='syzkaller0\x00', 0x80, 0x6, 0x9}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) futimesat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {0x0, 0x2710}}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x211) prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ff2000/0x1000)=nil) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000004c0)={0x4, &(0x7f0000000480)=[{0x723, 0x0, 0x7, 0x7}, {0x1f, 0x2, 0x3, 0x1f}, {0x1000, 0x7, 0x7f, 0xfff}, {0x3, 0x1, 0xff, 0x5}]}) r4 = getuid() fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)={{}, {}, [{0x2, 0x0, r3}, {0x2, 0x1, r4}, {0x2, 0x4}], {}, [], {0x10, 0x2}, {0x20, 0x2}}, 0x3c, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x8, &(0x7f0000000600)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@privport}, {@afid={'afid', 0x3d, 0x2}}, {@uname={'uname', 0x3d, '\xaa\xaa\xaa\xaa\xaa'}}, {@uname={'uname', 0x3d, '&@'}}], [{@fsuuid={'fsuuid', 0x3d, {[0x33, 0xbf616f98820401a4, 0x36, 0x30, 0x31, 0x32, 0x39, 0x32], 0x2d, [0x63, 0x2, 0x65, 0x29504ad64141a070], 0x2d, [0x0, 0x30, 0x33, 0x34], 0x2d, [0x38, 0x38, 0x35, 0x38], 0x2d, [0x30, 0x65, 0x63, 0x30, 0x64, 0x65, 0x35, 0x37]}}}, {@obj_role={'obj_role', 0x3d, 'numa_maps\x00'}}, {@pcr={'pcr', 0x3d, 0xb}}, {@subj_role={'subj_role', 0x3d, 'numa_maps\x00'}}, {@uid_eq}, {@smackfshat={'smackfshat', 0x3d, 'syzkaller0\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x62, 0x35, 0x63, 0x30, 0x38, 0x37, 0x38, 0x32], 0x2d, [0x0, 0x33, 0x63, 0x39], 0x2d, [0x31, 0xd, 0x37, 0x61], 0x2d, [0x36, 0x33, 0x35, 0x60], 0x2d, [0x66, 0x61, 0x33, 0x35, 0x35, 0x36, 0x63]}}}, {@fowner_lt={'fowner<', r4}}, {@fowner_gt={'fowner>', r5}}]}}) mprotect(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="7c00000000090300000000000000dd6024d82235da01054000000015440002000c00028005000100210000001400018008000100e000000108000200ac1414bb0c000280050001008400000014000180080001006401010008000200000000000900010073797a300000000015000540000200060800064000000001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004842}, 0x8000) mbind(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x3, &(0x7f0000000140), 0x5, 0x0) move_pages(0x0, 0x0, 0x0, &(0x7f0000000080)=[0x9, 0x619, 0x401], &(0x7f00000000c0)=[0x0], 0x0) 22:20:14 executing program 2: r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x40200, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={0x0, @nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x400000}, @ethernet={0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, @hci={0x1f, 0x2, 0x1}, 0x4, 0x0, 0x0, 0x0, 0xf800, &(0x7f0000000340)='syzkaller0\x00', 0x80, 0x6, 0x9}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) futimesat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {0x0, 0x2710}}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x211) prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ff2000/0x1000)=nil) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000004c0)={0x4, &(0x7f0000000480)=[{0x723, 0x0, 0x7, 0x7}, {0x1f, 0x2, 0x3, 0x1f}, {0x1000, 0x7, 0x7f, 0xfff}, {0x3, 0x1, 0xff, 0x5}]}) r4 = getuid() fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)={{}, {}, [{0x2, 0x0, r3}, {0x2, 0x1, r4}, {0x2, 0x4}], {}, [], {0x10, 0x2}, {0x20, 0x2}}, 0x3c, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x8, &(0x7f0000000600)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@privport}, {@afid={'afid', 0x3d, 0x2}}, {@uname={'uname', 0x3d, '\xaa\xaa\xaa\xaa\xaa'}}, {@uname={'uname', 0x3d, '&@'}}], [{@fsuuid={'fsuuid', 0x3d, {[0x33, 0xbf616f98820401a4, 0x36, 0x30, 0x31, 0x32, 0x39, 0x32], 0x2d, [0x63, 0x2, 0x65, 0x29504ad64141a070], 0x2d, [0x0, 0x30, 0x33, 0x34], 0x2d, [0x38, 0x38, 0x35, 0x38], 0x2d, [0x30, 0x65, 0x63, 0x30, 0x64, 0x65, 0x35, 0x37]}}}, {@obj_role={'obj_role', 0x3d, 'numa_maps\x00'}}, {@pcr={'pcr', 0x3d, 0xb}}, {@subj_role={'subj_role', 0x3d, 'numa_maps\x00'}}, {@uid_eq}, {@smackfshat={'smackfshat', 0x3d, 'syzkaller0\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x62, 0x35, 0x63, 0x30, 0x38, 0x37, 0x38, 0x32], 0x2d, [0x0, 0x33, 0x63, 0x39], 0x2d, [0x31, 0xd, 0x37, 0x61], 0x2d, [0x36, 0x33, 0x35, 0x60], 0x2d, [0x66, 0x61, 0x33, 0x35, 0x35, 0x36, 0x63]}}}, {@fowner_lt={'fowner<', r4}}, {@fowner_gt={'fowner>', r5}}]}}) mprotect(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="7c00000000090300000000000000dd6024d82235da01054000000015440002000c00028005000100210000001400018008000100e000000108000200ac1414bb0c000280050001008400000014000180080001006401010008000200000000000900010073797a300000000015000540000200060800064000000001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004842}, 0x8000) mbind(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x3, &(0x7f0000000140), 0x5, 0x0) move_pages(0x0, 0x0, 0x0, &(0x7f0000000080)=[0x9, 0x619, 0x401], &(0x7f00000000c0)=[0x0], 0x0) 22:20:14 executing program 2: r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x40200, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={0x0, @nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x400000}, @ethernet={0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, @hci={0x1f, 0x2, 0x1}, 0x4, 0x0, 0x0, 0x0, 0xf800, &(0x7f0000000340)='syzkaller0\x00', 0x80, 0x6, 0x9}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) futimesat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {0x0, 0x2710}}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x211) prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ff2000/0x1000)=nil) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000004c0)={0x4, &(0x7f0000000480)=[{0x723, 0x0, 0x7, 0x7}, {0x1f, 0x2, 0x3, 0x1f}, {0x1000, 0x7, 0x7f, 0xfff}, {0x3, 0x1, 0xff, 0x5}]}) r4 = getuid() fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)={{}, {}, [{0x2, 0x0, r3}, {0x2, 0x1, r4}, {0x2, 0x4}], {}, [], {0x10, 0x2}, {0x20, 0x2}}, 0x3c, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x8, &(0x7f0000000600)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@privport}, {@afid={'afid', 0x3d, 0x2}}, {@uname={'uname', 0x3d, '\xaa\xaa\xaa\xaa\xaa'}}, {@uname={'uname', 0x3d, '&@'}}], [{@fsuuid={'fsuuid', 0x3d, {[0x33, 0xbf616f98820401a4, 0x36, 0x30, 0x31, 0x32, 0x39, 0x32], 0x2d, [0x63, 0x2, 0x65, 0x29504ad64141a070], 0x2d, [0x0, 0x30, 0x33, 0x34], 0x2d, [0x38, 0x38, 0x35, 0x38], 0x2d, [0x30, 0x65, 0x63, 0x30, 0x64, 0x65, 0x35, 0x37]}}}, {@obj_role={'obj_role', 0x3d, 'numa_maps\x00'}}, {@pcr={'pcr', 0x3d, 0xb}}, {@subj_role={'subj_role', 0x3d, 'numa_maps\x00'}}, {@uid_eq}, {@smackfshat={'smackfshat', 0x3d, 'syzkaller0\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x62, 0x35, 0x63, 0x30, 0x38, 0x37, 0x38, 0x32], 0x2d, [0x0, 0x33, 0x63, 0x39], 0x2d, [0x31, 0xd, 0x37, 0x61], 0x2d, [0x36, 0x33, 0x35, 0x60], 0x2d, [0x66, 0x61, 0x33, 0x35, 0x35, 0x36, 0x63]}}}, {@fowner_lt={'fowner<', r4}}, {@fowner_gt={'fowner>', r5}}]}}) mprotect(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="7c00000000090300000000000000dd6024d82235da01054000000015440002000c00028005000100210000001400018008000100e000000108000200ac1414bb0c000280050001008400000014000180080001006401010008000200000000000900010073797a300000000015000540000200060800064000000001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004842}, 0x8000) mbind(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x3, &(0x7f0000000140), 0x5, 0x0) move_pages(0x0, 0x0, 0x0, &(0x7f0000000080)=[0x9, 0x619, 0x401], &(0x7f00000000c0)=[0x0], 0x0) 22:20:14 executing program 2: r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x40200, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={0x0, @nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x400000}, @ethernet={0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, @hci={0x1f, 0x2, 0x1}, 0x4, 0x0, 0x0, 0x0, 0xf800, &(0x7f0000000340)='syzkaller0\x00', 0x80, 0x6, 0x9}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) futimesat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {0x0, 0x2710}}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x211) prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ff2000/0x1000)=nil) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000004c0)={0x4, &(0x7f0000000480)=[{0x723, 0x0, 0x7, 0x7}, {0x1f, 0x2, 0x3, 0x1f}, {0x1000, 0x7, 0x7f, 0xfff}, {0x3, 0x1, 0xff, 0x5}]}) r4 = getuid() fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)={{}, {}, [{0x2, 0x0, r3}, {0x2, 0x1, r4}, {0x2, 0x4}], {}, [], {0x10, 0x2}, {0x20, 0x2}}, 0x3c, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x8, &(0x7f0000000600)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@privport}, {@afid={'afid', 0x3d, 0x2}}, {@uname={'uname', 0x3d, '\xaa\xaa\xaa\xaa\xaa'}}, {@uname={'uname', 0x3d, '&@'}}], [{@fsuuid={'fsuuid', 0x3d, {[0x33, 0xbf616f98820401a4, 0x36, 0x30, 0x31, 0x32, 0x39, 0x32], 0x2d, [0x63, 0x2, 0x65, 0x29504ad64141a070], 0x2d, [0x0, 0x30, 0x33, 0x34], 0x2d, [0x38, 0x38, 0x35, 0x38], 0x2d, [0x30, 0x65, 0x63, 0x30, 0x64, 0x65, 0x35, 0x37]}}}, {@obj_role={'obj_role', 0x3d, 'numa_maps\x00'}}, {@pcr={'pcr', 0x3d, 0xb}}, {@subj_role={'subj_role', 0x3d, 'numa_maps\x00'}}, {@uid_eq}, {@smackfshat={'smackfshat', 0x3d, 'syzkaller0\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x62, 0x35, 0x63, 0x30, 0x38, 0x37, 0x38, 0x32], 0x2d, [0x0, 0x33, 0x63, 0x39], 0x2d, [0x31, 0xd, 0x37, 0x61], 0x2d, [0x36, 0x33, 0x35, 0x60], 0x2d, [0x66, 0x61, 0x33, 0x35, 0x35, 0x36, 0x63]}}}, {@fowner_lt={'fowner<', r4}}, {@fowner_gt={'fowner>', r5}}]}}) mprotect(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="7c00000000090300000000000000dd6024d82235da01054000000015440002000c00028005000100210000001400018008000100e000000108000200ac1414bb0c000280050001008400000014000180080001006401010008000200000000000900010073797a300000000015000540000200060800064000000001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004842}, 0x8000) mbind(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x3, &(0x7f0000000140), 0x5, 0x0) move_pages(0x0, 0x0, 0x0, &(0x7f0000000080)=[0x9, 0x619, 0x401], &(0x7f00000000c0)=[0x0], 0x0) 22:20:15 executing program 2: r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x40200, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={0x0, @nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x400000}, @ethernet={0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, @hci={0x1f, 0x2, 0x1}, 0x4, 0x0, 0x0, 0x0, 0xf800, &(0x7f0000000340)='syzkaller0\x00', 0x80, 0x6, 0x9}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) futimesat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {0x0, 0x2710}}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x211) prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ff2000/0x1000)=nil) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000004c0)={0x4, &(0x7f0000000480)=[{0x723, 0x0, 0x7, 0x7}, {0x1f, 0x2, 0x3, 0x1f}, {0x1000, 0x7, 0x7f, 0xfff}, {0x3, 0x1, 0xff, 0x5}]}) r4 = getuid() fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)={{}, {}, [{0x2, 0x0, r3}, {0x2, 0x1, r4}, {0x2, 0x4}], {}, [], {0x10, 0x2}, {0x20, 0x2}}, 0x3c, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x8, &(0x7f0000000600)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@privport}, {@afid={'afid', 0x3d, 0x2}}, {@uname={'uname', 0x3d, '\xaa\xaa\xaa\xaa\xaa'}}, {@uname={'uname', 0x3d, '&@'}}], [{@fsuuid={'fsuuid', 0x3d, {[0x33, 0xbf616f98820401a4, 0x36, 0x30, 0x31, 0x32, 0x39, 0x32], 0x2d, [0x63, 0x2, 0x65, 0x29504ad64141a070], 0x2d, [0x0, 0x30, 0x33, 0x34], 0x2d, [0x38, 0x38, 0x35, 0x38], 0x2d, [0x30, 0x65, 0x63, 0x30, 0x64, 0x65, 0x35, 0x37]}}}, {@obj_role={'obj_role', 0x3d, 'numa_maps\x00'}}, {@pcr={'pcr', 0x3d, 0xb}}, {@subj_role={'subj_role', 0x3d, 'numa_maps\x00'}}, {@uid_eq}, {@smackfshat={'smackfshat', 0x3d, 'syzkaller0\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x62, 0x35, 0x63, 0x30, 0x38, 0x37, 0x38, 0x32], 0x2d, [0x0, 0x33, 0x63, 0x39], 0x2d, [0x31, 0xd, 0x37, 0x61], 0x2d, [0x36, 0x33, 0x35, 0x60], 0x2d, [0x66, 0x61, 0x33, 0x35, 0x35, 0x36, 0x63]}}}, {@fowner_lt={'fowner<', r4}}, {@fowner_gt={'fowner>', r5}}]}}) mprotect(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="7c00000000090300000000000000dd6024d82235da01054000000015440002000c00028005000100210000001400018008000100e000000108000200ac1414bb0c000280050001008400000014000180080001006401010008000200000000000900010073797a300000000015000540000200060800064000000001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004842}, 0x8000) mbind(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x3, &(0x7f0000000140), 0x5, 0x0) 22:20:15 executing program 2: r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x40200, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={0x0, @nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x400000}, @ethernet={0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, @hci={0x1f, 0x2, 0x1}, 0x4, 0x0, 0x0, 0x0, 0xf800, &(0x7f0000000340)='syzkaller0\x00', 0x80, 0x6, 0x9}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) futimesat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {0x0, 0x2710}}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x211) prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ff2000/0x1000)=nil) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000004c0)={0x4, &(0x7f0000000480)=[{0x723, 0x0, 0x7, 0x7}, {0x1f, 0x2, 0x3, 0x1f}, {0x1000, 0x7, 0x7f, 0xfff}, {0x3, 0x1, 0xff, 0x5}]}) r4 = getuid() fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)={{}, {}, [{0x2, 0x0, r3}, {0x2, 0x1, r4}, {0x2, 0x4}], {}, [], {0x10, 0x2}, {0x20, 0x2}}, 0x3c, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x8, &(0x7f0000000600)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@privport}, {@afid={'afid', 0x3d, 0x2}}, {@uname={'uname', 0x3d, '\xaa\xaa\xaa\xaa\xaa'}}, {@uname={'uname', 0x3d, '&@'}}], [{@fsuuid={'fsuuid', 0x3d, {[0x33, 0xbf616f98820401a4, 0x36, 0x30, 0x31, 0x32, 0x39, 0x32], 0x2d, [0x63, 0x2, 0x65, 0x29504ad64141a070], 0x2d, [0x0, 0x30, 0x33, 0x34], 0x2d, [0x38, 0x38, 0x35, 0x38], 0x2d, [0x30, 0x65, 0x63, 0x30, 0x64, 0x65, 0x35, 0x37]}}}, {@obj_role={'obj_role', 0x3d, 'numa_maps\x00'}}, {@pcr={'pcr', 0x3d, 0xb}}, {@subj_role={'subj_role', 0x3d, 'numa_maps\x00'}}, {@uid_eq}, {@smackfshat={'smackfshat', 0x3d, 'syzkaller0\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x62, 0x35, 0x63, 0x30, 0x38, 0x37, 0x38, 0x32], 0x2d, [0x0, 0x33, 0x63, 0x39], 0x2d, [0x31, 0xd, 0x37, 0x61], 0x2d, [0x36, 0x33, 0x35, 0x60], 0x2d, [0x66, 0x61, 0x33, 0x35, 0x35, 0x36, 0x63]}}}, {@fowner_lt={'fowner<', r4}}, {@fowner_gt={'fowner>', r5}}]}}) mprotect(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="7c00000000090300000000000000dd6024d82235da01054000000015440002000c00028005000100210000001400018008000100e000000108000200ac1414bb0c000280050001008400000014000180080001006401010008000200000000000900010073797a300000000015000540000200060800064000000001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004842}, 0x8000) [ 130.646675] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 130.647907] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 130.650728] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 130.653747] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 130.655652] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 130.660240] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 130.663888] Bluetooth: hci4: HCI_REQ-0x0c1a [ 132.669140] Bluetooth: hci4: command 0x0409 tx timeout [ 134.717148] Bluetooth: hci4: command 0x041b tx timeout VM DIAGNOSIS: 22:20:14 Registers: info registers vcpu 0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823bda91 RDI=ffffffff8765c9a0 RBP=ffffffff8765c960 RSP=ffff88804085f690 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002d R11=0000000000000001 R12=000000000000002d R13=ffffffff8765c960 R14=0000000000000010 R15=ffffffff823bda80 RIP=ffffffff823bdae9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff87b144700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7a07d698e0 CR3=000000001b47c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007ff87dcb57c000007ff87dcb57c8 XMM02=00007ff87dcb57e000007ff87dcb57c0 XMM03=00007ff87dcb57c800007ff87dcb57c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=ffff8880211f76c8 RCX=0000000000000000 RDX=1ffff1100423eee8 RSI=ffffffff817863a1 RDI=ffff8880211f76d4 RBP=ffff8880211f7740 RSP=ffff8880211f75e0 R8 =ffffffff85ee0e94 R9 =ffffffff85ee0e98 R10=ffffed100423eecd R11=ffff8880211f7640 R12=ffff8880211f76c8 R13=0000000000000000 R14=ffff8880402eb580 R15=0000000000000dc0 RIP=ffffffff8135ad13 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fce492e6540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fac872c41f0 CR3=00000000205f0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000ff0000000000000000000000ff XMM01=ffffff0000ff00ffffffffffffffff00 XMM02=494c4700362e322e325f4342494c4700 XMM03=00000000000000000000000000004700 XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000