Warning: Permanently added '[localhost]:43130' (ECDSA) to the list of known hosts.
2022/10/06 07:47:22 fuzzer started
2022/10/06 07:47:22 dialing manager at localhost:37193
syzkaller login: [   35.632714] cgroup: Unknown subsys name 'net'
[   35.746320] cgroup: Unknown subsys name 'rlimit'
2022/10/06 07:47:37 syscalls: 2215
2022/10/06 07:47:37 code coverage: enabled
2022/10/06 07:47:37 comparison tracing: enabled
2022/10/06 07:47:37 extra coverage: enabled
2022/10/06 07:47:37 setuid sandbox: enabled
2022/10/06 07:47:37 namespace sandbox: enabled
2022/10/06 07:47:37 Android sandbox: enabled
2022/10/06 07:47:37 fault injection: enabled
2022/10/06 07:47:37 leak checking: enabled
2022/10/06 07:47:37 net packet injection: enabled
2022/10/06 07:47:37 net device setup: enabled
2022/10/06 07:47:37 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/10/06 07:47:37 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/10/06 07:47:37 USB emulation: enabled
2022/10/06 07:47:37 hci packet injection: enabled
2022/10/06 07:47:37 wifi device emulation: failed to parse kernel version (6.0.0-next-20221005                                              )
2022/10/06 07:47:37 802.15.4 emulation: enabled
2022/10/06 07:47:37 fetching corpus: 50, signal 18834/20659 (executing program)
2022/10/06 07:47:37 fetching corpus: 100, signal 35364/38708 (executing program)
2022/10/06 07:47:37 fetching corpus: 150, signal 44656/49416 (executing program)
2022/10/06 07:47:37 fetching corpus: 200, signal 52147/58198 (executing program)
2022/10/06 07:47:38 fetching corpus: 250, signal 56966/64273 (executing program)
2022/10/06 07:47:38 fetching corpus: 300, signal 59926/68547 (executing program)
2022/10/06 07:47:38 fetching corpus: 350, signal 63473/73309 (executing program)
2022/10/06 07:47:38 fetching corpus: 400, signal 67990/78934 (executing program)
2022/10/06 07:47:38 fetching corpus: 450, signal 70345/82459 (executing program)
2022/10/06 07:47:38 fetching corpus: 500, signal 73926/87000 (executing program)
2022/10/06 07:47:38 fetching corpus: 550, signal 76072/90183 (executing program)
2022/10/06 07:47:38 fetching corpus: 600, signal 77718/92963 (executing program)
2022/10/06 07:47:38 fetching corpus: 650, signal 79244/95591 (executing program)
2022/10/06 07:47:38 fetching corpus: 700, signal 83823/100904 (executing program)
2022/10/06 07:47:38 fetching corpus: 750, signal 86899/104774 (executing program)
2022/10/06 07:47:39 fetching corpus: 800, signal 91012/109509 (executing program)
2022/10/06 07:47:39 fetching corpus: 850, signal 93086/112429 (executing program)
2022/10/06 07:47:39 fetching corpus: 900, signal 95048/115194 (executing program)
2022/10/06 07:47:39 fetching corpus: 950, signal 96783/117703 (executing program)
2022/10/06 07:47:39 fetching corpus: 1000, signal 98013/119788 (executing program)
2022/10/06 07:47:39 fetching corpus: 1050, signal 99425/121998 (executing program)
2022/10/06 07:47:39 fetching corpus: 1100, signal 100900/124236 (executing program)
2022/10/06 07:47:39 fetching corpus: 1150, signal 101740/125956 (executing program)
2022/10/06 07:47:39 fetching corpus: 1200, signal 103275/128236 (executing program)
2022/10/06 07:47:40 fetching corpus: 1250, signal 105027/130645 (executing program)
2022/10/06 07:47:40 fetching corpus: 1300, signal 106003/132320 (executing program)
2022/10/06 07:47:40 fetching corpus: 1350, signal 107288/134342 (executing program)
2022/10/06 07:47:40 fetching corpus: 1400, signal 109286/136859 (executing program)
2022/10/06 07:47:40 fetching corpus: 1450, signal 110211/138524 (executing program)
2022/10/06 07:47:40 fetching corpus: 1500, signal 111675/140512 (executing program)
2022/10/06 07:47:40 fetching corpus: 1550, signal 113044/142486 (executing program)
2022/10/06 07:47:40 fetching corpus: 1600, signal 113855/143998 (executing program)
2022/10/06 07:47:40 fetching corpus: 1650, signal 117076/147212 (executing program)
2022/10/06 07:47:40 fetching corpus: 1700, signal 117928/148674 (executing program)
2022/10/06 07:47:40 fetching corpus: 1750, signal 119514/150605 (executing program)
2022/10/06 07:47:41 fetching corpus: 1800, signal 120547/152236 (executing program)
2022/10/06 07:47:41 fetching corpus: 1850, signal 121375/153667 (executing program)
2022/10/06 07:47:41 fetching corpus: 1900, signal 122744/155398 (executing program)
2022/10/06 07:47:41 fetching corpus: 1950, signal 123363/156627 (executing program)
2022/10/06 07:47:41 fetching corpus: 2000, signal 125054/158577 (executing program)
2022/10/06 07:47:41 fetching corpus: 2050, signal 127524/160938 (executing program)
2022/10/06 07:47:41 fetching corpus: 2100, signal 128781/162548 (executing program)
2022/10/06 07:47:41 fetching corpus: 2150, signal 129504/163777 (executing program)
2022/10/06 07:47:41 fetching corpus: 2200, signal 131482/165716 (executing program)
2022/10/06 07:47:41 fetching corpus: 2250, signal 133301/167532 (executing program)
2022/10/06 07:47:42 fetching corpus: 2300, signal 135833/169797 (executing program)
2022/10/06 07:47:42 fetching corpus: 2350, signal 136811/171100 (executing program)
2022/10/06 07:47:42 fetching corpus: 2400, signal 137649/172320 (executing program)
2022/10/06 07:47:42 fetching corpus: 2450, signal 138644/173681 (executing program)
2022/10/06 07:47:42 fetching corpus: 2500, signal 139689/174932 (executing program)
2022/10/06 07:47:42 fetching corpus: 2550, signal 141539/176626 (executing program)
2022/10/06 07:47:42 fetching corpus: 2600, signal 142157/177649 (executing program)
2022/10/06 07:47:42 fetching corpus: 2650, signal 143052/178833 (executing program)
2022/10/06 07:47:42 fetching corpus: 2700, signal 144202/180097 (executing program)
2022/10/06 07:47:42 fetching corpus: 2750, signal 144805/181092 (executing program)
2022/10/06 07:47:43 fetching corpus: 2800, signal 145183/181936 (executing program)
2022/10/06 07:47:43 fetching corpus: 2850, signal 146423/183159 (executing program)
2022/10/06 07:47:43 fetching corpus: 2900, signal 147332/184217 (executing program)
2022/10/06 07:47:43 fetching corpus: 2950, signal 148082/185204 (executing program)
2022/10/06 07:47:43 fetching corpus: 3000, signal 149598/186521 (executing program)
2022/10/06 07:47:43 fetching corpus: 3050, signal 150410/187523 (executing program)
2022/10/06 07:47:43 fetching corpus: 3100, signal 151563/188540 (executing program)
2022/10/06 07:47:43 fetching corpus: 3150, signal 152907/189651 (executing program)
2022/10/06 07:47:43 fetching corpus: 3200, signal 153503/190512 (executing program)
2022/10/06 07:47:43 fetching corpus: 3250, signal 154572/191553 (executing program)
2022/10/06 07:47:44 fetching corpus: 3300, signal 155286/192468 (executing program)
2022/10/06 07:47:44 fetching corpus: 3350, signal 156491/193563 (executing program)
2022/10/06 07:47:44 fetching corpus: 3400, signal 156844/194246 (executing program)
2022/10/06 07:47:44 fetching corpus: 3450, signal 157622/195074 (executing program)
2022/10/06 07:47:44 fetching corpus: 3500, signal 158930/196048 (executing program)
2022/10/06 07:47:44 fetching corpus: 3550, signal 159506/196787 (executing program)
2022/10/06 07:47:44 fetching corpus: 3600, signal 160233/197514 (executing program)
2022/10/06 07:47:44 fetching corpus: 3650, signal 161013/198314 (executing program)
2022/10/06 07:47:45 fetching corpus: 3700, signal 161902/199110 (executing program)
2022/10/06 07:47:45 fetching corpus: 3750, signal 162968/199963 (executing program)
2022/10/06 07:47:45 fetching corpus: 3800, signal 163412/200594 (executing program)
2022/10/06 07:47:45 fetching corpus: 3850, signal 164725/201493 (executing program)
2022/10/06 07:47:45 fetching corpus: 3900, signal 166864/202586 (executing program)
2022/10/06 07:47:45 fetching corpus: 3950, signal 167670/203240 (executing program)
2022/10/06 07:47:45 fetching corpus: 4000, signal 168135/203801 (executing program)
2022/10/06 07:47:45 fetching corpus: 4050, signal 169460/204580 (executing program)
2022/10/06 07:47:45 fetching corpus: 4100, signal 169981/205177 (executing program)
2022/10/06 07:47:45 fetching corpus: 4150, signal 170486/205731 (executing program)
2022/10/06 07:47:46 fetching corpus: 4200, signal 170770/206240 (executing program)
2022/10/06 07:47:46 fetching corpus: 4250, signal 171540/206793 (executing program)
2022/10/06 07:47:46 fetching corpus: 4300, signal 172242/207335 (executing program)
2022/10/06 07:47:46 fetching corpus: 4350, signal 172795/207851 (executing program)
2022/10/06 07:47:46 fetching corpus: 4400, signal 173517/208396 (executing program)
2022/10/06 07:47:46 fetching corpus: 4450, signal 174234/208932 (executing program)
2022/10/06 07:47:46 fetching corpus: 4500, signal 174708/209375 (executing program)
2022/10/06 07:47:46 fetching corpus: 4550, signal 175693/209934 (executing program)
2022/10/06 07:47:46 fetching corpus: 4600, signal 176177/210407 (executing program)
2022/10/06 07:47:47 fetching corpus: 4650, signal 176470/210796 (executing program)
2022/10/06 07:47:47 fetching corpus: 4700, signal 177364/211259 (executing program)
2022/10/06 07:47:47 fetching corpus: 4750, signal 178169/211731 (executing program)
2022/10/06 07:47:47 fetching corpus: 4800, signal 178492/212107 (executing program)
2022/10/06 07:47:47 fetching corpus: 4850, signal 179328/212535 (executing program)
2022/10/06 07:47:47 fetching corpus: 4900, signal 179799/212905 (executing program)
2022/10/06 07:47:47 fetching corpus: 4950, signal 180492/213266 (executing program)
2022/10/06 07:47:47 fetching corpus: 5000, signal 181128/213640 (executing program)
2022/10/06 07:47:47 fetching corpus: 5050, signal 181642/213979 (executing program)
2022/10/06 07:47:48 fetching corpus: 5100, signal 182804/214438 (executing program)
2022/10/06 07:47:48 fetching corpus: 5150, signal 183197/214814 (executing program)
2022/10/06 07:47:48 fetching corpus: 5200, signal 183800/215111 (executing program)
2022/10/06 07:47:48 fetching corpus: 5250, signal 184140/215433 (executing program)
2022/10/06 07:47:48 fetching corpus: 5300, signal 184544/215733 (executing program)
2022/10/06 07:47:48 fetching corpus: 5350, signal 184789/216057 (executing program)
2022/10/06 07:47:48 fetching corpus: 5400, signal 185777/216174 (executing program)
2022/10/06 07:47:48 fetching corpus: 5450, signal 186297/216174 (executing program)
2022/10/06 07:47:48 fetching corpus: 5500, signal 186600/216174 (executing program)
2022/10/06 07:47:48 fetching corpus: 5550, signal 187208/216174 (executing program)
2022/10/06 07:47:48 fetching corpus: 5600, signal 187557/216176 (executing program)
2022/10/06 07:47:48 fetching corpus: 5601, signal 187559/216176 (executing program)
2022/10/06 07:47:48 fetching corpus: 5601, signal 187559/216176 (executing program)
2022/10/06 07:47:51 starting 8 fuzzer processes
07:47:51 executing program 1:
recvmsg$unix(0xffffffffffffffff, &(0x7f0000002240)={&(0x7f0000000000), 0x6e, &(0x7f0000002180)=[{&(0x7f0000000080)=""/146, 0x92}, {&(0x7f0000000140)=""/4096, 0x1000}, {&(0x7f0000001140)=""/4096, 0x1000}, {&(0x7f0000002140)=""/56, 0x38}], 0x4, &(0x7f00000021c0)=[@rights={{0x18, 0x1, 0x1, [<r0=>0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {<r1=>0x0}}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, <r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff, 0xffffffffffffffff, <r4=>0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, <r5=>0xffffffffffffffff]}}], 0x78}, 0x10000)
ioctl$TCGETS2(r2, 0x802c542a, &(0x7f0000002280))
ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f00000022c0)="6632a4b887f5ee615c3ec229c35a0286065ebd80f35ad30e5d657772946eee64d2242658c741b7bdfd68738949be555da6add8d8d78972e5da1fd6bc0c75ad4f83d336c29aa3cd810e901032706f40b461e47d64bf9e509bb714f4cfb33641ff3f47af048ee0ab722df1bb4862fdc750f7648d57baa21113c8e9f6a81ff0be16929affd7dc3b1a2b3d8c0d3c6e81378a547db7066d6cd1294fb4132a961302b2a28fdc0efb693931cdcce8")
r6 = syz_open_procfs$userns(r1, &(0x7f0000002380))
fsetxattr$security_capability(r6, &(0x7f00000023c0), &(0x7f0000002400)=@v1={0x1000000, [{0x100, 0x100}]}, 0xc, 0x1)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r5, 0xc0189372, &(0x7f0000002440)={{0x1, 0x1, 0x18, <r7=>r3, {0x2}}, './file0\x00'})
ioctl$TIOCOUTQ(r7, 0x5411, &(0x7f0000002480))
r8 = openat$bsg(0xffffffffffffff9c, &(0x7f00000024c0), 0x305680, 0x0)
ioctl$TCGETS(r8, 0x5401, &(0x7f0000002500))
r9 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSBRKP(r9, 0x5425, 0xfdb)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000002540)={{0x1, 0x1, 0x18, r4}, './file0\x00'})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000002580)='./binderfs/custom1\x00', 0x0, 0x0)
ioctl$TCGETS2(r3, 0x802c542a, &(0x7f00000025c0))
mount$cgroup(0x0, &(0x7f0000002600)='./file0\x00', &(0x7f0000002640), 0x21008b0, &(0x7f0000002680)={[{@clone_children}, {@release_agent={'release_agent', 0x3d, './file0'}}, {@none}], [{@measure}, {@fsmagic={'fsmagic', 0x3d, 0x5f0}}, {@measure}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@measure}]})
r10 = syz_io_uring_complete(0x0)
ioctl$VT_GETMODE(r10, 0x5601, &(0x7f0000002700))
r11 = openat$cgroup_procs(r10, &(0x7f0000002740)='cgroup.threads\x00', 0x2, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r11, 0x942e, 0x0)
lremovexattr(&(0x7f0000002780)='./file0\x00', &(0x7f00000027c0)=@random={'os2.', 'clone_children'})

07:47:51 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xafd7a29f8ad29d62}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x68, 0x0, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x3}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xffff}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x7}]}, 0x68}, 0x1, 0x0, 0x0, 0x40040}, 0x64000057)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x100)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8, 0x1, r1}]}, @NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7ff}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20040005}, 0x880)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount_setattr(r1, &(0x7f00000002c0)='./file0\x00', 0x100, &(0x7f0000000340)={0x81, 0x80, 0x0, {r2}}, 0x20)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r2)
sendmsg$NL80211_CMD_SET_QOS_MAP(r2, &(0x7f0000000580)={&(0x7f0000000380), 0xc, &(0x7f0000000540)={&(0x7f0000000400)={0x12c, r3, 0x400, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_QOS_MAP={0x34, 0xc7, {[{0x71, 0x7}, {0x8}, {0x8c, 0x1}, {0x81, 0x2}, {0x5}, {0x4, 0x5}, {0xff, 0x3}, {0xff, 0x7}, {0xe6}, {0x20, 0x3}, {0x3, 0x4}, {0x0, 0x3}, {0x7f, 0x3}, {0x28, 0x6}, {0x9, 0x1}, {0x4, 0x2}, {0x31, 0x1}, {0x0, 0x1}, {0x2, 0x3}, {0xf9, 0x3}], "a26e88298b711e0b"}}, @NL80211_ATTR_QOS_MAP={0x34, 0xc7, {[{0x1f, 0x1}, {0x3, 0x7}, {0x9}, {0x52, 0x7}, {0x7, 0x6}, {0x1, 0x2}, {0x1, 0x2}, {0xdd, 0x3}, {0x40, 0x1}, {0x8, 0x6}, {}, {0x2}, {0x4}, {0x2, 0x2}, {0x6, 0x3}, {0x2}, {0x5e, 0x3}, {0x6}, {0x20, 0x7}, {0x1}], "0b27791cb859dcbb"}}, @NL80211_ATTR_QOS_MAP={0x28, 0xc7, {[{0x40, 0x5}, {0xf7, 0x5}, {0x70, 0x7}, {0x0, 0x4}, {0x81}, {0x3e, 0x3}, {0x7f, 0x4}, {0x80, 0x1}, {0xa1, 0x1}, {0x8, 0x7}, {0x81, 0x1}, {0x5, 0x7}, {0x6, 0x4}, {0xe9, 0x1}], "8481ba7155f94503"}}, @NL80211_ATTR_QOS_MAP={0x18, 0xc7, {[{0x40, 0x7}, {0xff, 0x1}, {0x4}, {0x7f, 0x4}, {0x7f, 0x7}, {0x46, 0x7}], "3f2f1558ee517e2d"}}, @NL80211_ATTR_QOS_MAP={0x1a, 0xc7, {[{0x9, 0x2}, {0x1, 0x3}, {0x80, 0x4}, {0x69}, {0x4, 0x2}, {0x1f, 0x3}, {0x1, 0x5}], "7a83f3afb3f1135b"}}, @NL80211_ATTR_QOS_MAP={0xc, 0xc7, {[], "ea1dd92c0455ae38"}}, @NL80211_ATTR_QOS_MAP={0x12, 0xc7, {[{0x9, 0x6}, {0x7f, 0x7}, {0x2, 0x5}], "6db18e58031e2124"}}, @NL80211_ATTR_QOS_MAP={0x1c, 0xc7, {[{0x3f}, {0x1f}, {0x0, 0x2}, {0x40, 0x2}, {0x19, 0x5}, {0x5, 0x5}, {0x12, 0x3}, {0x7f, 0x3}], "2129ece25525a8f6"}}, @NL80211_ATTR_QOS_MAP={0xe, 0xc7, {[{0xfd}], "5b649bbc61834cc6"}}]}, 0x12c}, 0x1, 0x0, 0x0, 0x800}, 0x8055)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x48, 0x0, 0x4, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x3}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xffff}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x20004044}, 0x40055)
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x34, r3, 0x32d, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0xf849, 0x7c}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x4f}]}, 0x34}, 0x1, 0x0, 0x0, 0x24040851}, 0x44095)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r1, 0x89f9, &(0x7f00000008c0)={'ip6_vti0\x00', &(0x7f0000000840)={'ip6tnl0\x00', <r4=>0x0, 0x29, 0x5, 0x0, 0x1, 0xa, @dev={0xfe, 0x80, '\x00', 0xb}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x20, 0x40, 0x16e, 0x1}})
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000980)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x3c, 0x0, 0x0, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x80}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000e00)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000a00)={0x384, r3, 0x2, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x67}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x1}, @NL80211_ATTR_TX_RATES={0x348, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x78, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x2, 0x6, 0x0, 0x3, 0x1ff, 0xffff, 0xff]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x83c, 0x1000, 0x3cd, 0x1, 0x7, 0x4, 0xfe00]}}, @NL80211_TXRATE_HT={0x11, 0x2, [{0x4, 0x1}, {0x2, 0x4}, {0x1}, {0x5, 0x9}, {0x3, 0x4}, {0x2, 0x2}, {0x1, 0x3}, {0x0, 0x8}, {0x3}, {0x4, 0x4}, {0x3, 0x2}, {0x2, 0xa}, {0x4, 0x9}]}, @NL80211_TXRATE_HT={0x2d, 0x2, [{0x3, 0xa}, {0x4, 0xa}, {0x0, 0x4}, {0x6, 0x2}, {0x1, 0x4}, {0x2, 0x1}, {0x0, 0x8}, {0x1, 0x5}, {0x7, 0x4}, {}, {0x1, 0x5}, {0x1, 0xa}, {0x5, 0xa}, {0x2, 0x9}, {0x0, 0x4}, {0x3, 0x2}, {0x5, 0x4}, {0x7, 0x7}, {0x0, 0x8}, {0x7, 0xa}, {0x3, 0xa}, {0x0, 0x9}, {0x5, 0x5}, {0x3, 0x5}, {0x4, 0x1}, {0x6, 0x3}, {0x7, 0x6}, {0x3, 0x6}, {0x4, 0x1}, {0x0, 0x4}, {0x3, 0x7}, {0x1, 0x4}, {0x4}, {0x6, 0x4}, {0x7, 0x3}, {0x0, 0x6}, {0x0, 0x3}, {0x0, 0x1}, {0x3}, {0x4, 0x6}, {0x1, 0x8}]}]}, @NL80211_BAND_60GHZ={0x88, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x1a, 0x2, [{0x1, 0x4}, {0x5, 0x3}, {0x0, 0x6}, {0x7, 0x1}, {0x2, 0x5}, {0x0, 0x8}, {0x1}, {0x4, 0x3}, {0x5, 0x4}, {0x0, 0x1}, {0x1, 0x9}, {0x2, 0x1}, {0x1, 0x9}, {0x1, 0x2}, {0x3, 0x2}, {0x1, 0x5}, {0x1, 0x1}, {0x7, 0x7}, {0x0, 0x5}, {0x1, 0x4}, {0x0, 0x8}, {0x0, 0x2}]}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x3]}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x34, 0x2, [{0x3, 0x7}, {0x1, 0x4}, {0x2, 0x5}, {0x7}, {0x0, 0x4}, {0x3, 0x4}, {0x1, 0x2}, {0x6, 0x9}, {0x1, 0x2}, {0x4, 0x1}, {0x6, 0x9}, {0x3, 0x3}, {0x4, 0x2}, {0x1, 0x7}, {0x3, 0x8}, {0x2, 0x2}, {0x6, 0x1}, {0x0, 0x1}, {0x5, 0x3}, {0x5, 0x1}, {0x7, 0xa}, {0x1, 0x3}, {0x5, 0x1}, {0x3, 0x2}, {0x4}, {0x3, 0xa}, {0x4, 0x3}, {0x5, 0x5}, {0x6}, {0x1, 0x6}, {0x0, 0x2}, {0x6, 0x5}, {0x0, 0x9}, {0x5, 0x2}, {0x4, 0x8}, {0x0, 0x1}, {0x3, 0x3}, {0x6, 0x4}, {0x3, 0x1}, {0x1, 0x5}, {0x4, 0x6}, {0x1, 0x2}, {0x2, 0x5}, {0x1, 0x2}, {0x7, 0x7}, {0x4, 0xa}, {0x5, 0x6}, {0x7, 0x8}]}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x3, 0x2, 0x0, 0x1, 0x4, 0xcc, 0x100]}}]}, @NL80211_BAND_5GHZ={0x58, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x7751, 0x9, 0x7f, 0x4, 0x8, 0x8001, 0x7c]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0xe, 0x2, [{0x4, 0x1}, {0x6, 0x7}, {0x1, 0x6}, {0x2, 0x9}, {0x1, 0x3}, {0x4, 0x1}, {0x4, 0x7}, {0x4}, {0x0, 0x5}, {0x1, 0x6}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x6, 0x7, 0xc3, 0x1f, 0x800, 0x9, 0x5]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x401, 0x4, 0x40, 0x8, 0x5ce5, 0x209, 0x8000, 0x1f]}}]}, @NL80211_BAND_2GHZ={0x48, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x33, 0x2, [{0x1, 0x7}, {0x3, 0x2}, {0x5, 0x7}, {0x2}, {0x5, 0x4}, {0x2, 0x1}, {0x3, 0x6}, {0x3}, {0x1, 0x5}, {0x4, 0xa}, {0x4, 0x8}, {0x1, 0x7}, {0x7, 0x1}, {0x1, 0x7}, {0x7, 0x1}, {0x7, 0x8}, {0x2, 0x6}, {0x5}, {0x5, 0x1}, {0x7, 0x1}, {0x0, 0x5}, {0x7, 0x3}, {0x5, 0x5}, {0x2, 0x7}, {0x3, 0x3}, {0x7, 0x5}, {0x4}, {0x7, 0x9}, {0x2, 0x1}, {0x5, 0x3}, {0x0, 0x3}, {0x4, 0x9}, {0x5, 0x2}, {0x1, 0x8}, {}, {0x7, 0x5}, {0x3, 0x2}, {0x7, 0x8}, {0x5, 0xa}, {0x3, 0x7}, {0x7, 0x6}, {0x1, 0x2}, {0x6, 0x2}, {0x0, 0xa}, {0x0, 0x6}, {0x3, 0x3}, {0x4, 0x1}]}]}, @NL80211_BAND_2GHZ={0x2c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x8, 0x1, 0x101, 0x4, 0x8, 0xff4e, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x2, 0x5, 0x20, 0x8000, 0x5, 0x7ff]}}]}, @NL80211_BAND_2GHZ={0x7c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x3}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x7, 0x7, 0x1000, 0x9, 0x6, 0xffff, 0xf801]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x5, 0x9}]}, @NL80211_TXRATE_HT={0x19, 0x2, [{0x1, 0x7}, {0x7, 0xa}, {0x1, 0x2}, {0x6, 0x3}, {0x1, 0x7}, {0x5}, {0x5, 0x5}, {0x1, 0x8}, {0x2, 0x5}, {0x7, 0x8}, {0x6, 0x3}, {0x5, 0x6}, {0x5, 0x1}, {0x7, 0x9}, {0x4}, {0x5, 0x3}, {0x1, 0x5}, {0x6, 0x2}, {0x2, 0xa}, {0x4, 0x9}, {0x3, 0x6}]}, @NL80211_TXRATE_HT={0xd, 0x2, [{0x7, 0x3}, {0x3}, {0x0, 0x1}, {0x2, 0x1}, {0x6, 0x1}, {0x4, 0x5}, {0x1, 0x5}, {0x4, 0x6}, {0x3, 0x7}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x3, 0xe093, 0xeb, 0x4bb, 0x2, 0x862, 0x8]}}]}, @NL80211_BAND_5GHZ={0xa0, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x3ff, 0x8001, 0x3ff, 0x200, 0x4, 0x1, 0x6]}}, @NL80211_TXRATE_LEGACY={0x22, 0x1, [0x1, 0x3, 0x16, 0x9, 0x36, 0x30, 0x6c, 0x36, 0xc, 0x16, 0x5, 0x5, 0x16, 0x12, 0x18, 0x1, 0x4, 0x18, 0x1b, 0x0, 0x6, 0x16, 0x18, 0x5, 0x6c, 0x6, 0xb, 0x1, 0x9, 0x6c]}, @NL80211_TXRATE_HT={0x33, 0x2, [{0x0, 0x6}, {0x0, 0x2}, {0x3, 0x7}, {0x7, 0x9}, {0x2, 0x2}, {0x0, 0x6}, {0x1, 0x5}, {0x4, 0x5}, {0x1, 0x7}, {0x7, 0xa}, {0x4, 0x2}, {0x2, 0x4}, {0x0, 0x9}, {0x1, 0xa}, {0x3}, {0x0, 0x2}, {0x5, 0x9}, {0x6, 0x9}, {0x7}, {0x1, 0xa}, {0x1, 0x9}, {0x1, 0x6}, {0x2, 0x7}, {0x3, 0x3}, {0x7}, {0x6, 0x4}, {0x5, 0x4}, {0x3, 0x7}, {0x2, 0x7}, {0x1, 0x2}, {}, {0x1, 0xa}, {0x5, 0x4}, {0x2, 0x7}, {0x7}, {0x1, 0x4}, {0x1, 0x4}, {0x3, 0x10}, {0x6}, {0x5, 0x7}, {0x5, 0x8}, {0x4, 0x6}, {0x6, 0x4}, {0x2, 0x3}, {0x0, 0x9}, {0x0, 0x8}, {0x1, 0x4}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1000, 0x8, 0xbc3, 0x851d, 0x2, 0x4, 0x6, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xffff, 0x3, 0x1, 0x8, 0xfff, 0x8, 0x101, 0x1]}}]}, @NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xfc00, 0x8, 0xad9d, 0x800, 0x846c, 0x1, 0x20, 0x4]}}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x48, 0x36, 0x4, 0x2, 0xc, 0x1, 0x18, 0x48, 0x18, 0x18, 0x48]}]}, @NL80211_BAND_5GHZ={0x34, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xd, 0x1, [0x16, 0x3, 0x48, 0x12, 0x18, 0x1b, 0x48, 0x24, 0xc]}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0x60, 0xb, 0x24, 0x30, 0x30, 0xb, 0x2, 0x6, 0x30, 0x30, 0xc, 0x5, 0xbbe1ad09d04bc09e, 0x24, 0x18, 0xd, 0x50, 0x18, 0x9, 0xb, 0x3, 0x3, 0x1, 0xb, 0x6c, 0x6c, 0x9]}]}]}]}, 0x384}, 0x1, 0x0, 0x0, 0x4040}, 0x400c0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000e80)={'wpan4\x00', <r5=>0x0})
sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(0xffffffffffffffff, &(0x7f0000000f40)={&(0x7f0000000e40), 0xc, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x24, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5, 0x1a, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x8814)
r6 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f0000001040)={&(0x7f0000000f80), 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)={0x28, r3, 0x200, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x3, 0x6e}}}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x40001}, 0x4005090)
r7 = openat$full(0xffffffffffffff9c, &(0x7f00000013c0), 0x200000, 0x0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r7, &(0x7f0000001580)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001540)={&(0x7f0000001440)={0xf8, r3, 0x120, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x4d}}}}, [@NL80211_ATTR_QOS_MAP={0x32, 0xc7, {[{0x11, 0x6}, {0x80, 0x2}, {0x6, 0x1}, {0x7, 0x1}, {0x3, 0x5}, {0x1, 0x5}, {0x4, 0x6}, {0x4, 0x7}, {0xa1, 0x4}, {0x3, 0x6}, {0x1, 0x5}, {0x14, 0x3}, {0x8, 0x1}, {0x2}, {0x7f, 0x2}, {0x81, 0x6}, {0x4, 0x1}, {0x8, 0x4}, {0x9}], "bd2f140143548d8e"}}, @NL80211_ATTR_QOS_MAP={0x2a, 0xc7, {[{0x1, 0x5}, {0x1, 0x3}, {0x5, 0x6}, {0xff}, {0x7f}, {0x79, 0x6}, {0x81, 0x6}, {0x4, 0x3}, {0x20, 0x2}, {0xfd, 0x5}, {0xa9, 0x1}, {0x19, 0x3}, {0x7f, 0x3}, {0xfc, 0x1}, {0x1f, 0x2}], "ddb9ad7a92c8a61e"}}, @NL80211_ATTR_QOS_MAP={0x32, 0xc7, {[{0xc1, 0x6}, {0x6, 0x7}, {0x2, 0xa8}, {0x5, 0x6}, {0x4, 0x4}, {0x6, 0x7}, {0x80, 0x6}, {0x7, 0x7}, {0x7, 0x4}, {0x1, 0x7}, {0x0, 0x5}, {0x8, 0x4}, {0x9, 0x3}, {0xff, 0x7}, {0x7, 0x1}, {0x15, 0x1}, {0xdc, 0x2}, {0x1}, {0x4, 0x7}], "460fb3d24cd7b5c0"}}, @NL80211_ATTR_QOS_MAP={0x34, 0xc7, {[{0x48, 0x1}, {0xff, 0x5}, {0x40, 0x2}, {0xfa, 0x2}, {0x7, 0x2}, {}, {0x8, 0x4}, {0x20, 0x1}, {0x3, 0x3}, {0x0, 0x1}, {0x80}, {0xac, 0x5}, {0x6, 0x5}, {0x3f, 0x3}, {0x6}, {0x3, 0x3}, {0x5, 0x6}, {0x1, 0x1}, {0x8, 0x6}, {0xfe, 0x3}], "331e9f0f97ee1759"}}, @NL80211_ATTR_QOS_MAP={0x10, 0xc7, {[{0x2, 0x2}, {0x4, 0x7}], "7ef0796638f2a790"}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x4000021)
sendmsg$NL80211_CMD_SET_WIPHY(r7, &(0x7f00000016c0)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001680)={&(0x7f0000001600)={0x60, r3, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY_ANTENNA_TX={0x8, 0x69, 0x80000000}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0xfff}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xfffffc00}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x800}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x802000}, @NL80211_ATTR_WIPHY_TXQ_PARAMS={0x14, 0x25, 0x0, 0x1, [@NL80211_TXQ_ATTR_QUEUE={0x5, 0x1, 0x8}, @NL80211_TXQ_ATTR_QUEUE={0x5, 0x1, 0xd1}]}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x3}, @NL80211_ATTR_WIPHY_RTS_THRESHOLD={0x8, 0x40, 0xba}]}, 0x60}, 0x1, 0x0, 0x0, 0x8040}, 0x1)

07:47:51 executing program 3:
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r1, 0x40a, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x80000001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x588}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK={0x10, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x400}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x40d9}, 0x4000000)
r2 = fspick(r0, &(0x7f0000000180)='./file0\x00', 0x0)
ioctl$FIBMAP(r2, 0x1, &(0x7f00000001c0)=0x6)
r3 = openat2(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x8, 0x10}, 0x18)
sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80802800}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @rand_addr=0x64010100}, @GTPA_I_TEI={0x8, 0x8, 0x3}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @rand_addr=0x64010102}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_O_TEI={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8080}, 0xf09c8cb6baaaad41)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0)
r4 = openat2(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x2000, 0x110, 0x10}, 0x18)
r5 = dup2(r4, r2)
accept4$unix(r3, 0x0, &(0x7f0000000480), 0x80800)
unlinkat(r4, &(0x7f00000004c0)='./file0\x00', 0x200)
write$P9_RREADDIR(r5, &(0x7f0000000500)={0xc5, 0x29, 0x1, {0x4d, [{{0x1, 0x0, 0x7}, 0x4, 0xff, 0x7, './file0'}, {{0x1, 0x3, 0x7}, 0x6, 0x0, 0x7, './file1'}, {{0x4, 0x1, 0x7}, 0x800, 0x0, 0x7, './file0'}, {{0x20, 0x0, 0x6}, 0x5, 0x80, 0x7, './file0'}, {{0x4, 0x2, 0x2}, 0x0, 0x5, 0x7, './file0'}, {{0x4, 0x1, 0x3}, 0x3f, 0x9, 0x7, './file0'}]}}, 0xc5)
r6 = syz_open_dev$vcsa(&(0x7f0000000600), 0x6, 0x20501)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r6, 0x6, 0x1, &(0x7f0000000640)={0x0, 0x7, 0x8, 0x7, 0x81, 0x80, 0x8000}, 0xc)
ioctl$TIOCL_SETVESABLANK(r3, 0x541c, &(0x7f0000000680))
sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x24, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0xffffffff}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x1)
ioctl$BINDER_FREEZE(r5, 0x400c620e, &(0x7f00000007c0)={0x0, 0x0, 0x7})
ioctl$TIOCGETD(r4, 0x5424, &(0x7f0000000800))
socket$inet_tcp(0x2, 0x1, 0x0)

07:47:51 executing program 2:
modify_ldt$read(0x0, &(0x7f0000000000)=""/95, 0x5f)
modify_ldt$read(0x0, &(0x7f0000000080)=""/120, 0x78)
modify_ldt$read(0x0, &(0x7f0000000100)=""/4096, 0x1000)
modify_ldt$read(0x0, &(0x7f0000001100)=""/211, 0xd3)
modify_ldt$read(0x0, &(0x7f0000001200)=""/4096, 0x1000)
modify_ldt$read(0x0, &(0x7f0000002200)=""/129, 0x81)
modify_ldt$read(0x0, &(0x7f00000022c0)=""/45, 0x2d)
modify_ldt$read(0x0, &(0x7f0000002300)=""/250, 0xfa)
modify_ldt$read(0x0, &(0x7f0000002400)=""/13, 0xd)
modify_ldt$read(0x0, &(0x7f0000002440)=""/249, 0xf9)
modify_ldt$read(0x0, &(0x7f0000002540)=""/179, 0xb3)
modify_ldt$read(0x0, &(0x7f0000002600)=""/72, 0x48)
modify_ldt$read(0x0, &(0x7f0000002680)=""/204, 0xcc)
modify_ldt$read(0x0, &(0x7f0000002780)=""/131, 0x83)
modify_ldt$read(0x0, &(0x7f0000002840)=""/105, 0x69)
modify_ldt$read(0x0, &(0x7f00000028c0)=""/192, 0xc0)
modify_ldt$read(0x0, &(0x7f0000002980)=""/42, 0x2a)
modify_ldt$read(0x0, &(0x7f00000029c0)=""/235, 0xeb)
modify_ldt$read(0x0, &(0x7f0000002ac0)=""/240, 0xf0)
modify_ldt$read(0x0, &(0x7f0000002bc0)=""/170, 0xaa)

[   64.116088] audit: type=1400 audit(1665042471.185:6): avc:  denied  { execmem } for  pid=284 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
07:47:51 executing program 4:
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x8]}, 0x8)
r1 = openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0)
r2 = openat$cgroup_ro(r0, &(0x7f0000000080)='memory.swap.events\x00', 0x0, 0x0)
write$P9_RCLUNK(r2, &(0x7f00000000c0)={0x7, 0x79, 0x1}, 0x7)
ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f0000000100)={0xb1f, 0x2})
readahead(r0, 0x101, 0x5)
r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0x12000, 0x0)
r4 = dup2(r2, r1)
ioctl$INCFS_IOC_PERMIT_FILL(r4, 0x40046721, &(0x7f0000000180)={r2})
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x60000, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_u}, {@version_u}, {@nodevmap}, {@cache_loose}], [{@euid_lt={'euid<', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x31, 0x30, 0x33, 0x38, 0x63, 0x65, 0x5, 0x1], 0x2d, [0x37, 0x38, 0x62, 0x37], 0x2d, [0x32, 0x62, 0x61, 0x61], 0x2d, [0x38, 0x38, 0x64, 0x4], 0x2d, [0x30, 0x35, 0x35, 0x65, 0x37, 0x34, 0x35, 0x64]}}}, {@subj_type={'subj_type', 0x3d, ',(#{'}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@fowner_lt={'fowner<', 0xee00}}, {@fowner_gt={'fowner>', 0xee00}}, {@appraise_type}, {@appraise}]}})
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, &(0x7f0000000380)={0x0, @adiantum, 0x0, @desc3})
openat(r0, &(0x7f00000003c0)='./file0\x00', 0xa400, 0x10)
recvmmsg$unix(r4, &(0x7f0000000b40)=[{{&(0x7f0000000400)=@abs, 0x6e, &(0x7f00000005c0)=[{&(0x7f0000000480)=""/167, 0xa7}, {&(0x7f0000000540)=""/82, 0x52}], 0x2, &(0x7f0000000600)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc0}}, {{0x0, 0x0, &(0x7f00000006c0), 0x0, &(0x7f0000000700)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0xe8}}, {{&(0x7f0000000800)=@abs, 0x6e, &(0x7f00000009c0)=[{&(0x7f0000000880)=""/106, 0x6a}, {&(0x7f0000000900)=""/177, 0xb1}], 0x2, &(0x7f0000000a00)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, <r5=>0x0}}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, <r6=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x108}}], 0x3, 0x2000, &(0x7f0000000c00)={0x77359400})
ioctl$BINDER_THREAD_EXIT(r6, 0x40046208, 0x0)
r7 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000c40), 0x400000, 0x0)
r8 = openat$full(0xffffffffffffff9c, &(0x7f0000000c80), 0x40800, 0x0)
getresgid(&(0x7f0000000cc0), &(0x7f0000000d00)=<r9=>0x0, &(0x7f0000000d40))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r7, 0xc018937b, &(0x7f0000000d80)={{0x1, 0x1, 0x18, r8, {r5, r9}}, './file0/file0\x00'})
r10 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000dc0), 0x440100, 0x0)
write$P9_RRENAME(r10, &(0x7f0000000e00)={0x7, 0x15, 0x1}, 0x7)

07:47:51 executing program 6:
ioctl$sock_ipv6_tunnel_SIOCGETPRL(0xffffffffffffffff, 0x89f4, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000040)={'sit0\x00', <r0=>0x0, 0x2f, 0x9, 0x81, 0xfa3, 0x4e, @private0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8, 0x7, 0x0, 0x20}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'ip_vti0\x00', &(0x7f0000000100)={'tunl0\x00', <r1=>0x0, 0x99ef28f75eb89af9, 0x1, 0x10000, 0x4, {{0x1b, 0x4, 0x0, 0x2b, 0x6c, 0x66, 0x0, 0x7, 0x4, 0x0, @local, @multicast1, {[@timestamp={0x44, 0x28, 0x68, 0x0, 0x7, [0x1, 0x200, 0x3, 0x4, 0xffffff81, 0x0, 0x800, 0x9, 0x80]}, @cipso={0x86, 0xb, 0x1, [{0x2, 0x5, "909fc6"}]}, @timestamp={0x44, 0x18, 0x17, 0x0, 0x1, [0x1, 0x1, 0x3, 0x8, 0x81]}, @generic={0x88, 0xa, "385914a8d6a1c53e"}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000200)={'syztnl0\x00', <r2=>0x0, 0x4, 0x5, 0x1, 0x400, 0x1, @dev={0xfe, 0x80, '\x00', 0x21}, @ipv4={'\x00', '\xff\xff', @local}, 0x7, 0x40, 0x8000, 0x9}})
r3 = accept$packet(0xffffffffffffffff, &(0x7f0000001680)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000016c0)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000001780)={'syztnl0\x00', &(0x7f0000001700)={'sit0\x00', <r5=>0x0, 0x29, 0x7, 0x7f, 0xc144, 0x62, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4={'\x00', '\xff\xff', @empty}, 0x7800, 0x728, 0x2}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000001840)={'ip6tnl0\x00', &(0x7f00000017c0)={'sit0\x00', <r6=>0x0, 0x29, 0x2, 0x7, 0x3, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x700, 0x1, 0x0, 0x8001}})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000004e40)={{{@in=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000004f40)=0xe8)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000005240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000005200)={&(0x7f0000004f80)={0x280, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @HEADER={0x4}]}, 0x280}, 0x1, 0x0, 0x0, 0x800}, 0x40000040)
r8 = openat2(0xffffffffffffffff, &(0x7f0000005280)='./file0\x00', &(0x7f00000052c0)={0xa0001, 0x10, 0x3}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000005300)={'vxcan0\x00', <r9=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r8, 0x89f0, &(0x7f0000005400)={'ip_vti0\x00', &(0x7f0000005340)={'erspan0\x00', r9, 0x700, 0x10, 0x9, 0x3e88c22, {{0x26, 0x4, 0x3, 0x5, 0x98, 0x66, 0x0, 0xff, 0x4, 0x0, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@noop, @generic={0x89, 0x7, "71771f50cd"}, @timestamp_addr={0x44, 0x44, 0x2e, 0x1, 0x9, [{@local, 0x7fffffff}, {@local, 0x101}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xd1}, {@multicast1, 0x7}, {@multicast1, 0x2}, {@multicast2, 0x80000001}, {@remote, 0x7ff}, {@dev={0xac, 0x14, 0x14, 0x39}, 0xad}]}, @cipso={0x86, 0x33, 0x1, [{0x6, 0x5, "191d53"}, {0x6, 0xf, "fb883a268d5f10180e86bb1cec"}, {0x2, 0xe, "75ef3ffd6d78744a4639f213"}, {0x1, 0xb, "b3bc0e06024d1028c2"}]}, @noop, @ra={0x94, 0x4, 0x1}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r8, 0x89f0, &(0x7f0000005500)={'gretap0\x00', &(0x7f0000005440)={'syztnl0\x00', <r10=>r9, 0x700, 0x7800, 0x1, 0x10000, {{0x1e, 0x4, 0x3, 0xf, 0x78, 0x64, 0x0, 0x50, 0x2f, 0x0, @loopback, @multicast2, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x24, 0x56, 0x3, 0xe, [{@remote, 0xef29}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffff01}, {@broadcast, 0x8}, {@multicast1, 0x9}]}, @timestamp_prespec={0x44, 0x2c, 0x42, 0x3, 0x4, [{@multicast1, 0x2}, {@loopback, 0x1000}, {@private=0xa010100, 0x3f}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x36}, {@empty, 0x6}]}, @end, @noop, @noop, @generic={0x94, 0xd, "dddda6bb6e74a96aef960a"}]}}}}})
ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f0000005580)={0x0, @xdp={0x2c, 0x0, <r11=>r7, 0x40}, @nfc={0x27, 0x1}, @hci, 0x4, 0x0, 0x0, 0x0, 0x0, &(0x7f0000005540)='wg1\x00', 0x0, 0x8, 0x9})
bind$packet(r8, &(0x7f0000005600)={0x11, 0x16, r11, 0x1, 0x9, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14)
pipe(&(0x7f0000005640)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
getsockname$packet(r8, &(0x7f0000005680)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000056c0)=0x14)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r12, 0x89f8, &(0x7f0000005780)={'syztnl1\x00', &(0x7f0000005700)={'syztnl2\x00', r13, 0x4, 0x8, 0x1f, 0x7, 0x4, @empty, @ipv4={'\x00', '\xff\xff', @empty}, 0x7800, 0x8, 0x8001, 0x3}})
r14 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r14, 0x107, 0x5, &(0x7f00000057c0)=@req={0x20, 0x4, 0x5817729f}, 0x10)
setsockopt$inet6_IPV6_PKTINFO(r12, 0x29, 0x32, &(0x7f0000005800)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, r10}, 0x14)

07:47:51 executing program 5:
r0 = add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$update(0x2, r0, &(0x7f0000000080)="81bd4c4c82d82df7ab25c4c5a9f08bf805c4ef361816793465373f23d5aa6c42c32b15180c26a1e1571d7e3cd9ca3a666d96b90bb863880b61807be14fd079265a1c67bc628c6747c6f3552485f4e6e54feb49109e23818bfee3b1150858e7fe9fdf5c97e58fe2da0d9cdda12ccf4db6271ccb817ba562ce58532489945b85567320d6875d3797536abdfd32e1d4f8e26750b22be08a8cc37629384ad7608d0442bdd4511f150dfc000196", 0xab)
keyctl$negate(0xd, r0, 0x1, r0)
keyctl$setperm(0x5, 0x0, 0x10)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000140)='id_resolver\x00', 0x0)
r1 = request_key(&(0x7f0000000180)='trusted\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)='dns_resolver\x00', r0)
keyctl$setperm(0x5, r0, 0x0)
keyctl$KEYCTL_PKEY_DECRYPT(0x1a, &(0x7f0000000240)={r0, 0x47, 0x1000}, &(0x7f0000000280)={'enc=', 'oaep', ' hash=', {'sha224-neon\x00'}}, &(0x7f0000000300)="281f816dd49190ec32feb037269f77797eed248548798766b887a208c5d87b28eb3853a04930e1863712f2a5118d0377730cd5dba6ac611b41001835d6c2d0b3dba5dfe6eb12cf", &(0x7f0000000380)=""/4096)
keyctl$read(0xb, 0x0, &(0x7f0000001380)=""/223, 0xdf)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r1, 0x0)
r2 = request_key(&(0x7f0000001480)='trusted\x00', &(0x7f00000014c0)={'syz', 0x3}, &(0x7f0000001500)=')\'\\-/)&.\'\x00', 0xffffffffffffffff)
keyctl$reject(0x13, r2, 0x8001, 0x5, r2)
keyctl$invalidate(0x15, r0)
lstat(&(0x7f0000001540)='./file0\x00', &(0x7f0000001580)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
keyctl$chown(0x4, r2, r3, 0xffffffffffffffff)
newfstatat(0xffffffffffffff9c, &(0x7f0000001600)='./file0\x00', &(0x7f0000001640), 0x800)
fork()
keyctl$instantiate(0xc, r0, 0x0, 0x0, 0xfffffffffffffffa)
r4 = add_key$user(&(0x7f00000016c0), &(0x7f0000001700)={'syz', 0x0}, &(0x7f0000001740)='C', 0x1, r1)
keyctl$setperm(0x5, r4, 0x4080000)

07:47:51 executing program 7:
r0 = dup(0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004011}, 0x880)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/battery', 0x12400, 0x2)
getsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000140), &(0x7f0000000180)=0x4)
ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f00000001c0)={0x20, "adfbb32d06364b7972b6e0ea129c0c952640674a6d666dad8c233dba2343902f57e2e563c04f24f9764fceb00476753c0747005dfb3a97d30aec22cfe7dc4c0c3b40894e3fbb5403b43dff30c3af80fb936b3f18c0708bfdaf87d3b2c98b3a760423bc1b4f97280247b9845cbdfd8bd5c0b1f1be359e54d0683808ab2adb8b07cf6d39f5ce5f05a4a7449b785dbf8f593829da57b732a5b3ed34374c3ee02429a986014452f461c14da9c6eeeace722c1f0777beff093d15aba6e964ef122193b83f204e5b3f7f8c077a51f76d54e35cb8ad87fb45dc9c8a0dc75c71419b1bde3e667559166b9cb664f93fbe4b34c0c21b236b210b40cd25f12aac928eb53eec205bb15d579540c31b69781ec8f38423763bfa6c59e71a9a76bbac7c384d02648899a9beb823e05d8d614e533877ba81d57b0f280399d7a8fc56033df0ee6883bc3b6a8c8726bc8257251ec01d567313da13301fb20883e744c0756e5f0a99a6a38093273179eee3b01e41dc30223c85e45e9b0ea973f7315766cbe3ebfa33f5ce6b2af8b958488fb7384554e13e3e4196c4b4f8f359be658eba8a6f19307c69be193ba408a9ef8d03cc4aa07cb7f0d8b7f39a2155ffc17007dc9e5d03bf140d0018d4161d85208d0115dac04edd7529b76094149f291228edd5a28c280e1b6649df485f0403a71ad16c78ffc289a7baf148ad4eac6a04b12981ba359fe1d5de"})
ioctl$TIOCGICOUNT(r1, 0x545d, 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000400), 0x20800, 0x0)
fcntl$setpipe(r2, 0x407, 0x4)
ioctl$TIOCSIG(r1, 0x40045436, 0x34)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000440)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000480))
r4 = pidfd_getfd(r1, r1, 0x0)
pwritev(r4, &(0x7f0000000bc0)=[{&(0x7f00000004c0)="494fe169791724f9210f8e403755fd81f59d24ab880a6b9fbfe60bcb008e9e277b06edd9651fc1519467cac25c5dcd6d6e802517cf5961363b3dcfc82532512b537bd9082c302e4b7a822012f3b3485c73a38eeb4e1f992c10d5fe31fb1594a79e15d67e142cb62df4fc740eeab97e01092a8b395c5a8e94d5bef1d609b5725588c50ac1059bd9e44597f1566374a5ceba6d894d004cb767548f23360091aab6944e09b8b7dfe7b25040f38cff420d2b515bef70a403110df5e58bc0a6f63ab3de7c6fd83ec81af6553da43da2c05cc93ff239561c3e20d0997f49f9e2e78c388d8c1899b3fa871877c96e6508", 0xed}, {&(0x7f00000005c0)="d1f13840369a97ba354cad527b39f318ba6a2ca4561a8d17fb14d7fe4cdc622e09b2c7ff326d9c476f5c0afb9a1f7097f7b049a0e4d50dd0285990c983246efbb4dc554011dcda43270f77f2c6f635766ac5846307bec2e5f276a85c504cefd3837999992583a441268db33fc5fc362fa13318fc4a58b940cf9069256375037757bc56b3af36683b11539882b85eb1b0596ff56e24568e846340e9e99061fe010cc10a5ea243da1b7b094be94abd320a5d75f8f96731c821266ecbc83fa98037ba6098aa356ecfc06944db14e2fe037d322ef94d7363181e0d0db9a1de2c17c7b5f4572f271b3d44aeb6d1b8ddcbd384b71595c67e2a59861978c7a9fde58e", 0xff}, {&(0x7f00000006c0)="04175c3ca24109bf76bc117281522953ab6ddf176f75ce38f49a4e196cc99e2fb9e19cb9b88b9beb5a58da8a15db166760b13ca54e6d0a6df914eb489e35531f23a80c1d0e70c9344ba2cdcc9266f336c7ba1709f60385587f7018b9bf75f67b8deab232997b0b936cef7ebb39382365e213b0497cc551b5ceea95c27e2cccc5dfa107b6f87827da5b69b3019c7f7e4596bbd27088fca3dc16f5df86cb1f307f87c5c8868cc9c132090f1ce18d527ce6c9378fd08f549e9b1c3f9d9219a5aeeb604619015dd9f725a0c6ddd3501f4c91deadd6eb9bc4bcdd53c6ce60000da7be6855a702f7edddfee4c35650829f8cbfb55ccb000083dba00d", 0xf9}, {&(0x7f00000007c0)="998df2406296123692ae163dafc83ba79c23f514b2bbf743eff382fd4c76ff1f9ed3ad18c34f71f125645a59f99b9188cc4b460d08f7aab7b00ec93f29fc19365355cd4fbd7cef5d75e8ec5466dbfc78812bc26bb9d6a394368539389a53206ecc63572b77fe55aec42c5032aafba90cd27adf221fe405404a948fe291b8cce1e943", 0x82}, {&(0x7f0000000880)="15804d91eb225bb16809055a76dd1666c376148720d1b7a3df8e22fd515bd386a798acb3af0c1bcedceb15fc35e5b5e28e838a6b7f3f6a8f595b0cb510cb1680efba3412b5e251dae13bd3c2bbd9c6e8ab9ed2412d69604a033ce14aa8dca3448ee33f27", 0x64}, {&(0x7f0000000900)="5f0b247f10597c9c2c8cab36865a2ec6e8742555528e61971e57a0a51c7b8c268958f25f8df603ea3ac9c7db58b81ce105ee72bcdf57838ebfe729c60358385e122e74029cd102a76536b38910327214fad7c7a84f", 0x55}, {&(0x7f0000000980)="3d2f12e8fb5fc59af706c8ecbb0b6a63163ba749e48f61b4fe64c18a1f8c24c783151346d63f45b0f5acc6a1c0f5b602995616c423926544cdf91515d670a99804bc9ebecce580e93b6c42e1bc00aa4b9ca1bacfba9c581b709cb1a83aae9600bf73e1858551551d5a71ab2088f187238e9db18fb039088c8be796aa8bf2b172a095c11c057613ab590e159545d875ad2a313936fa636bb03c70a4ba00", 0x9d}, {&(0x7f0000000a40)="68f061974a6807c5cafe05d860c8ed725e17fe6b3cca892e4a3f91f09f41d80462f41338ff488d37d50456b2a7ce752acead282ffabb17a96626ea0c053be2633053ca25b54fdebca8e2c1c2dc2be8623c95d2c58bc0368b24e08e7510448f6afd0d38aa76ed3056d751284948dc41f4f90930136bd7ffd3cf2489627aad4cccf9287239f7facc117d3a0c5eae15a0d7827a59023a583d9126f4cb64756e0d7a520a473b297eeb5edf5e82e2611c7eb190ae744ecd9524a9", 0xb8}, {&(0x7f0000000b00)="96368a4f68c88bff30b8a7f1bff66c1533d3fc1a4fd76207170bbe89f0707adf7884df1dff21e34b76bb006cb28735f468246a14d157a6d50bb19458a46426f0fed830c3dac2aa7ecb211cbf1c194575ff30dda5e77bdf05e8b81c1faba558210229bb9c731af7c4b21b48e5580a35558d2684f7bb93e57f7eb83fb21d9130110bc272e5f51988e13be5dd0cf28aa2faadc7df02cb0ecf250c521eaf29bfe4c30c6b", 0xa2}], 0x9, 0x6, 0x8001)
ioctl$FIONCLEX(r0, 0x5450)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000cc0), r1)
sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000dc0)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d00)={0x44, r5, 0x20, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xad3}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x97}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xfffffffb}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000004}, 0x2c5e759f7d3ae896)
r6 = syz_open_pts(0xffffffffffffffff, 0x80000)
ioctl$AUTOFS_IOC_SETTIMEOUT(r6, 0x80049367, &(0x7f0000000e00)=0xfffffffffffffff8)
read(0xffffffffffffffff, &(0x7f0000000e40)=""/95, 0x5f)

[   65.359793] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   65.362551] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   65.364834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   65.368245] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   65.372850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   65.375375] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   65.377628] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   65.379742] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   65.386283] Bluetooth: hci1: HCI_REQ-0x0c1a
[   65.391189] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   65.395855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   65.399669] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   65.402632] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   65.432107] Bluetooth: hci0: HCI_REQ-0x0c1a
[   65.470591] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   65.473353] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   65.475049] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   65.476760] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   65.478616] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   65.480418] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   65.481890] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   65.483189] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   65.484321] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   65.485482] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   65.486516] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   65.487679] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   65.488736] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   65.490506] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   65.491965] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   65.493287] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   65.494458] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   65.497795] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   65.502372] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   65.504737] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   65.506260] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   65.507562] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   65.512363] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   65.515263] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   65.516767] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   65.518194] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   65.519631] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   65.521362] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   65.522616] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   65.523916] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   65.525284] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   65.526809] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   65.527853] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   65.529104] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   65.530778] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   65.531954] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   65.537072] Bluetooth: hci6: HCI_REQ-0x0c1a
[   65.537882] Bluetooth: hci5: HCI_REQ-0x0c1a
[   65.539209] Bluetooth: hci4: HCI_REQ-0x0c1a
[   65.543654] Bluetooth: hci3: HCI_REQ-0x0c1a
[   65.548501] Bluetooth: hci7: HCI_REQ-0x0c1a
[   65.593287] Bluetooth: hci2: HCI_REQ-0x0c1a
[   67.438410] Bluetooth: hci1: command 0x0409 tx timeout
[   67.502076] Bluetooth: hci0: command 0x0409 tx timeout
[   67.567150] Bluetooth: hci7: command 0x0409 tx timeout
[   67.568458] Bluetooth: hci3: command 0x0409 tx timeout
[   67.569478] Bluetooth: hci4: command 0x0409 tx timeout
[   67.570454] Bluetooth: hci6: command 0x0409 tx timeout
[   67.630447] Bluetooth: hci2: command 0x0409 tx timeout
[   67.631335] Bluetooth: hci5: command 0x0409 tx timeout
[   69.486112] Bluetooth: hci1: command 0x041b tx timeout
[   69.550127] Bluetooth: hci0: command 0x041b tx timeout
[   69.614104] Bluetooth: hci6: command 0x041b tx timeout
[   69.614546] Bluetooth: hci4: command 0x041b tx timeout
[   69.614949] Bluetooth: hci3: command 0x041b tx timeout
[   69.615416] Bluetooth: hci7: command 0x041b tx timeout
[   69.678089] Bluetooth: hci5: command 0x041b tx timeout
[   69.678503] Bluetooth: hci2: command 0x041b tx timeout
[   71.534036] Bluetooth: hci1: command 0x040f tx timeout
[   71.598143] Bluetooth: hci0: command 0x040f tx timeout
[   71.662069] Bluetooth: hci7: command 0x040f tx timeout
[   71.662473] Bluetooth: hci3: command 0x040f tx timeout
[   71.662805] Bluetooth: hci4: command 0x040f tx timeout
[   71.663533] Bluetooth: hci6: command 0x040f tx timeout
[   71.726055] Bluetooth: hci2: command 0x040f tx timeout
[   71.726457] Bluetooth: hci5: command 0x040f tx timeout
[   73.582058] Bluetooth: hci1: command 0x0419 tx timeout
[   73.646178] Bluetooth: hci0: command 0x0419 tx timeout
[   73.710275] Bluetooth: hci6: command 0x0419 tx timeout
[   73.711042] Bluetooth: hci4: command 0x0419 tx timeout
[   73.711728] Bluetooth: hci3: command 0x0419 tx timeout
[   73.713025] Bluetooth: hci7: command 0x0419 tx timeout
[   73.774075] Bluetooth: hci5: command 0x0419 tx timeout
[   73.774819] Bluetooth: hci2: command 0x0419 tx timeout
07:48:45 executing program 1:
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x0, 0x20, 0x11}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000000, 0x12, r0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0)
preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1, 0x0, 0x0)
syncfs(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x44, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00b51b808c412ed6b9fcbb5be4a2fb7dd8fd0dfa22b4100"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000040)={r2, 0xb58a, 0x100000001, 0x2})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x0)
accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800)
fsync(0xffffffffffffffff)

07:48:45 executing program 7:
r0 = dup(0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004011}, 0x880)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/battery', 0x12400, 0x2)
getsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000140), &(0x7f0000000180)=0x4)
ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f00000001c0)={0x20, "adfbb32d06364b7972b6e0ea129c0c952640674a6d666dad8c233dba2343902f57e2e563c04f24f9764fceb00476753c0747005dfb3a97d30aec22cfe7dc4c0c3b40894e3fbb5403b43dff30c3af80fb936b3f18c0708bfdaf87d3b2c98b3a760423bc1b4f97280247b9845cbdfd8bd5c0b1f1be359e54d0683808ab2adb8b07cf6d39f5ce5f05a4a7449b785dbf8f593829da57b732a5b3ed34374c3ee02429a986014452f461c14da9c6eeeace722c1f0777beff093d15aba6e964ef122193b83f204e5b3f7f8c077a51f76d54e35cb8ad87fb45dc9c8a0dc75c71419b1bde3e667559166b9cb664f93fbe4b34c0c21b236b210b40cd25f12aac928eb53eec205bb15d579540c31b69781ec8f38423763bfa6c59e71a9a76bbac7c384d02648899a9beb823e05d8d614e533877ba81d57b0f280399d7a8fc56033df0ee6883bc3b6a8c8726bc8257251ec01d567313da13301fb20883e744c0756e5f0a99a6a38093273179eee3b01e41dc30223c85e45e9b0ea973f7315766cbe3ebfa33f5ce6b2af8b958488fb7384554e13e3e4196c4b4f8f359be658eba8a6f19307c69be193ba408a9ef8d03cc4aa07cb7f0d8b7f39a2155ffc17007dc9e5d03bf140d0018d4161d85208d0115dac04edd7529b76094149f291228edd5a28c280e1b6649df485f0403a71ad16c78ffc289a7baf148ad4eac6a04b12981ba359fe1d5de"})
ioctl$TIOCGICOUNT(r1, 0x545d, 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000400), 0x20800, 0x0)
fcntl$setpipe(r2, 0x407, 0x4)
ioctl$TIOCSIG(r1, 0x40045436, 0x34)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000440)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000480))
r4 = pidfd_getfd(r1, r1, 0x0)
pwritev(r4, &(0x7f0000000bc0)=[{&(0x7f00000004c0)="494fe169791724f9210f8e403755fd81f59d24ab880a6b9fbfe60bcb008e9e277b06edd9651fc1519467cac25c5dcd6d6e802517cf5961363b3dcfc82532512b537bd9082c302e4b7a822012f3b3485c73a38eeb4e1f992c10d5fe31fb1594a79e15d67e142cb62df4fc740eeab97e01092a8b395c5a8e94d5bef1d609b5725588c50ac1059bd9e44597f1566374a5ceba6d894d004cb767548f23360091aab6944e09b8b7dfe7b25040f38cff420d2b515bef70a403110df5e58bc0a6f63ab3de7c6fd83ec81af6553da43da2c05cc93ff239561c3e20d0997f49f9e2e78c388d8c1899b3fa871877c96e6508", 0xed}, {&(0x7f00000005c0)="d1f13840369a97ba354cad527b39f318ba6a2ca4561a8d17fb14d7fe4cdc622e09b2c7ff326d9c476f5c0afb9a1f7097f7b049a0e4d50dd0285990c983246efbb4dc554011dcda43270f77f2c6f635766ac5846307bec2e5f276a85c504cefd3837999992583a441268db33fc5fc362fa13318fc4a58b940cf9069256375037757bc56b3af36683b11539882b85eb1b0596ff56e24568e846340e9e99061fe010cc10a5ea243da1b7b094be94abd320a5d75f8f96731c821266ecbc83fa98037ba6098aa356ecfc06944db14e2fe037d322ef94d7363181e0d0db9a1de2c17c7b5f4572f271b3d44aeb6d1b8ddcbd384b71595c67e2a59861978c7a9fde58e", 0xff}, {&(0x7f00000006c0)="04175c3ca24109bf76bc117281522953ab6ddf176f75ce38f49a4e196cc99e2fb9e19cb9b88b9beb5a58da8a15db166760b13ca54e6d0a6df914eb489e35531f23a80c1d0e70c9344ba2cdcc9266f336c7ba1709f60385587f7018b9bf75f67b8deab232997b0b936cef7ebb39382365e213b0497cc551b5ceea95c27e2cccc5dfa107b6f87827da5b69b3019c7f7e4596bbd27088fca3dc16f5df86cb1f307f87c5c8868cc9c132090f1ce18d527ce6c9378fd08f549e9b1c3f9d9219a5aeeb604619015dd9f725a0c6ddd3501f4c91deadd6eb9bc4bcdd53c6ce60000da7be6855a702f7edddfee4c35650829f8cbfb55ccb000083dba00d", 0xf9}, {&(0x7f00000007c0)="998df2406296123692ae163dafc83ba79c23f514b2bbf743eff382fd4c76ff1f9ed3ad18c34f71f125645a59f99b9188cc4b460d08f7aab7b00ec93f29fc19365355cd4fbd7cef5d75e8ec5466dbfc78812bc26bb9d6a394368539389a53206ecc63572b77fe55aec42c5032aafba90cd27adf221fe405404a948fe291b8cce1e943", 0x82}, {&(0x7f0000000880)="15804d91eb225bb16809055a76dd1666c376148720d1b7a3df8e22fd515bd386a798acb3af0c1bcedceb15fc35e5b5e28e838a6b7f3f6a8f595b0cb510cb1680efba3412b5e251dae13bd3c2bbd9c6e8ab9ed2412d69604a033ce14aa8dca3448ee33f27", 0x64}, {&(0x7f0000000900)="5f0b247f10597c9c2c8cab36865a2ec6e8742555528e61971e57a0a51c7b8c268958f25f8df603ea3ac9c7db58b81ce105ee72bcdf57838ebfe729c60358385e122e74029cd102a76536b38910327214fad7c7a84f", 0x55}, {&(0x7f0000000980)="3d2f12e8fb5fc59af706c8ecbb0b6a63163ba749e48f61b4fe64c18a1f8c24c783151346d63f45b0f5acc6a1c0f5b602995616c423926544cdf91515d670a99804bc9ebecce580e93b6c42e1bc00aa4b9ca1bacfba9c581b709cb1a83aae9600bf73e1858551551d5a71ab2088f187238e9db18fb039088c8be796aa8bf2b172a095c11c057613ab590e159545d875ad2a313936fa636bb03c70a4ba00", 0x9d}, {&(0x7f0000000a40)="68f061974a6807c5cafe05d860c8ed725e17fe6b3cca892e4a3f91f09f41d80462f41338ff488d37d50456b2a7ce752acead282ffabb17a96626ea0c053be2633053ca25b54fdebca8e2c1c2dc2be8623c95d2c58bc0368b24e08e7510448f6afd0d38aa76ed3056d751284948dc41f4f90930136bd7ffd3cf2489627aad4cccf9287239f7facc117d3a0c5eae15a0d7827a59023a583d9126f4cb64756e0d7a520a473b297eeb5edf5e82e2611c7eb190ae744ecd9524a9", 0xb8}, {&(0x7f0000000b00)="96368a4f68c88bff30b8a7f1bff66c1533d3fc1a4fd76207170bbe89f0707adf7884df1dff21e34b76bb006cb28735f468246a14d157a6d50bb19458a46426f0fed830c3dac2aa7ecb211cbf1c194575ff30dda5e77bdf05e8b81c1faba558210229bb9c731af7c4b21b48e5580a35558d2684f7bb93e57f7eb83fb21d9130110bc272e5f51988e13be5dd0cf28aa2faadc7df02cb0ecf250c521eaf29bfe4c30c6b", 0xa2}], 0x9, 0x6, 0x8001)
ioctl$FIONCLEX(r0, 0x5450)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000cc0), r1)
sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000dc0)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d00)={0x44, r5, 0x20, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xad3}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x97}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xfffffffb}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000004}, 0x2c5e759f7d3ae896)
r6 = syz_open_pts(0xffffffffffffffff, 0x80000)
ioctl$AUTOFS_IOC_SETTIMEOUT(r6, 0x80049367, &(0x7f0000000e00)=0xfffffffffffffff8)
read(0xffffffffffffffff, &(0x7f0000000e40)=""/95, 0x5f)

[  118.612510] audit: type=1400 audit(1665042525.682:7): avc:  denied  { open } for  pid=3827 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  118.613906] audit: type=1400 audit(1665042525.682:8): avc:  denied  { kernel } for  pid=3827 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  118.638529] ------------[ cut here ]------------
[  118.638549] 
[  118.638551] ======================================================
[  118.638555] WARNING: possible circular locking dependency detected
[  118.638559] 6.0.0-next-20221005 #1 Not tainted
[  118.638565] ------------------------------------------------------
[  118.638568] syz-executor.1/3829 is trying to acquire lock:
[  118.638575] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  118.638616] 
[  118.638616] but task is already holding lock:
[  118.638619] ffff888008ec1c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  118.638645] 
[  118.638645] which lock already depends on the new lock.
[  118.638645] 
[  118.638648] 
[  118.638648] the existing dependency chain (in reverse order) is:
[  118.638651] 
[  118.638651] -> #3 (&ctx->lock){....}-{2:2}:
[  118.638665]        _raw_spin_lock+0x2a/0x40
[  118.638677]        __perf_event_task_sched_out+0x53b/0x18d0
[  118.638688]        __schedule+0xedd/0x2470
[  118.638703]        schedule+0xda/0x1b0
[  118.638717]        exit_to_user_mode_prepare+0x114/0x1a0
[  118.638730]        syscall_exit_to_user_mode+0x19/0x40
[  118.638743]        do_syscall_64+0x48/0x90
[  118.638753]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.638767] 
[  118.638767] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  118.638780]        _raw_spin_lock_nested+0x30/0x40
[  118.638791]        raw_spin_rq_lock_nested+0x1e/0x30
[  118.638805]        task_fork_fair+0x63/0x4d0
[  118.638822]        sched_cgroup_fork+0x3d0/0x540
[  118.638836]        copy_process+0x4183/0x6e20
[  118.638847]        kernel_clone+0xe7/0x890
[  118.638856]        user_mode_thread+0xad/0xf0
[  118.638867]        rest_init+0x24/0x250
[  118.638879]        arch_call_rest_init+0xf/0x14
[  118.638898]        start_kernel+0x4c6/0x4eb
[  118.638915]        secondary_startup_64_no_verify+0xe0/0xeb
[  118.638930] 
[  118.638930] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  118.638943]        _raw_spin_lock_irqsave+0x39/0x60
[  118.638954]        try_to_wake_up+0xab/0x1930
[  118.638971]        up+0x75/0xb0
[  118.638986]        __up_console_sem+0x6e/0x80
[  118.639002]        console_unlock+0x46a/0x590
[  118.639018]        vt_ioctl+0x2822/0x2ca0
[  118.639030]        tty_ioctl+0x785/0x16b0
[  118.639041]        __x64_sys_ioctl+0x19a/0x210
[  118.639055]        do_syscall_64+0x3b/0x90
[  118.639064]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.639078] 
[  118.639078] -> #0 ((console_sem).lock){....}-{2:2}:
[  118.639091]        __lock_acquire+0x2a02/0x5e70
[  118.639108]        lock_acquire+0x1a2/0x530
[  118.639124]        _raw_spin_lock_irqsave+0x39/0x60
[  118.639135]        down_trylock+0xe/0x70
[  118.639151]        __down_trylock_console_sem+0x3b/0xd0
[  118.639167]        vprintk_emit+0x16b/0x560
[  118.639183]        vprintk+0x84/0xa0
[  118.639199]        _printk+0xba/0xf1
[  118.639212]        report_bug.cold+0x72/0xab
[  118.639229]        handle_bug+0x3c/0x70
[  118.639238]        exc_invalid_op+0x14/0x50
[  118.639248]        asm_exc_invalid_op+0x16/0x20
[  118.639260]        group_sched_out.part.0+0x2c7/0x460
[  118.639279]        ctx_sched_out+0x8f1/0xc10
[  118.639296]        __perf_event_task_sched_out+0x6d0/0x18d0
[  118.639307]        __schedule+0xedd/0x2470
[  118.639321]        schedule+0xda/0x1b0
[  118.639335]        exit_to_user_mode_prepare+0x114/0x1a0
[  118.639346]        syscall_exit_to_user_mode+0x19/0x40
[  118.639359]        do_syscall_64+0x48/0x90
[  118.639368]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.639382] 
[  118.639382] other info that might help us debug this:
[  118.639382] 
[  118.639384] Chain exists of:
[  118.639384]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  118.639384] 
[  118.639399]  Possible unsafe locking scenario:
[  118.639399] 
[  118.639401]        CPU0                    CPU1
[  118.639403]        ----                    ----
[  118.639406]   lock(&ctx->lock);
[  118.639411]                                lock(&rq->__lock);
[  118.639417]                                lock(&ctx->lock);
[  118.639424]   lock((console_sem).lock);
[  118.639429] 
[  118.639429]  *** DEADLOCK ***
[  118.639429] 
[  118.639431] 2 locks held by syz-executor.1/3829:
[  118.639438]  #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  118.639468]  #1: ffff888008ec1c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  118.639494] 
[  118.639494] stack backtrace:
[  118.639497] CPU: 1 PID: 3829 Comm: syz-executor.1 Not tainted 6.0.0-next-20221005 #1
[  118.639509] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  118.639517] Call Trace:
[  118.639520]  <TASK>
[  118.639524]  dump_stack_lvl+0x8b/0xb3
[  118.639543]  check_noncircular+0x263/0x2e0
[  118.639560]  ? format_decode+0x26c/0xb50
[  118.639580]  ? print_circular_bug+0x450/0x450
[  118.639598]  ? simple_strtoul+0x30/0x30
[  118.639615]  ? format_decode+0x26c/0xb50
[  118.639633]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  118.639651]  __lock_acquire+0x2a02/0x5e70
[  118.639672]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  118.639695]  lock_acquire+0x1a2/0x530
[  118.639712]  ? down_trylock+0xe/0x70
[  118.639730]  ? lock_release+0x750/0x750
[  118.639751]  ? vprintk+0x84/0xa0
[  118.639769]  _raw_spin_lock_irqsave+0x39/0x60
[  118.639781]  ? down_trylock+0xe/0x70
[  118.639799]  down_trylock+0xe/0x70
[  118.639816]  ? vprintk+0x84/0xa0
[  118.639833]  __down_trylock_console_sem+0x3b/0xd0
[  118.639850]  vprintk_emit+0x16b/0x560
[  118.639870]  vprintk+0x84/0xa0
[  118.639887]  _printk+0xba/0xf1
[  118.639900]  ? record_print_text.cold+0x16/0x16
[  118.639916]  ? report_bug.cold+0x66/0xab
[  118.639935]  ? group_sched_out.part.0+0x2c7/0x460
[  118.639954]  report_bug.cold+0x72/0xab
[  118.639974]  handle_bug+0x3c/0x70
[  118.639984]  exc_invalid_op+0x14/0x50
[  118.639995]  asm_exc_invalid_op+0x16/0x20
[  118.640009] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  118.640030] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 2b 08 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  118.640041] RSP: 0018:ffff88803faefc48 EFLAGS: 00010006
[  118.640050] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  118.640058] RDX: ffff88800ff70000 RSI: ffffffff81566da7 RDI: 0000000000000005
[  118.640066] RBP: ffff88800f648000 R08: 0000000000000005 R09: 0000000000000001
[  118.640073] R10: 0000000000000000 R11: ffffffff865b605b R12: ffff888008ec1c00
[  118.640081] R13: ffff88806cf3d2c0 R14: ffffffff8547d040 R15: 0000000000000002
[  118.640092]  ? group_sched_out.part.0+0x2c7/0x460
[  118.640112]  ? group_sched_out.part.0+0x2c7/0x460
[  118.640131]  ctx_sched_out+0x8f1/0xc10
[  118.640151]  __perf_event_task_sched_out+0x6d0/0x18d0
[  118.640165]  ? lock_is_held_type+0xd7/0x130
[  118.640179]  ? __perf_cgroup_move+0x160/0x160
[  118.640190]  ? set_next_entity+0x304/0x550
[  118.640207]  ? update_curr+0x267/0x740
[  118.640225]  ? lock_is_held_type+0xd7/0x130
[  118.640240]  __schedule+0xedd/0x2470
[  118.640258]  ? io_schedule_timeout+0x150/0x150
[  118.640275]  ? rcu_read_lock_sched_held+0x3e/0x80
[  118.640295]  schedule+0xda/0x1b0
[  118.640311]  exit_to_user_mode_prepare+0x114/0x1a0
[  118.640323]  syscall_exit_to_user_mode+0x19/0x40
[  118.640338]  do_syscall_64+0x48/0x90
[  118.640348]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.640362] RIP: 0033:0x7f6d687b9b19
[  118.640378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  118.640389] RSP: 002b:00007f6d65d2f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  118.640400] RAX: 0000000000000001 RBX: 00007f6d688ccf68 RCX: 00007f6d687b9b19
[  118.640407] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6d688ccf6c
[  118.640414] RBP: 00007f6d688ccf60 R08: 000000000000000e R09: 0000000000000000
[  118.640421] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f6d688ccf6c
[  118.640429] R13: 00007ffd86c136ff R14: 00007f6d65d2f300 R15: 0000000000022000
[  118.640441]  </TASK>
[  118.694846] WARNING: CPU: 1 PID: 3829 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  118.695451] Modules linked in:
[  118.695664] CPU: 1 PID: 3829 Comm: syz-executor.1 Not tainted 6.0.0-next-20221005 #1
[  118.696161] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  118.696699] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  118.697059] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 2b 08 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  118.698211] RSP: 0018:ffff88803faefc48 EFLAGS: 00010006
[  118.698553] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  118.699006] RDX: ffff88800ff70000 RSI: ffffffff81566da7 RDI: 0000000000000005
[  118.699486] RBP: ffff88800f648000 R08: 0000000000000005 R09: 0000000000000001
[  118.699977] R10: 0000000000000000 R11: ffffffff865b605b R12: ffff888008ec1c00
[  118.700475] R13: ffff88806cf3d2c0 R14: ffffffff8547d040 R15: 0000000000000002
[  118.700957] FS:  00007f6d65d2f700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  118.701498] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  118.701899] CR2: 00007f54fe6fa010 CR3: 00000000212ae000 CR4: 0000000000350ee0
[  118.702387] Call Trace:
[  118.702566]  <TASK>
[  118.702729]  ctx_sched_out+0x8f1/0xc10
[  118.703010]  __perf_event_task_sched_out+0x6d0/0x18d0
[  118.703368]  ? lock_is_held_type+0xd7/0x130
[  118.703669]  ? __perf_cgroup_move+0x160/0x160
[  118.703977]  ? set_next_entity+0x304/0x550
[  118.704279]  ? update_curr+0x267/0x740
[  118.704576]  ? lock_is_held_type+0xd7/0x130
[  118.704880]  __schedule+0xedd/0x2470
[  118.705147]  ? io_schedule_timeout+0x150/0x150
[  118.705474]  ? rcu_read_lock_sched_held+0x3e/0x80
[  118.705818]  schedule+0xda/0x1b0
[  118.706067]  exit_to_user_mode_prepare+0x114/0x1a0
[  118.706408]  syscall_exit_to_user_mode+0x19/0x40
[  118.706740]  do_syscall_64+0x48/0x90
[  118.707007]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.707367] RIP: 0033:0x7f6d687b9b19
[  118.707630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  118.708870] RSP: 002b:00007f6d65d2f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  118.709380] RAX: 0000000000000001 RBX: 00007f6d688ccf68 RCX: 00007f6d687b9b19
[  118.709865] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6d688ccf6c
[  118.710354] RBP: 00007f6d688ccf60 R08: 000000000000000e R09: 0000000000000000
[  118.710843] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f6d688ccf6c
[  118.711325] R13: 00007ffd86c136ff R14: 00007f6d65d2f300 R15: 0000000000022000
[  118.711813]  </TASK>
[  118.711979] irq event stamp: 688
[  118.712212] hardirqs last  enabled at (687): [<ffffffff8133f829>] exit_to_user_mode_prepare+0x109/0x1a0
[  118.712869] hardirqs last disabled at (688): [<ffffffff84260bc5>] __schedule+0x1225/0x2470
[  118.713431] softirqs last  enabled at (344): [<ffffffff81170a0b>] __irq_exit_rcu+0x11b/0x180
[  118.714015] softirqs last disabled at (339): [<ffffffff81170a0b>] __irq_exit_rcu+0x11b/0x180
[  118.714604] ---[ end trace 0000000000000000 ]---
07:48:45 executing program 7:
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000e80), 0x0, 0x0)
copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)

07:48:45 executing program 7:
r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil)
r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)
shmctl$IPC_SET(r1, 0x1, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0xee01}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x208, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
r3 = shmget(0x0, 0x3000, 0x200, &(0x7f0000ffd000/0x3000)=nil)
shmat(r0, &(0x7f0000ffa000/0x1000)=nil, 0x2000)
shmctl$SHM_LOCK(r3, 0xb)
shmget(0x1, 0x3000, 0x20, &(0x7f0000ff9000/0x3000)=nil)
pread64(r2, &(0x7f0000000140)=""/95, 0x5f, 0x7fff)

07:48:46 executing program 1:
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x0, 0x20, 0x11}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000000, 0x12, r0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0)
preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1, 0x0, 0x0)
syncfs(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x44, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00b51b808c412ed6b9fcbb5be4a2fb7dd8fd0dfa22b4100"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000040)={r2, 0xb58a, 0x100000001, 0x2})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x0)
accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800)
fsync(0xffffffffffffffff)

07:48:46 executing program 7:
r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil)
r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)
shmctl$IPC_SET(r1, 0x1, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0xee01}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x208, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
r3 = shmget(0x0, 0x3000, 0x200, &(0x7f0000ffd000/0x3000)=nil)
shmat(r0, &(0x7f0000ffa000/0x1000)=nil, 0x2000)
shmctl$SHM_LOCK(r3, 0xb)
shmget(0x1, 0x3000, 0x20, &(0x7f0000ff9000/0x3000)=nil)
pread64(r2, &(0x7f0000000140)=""/95, 0x5f, 0x7fff)

07:48:46 executing program 1:
r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil)
r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)
shmctl$IPC_SET(r1, 0x1, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0xee01}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x208, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
r3 = shmget(0x0, 0x3000, 0x200, &(0x7f0000ffd000/0x3000)=nil)
shmat(r0, &(0x7f0000ffa000/0x1000)=nil, 0x2000)
shmctl$SHM_LOCK(r3, 0xb)
shmget(0x1, 0x3000, 0x20, &(0x7f0000ff9000/0x3000)=nil)
pread64(r2, &(0x7f0000000140)=""/95, 0x5f, 0x7fff)

07:48:46 executing program 7:
r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil)
r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)
shmctl$IPC_SET(r1, 0x1, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0xee01}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x208, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
r3 = shmget(0x0, 0x3000, 0x200, &(0x7f0000ffd000/0x3000)=nil)
shmat(r0, &(0x7f0000ffa000/0x1000)=nil, 0x2000)
shmctl$SHM_LOCK(r3, 0xb)
shmget(0x1, 0x3000, 0x20, &(0x7f0000ff9000/0x3000)=nil)
pread64(r2, &(0x7f0000000140)=""/95, 0x5f, 0x7fff)


VM DIAGNOSIS:
07:48:45  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=ffffed1002ef0f99 RCX=000000000000000b RDX=ffff88800ff73580
RSI=ffffc90000697048 RDI=ffff888017787d30 RBP=ffffc90000697048 RSP=ffff888017787cc8
R8 =0000000000000004 R9 =000000007fff0000 R10=000000007fff0000 R11=0000000000000001
R12=ffff888017787e30 R13=000000007fff0000 R14=ffff888017787e30 R15=ffffc90000697000
RIP=ffffffff81541f0a RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f05377ee8c0 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055971dbce148 CR3=000000000e102000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=7269762f736563697665642f7379732f XMM01=747269762f736563697665642f737973
XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055971dbdd300000055971dbdd2e0
XMM06=000055971dbcd4c00000000000000000 XMM07=00000000000000000000000000000000
XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000028 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff823bda91 RDI=ffffffff8765c9a0 RBP=ffffffff8765c960 RSP=ffff88803faef690
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000028 R11=0000000000000001
R12=0000000000000028 R13=ffffffff8765c960 R14=0000000000000010 R15=ffffffff823bda80
RIP=ffffffff823bdae9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f6d65d2f700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f54fe6fa010 CR3=00000000212ae000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f6d688a07c000007f6d688a07c8
XMM02=00007f6d688a07e000007f6d688a07c0 XMM03=00007f6d688a07c800007f6d688a07c0
XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000