Warning: Permanently added '[localhost]:59272' (ECDSA) to the list of known hosts. 2022/10/06 18:59:47 fuzzer started 2022/10/06 18:59:47 dialing manager at localhost:37161 syzkaller login: [ 35.778164] cgroup: Unknown subsys name 'net' [ 35.853496] cgroup: Unknown subsys name 'rlimit' 2022/10/06 19:00:02 syscalls: 2215 2022/10/06 19:00:02 code coverage: enabled 2022/10/06 19:00:02 comparison tracing: enabled 2022/10/06 19:00:02 extra coverage: enabled 2022/10/06 19:00:02 setuid sandbox: enabled 2022/10/06 19:00:02 namespace sandbox: enabled 2022/10/06 19:00:02 Android sandbox: enabled 2022/10/06 19:00:02 fault injection: enabled 2022/10/06 19:00:02 leak checking: enabled 2022/10/06 19:00:02 net packet injection: enabled 2022/10/06 19:00:02 net device setup: enabled 2022/10/06 19:00:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/06 19:00:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/06 19:00:02 USB emulation: enabled 2022/10/06 19:00:02 hci packet injection: enabled 2022/10/06 19:00:02 wifi device emulation: failed to parse kernel version (6.0.0-next-20221006) 2022/10/06 19:00:02 802.15.4 emulation: enabled 2022/10/06 19:00:03 fetching corpus: 50, signal 29660/31366 (executing program) 2022/10/06 19:00:03 fetching corpus: 100, signal 39119/42334 (executing program) 2022/10/06 19:00:03 fetching corpus: 150, signal 45121/49745 (executing program) 2022/10/06 19:00:03 fetching corpus: 200, signal 52821/58661 (executing program) 2022/10/06 19:00:03 fetching corpus: 250, signal 58143/65150 (executing program) 2022/10/06 19:00:03 fetching corpus: 300, signal 60452/68727 (executing program) 2022/10/06 19:00:03 fetching corpus: 350, signal 65095/74438 (executing program) 2022/10/06 19:00:03 fetching corpus: 400, signal 67544/78022 (executing program) 2022/10/06 19:00:03 fetching corpus: 450, signal 69861/81447 (executing program) 2022/10/06 19:00:04 fetching corpus: 500, signal 73290/85823 (executing program) 2022/10/06 19:00:04 fetching corpus: 550, signal 75806/89293 (executing program) 2022/10/06 19:00:04 fetching corpus: 600, signal 78213/92648 (executing program) 2022/10/06 19:00:04 fetching corpus: 650, signal 80101/95481 (executing program) 2022/10/06 19:00:04 fetching corpus: 700, signal 83968/99954 (executing program) 2022/10/06 19:00:04 fetching corpus: 750, signal 87751/104220 (executing program) 2022/10/06 19:00:04 fetching corpus: 800, signal 89079/106449 (executing program) 2022/10/06 19:00:04 fetching corpus: 850, signal 92141/109988 (executing program) 2022/10/06 19:00:04 fetching corpus: 900, signal 93959/112575 (executing program) 2022/10/06 19:00:04 fetching corpus: 950, signal 96992/116027 (executing program) 2022/10/06 19:00:05 fetching corpus: 1000, signal 99425/118985 (executing program) 2022/10/06 19:00:05 fetching corpus: 1050, signal 101287/121417 (executing program) 2022/10/06 19:00:05 fetching corpus: 1100, signal 103604/124195 (executing program) 2022/10/06 19:00:05 fetching corpus: 1150, signal 105365/126482 (executing program) 2022/10/06 19:00:05 fetching corpus: 1200, signal 106629/128367 (executing program) 2022/10/06 19:00:05 fetching corpus: 1250, signal 108531/130699 (executing program) 2022/10/06 19:00:05 fetching corpus: 1300, signal 109764/132475 (executing program) 2022/10/06 19:00:05 fetching corpus: 1350, signal 112235/135179 (executing program) 2022/10/06 19:00:06 fetching corpus: 1400, signal 114157/137425 (executing program) 2022/10/06 19:00:06 fetching corpus: 1450, signal 115592/139232 (executing program) 2022/10/06 19:00:06 fetching corpus: 1500, signal 116848/140860 (executing program) 2022/10/06 19:00:06 fetching corpus: 1550, signal 118266/142568 (executing program) 2022/10/06 19:00:06 fetching corpus: 1600, signal 120044/144541 (executing program) 2022/10/06 19:00:06 fetching corpus: 1650, signal 121286/146121 (executing program) 2022/10/06 19:00:06 fetching corpus: 1700, signal 123483/148289 (executing program) 2022/10/06 19:00:06 fetching corpus: 1750, signal 124618/149757 (executing program) 2022/10/06 19:00:06 fetching corpus: 1800, signal 125787/151194 (executing program) 2022/10/06 19:00:06 fetching corpus: 1850, signal 126961/152608 (executing program) 2022/10/06 19:00:07 fetching corpus: 1900, signal 127666/153693 (executing program) 2022/10/06 19:00:07 fetching corpus: 1950, signal 128754/155057 (executing program) 2022/10/06 19:00:07 fetching corpus: 2000, signal 129522/156176 (executing program) 2022/10/06 19:00:07 fetching corpus: 2050, signal 130722/157534 (executing program) 2022/10/06 19:00:07 fetching corpus: 2100, signal 131529/158653 (executing program) 2022/10/06 19:00:07 fetching corpus: 2150, signal 132170/159683 (executing program) 2022/10/06 19:00:07 fetching corpus: 2200, signal 133093/160876 (executing program) 2022/10/06 19:00:07 fetching corpus: 2250, signal 133800/161896 (executing program) 2022/10/06 19:00:07 fetching corpus: 2300, signal 135385/163338 (executing program) 2022/10/06 19:00:07 fetching corpus: 2350, signal 136560/164511 (executing program) 2022/10/06 19:00:07 fetching corpus: 2400, signal 137120/165409 (executing program) 2022/10/06 19:00:08 fetching corpus: 2450, signal 138382/166607 (executing program) 2022/10/06 19:00:08 fetching corpus: 2500, signal 139156/167564 (executing program) 2022/10/06 19:00:08 fetching corpus: 2550, signal 139973/168572 (executing program) 2022/10/06 19:00:08 fetching corpus: 2600, signal 141564/169871 (executing program) 2022/10/06 19:00:08 fetching corpus: 2650, signal 142355/170790 (executing program) 2022/10/06 19:00:08 fetching corpus: 2700, signal 143199/171676 (executing program) 2022/10/06 19:00:08 fetching corpus: 2750, signal 144225/172713 (executing program) 2022/10/06 19:00:08 fetching corpus: 2800, signal 144979/173518 (executing program) 2022/10/06 19:00:08 fetching corpus: 2850, signal 146284/174495 (executing program) 2022/10/06 19:00:08 fetching corpus: 2900, signal 147049/175271 (executing program) 2022/10/06 19:00:09 fetching corpus: 2950, signal 148462/176274 (executing program) 2022/10/06 19:00:09 fetching corpus: 3000, signal 149243/177018 (executing program) 2022/10/06 19:00:09 fetching corpus: 3050, signal 150273/177837 (executing program) 2022/10/06 19:00:09 fetching corpus: 3100, signal 151279/178668 (executing program) 2022/10/06 19:00:09 fetching corpus: 3150, signal 152673/179594 (executing program) 2022/10/06 19:00:09 fetching corpus: 3200, signal 153077/180173 (executing program) 2022/10/06 19:00:09 fetching corpus: 3250, signal 153612/180740 (executing program) 2022/10/06 19:00:09 fetching corpus: 3300, signal 154335/181354 (executing program) 2022/10/06 19:00:09 fetching corpus: 3350, signal 155095/182008 (executing program) 2022/10/06 19:00:09 fetching corpus: 3400, signal 156042/182665 (executing program) 2022/10/06 19:00:10 fetching corpus: 3450, signal 157479/183496 (executing program) 2022/10/06 19:00:10 fetching corpus: 3500, signal 158011/184029 (executing program) 2022/10/06 19:00:10 fetching corpus: 3550, signal 158381/184502 (executing program) 2022/10/06 19:00:10 fetching corpus: 3600, signal 160181/185306 (executing program) 2022/10/06 19:00:10 fetching corpus: 3650, signal 161162/185907 (executing program) 2022/10/06 19:00:10 fetching corpus: 3700, signal 162280/186539 (executing program) 2022/10/06 19:00:10 fetching corpus: 3750, signal 163284/187094 (executing program) 2022/10/06 19:00:11 fetching corpus: 3800, signal 164479/187670 (executing program) 2022/10/06 19:00:11 fetching corpus: 3850, signal 165135/188159 (executing program) 2022/10/06 19:00:11 fetching corpus: 3900, signal 166196/188661 (executing program) 2022/10/06 19:00:11 fetching corpus: 3950, signal 166539/189022 (executing program) 2022/10/06 19:00:11 fetching corpus: 4000, signal 167515/189445 (executing program) 2022/10/06 19:00:11 fetching corpus: 4050, signal 167910/189776 (executing program) 2022/10/06 19:00:11 fetching corpus: 4100, signal 168479/190112 (executing program) 2022/10/06 19:00:11 fetching corpus: 4150, signal 169214/190484 (executing program) 2022/10/06 19:00:11 fetching corpus: 4200, signal 169780/190817 (executing program) 2022/10/06 19:00:11 fetching corpus: 4250, signal 170265/191094 (executing program) 2022/10/06 19:00:11 fetching corpus: 4300, signal 170530/191361 (executing program) 2022/10/06 19:00:11 fetching corpus: 4350, signal 170950/191647 (executing program) 2022/10/06 19:00:12 fetching corpus: 4400, signal 171513/191921 (executing program) 2022/10/06 19:00:12 fetching corpus: 4450, signal 172294/192235 (executing program) 2022/10/06 19:00:12 fetching corpus: 4500, signal 173041/192501 (executing program) 2022/10/06 19:00:12 fetching corpus: 4550, signal 173560/192762 (executing program) 2022/10/06 19:00:12 fetching corpus: 4600, signal 174127/192987 (executing program) 2022/10/06 19:00:12 fetching corpus: 4650, signal 174929/193233 (executing program) 2022/10/06 19:00:12 fetching corpus: 4700, signal 175536/193454 (executing program) 2022/10/06 19:00:12 fetching corpus: 4750, signal 175922/193635 (executing program) 2022/10/06 19:00:12 fetching corpus: 4800, signal 176410/193812 (executing program) 2022/10/06 19:00:12 fetching corpus: 4850, signal 177121/193841 (executing program) 2022/10/06 19:00:13 fetching corpus: 4900, signal 177526/193897 (executing program) 2022/10/06 19:00:13 fetching corpus: 4950, signal 178191/193898 (executing program) 2022/10/06 19:00:13 fetching corpus: 5000, signal 178695/193943 (executing program) 2022/10/06 19:00:13 fetching corpus: 5050, signal 179197/193949 (executing program) 2022/10/06 19:00:13 fetching corpus: 5100, signal 179863/193950 (executing program) 2022/10/06 19:00:13 fetching corpus: 5150, signal 180340/193972 (executing program) 2022/10/06 19:00:13 fetching corpus: 5200, signal 181474/193972 (executing program) 2022/10/06 19:00:13 fetching corpus: 5244, signal 182063/193972 (executing program) 2022/10/06 19:00:13 fetching corpus: 5244, signal 182063/193972 (executing program) 2022/10/06 19:00:16 starting 8 fuzzer processes 19:00:16 executing program 0: sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_CHANNEL={0x5, 0x8, 0xc}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x40885) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x4, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0xe}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x1c}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x40) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x68, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000002}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x13}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x1c}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x15}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x17}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x68}}, 0x14a884d278d21f9b) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x38, 0x0, 0x0, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_PAGE={0x5, 0x7, 0x1e}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x19}]}, 0x38}, 0x1, 0x0, 0x0, 0x44014}, 0x50) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), r1) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000500)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r2, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x3c, r3, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x20000000) sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000800)={&(0x7f0000000640)={0x188, 0x0, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xffff3c86}, {0x6, 0x11, 0x1ff}, {0x8, 0x13, 0x8}, {0x5, 0x14, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x101}, {0x6, 0x11, 0x800}, {0x8, 0x13, 0x3}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x200}, {0x6, 0x11, 0x9650}, {0x8}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xfffffffc}, {0x6, 0x11, 0x3}, {0x8, 0x13, 0x7f}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x200}, {0x8, 0x13, 0x3}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x9}, {0x8, 0x13, 0x2}, {0x5, 0x14, 0x1}}]}, 0x188}, 0x1, 0x0, 0x0, 0x880}, 0x1) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000880), 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x4c, 0x0, 0x10, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x11}, 0x20000080) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000a40)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r6, &(0x7f0000000b00)={&(0x7f0000000a00), 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x1c, r3, 0x4, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004001}, 0x4018005) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000b80), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x28, r8, 0x200, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0x14, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000001}, 0x8010) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000cc0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r6, &(0x7f0000000dc0)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d00)={0x44, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x20048004}, 0x5) 19:00:16 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000005b00)=[{{0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000000)=""/17, 0x11}, {&(0x7f0000000040)=""/4096, 0x1000}], 0x2, &(0x7f0000001080)=""/225, 0xe1}, 0xfffffffa}, {{&(0x7f0000001180)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, &(0x7f0000003440)=[{&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/200, 0xc8}, {&(0x7f0000002300)=""/15, 0xf}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/213, 0xd5}], 0x5, &(0x7f00000034c0)=""/147, 0x93}, 0x3f}, {{&(0x7f0000003580)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000004680)=[{&(0x7f0000003600)=""/127, 0x7f}, {&(0x7f0000003680)=""/4096, 0x1000}], 0x2}, 0x2}, {{&(0x7f00000046c0)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000005a80)=[{&(0x7f0000004740)=""/75, 0x4b}, {&(0x7f00000047c0)=""/172, 0xac}, {&(0x7f0000004880)=""/73, 0x49}, {&(0x7f0000004900)=""/4096, 0x1000}, {&(0x7f0000005900)=""/80, 0x50}, {&(0x7f0000005980)=""/9, 0x9}, {&(0x7f00000059c0)=""/78, 0x4e}, {&(0x7f0000005a40)=""/22, 0x16}], 0x8}, 0x7}], 0x4, 0x40012020, &(0x7f0000005c00)={0x77359400}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000005c40)=0x1, 0x4) sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f0000005d40)={&(0x7f0000005c80)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000005d00)={&(0x7f0000005cc0)={0x1c, 0x0, 0x0, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004011}, 0x8000) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000005e80)={&(0x7f0000005d80)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000005e40)={&(0x7f0000005dc0)={0x78, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_SECCTX={0x22, 0x7, 'system_u:system_r:kernel_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:gpg_agent_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x40}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000006000)={&(0x7f0000005ec0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000005fc0)={&(0x7f0000005f00)={0xb8, 0x0, 0x8, 0x70bd26, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1b}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_REG_RULES={0x74, 0x22, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x400}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xe0e7}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x9}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x400}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xff}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x2}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x6}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xffff}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xe1}]}, 0xb8}, 0x1, 0x0, 0x0, 0x40c0}, 0x4000000) sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000006140)={&(0x7f0000006040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000006100)={&(0x7f0000006080)={0x7c, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xffffffcd, 0x7c}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000084}, 0x40) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000006180)={0x2, 'netpci0\x00', {0x8}, 0x2000}) sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000006280)={&(0x7f00000061c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000006240)={&(0x7f0000006200)={0x14, 0x5, 0x1, 0x401, 0x0, 0x0, {0xb}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x20000000) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000065c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r1, &(0x7f0000006900)={&(0x7f0000006600), 0xc, &(0x7f00000068c0)={&(0x7f0000006640)={0x260, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x3}}}}, [@NL80211_ATTR_FRAME={0x20e, 0x33, @mgmt_frame=@auth={@with_ht={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x1}, {0x40}, @broadcast, @device_b, @from_mac, {0xa}}, @ver_80211n={0x0, 0x0, 0x1, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}}, 0x1, 0x3, 0x5f, @void, [{0xdd, 0xe, "5cf1256aecbeb7b933cc279e55c2"}, {0xdd, 0xcd, "7fe266e103a3e30f7447de3842b23ca987514f4ee028dcee075d6dffd962b43b0a8ea9a1b32700d9a538fcf1bda0f1a6807d0cbdb0c04e0ce714ac75acfaf6d09860bb6a6b07978d41ab74295d4c3ab683f452b597f47cf15b46da82c47babad5bd98f3da33e0d53326749c212a4b10447f74374cf632ac618791c600d01784aaa312b781e6da0cd9b0e289158dbf3f1136859f83529f9964116444b43cefee6e1ea23398c4803a2aa75619b0303e27d6802e9663a9023cfd09c545115c377f6c5c29122244ac972a0e5c1ffd1"}, {0xdd, 0xbd, "bf47aa5d0cff40af94bb3768d8a58eb5e20fd9ae2d03d5b018277c4e85cc7803d8e9c5d21ede70e83cccaa153b4618efe13f7b7b6b205a1f38f05a71eca9fd64ba7d95c926f66ba5ccf091e773ae6a7f445d1687dca4ab8e648dc955055e7bc755a8cf6e724bdee19288898a1e7c593507abdbb3dc0fabb6e1fd3b55b6aedaa6fb02224afb4dde08daf002d9445193e5f479a7a104429ce05b3b323c7f54b9280476ce8c80dc90edba35e5aa3561f4f50b5bb00cfdb0766b56601bfdfa"}, {0xdd, 0x48, "fe49f831287e4765071a815ec793967184b91599db918c83da0bec56c4ec19d16fe2167d7b3b5bf67496b6bb493cb6cc5ffd8af51a6cee6777db2319800609147a9d8586ab8ff9b8"}]}}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x260}, 0x1, 0x0, 0x0, 0x40000}, 0x20000858) r2 = accept4$bt_l2cap(r1, &(0x7f0000006940)={0x1f, 0x0, @fixed}, &(0x7f0000006980)=0xe, 0x800) ioctl$sock_ifreq(r2, 0x8932, &(0x7f00000069c0)={'syzkaller1\x00', @ifru_names}) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, &(0x7f0000006a00)={'vcan0\x00', {0x2, 0x0, @broadcast}}) r3 = pidfd_getfd(r1, r2, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000006a40)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x8001}}, './file0\x00'}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000006a80), 0x80480) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000006ac0)={{0x1, 0x1, 0x18, r3, {0x0, 0x3}}, './file0\x00'}) ppoll(&(0x7f0000006b00)=[{r4, 0x10}, {r5, 0x209}], 0x2, &(0x7f0000006b40), &(0x7f0000006b80)={[0xffff]}, 0x8) [ 64.835936] audit: type=1400 audit(1665082816.631:6): avc: denied { execmem } for pid=282 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 19:00:16 executing program 2: modify_ldt$write(0x1, &(0x7f0000000000)={0x4, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000040)={0x1, 0x100000, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000080)={0x8, 0x1000, 0x1000, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000000c0)={0x7, 0x20000000, 0x1000, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000100)={0x9, 0xffffffffffffffff, 0x1000, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10) getresuid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) modify_ldt$write(0x1, &(0x7f0000000200)={0x1f, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000240)={0x98d, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000280)={0x8000, 0x0, 0xfffffffffffffbff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x2000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, 0x10) syz_mount_image$ext4(&(0x7f0000000300)='ext3\x00', &(0x7f0000000340)='./file0\x00', 0x4, 0x3, &(0x7f0000000500)=[{&(0x7f0000000380)="dadac6939e2d6c1bb71f", 0xa, 0x100000000}, {&(0x7f00000003c0)="3b4a7c17466f03488781ca59f6da1a9ffd3c544dc2c727b55b495b0ee0be8f997a8de7", 0x23, 0x4}, {&(0x7f0000000400)="1bc4e803eb0fb10e57a6ca2ebc0eb99a8f6ddd4286f8c71520ffc6ddefaf71f3086fa10ce355e13a24e589a66e6bfa0e6e365be6aaa9308b985a3857eb0fbb2344f592ce303cad4aae5ff5abc2f4b10848e5dffab34196e6419e2a4da31a3602715bdc18b3a2552c8576d69abcc8a31c4ad985bfa4571d82e22e61f6af0ec2e2161496fd75fa0e3c73d44323b5feefb195e60cc666a55c0f54641eb9c24dcc3340dab68585f158a1b5f3e8565c1a2c302aeccdc24d3d31e2c321d5ac9e7d5f1fe08e836a86169925e09cefac8fa3cb62c9712ec8", 0xd4, 0x1}], 0x229000, &(0x7f0000000580)={[{@journal_dev={'journal_dev', 0x3d, 0x401}}, {@resgid={'resgid', 0x3d, 0xffffffffffffffff}}, {@jqfmt_vfsold}, {@nomblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xfffffffffffffffd}}, {@sysvgroups}, {@acl}], [{@smackfsfloor}, {@fowner_lt={'fowner<', r0}}, {@fowner_eq={'fowner', 0x3d, r0}}, {@hash}, {@hash}]}) modify_ldt$write(0x1, &(0x7f0000000680)={0x100, 0xffffffffffffffff, 0x2000, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000006c0)={0x4150, 0x100000, 0x2000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000700)={0x92, 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000740)={0xfffffff7, 0x20000000, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000780)={0x1, 0x100000, 0x2000, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000007c0)={0xfffff001, 0xffffffffffffffff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000800)={0x80000000, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000840)={0x0, 0x1000, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000880)={0x7, 0x20000000, 0x400, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1}, 0x10) 19:00:16 executing program 3: ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f0000000000)) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r0, 0x20, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000805}, 0x200000c0) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1, {0x6e0d}}, './file0\x00'}) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r2) sendmsg$DEVLINK_CMD_RATE_SET(r2, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x48, r3, 0x4, 0x70bd28, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x40}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0x1d, 0xa9, @random="24efd62179629a9068ad412edecc4a6f886e194ad936ac4199"}]}, 0x48}, 0x1, 0x0, 0x0, 0x8040}, 0x400d0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000340)=0x17, 0x4) ioctl$HIDIOCGDEVINFO(r2, 0x801c4803, &(0x7f0000000380)=""/94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)) r4 = creat(&(0x7f0000000440)='./file0\x00', 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r4, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000580)={&(0x7f00000004c0)={0xac, r0, 0x400, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0xb7, 0x5f}}}}, [@NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x5}, @NL80211_ATTR_IE={0x7e, 0x2a, [@mesh_config={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0xffffffffffffffff, 0x1, 0x20}}, @ssid={0x0, 0x6, @default_ap_ssid}, @preq={0x82, 0x67, @not_ext={{0x1, 0x1, 0x1}, 0x4, 0x84, 0x2, @device_b, 0x1, "", 0x1ff, 0x3, 0x7, [{{}, @broadcast, 0x8}, {{}, @device_b, 0x5}, {{0x1}, @device_b, 0x7}, {{0x0, 0x0, 0x1}, @device_b, 0x4}, {{0x1}, @broadcast, 0x8}, {{0x0, 0x0, 0x1}, @device_a, 0xfff}, {{0x1}, @device_b, 0xa42d}]}}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x20008000}, 0x90) r5 = socket(0x0, 0x4, 0x6) syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r5) lstat(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)) recvmsg$unix(r2, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f0000001700)=""/116, 0x74}, {&(0x7f0000001780)=""/111, 0x6f}, {&(0x7f0000001800)=""/163, 0xa3}, {&(0x7f00000018c0)=""/178, 0xb2}, {&(0x7f0000001980)=""/78, 0x4e}, {&(0x7f0000001a00)=""/244, 0xf4}, {&(0x7f0000001b00)=""/23, 0x17}], 0x8, &(0x7f0000001bc0)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb8}, 0x2000) r9 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000001dc0)={&(0x7f0000001cc0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001d80)={&(0x7f0000001d40)={0x14, r9, 0x400, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x884}, 0x1) linkat(r6, &(0x7f0000001e00)='./file0\x00', r8, &(0x7f0000001e40)='./file0\x00', 0x1000) inotify_add_watch(r7, &(0x7f0000001e80)='./file0\x00', 0x281) 19:00:16 executing program 4: ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x80489439, &(0x7f0000000000)) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000080)={{}, 0x0, 0x10, @unused=[0x3ff, 0x1f, 0x80000001, 0x1], @devid}) socketpair(0x25, 0x3, 0x8, &(0x7f0000001080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f0000001100)={0x4d3e, 0x18, '\x00', 0x0, &(0x7f00000010c0)=[0x0, 0x0, 0x0]}) r2 = dup2(r1, r1) r3 = fcntl$getown(r1, 0x9) r4 = perf_event_open(&(0x7f0000001140)={0x2, 0x80, 0x2, 0xf0, 0x0, 0x1f, 0x0, 0x3, 0x80310, 0x5, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x4, @perf_config_ext={0x8001, 0xdd}, 0xa000, 0xd463, 0x83, 0x8, 0xfffffffffffffeff, 0x3f, 0x4, 0x0, 0xca1, 0x0, 0x3}, r3, 0x6, r2, 0x8) r5 = perf_event_open$cgroup(&(0x7f0000001200)={0x0, 0x80, 0x7a, 0x8, 0x80, 0xda, 0x0, 0x2, 0x10000, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000011c0), 0x8}, 0xbb03, 0x3, 0x8, 0x7, 0x9, 0x1, 0x0, 0x0, 0xc4e, 0x0, 0xffffffff}, r2, 0x4, r2, 0x1) r6 = openat$cgroup(r2, &(0x7f0000001280)='syz0\x00', 0x200002, 0x0) fallocate(r6, 0x10, 0x0, 0x3) setsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, &(0x7f00000012c0)={0x8001, "59e31c"}, 0x6) r7 = syz_io_uring_setup(0x7445, &(0x7f0000001300)={0x0, 0x276a, 0x1, 0x0, 0x24a, 0x0, r2}, &(0x7f0000ff2000/0xb000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000001380), &(0x7f00000013c0)) ioctl$AUTOFS_IOC_PROTOSUBVER(r7, 0x80049367, &(0x7f0000001400)) r8 = dup2(r4, r7) clone3(&(0x7f0000001a00)={0x80000, &(0x7f0000001740), &(0x7f0000001780)=0x0, &(0x7f00000017c0), {0x29}, &(0x7f0000001800)=""/248, 0xf8, &(0x7f0000001900)=""/186, &(0x7f00000019c0)=[r3, r3, r3, r3, 0x0], 0x5, {r8}}, 0x58) perf_event_open(&(0x7f0000001440)={0x3, 0x80, 0x62, 0xac, 0x4, 0x1, 0x0, 0xff, 0x102, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x6, 0x4, @perf_config_ext={0x9, 0x2}, 0x1e000, 0x100, 0xffff, 0x5, 0x5, 0x5, 0xee, 0x0, 0x7, 0x0, 0x8}, r9, 0xb, r5, 0x1) openat$sr(0xffffffffffffff9c, &(0x7f0000001a80), 0x40000, 0x0) vmsplice(r7, &(0x7f0000001c00)=[{&(0x7f0000001ac0)="14f47575583f4a9ecb01babe6a0026a9f846b47a48e9d6703c16c9a873a3af9d3e194e1ef987293e2512b1a2a2874f121d6fa0d865f530116b7eb4d31ee2256a302582c395c541de0660695db84396f2a51b978a6f725ba1a7", 0x59}, {&(0x7f0000001b40)="37cc48032865d72994028a961e84b21d064485ebd3863f653d8da2dddc26c7169d711aa666510fb4eb68438728a6c0719605504b9a8892fd55e583e87f15f2e9c7f96bd366fcf1969a4077a9f5d5ad3c2f33201364fcb73d21fa13ed410b4afa3f9142820e9074f7666d8986350362fbe846fe36d5137656493af64b9a628d6b86c8079a05ebef5bc69686601e06393187cb61a59aa3b6534b59e4bd214d4f44ac56b3b6475092204882b8765fcba02f1483f800", 0xb4}], 0x2, 0x4) ioctl$AUTOFS_IOC_EXPIRE(r5, 0x810c9365, &(0x7f0000001c40)={{0xfff}, 0x100, './file0\x00'}) perf_event_open$cgroup(&(0x7f0000001dc0)={0x2, 0x80, 0x4, 0xc, 0xfb, 0x7d, 0x0, 0x0, 0x400, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1453, 0x1, @perf_bp={&(0x7f0000001d80), 0x6}, 0x8000, 0x81f, 0x0, 0x0, 0xffffffffffffffc1, 0x10001, 0x8, 0x0, 0x5}, r6, 0x1, 0xffffffffffffffff, 0x8) 19:00:16 executing program 5: ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000000)=0x20) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0xffffffff) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, &(0x7f0000000040)) ioctl$KDENABIO(0xffffffffffffffff, 0x4b36) ioctl$F2FS_IOC_SET_PIN_FILE(0xffffffffffffffff, 0x4004f50d, &(0x7f0000000080)) r0 = syz_open_pts(0xffffffffffffffff, 0x2) ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f00000000c0)=""/222) r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) ioctl$GIO_SCRNMAP(r1, 0x4b40, &(0x7f00000001c0)=""/115) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000240)={r0, 0xa6e, 0x1, 0x2}) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000280)={0x8, 0x7, 0x10000, 0x6cfb4524, 0xc, "9d2c4c3819efaee9b2d4762bf74adadcf76fd0"}) ioctl$KDDELIO(r2, 0x4b35, 0x0) ioctl$RTC_PLL_GET(r2, 0x80207011, &(0x7f00000002c0)) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000300)={0x7, 0x1f, 0x6}) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000340)) ioctl$KDDELIO(r0, 0x4b35, 0x4) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000380)={0x2, {0x2, 0x800, 0x9, 0x8000, 0x4, 0x4}}) ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f00000003c0)) openat$incfs(r2, &(0x7f0000000400)='.log\x00', 0x488000, 0x8) 19:00:16 executing program 6: ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000000)={0x18, 0x1, 0x4, 0x1, 0x7}) ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0) ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000040)={0x9, 0x8, 0x20}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7}}, './file0\x00'}) ioctl$TIOCCONS(r0, 0x541d) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) splice(r0, &(0x7f00000000c0)=0xc7f, r1, &(0x7f0000000140)=0x4, 0x4, 0x1) fcntl$setsig(r1, 0xa, 0xe) ioctl$PTP_CLOCK_GETCAPS(0xffffffffffffffff, 0x80503d01, &(0x7f0000000180)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000200)={0x80, 0x800, 0x401, 0x4, 0x18, "f37bd526ebe2d74de13a6529726598f53afa32"}) fcntl$getown(r1, 0x9) ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000240)=0x7ff) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0) ioctl$TCSBRK(r0, 0x5409, 0x800) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000280)=0x7c96) ioctl$TIOCEXCL(r0, 0x540c) ioctl$TIOCL_SELLOADLUT(r0, 0x541c, &(0x7f00000002c0)={0x5, 0x4, 0x8, 0x8, 0x7}) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x90, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x14, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3ff}]}, @TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x94d}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7fff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x100000001}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x10001}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x15}, 0x20048041) ioctl$CDROM_TIMED_MEDIA_CHANGE(r0, 0x5396, &(0x7f0000000480)={0xe2, 0x1}) ioctl$TIOCSISO7816(r0, 0xc0285443, &(0x7f00000004c0)={0x3, 0x3f, 0x0, 0x7, 0x6}) 19:00:16 executing program 7: r0 = msgget(0x0, 0x401) msgrcv(r0, &(0x7f0000000000)={0x0, ""/146}, 0x9a, 0x1, 0x2800) r1 = msgget(0x1, 0x1) msgctl$IPC_STAT(r1, 0x2, &(0x7f00000000c0)=""/75) r2 = msgget$private(0x0, 0x10) msgctl$MSG_INFO(r2, 0xc, &(0x7f0000000140)=""/170) msgsnd(r2, &(0x7f0000000200)={0x1, "481b4ccb336ceb4ab30e1a5aa5a231da60ceae62336866ea4676fa35c98f676306c892"}, 0x2b, 0x800) msgctl$IPC_INFO(r0, 0x3, &(0x7f0000000240)=""/54) msgrcv(r2, &(0x7f0000000280)={0x0, ""/39}, 0x2f, 0x2, 0x1800) msgrcv(r0, &(0x7f00000002c0)={0x0, ""/4096}, 0x1008, 0x3, 0x0) msgctl$MSG_STAT(r1, 0xb, &(0x7f0000001300)=""/161) msgctl$IPC_STAT(r0, 0x2, &(0x7f00000013c0)=""/46) msgrcv(r1, &(0x7f0000001400)={0x0, ""/53}, 0x3d, 0x3, 0x1000) msgrcv(r0, &(0x7f0000001440), 0x8, 0x3, 0x3400) msgrcv(r1, &(0x7f0000001480)={0x0, ""/153}, 0xa1, 0x0, 0x2000) msgsnd(r1, &(0x7f0000001540)={0x0, "8d2d4816f3a7ebe3ce9298b210ec181db041e0f14f4cc89a67ff32783de234705ef49fdaf94cb3ca7f"}, 0x31, 0x0) msgrcv(r2, &(0x7f0000001580)={0x0, ""/4}, 0xc, 0x0, 0x2000) msgctl$IPC_STAT(r0, 0x2, &(0x7f00000015c0)=""/174) msgctl$IPC_RMID(r2, 0x0) msgctl$IPC_STAT(0x0, 0x2, &(0x7f0000001680)=""/187) [ 66.190378] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.192919] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.195090] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.198877] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.205368] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.208568] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.253466] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 66.259519] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 66.264176] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 66.265915] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 66.266738] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 66.267456] Bluetooth: hci0: HCI_REQ-0x0c1a [ 66.270005] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 66.272566] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 66.272633] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 66.275243] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 66.276988] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 66.277827] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 66.280685] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 66.283264] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 66.292698] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 66.294290] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 66.296754] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 66.299186] Bluetooth: hci4: HCI_REQ-0x0c1a [ 66.299205] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 66.301694] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 66.302277] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 66.304534] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 66.305126] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 66.307946] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 66.309538] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 66.319469] Bluetooth: hci7: HCI_REQ-0x0c1a [ 66.321719] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 66.324159] Bluetooth: hci2: HCI_REQ-0x0c1a [ 66.344267] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 66.346359] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 66.347977] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 66.354986] Bluetooth: hci5: HCI_REQ-0x0c1a [ 66.355443] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 66.361579] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 66.364590] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 66.366216] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 66.372876] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 66.373693] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 66.376445] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 66.377824] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 66.378807] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 66.385108] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 66.386983] Bluetooth: hci1: HCI_REQ-0x0c1a [ 66.388874] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 66.390881] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 66.393620] Bluetooth: hci3: HCI_REQ-0x0c1a [ 66.394914] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 66.398784] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 66.400386] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 66.405926] Bluetooth: hci6: HCI_REQ-0x0c1a [ 68.325422] Bluetooth: hci4: command 0x0409 tx timeout [ 68.325443] Bluetooth: hci0: command 0x0409 tx timeout [ 68.389193] Bluetooth: hci7: command 0x0409 tx timeout [ 68.389227] Bluetooth: hci5: command 0x0409 tx timeout [ 68.389975] Bluetooth: hci2: command 0x0409 tx timeout [ 68.453315] Bluetooth: hci3: command 0x0409 tx timeout [ 68.453357] Bluetooth: hci6: command 0x0409 tx timeout [ 68.454282] Bluetooth: hci1: command 0x0409 tx timeout [ 70.373112] Bluetooth: hci4: command 0x041b tx timeout [ 70.374285] Bluetooth: hci0: command 0x041b tx timeout [ 70.437107] Bluetooth: hci2: command 0x041b tx timeout [ 70.438159] Bluetooth: hci5: command 0x041b tx timeout [ 70.438541] Bluetooth: hci7: command 0x041b tx timeout [ 70.501119] Bluetooth: hci6: command 0x041b tx timeout [ 70.501524] Bluetooth: hci3: command 0x041b tx timeout [ 70.502108] Bluetooth: hci1: command 0x041b tx timeout [ 72.421375] Bluetooth: hci0: command 0x040f tx timeout [ 72.422093] Bluetooth: hci4: command 0x040f tx timeout [ 72.485113] Bluetooth: hci7: command 0x040f tx timeout [ 72.485201] Bluetooth: hci5: command 0x040f tx timeout [ 72.485544] Bluetooth: hci2: command 0x040f tx timeout [ 72.549082] Bluetooth: hci1: command 0x040f tx timeout [ 72.549125] Bluetooth: hci3: command 0x040f tx timeout [ 72.549469] Bluetooth: hci6: command 0x040f tx timeout [ 74.470078] Bluetooth: hci4: command 0x0419 tx timeout [ 74.470526] Bluetooth: hci0: command 0x0419 tx timeout [ 74.533326] Bluetooth: hci2: command 0x0419 tx timeout [ 74.534309] Bluetooth: hci5: command 0x0419 tx timeout [ 74.534734] Bluetooth: hci7: command 0x0419 tx timeout [ 74.597098] Bluetooth: hci6: command 0x0419 tx timeout [ 74.598146] Bluetooth: hci3: command 0x0419 tx timeout [ 74.598579] Bluetooth: hci1: command 0x0419 tx timeout 19:01:09 executing program 3: r0 = pkey_alloc(0x0, 0x3) pkey_alloc(0x0, 0x3) pkey_free(r0) pkey_alloc(0x0, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0xb}, 0xcc80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') r2 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000340)) getpid() pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x9, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = pkey_alloc(0x0, 0x3) pkey_free(r3) syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000140)) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) openat(r1, &(0x7f00000003c0)='./file0\x00', 0x40000, 0x80) close(r4) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r2, 0x5ebd, 0xc6d4, 0x2, &(0x7f0000000000)={[0x1]}, 0x8) fsmount(0xffffffffffffffff, 0x1, 0x80) [ 118.068314] audit: type=1400 audit(1665082869.864:7): avc: denied { open } for pid=3880 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.069705] audit: type=1400 audit(1665082869.864:8): avc: denied { kernel } for pid=3880 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.083300] ------------[ cut here ]------------ [ 118.083322] [ 118.083326] ====================================================== [ 118.083330] WARNING: possible circular locking dependency detected [ 118.083334] 6.0.0-next-20221006 #1 Not tainted [ 118.083341] ------------------------------------------------------ [ 118.083344] syz-executor.3/3882 is trying to acquire lock: [ 118.083351] ffffffff853fac98 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 118.083392] [ 118.083392] but task is already holding lock: [ 118.083395] ffff88800e147820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 118.083422] [ 118.083422] which lock already depends on the new lock. [ 118.083422] [ 118.083425] [ 118.083425] the existing dependency chain (in reverse order) is: [ 118.083428] [ 118.083428] -> #3 (&ctx->lock){....}-{2:2}: [ 118.083442] _raw_spin_lock+0x2a/0x40 [ 118.083455] __perf_event_task_sched_out+0x53b/0x18d0 [ 118.083466] __schedule+0xedd/0x2470 [ 118.083481] schedule+0xda/0x1b0 [ 118.083496] exit_to_user_mode_prepare+0x114/0x1a0 [ 118.083508] syscall_exit_to_user_mode+0x19/0x40 [ 118.083523] do_syscall_64+0x48/0x90 [ 118.083533] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.083547] [ 118.083547] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 118.083560] _raw_spin_lock_nested+0x30/0x40 [ 118.083572] raw_spin_rq_lock_nested+0x1e/0x30 [ 118.083586] task_fork_fair+0x63/0x4d0 [ 118.083602] sched_cgroup_fork+0x3d0/0x540 [ 118.083617] copy_process+0x4183/0x6e20 [ 118.083628] kernel_clone+0xe7/0x890 [ 118.083637] user_mode_thread+0xad/0xf0 [ 118.083647] rest_init+0x24/0x250 [ 118.083660] arch_call_rest_init+0xf/0x14 [ 118.083672] start_kernel+0x4c6/0x4eb [ 118.083682] secondary_startup_64_no_verify+0xe0/0xeb [ 118.083696] [ 118.083696] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 118.083710] _raw_spin_lock_irqsave+0x39/0x60 [ 118.083722] try_to_wake_up+0xab/0x1930 [ 118.083735] up+0x75/0xb0 [ 118.083750] __up_console_sem+0x6e/0x80 [ 118.083766] console_unlock+0x46a/0x590 [ 118.083782] do_con_write+0xc05/0x1d50 [ 118.083794] con_write+0x21/0x40 [ 118.083804] n_tty_write+0x4d4/0xfe0 [ 118.083818] file_tty_write.constprop.0+0x455/0x8a0 [ 118.083830] vfs_write+0x9c3/0xd90 [ 118.083846] ksys_write+0x127/0x250 [ 118.083862] do_syscall_64+0x3b/0x90 [ 118.083872] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.083886] [ 118.083886] -> #0 ((console_sem).lock){....}-{2:2}: [ 118.083900] __lock_acquire+0x2a02/0x5e70 [ 118.083917] lock_acquire+0x1a2/0x530 [ 118.083932] _raw_spin_lock_irqsave+0x39/0x60 [ 118.083944] down_trylock+0xe/0x70 [ 118.083960] __down_trylock_console_sem+0x3b/0xd0 [ 118.083976] vprintk_emit+0x16b/0x560 [ 118.083992] vprintk+0x84/0xa0 [ 118.084011] _printk+0xba/0xf1 [ 118.084024] report_bug.cold+0x72/0xab [ 118.084033] handle_bug+0x3c/0x70 [ 118.084042] exc_invalid_op+0x14/0x50 [ 118.084053] asm_exc_invalid_op+0x16/0x20 [ 118.084066] group_sched_out.part.0+0x2c7/0x460 [ 118.084084] ctx_sched_out+0x8f1/0xc10 [ 118.084100] __perf_event_task_sched_out+0x6d0/0x18d0 [ 118.084111] __schedule+0xedd/0x2470 [ 118.084126] schedule+0xda/0x1b0 [ 118.084141] exit_to_user_mode_prepare+0x114/0x1a0 [ 118.084151] syscall_exit_to_user_mode+0x19/0x40 [ 118.084165] do_syscall_64+0x48/0x90 [ 118.084175] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.084189] [ 118.084189] other info that might help us debug this: [ 118.084189] [ 118.084192] Chain exists of: [ 118.084192] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 118.084192] [ 118.084207] Possible unsafe locking scenario: [ 118.084207] [ 118.084209] CPU0 CPU1 [ 118.084212] ---- ---- [ 118.084214] lock(&ctx->lock); [ 118.084220] lock(&rq->__lock); [ 118.084226] lock(&ctx->lock); [ 118.084232] lock((console_sem).lock); [ 118.084238] [ 118.084238] *** DEADLOCK *** [ 118.084238] [ 118.084240] 2 locks held by syz-executor.3/3882: [ 118.084246] #0: ffff88806ce37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 118.084277] #1: ffff88800e147820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 118.084303] [ 118.084303] stack backtrace: [ 118.084306] CPU: 0 PID: 3882 Comm: syz-executor.3 Not tainted 6.0.0-next-20221006 #1 [ 118.084318] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.084325] Call Trace: [ 118.084328] [ 118.084333] dump_stack_lvl+0x8b/0xb3 [ 118.084344] check_noncircular+0x263/0x2e0 [ 118.084361] ? format_decode+0x26c/0xb50 [ 118.084378] ? print_circular_bug+0x450/0x450 [ 118.084395] ? simple_strtoul+0x30/0x30 [ 118.084412] ? format_decode+0x26c/0xb50 [ 118.084430] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 118.084448] __lock_acquire+0x2a02/0x5e70 [ 118.084469] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 118.084491] lock_acquire+0x1a2/0x530 [ 118.084508] ? down_trylock+0xe/0x70 [ 118.084527] ? lock_release+0x750/0x750 [ 118.084547] ? vprintk+0x84/0xa0 [ 118.084565] _raw_spin_lock_irqsave+0x39/0x60 [ 118.084577] ? down_trylock+0xe/0x70 [ 118.084595] down_trylock+0xe/0x70 [ 118.084612] ? vprintk+0x84/0xa0 [ 118.084628] __down_trylock_console_sem+0x3b/0xd0 [ 118.084645] vprintk_emit+0x16b/0x560 [ 118.084664] vprintk+0x84/0xa0 [ 118.084681] _printk+0xba/0xf1 [ 118.084694] ? record_print_text.cold+0x16/0x16 [ 118.084711] ? report_bug.cold+0x66/0xab [ 118.084722] ? group_sched_out.part.0+0x2c7/0x460 [ 118.084740] report_bug.cold+0x72/0xab [ 118.084752] handle_bug+0x3c/0x70 [ 118.084762] exc_invalid_op+0x14/0x50 [ 118.084774] asm_exc_invalid_op+0x16/0x20 [ 118.084788] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 118.084808] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 118.084819] RSP: 0018:ffff88803e047c48 EFLAGS: 00010006 [ 118.084828] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 118.084836] RDX: ffff888018768000 RSI: ffffffff815677b7 RDI: 0000000000000005 [ 118.084844] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 118.084851] R10: 0000000000000000 R11: ffffffff865b601b R12: ffff88800e147800 [ 118.084859] R13: ffff88806ce3d2c0 R14: ffffffff8547d200 R15: 0000000000000002 [ 118.084870] ? group_sched_out.part.0+0x2c7/0x460 [ 118.084890] ? group_sched_out.part.0+0x2c7/0x460 [ 118.084910] ctx_sched_out+0x8f1/0xc10 [ 118.084929] __perf_event_task_sched_out+0x6d0/0x18d0 [ 118.084943] ? lock_is_held_type+0xd7/0x130 [ 118.084958] ? __perf_cgroup_move+0x160/0x160 [ 118.084969] ? set_next_entity+0x304/0x550 [ 118.084986] ? update_curr+0x267/0x740 [ 118.085005] ? lock_is_held_type+0xd7/0x130 [ 118.085020] __schedule+0xedd/0x2470 [ 118.085038] ? io_schedule_timeout+0x150/0x150 [ 118.085055] ? trace_rcu_dyntick+0x1a7/0x250 [ 118.085075] schedule+0xda/0x1b0 [ 118.085091] exit_to_user_mode_prepare+0x114/0x1a0 [ 118.085103] syscall_exit_to_user_mode+0x19/0x40 [ 118.085118] do_syscall_64+0x48/0x90 [ 118.085129] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.085143] RIP: 0033:0x7f455867ab19 [ 118.085151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.085162] RSP: 002b:00007f4555bf0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.085173] RAX: 0000000000000001 RBX: 00007f455878df68 RCX: 00007f455867ab19 [ 118.085180] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f455878df6c [ 118.085188] RBP: 00007f455878df60 R08: 000000000000000e R09: 0000000000000000 [ 118.085195] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f455878df6c [ 118.085202] R13: 00007ffdf31d448f R14: 00007f4555bf0300 R15: 0000000000022000 [ 118.085215] [ 118.140228] WARNING: CPU: 0 PID: 3882 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 118.140832] Modules linked in: [ 118.141046] CPU: 0 PID: 3882 Comm: syz-executor.3 Not tainted 6.0.0-next-20221006 #1 [ 118.141552] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.142079] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 118.142444] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 118.143618] RSP: 0018:ffff88803e047c48 EFLAGS: 00010006 [ 118.143966] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 118.144421] RDX: ffff888018768000 RSI: ffffffff815677b7 RDI: 0000000000000005 [ 118.144885] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 118.145352] R10: 0000000000000000 R11: ffffffff865b601b R12: ffff88800e147800 [ 118.145807] R13: ffff88806ce3d2c0 R14: ffffffff8547d200 R15: 0000000000000002 [ 118.146271] FS: 00007f4555bf0700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 118.146790] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.147202] CR2: 00007f1559519610 CR3: 000000001ad36000 CR4: 0000000000350ef0 [ 118.147694] Call Trace: [ 118.147874] [ 118.148036] ctx_sched_out+0x8f1/0xc10 [ 118.148319] __perf_event_task_sched_out+0x6d0/0x18d0 [ 118.148686] ? lock_is_held_type+0xd7/0x130 [ 118.148994] ? __perf_cgroup_move+0x160/0x160 [ 118.149311] ? set_next_entity+0x304/0x550 [ 118.149621] ? update_curr+0x267/0x740 [ 118.149914] ? lock_is_held_type+0xd7/0x130 [ 118.150225] __schedule+0xedd/0x2470 [ 118.150499] ? io_schedule_timeout+0x150/0x150 [ 118.150827] ? trace_rcu_dyntick+0x1a7/0x250 [ 118.151150] schedule+0xda/0x1b0 [ 118.151402] exit_to_user_mode_prepare+0x114/0x1a0 [ 118.151744] syscall_exit_to_user_mode+0x19/0x40 [ 118.152075] do_syscall_64+0x48/0x90 [ 118.152338] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.152699] RIP: 0033:0x7f455867ab19 [ 118.152965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.154222] RSP: 002b:00007f4555bf0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.154743] RAX: 0000000000000001 RBX: 00007f455878df68 RCX: 00007f455867ab19 [ 118.155254] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f455878df6c [ 118.155747] RBP: 00007f455878df60 R08: 000000000000000e R09: 0000000000000000 [ 118.156240] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f455878df6c [ 118.156737] R13: 00007ffdf31d448f R14: 00007f4555bf0300 R15: 0000000000022000 [ 118.157244] [ 118.157410] irq event stamp: 754 [ 118.157641] hardirqs last enabled at (753): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 118.158292] hardirqs last disabled at (754): [] __schedule+0x1225/0x2470 [ 118.158863] softirqs last enabled at (474): [] __irq_exit_rcu+0x11b/0x180 [ 118.159467] softirqs last disabled at (469): [] __irq_exit_rcu+0x11b/0x180 [ 118.160062] ---[ end trace 0000000000000000 ]--- [ 118.362746] loop2: detected capacity change from 0 to 264192 [ 118.377303] loop2: detected capacity change from 0 to 264192 19:01:10 executing program 2: modify_ldt$write(0x1, &(0x7f0000000000)={0x4, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000040)={0x1, 0x100000, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000080)={0x8, 0x1000, 0x1000, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000000c0)={0x7, 0x20000000, 0x1000, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000100)={0x9, 0xffffffffffffffff, 0x1000, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10) getresuid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) modify_ldt$write(0x1, &(0x7f0000000200)={0x1f, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000240)={0x98d, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000280)={0x8000, 0x0, 0xfffffffffffffbff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x2000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, 0x10) syz_mount_image$ext4(&(0x7f0000000300)='ext3\x00', &(0x7f0000000340)='./file0\x00', 0x4, 0x3, &(0x7f0000000500)=[{&(0x7f0000000380)="dadac6939e2d6c1bb71f", 0xa, 0x100000000}, {&(0x7f00000003c0)="3b4a7c17466f03488781ca59f6da1a9ffd3c544dc2c727b55b495b0ee0be8f997a8de7", 0x23, 0x4}, {&(0x7f0000000400)="1bc4e803eb0fb10e57a6ca2ebc0eb99a8f6ddd4286f8c71520ffc6ddefaf71f3086fa10ce355e13a24e589a66e6bfa0e6e365be6aaa9308b985a3857eb0fbb2344f592ce303cad4aae5ff5abc2f4b10848e5dffab34196e6419e2a4da31a3602715bdc18b3a2552c8576d69abcc8a31c4ad985bfa4571d82e22e61f6af0ec2e2161496fd75fa0e3c73d44323b5feefb195e60cc666a55c0f54641eb9c24dcc3340dab68585f158a1b5f3e8565c1a2c302aeccdc24d3d31e2c321d5ac9e7d5f1fe08e836a86169925e09cefac8fa3cb62c9712ec8", 0xd4, 0x1}], 0x229000, &(0x7f0000000580)={[{@journal_dev={'journal_dev', 0x3d, 0x401}}, {@resgid={'resgid', 0x3d, 0xffffffffffffffff}}, {@jqfmt_vfsold}, {@nomblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xfffffffffffffffd}}, {@sysvgroups}, {@acl}], [{@smackfsfloor}, {@fowner_lt={'fowner<', r0}}, {@fowner_eq={'fowner', 0x3d, r0}}, {@hash}, {@hash}]}) modify_ldt$write(0x1, &(0x7f0000000680)={0x100, 0xffffffffffffffff, 0x2000, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000006c0)={0x4150, 0x100000, 0x2000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000700)={0x92, 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000740)={0xfffffff7, 0x20000000, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000780)={0x1, 0x100000, 0x2000, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000007c0)={0xfffff001, 0xffffffffffffffff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000800)={0x80000000, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000840)={0x0, 0x1000, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000880)={0x7, 0x20000000, 0x400, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1}, 0x10) [ 118.453627] loop2: detected capacity change from 0 to 264192 19:01:10 executing program 2: modify_ldt$write(0x1, &(0x7f0000000000)={0x4, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000040)={0x1, 0x100000, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000080)={0x8, 0x1000, 0x1000, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000000c0)={0x7, 0x20000000, 0x1000, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000100)={0x9, 0xffffffffffffffff, 0x1000, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10) getresuid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) modify_ldt$write(0x1, &(0x7f0000000200)={0x1f, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000240)={0x98d, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000280)={0x8000, 0x0, 0xfffffffffffffbff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x2000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, 0x10) syz_mount_image$ext4(&(0x7f0000000300)='ext3\x00', &(0x7f0000000340)='./file0\x00', 0x4, 0x3, &(0x7f0000000500)=[{&(0x7f0000000380)="dadac6939e2d6c1bb71f", 0xa, 0x100000000}, {&(0x7f00000003c0)="3b4a7c17466f03488781ca59f6da1a9ffd3c544dc2c727b55b495b0ee0be8f997a8de7", 0x23, 0x4}, {&(0x7f0000000400)="1bc4e803eb0fb10e57a6ca2ebc0eb99a8f6ddd4286f8c71520ffc6ddefaf71f3086fa10ce355e13a24e589a66e6bfa0e6e365be6aaa9308b985a3857eb0fbb2344f592ce303cad4aae5ff5abc2f4b10848e5dffab34196e6419e2a4da31a3602715bdc18b3a2552c8576d69abcc8a31c4ad985bfa4571d82e22e61f6af0ec2e2161496fd75fa0e3c73d44323b5feefb195e60cc666a55c0f54641eb9c24dcc3340dab68585f158a1b5f3e8565c1a2c302aeccdc24d3d31e2c321d5ac9e7d5f1fe08e836a86169925e09cefac8fa3cb62c9712ec8", 0xd4, 0x1}], 0x229000, &(0x7f0000000580)={[{@journal_dev={'journal_dev', 0x3d, 0x401}}, {@resgid={'resgid', 0x3d, 0xffffffffffffffff}}, {@jqfmt_vfsold}, {@nomblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xfffffffffffffffd}}, {@sysvgroups}, {@acl}], [{@smackfsfloor}, {@fowner_lt={'fowner<', r0}}, {@fowner_eq={'fowner', 0x3d, r0}}, {@hash}, {@hash}]}) modify_ldt$write(0x1, &(0x7f0000000680)={0x100, 0xffffffffffffffff, 0x2000, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000006c0)={0x4150, 0x100000, 0x2000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000700)={0x92, 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000740)={0xfffffff7, 0x20000000, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000780)={0x1, 0x100000, 0x2000, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000007c0)={0xfffff001, 0xffffffffffffffff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000800)={0x80000000, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000840)={0x0, 0x1000, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000880)={0x7, 0x20000000, 0x400, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1}, 0x10) [ 118.578585] loop2: detected capacity change from 0 to 264192 19:01:10 executing program 2: modify_ldt$write(0x1, &(0x7f0000000000)={0x4, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000040)={0x1, 0x100000, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000080)={0x8, 0x1000, 0x1000, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000000c0)={0x7, 0x20000000, 0x1000, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000100)={0x9, 0xffffffffffffffff, 0x1000, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10) getresuid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) modify_ldt$write(0x1, &(0x7f0000000200)={0x1f, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000240)={0x98d, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000280)={0x8000, 0x0, 0xfffffffffffffbff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x2000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, 0x10) syz_mount_image$ext4(&(0x7f0000000300)='ext3\x00', &(0x7f0000000340)='./file0\x00', 0x4, 0x3, &(0x7f0000000500)=[{&(0x7f0000000380)="dadac6939e2d6c1bb71f", 0xa, 0x100000000}, {&(0x7f00000003c0)="3b4a7c17466f03488781ca59f6da1a9ffd3c544dc2c727b55b495b0ee0be8f997a8de7", 0x23, 0x4}, {&(0x7f0000000400)="1bc4e803eb0fb10e57a6ca2ebc0eb99a8f6ddd4286f8c71520ffc6ddefaf71f3086fa10ce355e13a24e589a66e6bfa0e6e365be6aaa9308b985a3857eb0fbb2344f592ce303cad4aae5ff5abc2f4b10848e5dffab34196e6419e2a4da31a3602715bdc18b3a2552c8576d69abcc8a31c4ad985bfa4571d82e22e61f6af0ec2e2161496fd75fa0e3c73d44323b5feefb195e60cc666a55c0f54641eb9c24dcc3340dab68585f158a1b5f3e8565c1a2c302aeccdc24d3d31e2c321d5ac9e7d5f1fe08e836a86169925e09cefac8fa3cb62c9712ec8", 0xd4, 0x1}], 0x229000, &(0x7f0000000580)={[{@journal_dev={'journal_dev', 0x3d, 0x401}}, {@resgid={'resgid', 0x3d, 0xffffffffffffffff}}, {@jqfmt_vfsold}, {@nomblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xfffffffffffffffd}}, {@sysvgroups}, {@acl}], [{@smackfsfloor}, {@fowner_lt={'fowner<', r0}}, {@fowner_eq={'fowner', 0x3d, r0}}, {@hash}, {@hash}]}) modify_ldt$write(0x1, &(0x7f0000000680)={0x100, 0xffffffffffffffff, 0x2000, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000006c0)={0x4150, 0x100000, 0x2000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000700)={0x92, 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000740)={0xfffffff7, 0x20000000, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000780)={0x1, 0x100000, 0x2000, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f00000007c0)={0xfffff001, 0xffffffffffffffff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000800)={0x80000000, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000840)={0x0, 0x1000, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000000880)={0x7, 0x20000000, 0x400, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1}, 0x10) [ 118.713137] loop2: detected capacity change from 0 to 264192 19:01:10 executing program 3: r0 = pkey_alloc(0x0, 0x3) pkey_alloc(0x0, 0x3) pkey_free(r0) pkey_alloc(0x0, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0xb}, 0xcc80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') r2 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000340)) getpid() pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x9, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = pkey_alloc(0x0, 0x3) pkey_free(r3) syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000140)) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) openat(r1, &(0x7f00000003c0)='./file0\x00', 0x40000, 0x80) close(r4) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r2, 0x5ebd, 0xc6d4, 0x2, &(0x7f0000000000)={[0x1]}, 0x8) fsmount(0xffffffffffffffff, 0x1, 0x80) 19:01:10 executing program 2: r0 = pkey_alloc(0x0, 0x3) pkey_alloc(0x0, 0x3) pkey_free(r0) pkey_alloc(0x0, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0xb}, 0xcc80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') r2 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000340)) getpid() pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x9, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = pkey_alloc(0x0, 0x3) pkey_free(r3) syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000140)) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) openat(r1, &(0x7f00000003c0)='./file0\x00', 0x40000, 0x80) close(r4) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r2, 0x5ebd, 0xc6d4, 0x2, &(0x7f0000000000)={[0x1]}, 0x8) fsmount(0xffffffffffffffff, 0x1, 0x80) 19:01:10 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000005b00)=[{{0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000000)=""/17, 0x11}, {&(0x7f0000000040)=""/4096, 0x1000}], 0x2, &(0x7f0000001080)=""/225, 0xe1}, 0xfffffffa}, {{&(0x7f0000001180)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, &(0x7f0000003440)=[{&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/200, 0xc8}, {&(0x7f0000002300)=""/15, 0xf}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/213, 0xd5}], 0x5, &(0x7f00000034c0)=""/147, 0x93}, 0x3f}, {{&(0x7f0000003580)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000004680)=[{&(0x7f0000003600)=""/127, 0x7f}, {&(0x7f0000003680)=""/4096, 0x1000}], 0x2}, 0x2}, {{&(0x7f00000046c0)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000005a80)=[{&(0x7f0000004740)=""/75, 0x4b}, {&(0x7f00000047c0)=""/172, 0xac}, {&(0x7f0000004880)=""/73, 0x49}, {&(0x7f0000004900)=""/4096, 0x1000}, {&(0x7f0000005900)=""/80, 0x50}, {&(0x7f0000005980)=""/9, 0x9}, {&(0x7f00000059c0)=""/78, 0x4e}, {&(0x7f0000005a40)=""/22, 0x16}], 0x8}, 0x7}], 0x4, 0x40012020, &(0x7f0000005c00)={0x77359400}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000005c40)=0x1, 0x4) sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f0000005d40)={&(0x7f0000005c80)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000005d00)={&(0x7f0000005cc0)={0x1c, 0x0, 0x0, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004011}, 0x8000) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000005e80)={&(0x7f0000005d80)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000005e40)={&(0x7f0000005dc0)={0x78, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_SECCTX={0x22, 0x7, 'system_u:system_r:kernel_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:gpg_agent_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x40}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000006000)={&(0x7f0000005ec0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000005fc0)={&(0x7f0000005f00)={0xb8, 0x0, 0x8, 0x70bd26, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1b}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_REG_RULES={0x74, 0x22, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x400}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xe0e7}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x9}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x400}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xff}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x2}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x6}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xffff}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xe1}]}, 0xb8}, 0x1, 0x0, 0x0, 0x40c0}, 0x4000000) sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000006140)={&(0x7f0000006040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000006100)={&(0x7f0000006080)={0x7c, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xffffffcd, 0x7c}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000084}, 0x40) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000006180)={0x2, 'netpci0\x00', {0x8}, 0x2000}) sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000006280)={&(0x7f00000061c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000006240)={&(0x7f0000006200)={0x14, 0x5, 0x1, 0x401, 0x0, 0x0, {0xb}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x20000000) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000065c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r1, &(0x7f0000006900)={&(0x7f0000006600), 0xc, &(0x7f00000068c0)={&(0x7f0000006640)={0x260, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x3}}}}, [@NL80211_ATTR_FRAME={0x20e, 0x33, @mgmt_frame=@auth={@with_ht={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x1}, {0x40}, @broadcast, @device_b, @from_mac, {0xa}}, @ver_80211n={0x0, 0x0, 0x1, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}}, 0x1, 0x3, 0x5f, @void, [{0xdd, 0xe, "5cf1256aecbeb7b933cc279e55c2"}, {0xdd, 0xcd, "7fe266e103a3e30f7447de3842b23ca987514f4ee028dcee075d6dffd962b43b0a8ea9a1b32700d9a538fcf1bda0f1a6807d0cbdb0c04e0ce714ac75acfaf6d09860bb6a6b07978d41ab74295d4c3ab683f452b597f47cf15b46da82c47babad5bd98f3da33e0d53326749c212a4b10447f74374cf632ac618791c600d01784aaa312b781e6da0cd9b0e289158dbf3f1136859f83529f9964116444b43cefee6e1ea23398c4803a2aa75619b0303e27d6802e9663a9023cfd09c545115c377f6c5c29122244ac972a0e5c1ffd1"}, {0xdd, 0xbd, "bf47aa5d0cff40af94bb3768d8a58eb5e20fd9ae2d03d5b018277c4e85cc7803d8e9c5d21ede70e83cccaa153b4618efe13f7b7b6b205a1f38f05a71eca9fd64ba7d95c926f66ba5ccf091e773ae6a7f445d1687dca4ab8e648dc955055e7bc755a8cf6e724bdee19288898a1e7c593507abdbb3dc0fabb6e1fd3b55b6aedaa6fb02224afb4dde08daf002d9445193e5f479a7a104429ce05b3b323c7f54b9280476ce8c80dc90edba35e5aa3561f4f50b5bb00cfdb0766b56601bfdfa"}, {0xdd, 0x48, "fe49f831287e4765071a815ec793967184b91599db918c83da0bec56c4ec19d16fe2167d7b3b5bf67496b6bb493cb6cc5ffd8af51a6cee6777db2319800609147a9d8586ab8ff9b8"}]}}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x260}, 0x1, 0x0, 0x0, 0x40000}, 0x20000858) r2 = accept4$bt_l2cap(r1, &(0x7f0000006940)={0x1f, 0x0, @fixed}, &(0x7f0000006980)=0xe, 0x800) ioctl$sock_ifreq(r2, 0x8932, &(0x7f00000069c0)={'syzkaller1\x00', @ifru_names}) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, &(0x7f0000006a00)={'vcan0\x00', {0x2, 0x0, @broadcast}}) r3 = pidfd_getfd(r1, r2, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000006a40)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x8001}}, './file0\x00'}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000006a80), 0x80480) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000006ac0)={{0x1, 0x1, 0x18, r3, {0x0, 0x3}}, './file0\x00'}) ppoll(&(0x7f0000006b00)=[{r4, 0x10}, {r5, 0x209}], 0x2, &(0x7f0000006b40), &(0x7f0000006b80)={[0xffff]}, 0x8) 19:01:10 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000005b00)=[{{0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000000)=""/17, 0x11}, {&(0x7f0000000040)=""/4096, 0x1000}], 0x2, &(0x7f0000001080)=""/225, 0xe1}, 0xfffffffa}, {{&(0x7f0000001180)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, &(0x7f0000003440)=[{&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/200, 0xc8}, {&(0x7f0000002300)=""/15, 0xf}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/213, 0xd5}], 0x5, &(0x7f00000034c0)=""/147, 0x93}, 0x3f}, {{&(0x7f0000003580)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000004680)=[{&(0x7f0000003600)=""/127, 0x7f}, {&(0x7f0000003680)=""/4096, 0x1000}], 0x2}, 0x2}, {{&(0x7f00000046c0)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000005a80)=[{&(0x7f0000004740)=""/75, 0x4b}, {&(0x7f00000047c0)=""/172, 0xac}, {&(0x7f0000004880)=""/73, 0x49}, {&(0x7f0000004900)=""/4096, 0x1000}, {&(0x7f0000005900)=""/80, 0x50}, {&(0x7f0000005980)=""/9, 0x9}, {&(0x7f00000059c0)=""/78, 0x4e}, {&(0x7f0000005a40)=""/22, 0x16}], 0x8}, 0x7}], 0x4, 0x40012020, &(0x7f0000005c00)={0x77359400}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000005c40)=0x1, 0x4) sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f0000005d40)={&(0x7f0000005c80)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000005d00)={&(0x7f0000005cc0)={0x1c, 0x0, 0x0, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004011}, 0x8000) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000005e80)={&(0x7f0000005d80)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000005e40)={&(0x7f0000005dc0)={0x78, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_SECCTX={0x22, 0x7, 'system_u:system_r:kernel_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:gpg_agent_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x40}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000006000)={&(0x7f0000005ec0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000005fc0)={&(0x7f0000005f00)={0xb8, 0x0, 0x8, 0x70bd26, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1b}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_REG_RULES={0x74, 0x22, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x400}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xe0e7}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x9}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x400}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xff}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x2}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x6}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xffff}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xe1}]}, 0xb8}, 0x1, 0x0, 0x0, 0x40c0}, 0x4000000) sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000006140)={&(0x7f0000006040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000006100)={&(0x7f0000006080)={0x7c, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xffffffcd, 0x7c}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000084}, 0x40) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000006180)={0x2, 'netpci0\x00', {0x8}, 0x2000}) sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000006280)={&(0x7f00000061c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000006240)={&(0x7f0000006200)={0x14, 0x5, 0x1, 0x401, 0x0, 0x0, {0xb}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x20000000) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000065c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r1, &(0x7f0000006900)={&(0x7f0000006600), 0xc, &(0x7f00000068c0)={&(0x7f0000006640)={0x260, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x3}}}}, [@NL80211_ATTR_FRAME={0x20e, 0x33, @mgmt_frame=@auth={@with_ht={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x1, 0x1}, {0x40}, @broadcast, @device_b, @from_mac, {0xa}}, @ver_80211n={0x0, 0x0, 0x1, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}}, 0x1, 0x3, 0x5f, @void, [{0xdd, 0xe, "5cf1256aecbeb7b933cc279e55c2"}, {0xdd, 0xcd, "7fe266e103a3e30f7447de3842b23ca987514f4ee028dcee075d6dffd962b43b0a8ea9a1b32700d9a538fcf1bda0f1a6807d0cbdb0c04e0ce714ac75acfaf6d09860bb6a6b07978d41ab74295d4c3ab683f452b597f47cf15b46da82c47babad5bd98f3da33e0d53326749c212a4b10447f74374cf632ac618791c600d01784aaa312b781e6da0cd9b0e289158dbf3f1136859f83529f9964116444b43cefee6e1ea23398c4803a2aa75619b0303e27d6802e9663a9023cfd09c545115c377f6c5c29122244ac972a0e5c1ffd1"}, {0xdd, 0xbd, "bf47aa5d0cff40af94bb3768d8a58eb5e20fd9ae2d03d5b018277c4e85cc7803d8e9c5d21ede70e83cccaa153b4618efe13f7b7b6b205a1f38f05a71eca9fd64ba7d95c926f66ba5ccf091e773ae6a7f445d1687dca4ab8e648dc955055e7bc755a8cf6e724bdee19288898a1e7c593507abdbb3dc0fabb6e1fd3b55b6aedaa6fb02224afb4dde08daf002d9445193e5f479a7a104429ce05b3b323c7f54b9280476ce8c80dc90edba35e5aa3561f4f50b5bb00cfdb0766b56601bfdfa"}, {0xdd, 0x48, "fe49f831287e4765071a815ec793967184b91599db918c83da0bec56c4ec19d16fe2167d7b3b5bf67496b6bb493cb6cc5ffd8af51a6cee6777db2319800609147a9d8586ab8ff9b8"}]}}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x260}, 0x1, 0x0, 0x0, 0x40000}, 0x20000858) r2 = accept4$bt_l2cap(r1, &(0x7f0000006940)={0x1f, 0x0, @fixed}, &(0x7f0000006980)=0xe, 0x800) ioctl$sock_ifreq(r2, 0x8932, &(0x7f00000069c0)={'syzkaller1\x00', @ifru_names}) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, &(0x7f0000006a00)={'vcan0\x00', {0x2, 0x0, @broadcast}}) r3 = pidfd_getfd(r1, r2, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000006a40)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x8001}}, './file0\x00'}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000006a80), 0x80480) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000006ac0)={{0x1, 0x1, 0x18, r3, {0x0, 0x3}}, './file0\x00'}) ppoll(&(0x7f0000006b00)=[{r4, 0x10}, {r5, 0x209}], 0x2, &(0x7f0000006b40), &(0x7f0000006b80)={[0xffff]}, 0x8) VM DIAGNOSIS: 19:01:10 Registers: info registers vcpu 0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823c0801 RDI=ffffffff8765c9e0 RBP=ffffffff8765c9a0 RSP=ffff88803e047690 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000038 R11=0000000000000001 R12=0000000000000038 R13=ffffffff8765c9a0 R14=0000000000000010 R15=ffffffff823c07f0 RIP=ffffffff823c0859 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4555bf0700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1559519610 CR3=000000001ad36000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f45587617c000007f45587617c8 XMM02=00007f45587617e000007f45587617c0 XMM03=00007f45587617c800007f45587617c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=1ffff11002091ea7 RCX=ffffffff812a34cf RDX=dffffc0000000000 RSI=0000000000000008 RDI=ffffffff85b08350 RBP=0000000000000001 RSP=ffff88801048f510 R8 =0000000000000000 R9 =ffffffff85b08357 R10=fffffbfff0b6106a R11=0000000000000001 R12=0000000000000001 R13=0000000000000000 R14=ffff88806cf3c4a0 R15=0000000000000000 RIP=ffffffff8425a740 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f53b024b260 CR3=0000000021082000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000