Warning: Permanently added '[localhost]:52422' (ECDSA) to the list of known hosts. 2022/10/07 00:36:47 fuzzer started 2022/10/07 00:36:47 dialing manager at localhost:37161 syzkaller login: [ 43.758923] cgroup: Unknown subsys name 'net' [ 43.839845] cgroup: Unknown subsys name 'rlimit' 2022/10/07 00:37:02 syscalls: 2215 2022/10/07 00:37:02 code coverage: enabled 2022/10/07 00:37:02 comparison tracing: enabled 2022/10/07 00:37:02 extra coverage: enabled 2022/10/07 00:37:02 setuid sandbox: enabled 2022/10/07 00:37:02 namespace sandbox: enabled 2022/10/07 00:37:02 Android sandbox: enabled 2022/10/07 00:37:02 fault injection: enabled 2022/10/07 00:37:02 leak checking: enabled 2022/10/07 00:37:02 net packet injection: enabled 2022/10/07 00:37:02 net device setup: enabled 2022/10/07 00:37:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/07 00:37:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/07 00:37:02 USB emulation: enabled 2022/10/07 00:37:02 hci packet injection: enabled 2022/10/07 00:37:02 wifi device emulation: failed to parse kernel version (6.0.0-next-20221006) 2022/10/07 00:37:02 802.15.4 emulation: enabled 2022/10/07 00:37:02 fetching corpus: 50, signal 19037/20866 (executing program) 2022/10/07 00:37:02 fetching corpus: 100, signal 29344/32818 (executing program) 2022/10/07 00:37:02 fetching corpus: 150, signal 37493/42447 (executing program) 2022/10/07 00:37:03 fetching corpus: 200, signal 47557/53727 (executing program) 2022/10/07 00:37:03 fetching corpus: 250, signal 49949/57533 (executing program) 2022/10/07 00:37:03 fetching corpus: 300, signal 56340/65074 (executing program) 2022/10/07 00:37:03 fetching corpus: 350, signal 62018/71746 (executing program) 2022/10/07 00:37:03 fetching corpus: 400, signal 65931/76689 (executing program) 2022/10/07 00:37:03 fetching corpus: 450, signal 69494/81246 (executing program) 2022/10/07 00:37:03 fetching corpus: 500, signal 71711/84593 (executing program) 2022/10/07 00:37:03 fetching corpus: 550, signal 75530/89279 (executing program) 2022/10/07 00:37:04 fetching corpus: 600, signal 77954/92616 (executing program) 2022/10/07 00:37:04 fetching corpus: 650, signal 81960/97307 (executing program) 2022/10/07 00:37:04 fetching corpus: 700, signal 85142/101225 (executing program) 2022/10/07 00:37:04 fetching corpus: 750, signal 87930/104756 (executing program) 2022/10/07 00:37:04 fetching corpus: 800, signal 91757/109108 (executing program) 2022/10/07 00:37:04 fetching corpus: 850, signal 93327/111510 (executing program) 2022/10/07 00:37:04 fetching corpus: 900, signal 95457/114372 (executing program) 2022/10/07 00:37:04 fetching corpus: 950, signal 96958/116646 (executing program) 2022/10/07 00:37:04 fetching corpus: 1000, signal 98740/119102 (executing program) 2022/10/07 00:37:05 fetching corpus: 1050, signal 100797/121734 (executing program) 2022/10/07 00:37:05 fetching corpus: 1100, signal 102376/123965 (executing program) 2022/10/07 00:37:05 fetching corpus: 1150, signal 103311/125666 (executing program) 2022/10/07 00:37:05 fetching corpus: 1200, signal 105554/128326 (executing program) 2022/10/07 00:37:05 fetching corpus: 1250, signal 106458/129960 (executing program) 2022/10/07 00:37:05 fetching corpus: 1300, signal 107482/131679 (executing program) 2022/10/07 00:37:05 fetching corpus: 1350, signal 108540/133371 (executing program) 2022/10/07 00:37:05 fetching corpus: 1400, signal 110047/135411 (executing program) 2022/10/07 00:37:05 fetching corpus: 1450, signal 111180/137130 (executing program) 2022/10/07 00:37:05 fetching corpus: 1500, signal 112209/138765 (executing program) 2022/10/07 00:37:05 fetching corpus: 1550, signal 113358/140442 (executing program) 2022/10/07 00:37:06 fetching corpus: 1600, signal 114739/142239 (executing program) 2022/10/07 00:37:06 fetching corpus: 1650, signal 115422/143549 (executing program) 2022/10/07 00:37:06 fetching corpus: 1700, signal 117142/145551 (executing program) 2022/10/07 00:37:06 fetching corpus: 1750, signal 118195/147080 (executing program) 2022/10/07 00:37:06 fetching corpus: 1800, signal 119618/148807 (executing program) 2022/10/07 00:37:06 fetching corpus: 1850, signal 120376/150132 (executing program) 2022/10/07 00:37:06 fetching corpus: 1900, signal 123964/153184 (executing program) 2022/10/07 00:37:06 fetching corpus: 1950, signal 124878/154514 (executing program) 2022/10/07 00:37:06 fetching corpus: 2000, signal 125782/155818 (executing program) 2022/10/07 00:37:06 fetching corpus: 2050, signal 126697/157113 (executing program) 2022/10/07 00:37:07 fetching corpus: 2100, signal 127279/158198 (executing program) 2022/10/07 00:37:07 fetching corpus: 2150, signal 128481/159557 (executing program) 2022/10/07 00:37:07 fetching corpus: 2200, signal 129606/160865 (executing program) 2022/10/07 00:37:07 fetching corpus: 2250, signal 130235/161888 (executing program) 2022/10/07 00:37:07 fetching corpus: 2300, signal 131446/163226 (executing program) 2022/10/07 00:37:07 fetching corpus: 2350, signal 132428/164469 (executing program) 2022/10/07 00:37:07 fetching corpus: 2400, signal 133438/165668 (executing program) 2022/10/07 00:37:07 fetching corpus: 2450, signal 134961/167198 (executing program) 2022/10/07 00:37:07 fetching corpus: 2500, signal 135653/168191 (executing program) 2022/10/07 00:37:07 fetching corpus: 2550, signal 136065/169024 (executing program) 2022/10/07 00:37:08 fetching corpus: 2600, signal 137679/170444 (executing program) 2022/10/07 00:37:08 fetching corpus: 2650, signal 138923/171673 (executing program) 2022/10/07 00:37:08 fetching corpus: 2700, signal 139826/172663 (executing program) 2022/10/07 00:37:08 fetching corpus: 2750, signal 140342/173472 (executing program) 2022/10/07 00:37:08 fetching corpus: 2800, signal 142417/175001 (executing program) 2022/10/07 00:37:08 fetching corpus: 2850, signal 143459/176042 (executing program) 2022/10/07 00:37:08 fetching corpus: 2900, signal 144509/177052 (executing program) 2022/10/07 00:37:08 fetching corpus: 2950, signal 145391/177956 (executing program) 2022/10/07 00:37:08 fetching corpus: 3000, signal 146524/178972 (executing program) 2022/10/07 00:37:09 fetching corpus: 3050, signal 147306/179770 (executing program) 2022/10/07 00:37:09 fetching corpus: 3100, signal 147622/180406 (executing program) 2022/10/07 00:37:09 fetching corpus: 3150, signal 148527/181247 (executing program) 2022/10/07 00:37:09 fetching corpus: 3200, signal 149327/182064 (executing program) 2022/10/07 00:37:09 fetching corpus: 3250, signal 150331/182970 (executing program) 2022/10/07 00:37:09 fetching corpus: 3300, signal 151161/183786 (executing program) 2022/10/07 00:37:09 fetching corpus: 3350, signal 151834/184502 (executing program) 2022/10/07 00:37:09 fetching corpus: 3400, signal 153052/185388 (executing program) 2022/10/07 00:37:09 fetching corpus: 3450, signal 153800/186083 (executing program) 2022/10/07 00:37:10 fetching corpus: 3500, signal 155047/186946 (executing program) 2022/10/07 00:37:10 fetching corpus: 3550, signal 156335/187784 (executing program) 2022/10/07 00:37:10 fetching corpus: 3600, signal 157165/188469 (executing program) 2022/10/07 00:37:10 fetching corpus: 3650, signal 157993/189115 (executing program) 2022/10/07 00:37:10 fetching corpus: 3700, signal 158608/189685 (executing program) 2022/10/07 00:37:10 fetching corpus: 3750, signal 159404/190344 (executing program) 2022/10/07 00:37:10 fetching corpus: 3800, signal 160466/191038 (executing program) 2022/10/07 00:37:10 fetching corpus: 3850, signal 160952/191561 (executing program) 2022/10/07 00:37:10 fetching corpus: 3900, signal 161906/192224 (executing program) 2022/10/07 00:37:10 fetching corpus: 3950, signal 163096/192912 (executing program) 2022/10/07 00:37:10 fetching corpus: 4000, signal 164164/193536 (executing program) 2022/10/07 00:37:11 fetching corpus: 4050, signal 164761/193999 (executing program) 2022/10/07 00:37:11 fetching corpus: 4100, signal 165488/194520 (executing program) 2022/10/07 00:37:11 fetching corpus: 4150, signal 165863/194949 (executing program) 2022/10/07 00:37:11 fetching corpus: 4200, signal 167502/195580 (executing program) 2022/10/07 00:37:11 fetching corpus: 4250, signal 168229/196030 (executing program) 2022/10/07 00:37:11 fetching corpus: 4300, signal 168589/196408 (executing program) 2022/10/07 00:37:11 fetching corpus: 4350, signal 169049/196766 (executing program) 2022/10/07 00:37:11 fetching corpus: 4400, signal 169763/197178 (executing program) 2022/10/07 00:37:11 fetching corpus: 4450, signal 170277/197559 (executing program) 2022/10/07 00:37:11 fetching corpus: 4500, signal 170522/197882 (executing program) 2022/10/07 00:37:12 fetching corpus: 4550, signal 171035/198223 (executing program) 2022/10/07 00:37:12 fetching corpus: 4600, signal 171691/198564 (executing program) 2022/10/07 00:37:12 fetching corpus: 4650, signal 172174/198906 (executing program) 2022/10/07 00:37:12 fetching corpus: 4700, signal 173122/199227 (executing program) 2022/10/07 00:37:12 fetching corpus: 4750, signal 173591/199502 (executing program) 2022/10/07 00:37:12 fetching corpus: 4800, signal 173906/199797 (executing program) 2022/10/07 00:37:12 fetching corpus: 4850, signal 174841/200141 (executing program) 2022/10/07 00:37:12 fetching corpus: 4900, signal 175532/200405 (executing program) 2022/10/07 00:37:12 fetching corpus: 4950, signal 176358/200644 (executing program) 2022/10/07 00:37:12 fetching corpus: 5000, signal 176781/200811 (executing program) 2022/10/07 00:37:13 fetching corpus: 5050, signal 177213/200813 (executing program) 2022/10/07 00:37:13 fetching corpus: 5100, signal 178045/200813 (executing program) 2022/10/07 00:37:13 fetching corpus: 5150, signal 178375/200860 (executing program) 2022/10/07 00:37:13 fetching corpus: 5200, signal 179154/200862 (executing program) 2022/10/07 00:37:13 fetching corpus: 5250, signal 180103/200870 (executing program) 2022/10/07 00:37:13 fetching corpus: 5300, signal 180488/200890 (executing program) 2022/10/07 00:37:13 fetching corpus: 5350, signal 180939/200890 (executing program) 2022/10/07 00:37:13 fetching corpus: 5400, signal 181599/200890 (executing program) 2022/10/07 00:37:13 fetching corpus: 5450, signal 182085/200890 (executing program) 2022/10/07 00:37:13 fetching corpus: 5478, signal 182794/200894 (executing program) 2022/10/07 00:37:13 fetching corpus: 5478, signal 182794/200894 (executing program) 2022/10/07 00:37:16 starting 8 fuzzer processes 00:37:16 executing program 0: ioctl$FIOCLEX(0xffffffffffffffff, 0x5451) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xcc, 0x0, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0xb8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x86}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xbb111f2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9a6a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xea9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x14, 0x2, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4008084}, 0x8044804) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffff}}, './file0\x00'}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0xd8, 0x0, 0x10, 0x70bd2d, 0x25dfdbfc, {}, [{{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffff9}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}]}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x1}, 0x8010) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f00000003c0)={{0x1, 0x1, 0x18, r0, {r0}}, './file0\x00'}) fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000400)='lb_stats_refresh_interval\x00', &(0x7f0000000440)='./file0/file0\x00', r0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000480), 0x202e40, 0x0) fstat(r3, &(0x7f00000004c0)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000540), 0x101000, 0x0) r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_GET(r4, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x38, r5, 0x200, 0x70bd26, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x5}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x8001) r6 = openat2(r1, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x2000, 0x48, 0x3}, 0x18) fsconfig$FSCONFIG_SET_FD(r6, 0x5, &(0x7f0000000740)='/dev/full\x00', 0x0, r0) getresuid(&(0x7f0000000840), &(0x7f0000000880)=0x0, &(0x7f00000008c0)) mount$9p_unix(&(0x7f0000000780)='./file0/file0\x00', &(0x7f00000007c0)='./file0/file0\x00', &(0x7f0000000800), 0x300000, &(0x7f0000000900)={'trans=unix,', {[{@posixacl}, {@afid={'afid', 0x3d, 0x7}}, {@debug={'debug', 0x3d, 0x101}}, {@access_any}], [{@fscontext={'fscontext', 0x3d, 'user_u'}}, {@euid_gt={'euid>', r7}}, {@pcr={'pcr', 0x3d, 0x1b}}]}}) openat$procfs(0xffffffffffffff9c, &(0x7f00000009c0)='/proc/consoles\x00', 0x0, 0x0) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000a40), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x3c, r8, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x18}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040080}, 0x20000000) r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000b40), 0x220000, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000c80)={0x9, 0x0, &(0x7f0000000c40)=[r9, r2, 0xffffffffffffffff, r6, 0xffffffffffffffff]}, 0x5) 00:37:16 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) ioctl$DVD_WRITE_STRUCT(r0, 0x5390, &(0x7f0000000040)=@copyright={0x1, 0x2, 0x6, 0x2}) r1 = syz_mount_image$nfs(&(0x7f0000000900), &(0x7f0000000940)='./file0\x00', 0x2, 0x3, &(0x7f0000000bc0)=[{&(0x7f0000000980)="f4ce45626bc6ad1f827ff1193d0626910fc0", 0x12}, {&(0x7f00000009c0)="a5d71495dfa5c718301d0462fbf2962b1c9ebe8c192e91834393f9a1bb018956885ff7f0b192bde986400438c577cdddce9abe5faae718c5c6a846c404204972aaf00a5c0fb4cfe6c5532e0c6f65ae2800a3d66354af7f19add9e33eee5587fb09229d0d82c68a9ba34437ddae748df71c7f36fded16be8948c32ffa8e909421f02c4b6c5237f9b4da476b16fcfe814bdfc528833fc0d6f6118acdc0eff4a778450da9bfd6b5c59a92fb81779484faa3c79f89d7b8cc6a93d281fa01918546e69106c5606458fc28982e29abf6c8a0c58e719d7ac210f5ef32f3d5e7299c43c7b283e07138dc5cd2cd1ce1853e2434ed833d3514e6e655", 0xf7, 0x1}, {&(0x7f0000000ac0)="d6adfce6fee5b8e8bb9072361b56a046b11208aee833f2eb5649733f55f6adeb8b979c3cef6229906d09660da9b8bbaf9038c853be52f29842b5b6e370271fc4b6715d52013ff665d89adcba47571a604fdf223e4c28b28a2d67ef7714be5bed4d2cef6f27438135caf6459aea72298eeed406aa1881aeee4b018cea546f5695fb493624b99b47353bc5d4eb4763b0c3e022a6218cd0da360ae67380d2d666495cea0726f483be76919bee2bdc518eaf303413cabf8b764c1c45542451c6d963215a261a3676f6e1b72825", 0xcb}], 0x2048, &(0x7f0000000c40)={[{'/dev/bsg\x00'}, {'/dev/bsg\x00'}, {'/dev/bsg\x00'}, {'/dev/bsg\x00'}], [{@subj_type={'subj_type', 0x3d, '/dev/bsg\x00'}}, {@context={'context', 0x3d, 'unconfined_u'}}, {@fowner_lt={'fowner<', 0xee01}}, {@subj_type={'subj_type', 0x3d, '/dev/bsg\x00'}}, {@smackfshat={'smackfshat', 0x3d, '({\'$+'}}, {@appraise_type}, {@smackfstransmute={'smackfstransmute', 0x3d, '$-'}}, {@euid_lt={'euid<', 0xee01}}]}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000d40)={{{@in=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@remote}}, &(0x7f0000000e40)=0xe8) mount$9p_fd(0x0, &(0x7f0000000880)='./file0\x00', &(0x7f00000008c0), 0x1c020, &(0x7f0000000e80)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}, {@cachetag={'cachetag', 0x3d, '$'}}, {@loose}, {@access_uid={'access', 0x3d, r3}}, {@mmap}]}}) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000001040)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001000)={&(0x7f0000000f40)={0x94, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_ADDR={0x58, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @local}}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @local}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x40004}, 0x80) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001080), 0x200, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f4, &(0x7f0000001140)={'ip6tnl0\x00', &(0x7f00000010c0)={'ip6tnl0\x00', r2, 0x29, 0x7f, 0xff, 0xfffffff8, 0xd, @private2, @empty, 0x700, 0x1, 0x3, 0x4bfc4980}}) setsockopt$inet_mreqn(r4, 0x0, 0x0, &(0x7f0000001180)={@empty, @initdev={0xac, 0x1e, 0x1, 0x0}, r5}, 0xc) r6 = epoll_create1(0x80000) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f00000011c0)='[\x00', 0x0, r6) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f00000012c0)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001280)={&(0x7f0000001240)={0x2c, 0x0, 0x8, 0x70bd2a, 0x25dfdbfb, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) epoll_pwait2(r6, &(0x7f0000001300)=[{}, {}, {}, {}], 0x4, &(0x7f0000001340), &(0x7f0000001380)={[0x4]}, 0x8) renameat(r1, &(0x7f00000013c0)='./file0\x00', r1, &(0x7f0000001400)='./file0\x00') r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000001480), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000001540)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001500)={&(0x7f00000014c0)={0x30, r7, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_vlan\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ioctl$AUTOFS_IOC_EXPIRE(r4, 0x810c9365, &(0x7f0000001580)={{0x8, 0x2}, 0x100, './file0\x00'}) sendmsg$NL80211_CMD_NOTIFY_RADAR(r0, &(0x7f00000017c0)={&(0x7f00000016c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001780)={&(0x7f0000001700)={0x68, 0x0, 0x4, 0x70bd26, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x2, 0x25}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2f}]}, 0x68}}, 0x40000) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001800)={'wlan1\x00'}) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000001940)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001900)={&(0x7f0000001880)={0x60, 0x2, 0x1, 0x0, 0x0, 0x0, {0x1, 0x0, 0x8}, [@CTA_PROTOINFO={0x4c, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x48, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0xfa}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0xc7}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x1f}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x3}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x557d}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0x8}, @CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x7f}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40001}, 0x404c0d4) 00:37:16 executing program 1: clock_getres(0x0, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000000040)) clock_getres(0x2, &(0x7f0000000080)) clock_getres(0x3, &(0x7f00000000c0)) clock_gettime(0x3, &(0x7f0000000100)) clock_gettime(0x7, &(0x7f0000000140)) clock_gettime(0x2, &(0x7f0000000180)) r0 = semget(0x1, 0x8, 0x200) semtimedop(r0, &(0x7f00000001c0)=[{0x4, 0x2, 0x800}, {0x3, 0x2, 0x1800}, {0x4, 0x800}, {0x0, 0x0, 0x1000}, {0x1, 0x9b, 0x800}, {0x7, 0x5, 0x800}, {0x4, 0x2, 0x1000}, {0x3, 0x0, 0x800}], 0x8, &(0x7f0000000200)={0x0, 0x3938700}) io_getevents(0x0, 0x9, 0x1, &(0x7f0000000240)=[{}], &(0x7f0000000280)={0x77359400}) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000002c0)={0x9, 0xc5, 0x1000, 0x7, 0x9, 0x14fc000000000, 0x4, 0x1ff}, &(0x7f0000000300)={0x5, 0xfffffffffffffff7, 0x8001, 0x2, 0x5, 0xfff00000, 0x1, 0x4}, &(0x7f0000000340)={0x7acd, 0x1, 0x7, 0x8, 0x2, 0x6, 0x5, 0x1}, &(0x7f00000003c0)={r1, r2+10000000}, &(0x7f0000000440)={&(0x7f0000000400)={[0x4]}, 0x8}) futex(&(0x7f0000000480), 0x7, 0x1, &(0x7f00000004c0)={0x77359400}, &(0x7f0000000500), 0x1) clock_gettime(0x0, &(0x7f00000005c0)={0x0, 0x0}) epoll_pwait2(0xffffffffffffffff, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}], 0x7, &(0x7f0000000600)={r3, r4+60000000}, &(0x7f0000000640)={[0x1]}, 0x8) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004, 0x10, 0xffffffffffffffff, 0x10000000) r6 = syz_io_uring_complete(0x0) syz_io_uring_submit(0x0, r5, &(0x7f00000007c0)=@IORING_OP_STATX={0x15, 0x2, 0x0, r6, &(0x7f0000000680), &(0x7f0000000780)='\x00', 0x161}, 0x6) syz_io_uring_submit(0x0, r5, &(0x7f0000000880)=@IORING_OP_OPENAT2={0x1c, 0x5, 0x0, r6, &(0x7f0000000800)={0x400, 0x10, 0xf}, &(0x7f0000000840)='./file0\x00', 0x18, 0x0, 0x23456}, 0x3) mq_timedsend(0xffffffffffffffff, &(0x7f0000000900)="eab71ab23391b64be0243eee02ee2323e48a32420c1cab1505780c78db4f469ce101fd3a4d6543e161e96e86477b", 0x2e, 0x5, &(0x7f0000000940)={0x77359400}) 00:37:16 executing program 3: sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x1, 0x2, 0x201, 0x0, 0x0, {0x3}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x8001}, @CTA_EXPECT_MASTER={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @remote}}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x48800}, 0x8800) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, 0x7, 0xa, 0x3, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000440)={&(0x7f0000000280)={0x190, 0x3, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@CTA_MARK_MASK={0x8}, @CTA_TUPLE_ORIG={0x84, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @rand_addr=0x64010102}}}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x1}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x9}, @CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0xc, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0xffffffff}]}}, @CTA_SEQ_ADJ_ORIG={0x2c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x7802}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xfffffc00}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5bdd426b}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x80000001}]}, @CTA_LABELS={0x18, 0x16, 0x1, 0x0, [0x5, 0x10001, 0xa73, 0x7, 0x100]}, @CTA_NAT_SRC={0x8c, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @remote}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2f}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @loopback}, @CTA_NAT_PROTO={0x34, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}]}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @private=0xa010100}, @CTA_NAT_V6_MINIP={0x14, 0x4, @empty}]}]}, 0x190}, 0x1, 0x0, 0x0, 0x8080}, 0x4041) sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x28, 0x6, 0x6, 0x801, 0x0, 0x0, {0xc, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040881}, 0x10) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000600)={0x428, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x6, 0x6b}}}}, [@NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x800}, @acl_policy=[@NL80211_ATTR_MAC_ADDRS={0x1c, 0xa6, 0x0, 0x1, [{0xa}, {0xa, 0x6, @device_b}]}, @NL80211_ATTR_MAC_ADDRS={0x58, 0xa6, 0x0, 0x1, [{0xa}, {0xa}, {0xa}, {0xa, 0x6, @broadcast}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}]}, @NL80211_ATTR_MAC_ADDRS={0x58, 0xa6, 0x0, 0x1, [{0xa}, {0xa, 0x6, @broadcast}, {0xa}, {0xa}, {0xa}, {0xa, 0x6, @broadcast}, {0xa}]}, @NL80211_ATTR_MAC_ADDRS={0x1c, 0xa6, 0x0, 0x1, [{0xa, 0x6, @broadcast}, {0xa, 0x6, @device_b}]}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_MAC_ADDRS={0x64, 0xa6, 0x0, 0x1, [{0xa}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa}, {0xa, 0x6, @broadcast}, {0xa, 0x6, @device_b}, {0xa}, {0xa}]}], @NL80211_ATTR_TX_RATES={0x2ac, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x5, 0xffff, 0x2000, 0xffff, 0x1, 0x0, 0x1]}}]}, @NL80211_BAND_6GHZ={0x90, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x6c, 0x1, 0x9, 0x12, 0x3, 0x1, 0x3, 0x6c, 0x6, 0x3b]}, @NL80211_TXRATE_HT={0x4c, 0x2, [{0x7, 0x6}, {0x0, 0x7}, {0x4, 0x6}, {0x0, 0x7}, {0x4, 0x1c}, {0x0, 0x6}, {0x0, 0x6}, {0x0, 0x7}, {0x1, 0x9}, {0x5, 0x6}, {0x1, 0x5}, {0x5, 0x5}, {0x1, 0x2}, {}, {0x4, 0x5}, {0x0, 0x3}, {0x2, 0x2}, {0x2, 0x8}, {0x1, 0x5}, {0x5, 0x5}, {0x6, 0x9}, {0x4, 0x3}, {0x5, 0x5}, {0x0, 0x5}, {0x5, 0x3}, {0x0, 0x9}, {0x6, 0x4}, {0x1, 0x3}, {0x5, 0x9}, {0x1, 0xa}, {0x2, 0x8}, {0x0, 0x2}, {0x5, 0x2}, {0x1, 0x1}, {0x7, 0x7}, {0x4, 0x3}, {0x1, 0x4}, {0x1, 0x6}, {0x7}, {0x4, 0x1}, {0x0, 0x5}, {0x1, 0x2}, {0x1, 0x1}, {0x0, 0x5}, {0x0, 0x6}, {0x1, 0x3}, {0x0, 0x8}, {0x4, 0x9}, {0x6, 0x2}, {0x6, 0x6}, {0x3, 0x9}, {0x1, 0x4}, {0x3, 0x2}, {0x6, 0x8}, {0x5, 0x8}, {0x0, 0x5}, {0x6, 0xa}, {0x4, 0x1}, {0x0, 0x7}, {0x3, 0x4}, {0x1, 0x2}, {0x0, 0x4}, {0x1, 0x3}, {0x3, 0xa}, {0x4, 0x8}, {0x0, 0xa}, {0x0, 0x9}, {0x1, 0x3}, {0x0, 0x1}, {0x5, 0x3}, {0x0, 0x2}, {0x1, 0x9}]}, @NL80211_TXRATE_HT={0x1d, 0x2, [{0x6, 0xa}, {0x5, 0x7}, {0x0, 0x6}, {0x1, 0x4}, {0x5, 0x1}, {0x4, 0x8}, {0x0, 0x3}, {0x2, 0x2}, {0x1, 0x2}, {}, {0x5, 0x7}, {0x2, 0x5}, {0x6, 0x3}, {0x0, 0x2}, {0x2, 0x9}, {0x1, 0x8}, {0x3, 0x3}, {0x5}, {0x4, 0x4}, {0x0, 0x6}, {0x7, 0x6}, {0x3, 0x7}, {0x0, 0x8}, {0x1, 0x9}, {0x3, 0x7}]}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_5GHZ={0x28, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x24, 0x1, [0x2, 0x6c, 0x4, 0x6c, 0x6c, 0x9, 0xc, 0x12, 0x6, 0x36, 0xc, 0x18, 0x16, 0x2, 0x16, 0x18, 0x8d553c52364b80ef, 0x16, 0x9, 0x1f, 0x5, 0x1b, 0xb, 0x5, 0x24, 0x3, 0x3, 0x16, 0x4, 0x12, 0x60, 0x5]}]}, @NL80211_BAND_6GHZ={0x1c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x6, 0x1, [0x6, 0x1b]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_5GHZ={0x64, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0xe, 0x2, [{0x5, 0x1}, {0x3, 0x8}, {0x0, 0x3}, {0x2, 0x4}, {0x4, 0x6}, {0x0, 0xa}, {0x0, 0x9}, {0x3, 0x4}, {0x1, 0xa}, {0x0, 0xa}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x48, 0x5, 0x36, 0x2e, 0x24, 0x18, 0x18, 0xc, 0x5, 0x6c, 0x9, 0x60, 0x6c, 0x48, 0x12, 0x36, 0xc, 0x2, 0x1b, 0x18, 0x6c, 0x62, 0x5, 0x1b, 0x0, 0xb1db342172090fe8, 0xb, 0x5, 0x18]}, @NL80211_TXRATE_HT={0xd, 0x2, [{0x4, 0x9}, {0x0, 0x2}, {0x7, 0x9}, {0x7, 0x9}, {0x0, 0x6}, {0x7, 0x3}, {0x6, 0x2}, {0x6, 0x4}, {0x0, 0x4}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7ff, 0x8, 0x7f, 0x9, 0x9, 0x1, 0x1, 0x80]}}]}, @NL80211_BAND_5GHZ={0x78, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xd750, 0x1, 0x2, 0x3, 0x6, 0x8000, 0xf3b, 0x5f0]}}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x48, 0xca, 0xc, 0x79, 0xb, 0x1, 0x24, 0x11, 0x24, 0x6, 0xc, 0x1b, 0x12, 0x36, 0x1b, 0x3, 0xf, 0x9, 0x30, 0xc, 0xb90405e22057a193, 0x6, 0x36, 0x36, 0x60, 0x18, 0x6, 0x1, 0x16]}, @NL80211_TXRATE_HT={0x3b, 0x2, [{0x2, 0x9}, {0x6, 0x2}, {0x1, 0x7}, {0x6, 0x7}, {0x3, 0xa}, {0x6, 0x5}, {0x1, 0x7}, {0x1, 0x4}, {0x0, 0x3}, {0x1, 0x7}, {0x4}, {0x4, 0x1}, {0x2, 0xa}, {0x3, 0xa}, {0x5, 0xa}, {0x1, 0x8}, {0x4, 0x1}, {0x2, 0x6}, {0x7, 0x2}, {0x1, 0x2}, {0x6, 0x1}, {0x7, 0x4}, {0x3, 0x5}, {0x0, 0x3}, {0x3, 0x7}, {0x1, 0x1}, {0x2, 0x3}, {0x3, 0x8}, {0x4, 0x3}, {0x4, 0x4}, {0x4, 0x9}, {0x0, 0x8}, {0x2, 0x5}, {0x1, 0x1}, {0x0, 0x7}, {0x6, 0x5}, {0x2, 0xa}, {0x4, 0x2}, {0x3}, {0x0, 0x9}, {0x1, 0x6}, {0x4, 0x1}, {0x6, 0x7}, {0x1, 0x8}, {0x6, 0x6}, {0x3, 0x4}, {0x2, 0x3}, {0x4}, {0x4, 0x5}, {0x1, 0x6}, {0x4, 0x2}, {0x6, 0x7}, {0x4, 0x3}, {0x3, 0x3}, {0x3, 0x2}]}]}, @NL80211_BAND_60GHZ={0xe0, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x3f, 0x2, [{0x0, 0x5}, {0x6, 0xa}, {0x5, 0x3}, {0x1, 0x1}, {0x3, 0x2}, {0x3, 0x4}, {0x0, 0x1}, {0x0, 0x8}, {0x2, 0xa}, {0x0, 0x8}, {0x7, 0x7}, {0x0, 0x6}, {0x1, 0x5}, {0x0, 0x8}, {0x2, 0x6}, {0x7, 0x4}, {0x7, 0x6}, {0x3, 0x9}, {0x0, 0x3}, {0x7, 0x8}, {0x2, 0x4}, {0x6, 0xa}, {0x7, 0x7}, {0x2}, {0x2, 0x8}, {0x7, 0x4}, {0x6, 0x7}, {0x1}, {0x1, 0x8}, {0x4}, {0x5, 0x3}, {0x0, 0x2}, {0x6, 0x4}, {0x4, 0x8}, {0x4, 0xa}, {0x7, 0x8}, {0x6, 0x1}, {0x7, 0x4}, {0x6, 0x5}, {0x1, 0x3}, {0x2, 0x4}, {0x6, 0x7}, {0x6, 0x3}, {0x6, 0x4}, {0x1, 0x4}, {0x1, 0x2}, {0x1, 0x2}, {0x2, 0x7}, {0x6, 0x4}, {0x5, 0x5}, {0x4, 0x2}, {0x7, 0x2}, {0x7, 0xa}, {0x6, 0x9}, {0x0, 0x5}, {0x1, 0x6}, {0x1, 0x4}, {0x0, 0x5}, {0x7, 0x3}]}, @NL80211_TXRATE_HT={0x37, 0x2, [{}, {0x6}, {0x5, 0x1}, {0x0, 0x5}, {0x1, 0x3}, {0x6, 0x1}, {0x2, 0x9}, {0x0, 0x8}, {0x7, 0x6}, {0x4, 0x6}, {0x0, 0x3}, {0x0, 0x4}, {0x5, 0x8}, {}, {0x6, 0x4}, {0x7, 0x6}, {}, {0x2, 0x9}, {0x1, 0x4}, {0x5, 0x6}, {0x5, 0x9}, {0x1, 0x4}, {0x6, 0x8}, {0x4, 0x1}, {0x3, 0x2}, {0x4, 0x3}, {0x6, 0x6}, {0x4, 0x1}, {0x1, 0x2}, {0x7, 0x9}, {0x3}, {0x6, 0x3}, {0x0, 0x2}, {0x1}, {0x2, 0x6}, {0x0, 0x1}, {0x1, 0x1}, {0x4}, {0x6, 0x8}, {0x4, 0x9}, {0x0, 0x3}, {0x3, 0x7}, {0x5, 0x6}, {0x0, 0x8}, {0x1, 0x1}, {0x1}, {0x2, 0x7}, {0x4, 0x3}, {0x5, 0x3}, {0x7, 0x8}, {0x2, 0x9}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x30, 0x4, 0xc, 0x30, 0x60, 0x60, 0x30, 0x2, 0x4, 0xf]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x84, 0x7, 0x9, 0x2, 0xcc00, 0x4, 0xfc00]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x8cbb, 0x0, 0x3ff, 0x4, 0x0, 0x4, 0x7f]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff8, 0x95da, 0x6, 0x0, 0x3, 0x1f, 0x0, 0x4]}}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x5, 0x5, 0x24, 0x3, 0x60, 0xc, 0x48, 0x9, 0x6c, 0x16, 0x1]}]}]}]}, 0x428}, 0x1, 0x0, 0x0, 0x20000880}, 0x800) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000ac0), 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x30, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {}, {0x14, 0x18, {0x7, @bearer=@udp='udp:syz1\x00'}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x2010000}, 0x4081) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000bc0)={r0, 0x8000, 0xc709, 0x80}) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000cc0)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x34, 0x2, 0x3, 0x5, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x18}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x80000000}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x40}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x80}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x20004044) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d40), r1) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r1, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x20, r2, 0x8, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffffaa7, 0x16}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4088080}, 0x4080) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000e40), 0x101000, 0x0) sendmsg$TIPC_NL_MON_GET(r3, &(0x7f0000000f80)={&(0x7f0000000e80), 0xc, &(0x7f0000000f40)={&(0x7f0000000ec0)={0x48, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x34, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(0xffffffffffffffff, &(0x7f0000001080)={&(0x7f0000000fc0), 0xc, &(0x7f0000001040)={&(0x7f0000001000)={0x14, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c000) ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f00000010c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f0000001200)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000011c0)={&(0x7f0000001180)={0x20, r2, 0x200, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x1) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001280), r1) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000001300)={&(0x7f00000012c0)={0x3c, r6, 0x10, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x8001, 0x54}}}}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x8, 0xcd, [0x7e01, 0x81]}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x18f}]}, 0x3c}, 0x1, 0x0, 0x0, 0x840}, 0x800) 00:37:16 executing program 5: r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) write$9p(r0, &(0x7f0000000000)="9ad43886fc4cbc9614c011013ef8be5c44d2a0340398e2f08a10d3212eb57605b280dcdf45e279ddf9c42742ab32db077af3c36513e842b5d2901b8fa2ceb90e968c2c9f34fa9cd0092aa87f58568c93772b3a454b98c9a1bab0bd9be39e5d747519c82b3dfc9f543dd53e80dd54faa74e68d3f5a1a81ff91f024c93bda358", 0x7f) fchdir(r0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000006, 0x12, 0xffffffffffffffff, 0x8000000) r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000000, 0x80010, r1, 0x10000000) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r4, 0x80, &(0x7f00000000c0)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x3}, 0x0, 0x0, 0x1}, 0xf0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000180), 0x101500, 0x0) statx(r1, &(0x7f0000000200)='./file0\x00', 0x4000, 0x7ff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) quotactl(0x800, &(0x7f00000001c0)='./file0\x00', r6, &(0x7f0000000340)="2faacd614f72bfd8e22d6f7a6c90abf11bbe7e516c2074d3b0c76a85b4299bd0456bf2302b56a4172c1ea010eb5bfc35b45518567f64c95ba8ae11a1994252a4286d80af9799c7adf3e38ae211fbe7b8e2be17a45c0075d2ba2f96aa8cffca5287c27c15d1e7a6decbb9e4720dbb03112cde9e0bb62ef3e110b1153291014754bc5c2df0a43a7183cb37542d5d2e7f20880dcbba5f1914") ioctl$BTRFS_IOC_TREE_SEARCH_V2(r4, 0xc0709411, &(0x7f0000000400)={{0x0, 0x8, 0x101, 0x2, 0x4, 0x7fffffff, 0x0, 0xfffffff7, 0x80000000, 0x9, 0x7, 0x0, 0x8, 0xfb, 0x6}, 0x18, [0x0, 0x0, 0x0]}) write$binfmt_script(r4, &(0x7f00000004c0)={'#! ', './file0', [{0x20, '\xaa\xaa\xaa\xaa\xaa'}, {0x20, '),\'$!{}[{-\xe3(#'}, {0x20, '@**(]\x00'}], 0xa, "a8b8cbc8162957be5c88b8ed81b2d69ddb3595b37d54d0c54f3eb3a56466c257de6096dc833fe7073251da35225a10a0e80c075a5297a573b65fed6145101141b59fe23608468b0e857f7587dc5077dd9a10f6770deb8b88d9cff840511d599b2b1f74c6e30a3b3d6e0faa71310b209956662eae92deb81b3dba2934759216a3cdf0e5f880762c55beaa83747ff10c547f666c875aff8887c8c41c7310e8f74f61ea3ba3296f028d67f72a8afaa41a44b011111c72681a3c7a6f47ab94303d6d907ad46eca0f5102b75783a441e6a6b24758a8fda98354951f3ffc4851adb5795de332b16a5eb9"}, 0x10d) rename(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)='./file0\x00') io_uring_enter(r1, 0x7b6a, 0x1a20, 0x2, &(0x7f0000000680)={[0x5]}, 0x8) syz_io_uring_submit(r2, r3, &(0x7f00000006c0)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, r5}, 0x81) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r4, 0xc018937a, &(0x7f0000000700)={{0x1, 0x1, 0x18, r4, {0x3f}}, './file0\x00'}) recvfrom(r8, &(0x7f0000000740)=""/84, 0x54, 0x40000042, &(0x7f00000007c0)=@hci={0x1f, 0xffffffffffffffff, 0x1}, 0x80) statx(r5, &(0x7f0000000840)='./file0\x00', 0x4000, 0x10, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f0000000980)={{0x1, 0x1, 0x18, r4, {r9, r7}}, './file0\x00'}) [ 72.651720] audit: type=1400 audit(1665103036.868:6): avc: denied { execmem } for pid=286 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 00:37:16 executing program 4: sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x300, 0x70bd26, 0x25dfdbfd, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0xc040}, 0x4008880) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x3c, 0x0, 0x4, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x9}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x1}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3d}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x5d}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x40, 0x0, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16d5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x182}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x60}, @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x80}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, r0, 0x100, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x14a}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040010}, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_MPATH(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x80, r2, 0x200, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x20, 0x39}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x80}, 0x1, 0x0, 0x0, 0x20008050}, 0x24000804) sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x28, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x8c0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000880)={&(0x7f0000000780)={0xd8, r3, 0x10, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x1, 0x16}}}}, [@NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac=@device_b}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x8}, @NL80211_ATTR_SCAN_SSIDS={0xa0, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}, {0x24, 0x0, @random="5eecf155a3f7a13017e2cbd676d38b5800bf57b9118403d3f0e4c822d84d994a"}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ibss_ssid}, {0x23, 0x0, @random="37c70ced8e94ba06e6f1a22d99379c12435c2a2ad685d9c7d4743dad3b794f"}, {0xa, 0x0, @default_ap_ssid}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}]}, 0xd8}}, 0x4004000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000009c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x8}}, './file0\x00'}) sendmsg$IPCTNL_MSG_CT_GET_DYING(r4, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x10800}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x3, 0x0, 0x6}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000000) r5 = signalfd4(r4, &(0x7f0000000b00)={[0xffffffff]}, 0x8, 0x80800) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000c00)={'syztnl1\x00', &(0x7f0000000b80)={'ip6_vti0\x00', 0x0, 0x4, 0x7f, 0x9, 0x8, 0x8, @remote, @rand_addr=' \x01\x00', 0x8, 0x7800, 0x5}}) accept$packet(r4, &(0x7f0000000c40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000c80)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000cc0)={'batadv_slave_0\x00', 0x0}) sendmsg$TEAM_CMD_PORT_LIST_GET(r5, &(0x7f0000001240)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001200)={&(0x7f0000000d00)={0x4d0, 0x0, 0x400, 0x70bd2d, 0x25dfdbff, {}, [{{0x8}, {0x254, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xf2e1}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff3d0b}}}]}}, {{0x8}, {0x1a0, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x7c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4c, 0x4, [{0x0, 0xab, 0x8c, 0x3}, {0xc, 0x9, 0x3f}, {0x8, 0x2, 0x20, 0x6}, {0x7, 0x7, 0x5, 0x3}, {0xedc5, 0x6, 0x4, 0x7}, {0x2, 0x2, 0x7f}, {0xff, 0x80, 0xf0}, {0x7, 0x8, 0x81, 0x3}, {0x7, 0x8c, 0x9, 0x7}]}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xffffff00}}}]}}]}, 0x4d0}, 0x1, 0x0, 0x0, 0x20000000}, 0x80c0) lsetxattr$security_evm(&(0x7f0000001280)='./file0\x00', &(0x7f00000012c0), &(0x7f0000001300)=@v1={0x2, "614e185ae3e39ab4c0a5dd"}, 0xc, 0x1) connect$packet(0xffffffffffffffff, &(0x7f0000001340)={0x11, 0xfe, r7, 0x1, 0x8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x40}}, 0x14) 00:37:16 executing program 6: sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x100, 0x70bd27, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc480}, 0x80) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x54, 0x0, 0xb, 0x401, 0x0, 0x0, {0x7}, [@NFTA_COMPAT_NAME={0x7, 0x1, ')\'\x00'}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_COMPAT_NAME={0x8, 0x1, '-]\\\x00'}, @NFTA_COMPAT_NAME={0x5, 0x1, '\x00'}, @NFTA_COMPAT_REV={0x8}, @NFTA_COMPAT_REV={0x8}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_COMPAT_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x90}, 0x4) r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000080}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x74, r0, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffa88356a9}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xc0}]}]}, 0x74}, 0x1, 0x0, 0x0, 0xc000}, 0x40011) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x3c, 0x0, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10008800}, 0x0) sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000680)={&(0x7f0000000500)={0x154, 0x0, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x80, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x36}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7cd}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x4b}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x800}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3f}]}]}, @TIPC_NLA_MEDIA={0x10, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6abe2fa6}]}]}, @TIPC_NLA_BEARER={0xac, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x800, @empty, 0x7}}, {0x14, 0x2, @in={0x2, 0x4e21, @local}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffc01}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}]}, @TIPC_NLA_MON={0x4}]}, 0x154}, 0x1, 0x0, 0x0, 0x44010}, 0x4000015) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r1, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200080d1}, 0x4000810) r2 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000940)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000900)={&(0x7f0000000840)={0xbc, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x80, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4084}, 0x8000) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000980), 0x2840, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000a80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x1c, 0x0, 0x20, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8}]}, 0x1c}}, 0x20000004) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r1, &(0x7f0000000b80)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x20, 0x0, 0x2, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000021}, 0x4000044) r4 = creat(&(0x7f0000000bc0)='./file0\x00', 0x22) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c40), r3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000c80)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_STATION(r4, &(0x7f0000000f00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000cc0)={0x1d8, r5, 0x8, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0xd8, 0xbe, "8a293970e92ee6bf8084049a936e4d1fc3c4726a2fb498f921385d1c66089f5a9c4adc64d4e3da51d2eb39c1fdc5ffe8ee2c4efc216694f1ca66accb4486de08c09773e57c209985cf05de2848f85cf355bfa300526d243dd768977d2c4d3a3d96edce30992219a58b95d051f9636ea5e3899ee8120c6f3a5638448f132d80f88a62e6734a32f63fdb2f42c5762bb6e3bb93ae978771509bfadee3e95d5ddd7bc81470fa6183ae7e204357d31dbe4cf8caf0af360ee5a08dcd09d85c153dafb3e37df088796fb631090652d505bb425f4ef3684d"}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x12, 0xbd, [0xba6a, 0x9, 0x4, 0x3fef, 0x7a20, 0x5, 0x0]}, @NL80211_ATTR_STA_FLAGS={0xc, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_AUTHENTICATED={0x4}, @NL80211_STA_FLAG_TDLS_PEER={0x4}]}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x6}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x93, 0xbe, "cd671f544f609c63e7be68eb750099cbd5f5dc8872a182f3c96920998f23eaed1bce3ad13d58ffa0da8292a55f19a7ff2164fa12895ea5334061b6347c9f45a1eb30c787e37f4ce10a257b439969e38c5d55d3dcb33dba4f99909560e0ef6a9a3a17175f64c9fdfe33f7d298c02e59801acfab4eeb03dcd457ac4f449f96ae8cf805b34319d557c4f783f6247c815d"}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x6, 0xbd, [0x3]}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x5}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r4, &(0x7f0000001040)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001000)={&(0x7f0000000f80)={0x44, 0x0, 0x600, 0x70bd27, 0x25dfdbfe, {}, [@ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0x4}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}, @ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0x9}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004081}, 0xa3275f112202ed9a) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_LISTALL(r7, &(0x7f0000001240)={&(0x7f0000001080), 0xc, &(0x7f0000001200)={&(0x7f00000010c0)={0x110, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0xb0, 0x8, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfc}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x12f20d17}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3e60c73c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x225a4965}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x50690462}]}, {0x4c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x91}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74bcdef0}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x5e}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2f5a42f8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6cec43c1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x8c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x78088c33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x645b14a0}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x75}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x8f}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x695bb1de}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5cc9c95f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x65}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x110}}, 0x800) 00:37:16 executing program 7: ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000000)={{}, 0x0, 0x4, @unused=[0x7fffffff, 0xfff, 0x3ff, 0x9], @subvolid=0x5}) r0 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000001000), &(0x7f0000001040)=0xe, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001140), 0x800, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f0000001180)={{r1}, 0x0, 0x0, @unused=[0x81, 0xaef, 0x0, 0x1f], @name="409a5ef765284dbb72d39e34e79352c28f279ffd349e6f1ff068ce9fd486772be7515a1925122924f51ee7664becb2a64474702953126803e513fdb8d4f3229526f0d5f4c8e65312f40f0724759e92390069c107d4fd61ccedd61546688b2f2145ffb87ab519071f3b4bcd4ea3dafb20105bb00082380ced94f8b7829dbbe436ac08ffc527dd18d2d44d9ada736b78941602748ec8998c3f4ac08ec8e5749a89d73ff6e7b3275d7ce30cc74701eb584a0e11c7463a6411c972e633bc74b17bb9caa7a06f92f87e6806921b57d30257e0eeeaf2d49f646e2237df102fc2f8c25459eac5f16918eb6847d99a419c24a6a74d6679bbac59a5abcf9971b4f035ca643600f00923843864f9bc638e402243bb03b58a74c1e348a4bd2ee795b05e4fe4068e7ff6cf31ebd4c904f43c8aac151f62bb552444099f56106a8e96d2f1718081af21fca61db33363809a158abc15a15933f1df9b310d2a710fa5f369b1266bcc0f367260b2be36843f4b723ece8d3f45548041291eda878b52c0fefcdba0cc090fb194a161c48d23e8e80193b9ba17b11bff2b1371e1686e467f50a50f8507f1907ee1f572b2bf961f037e63100101f7ea9468ee6bfe4eef3602ed7da711bf5ddf6395a0c1c594e7e1d3d522db20f785c662fa38605438fadeae7d1beafdd70d267da5a1407c560c94c50f41a5261a2934a836226fbbf3d77e9b13fa36a065840a7299d3746187228b1b150b90bb31fd74b5c0eb31c380a85fd14287f5a8f3811c78638e8b0458bbab331de8f9ba07205dd0b40a2073af234089d93a8032239d13b9c07a5c840a65c925cbd3473c38b309d238d1b4f9b21f8e7622759dd9563bb82b5708e9ec7ffe0f448c86bb73b6936c0d6a10cfd2af9e53df20f9b5fa74919f6da5545343d0a572b80bebae82e441793904a60a64aaa120a0bdf4b64fe1088610c8116784d577766af4ee37498571b39853df563ea095ab656b0992324600af654a81f58a3a9abd84a6c779c7221b0ddfe6cdadaf5a8c9e6370900612cc00848b8ad75133298695b921e9937f13d982b5463f2d7fc6169a5cab83dc2ffe5a1f1c5c5e80eb9fff9fc69cff5380ae764c50adfde43ed36d56488fc7864985d99ee448b86999ca13c3b6a445dfd596de74f117c7fdad3c38ccdbf516aa4d14f1e64f3acdf688ba88be8126fde0287f8916cf6519200853a4d77d16019dab7239a313f5bc0a18f36f821db645b958dc0cc62cec3a508ea9aee5a5f4ead6a07a441262dc9bfca49cb4928f69cd0ed45d30e6c3b1aff3a9533a33098bfc5c2f03946275e0225a3ec72a3b362b7a0a57a915f966acf91f92f5e51d69d3a515a31594a725f8069e8dc3dfe11ea33a96d2779b81f08e695b7c158c5abc81816845d032cca28147923bd242759ff62a4b1ec3e800af9ffcb9b9a26f05e65f316e9b70a45864aab8f1ed16e51a18bfbb84dd26e8ee870ac75ccedbd6028c44441113de8ed9e1f16ec37925b4402c6b6be77ece4c3c981da80da194a8c141d28f42b6e3bd5c1992584454b9d0fddb1d9b3cc476489a1d72a989e9603923d17c5c9e46ac89fcb0a2da7ba72bdfbfec89a6bccfa9e7ee64fe26808bc05241c5a4acedaddaf9852abb783fa94955e1028deda5ddc1d815c76dfc0fabc8dc3d6ccae9ff327170e9a63e0e34fe0f1c60ffdcd23994e20c669a46941c0d5d56a05eabc85361936140516f95e59e90052aa9f08f19cb3681a11136c8d84d2b16bf011759340b6317082744e1ac2c22884565a72f044d86496bd1498cac3cdcf3e23394ad792c264af9c8c106808f3118daf9d4977af30c243cab4301f79183c14b862251eecbded64d3909ff529668995aa854bd0b332eec6ec0af9e1d1d06c418b1bc717db47e53d7c6706edb37282962e32b660e56906573a258c0d80a6b542da85ef9cb3a1f9665f67bf29528e9ffffc0d1cfdd4cbcf9d9a9ad86194e1582274fb310f042a947cb371d67bf4a9e8409e50a8482848b4eea9cf2b8257be11630d718373bbacfa7274f946385ca33865d636aaa127ebb883f4fbf5f1687a2e69a76007a7eaccd861f5b5751ac0f7de07357a36521306d598d2d8bbf238f4c76aa1f94c630941048e47ead326d7401bea628ce262d913b49dbbad6388aff665691d062045e07e1e9be4bf4a4ca736718290dad9f05224120b1a5c2e09976744e81ae9fea3a9088b34935b1e18eba7164e0efc0b824656760c6dba2657b6823c255db2abd02dc65fb8ef00741d9ef5f7b640fdb0890409d7f0377c329287da62d0fc11599017ffae9c91d5b4aaeeef0856cec64e3d7f1230e1d6fbdd8c170feec8c4304e2e2bbdb96dacb1771003f0356ae92ba9b8ebf8ee5dfe8df2b0954f360c5db754d3a6542e8677df4360cde4bdef24d7355fcb20369c49af91d4de5035758dac008f0be07b838e22a3a06426761d3231dbd4a2793bcea1e81d8dc6c61bea518039012fb29f28448a5ca686de42e78370d3aa4f16d250f527bbcdd35513f2b7012ce589f0225f019c90a36991cc7556ea39b984014478405df10b128ca0876d4d6010098838171203aa87e2a7b9ff8713db9b571122ac580fe8a2fbad03066f748f5c3877c70870bbd4f919ef06828fc0b2e0a8925d1ccd87cb37eb6e342aef8bc5434b68b9648c47e44b959968027e4588f8d0ea336950d1f52dc31b03c0b8e3e52afb5c77047276f106f2a095995e001101611a749568a69358e06031b076b0437500d1366ac5057bb62317e5644f04284a3cbcbb58ac03ecc417732788751473e901b48685f3f8c8e4637e5031829aa9d55adb8e161e66943891bc48eb187330efff36e5ef3088641227bf06ba4b09c86159e49138f7601ca464a841506916f48f473989474a4b6008611bcafa3951b244c14284275af79e092d980b63d55e9214766c734a3dc578c202f083d60193af8316df211aefddf5e37cba026be8c386d4ec5b9f7a872b36bff31787659351e7687ffd1572b5e44474ff7f482398a006a36eb73e41cc17c4727e6ce0c505c97c17776d73c3c0aa417ba2ea8172fc7ce932016c2ed6c47efad0c4d96902bcc4762b716158e4cea8ceb7892ed5f35bf9e03ec7c0c36395dcc4325ee82672ae2739478ed8c16dd6f797f39095f8e17598a43039eb594d2e50becbb31fd9f65eb341e30b32966d71d174eff452371471d0c8c59304492ac795769828c7272216b22c2cd8ed94e47d3348f9616dcb64619fdd7eb5786b19183ac0ea9922976627ae76bfbf7dd5c2e6ec203e68a691489649e0ce353cc60249fea7f22fa3b53da5b133448da23b25224b434f882edae5664aa4cf35b60765a54c848cc1bfa195dcbc6dd5fbbeac949242f90a15071a3e76c0377168924c171f4697be16bbe49f1dc2599ab4a33f8eafcd22e6ff1ee45e1275d985afaf8495c77b3234136cda0896c8084043241876e6ad11f67dc7efc8874c10bea34869d9a0a391d8968fb155b40eea88d124ed90eb6114afa08313160e737a84b0384d5da5bb433d8cf8a867270e91851a7d54aa2f138e71e6b6d082ea43de4d4f724708d472d8678089eb852482d239d007a9a1d16aee66f86a879de26a273d0e1f5859e9f8e96c1146c21a7889da1a3b60c1072cf50ed85dc0bb0c7aab97786435f3c9bbbfc083acb8e813e3301f3ba9b352e478de2749be788ecda0e691227b63917bad866d7afe9ed915ef2eabfea3c6eefec5b1f0e93503101aacc14bb50f7505f6dff24b5a25dff143902914f8c3ecc9971ead4fc546222fc9fdafd6d00727ed6d44188f25d782f4e5e1b1f8f054d0ca7463cd5eaeee15c8c2dc1dacf4abe29e9fa21d5d150e053d832a7eb480abb8cb2fbde5288147deb34a05caa249401f66a9a8afd3831c814818df8a9ae1f233fc0df7e736e6181e6b94e41040a2e13954191919f4435b5fb99d47606f5faea86715a1932a6196667d478f04c1aa0aa36b3f8e959d3d4f1eed35b51bb1a615cf7d2f5181ec8a020a2847a31cca13f584bdff67dbc0b1f827c709bfcc9e92ab0aa375ab30afb4d5e3cd59e4bc05a23fe2ee2a79ef665010d5aaa57fdd037a1010481eaee68fced8ca034ab5ccad51771ee00739969c8a0bcc7937b91380fb22d537fcd2f030b400b728879d70e74a3589ef0385b6af7f68fb5fd57b20f45482424d0fb887581754b2685b2096712ea66c466fb0e85a206e9fab957f49e398a3588730d29b27721c1833a44351e01d22e7cfda6645933f3d3c7dc11c6f6556ec7f9e1676cb86d2a200ef5a8eb9004a8176c9c3792a1b4a42e217026cec5093d6f9b03ab62b00720b4b2840e9681f0298187207b9436bb0e147cc3146798da2cee83456a0a3453dc05234ebb93fa071ee532d12eaa4bf7972aa715f564491e4814a2edd12e65da778c8baa14d9e09de14f20377e883a8304ec168e1ecc6e5e5b9d984bf8568566eca98738d1fa70a0189687a220798529115aad47bd48fe6d8c238260cfc486efa5ab6d8e3e3409be53116aef3bca383ed6ce8cb0bc7acac810d986e67e1bd006de7f7c8f0bc0c536fc813bdea9625f256a62dc85789cc9524f5955b0c11a1d18f337eaa5866cafef31da94f57232df54d420d6bd3cd585aa3f9ec8ede87b60ad9616cf66b70f33f7c8ed9ecd22ef5e16e5596e6c10c87b9651b4beb3d90d7d909600bb4e31019e0fc767599525813401e7748ce42bf9de8bacb53383ffcd1c4b38fa491c20bf8c2cdb23591dcf6842651cf087b1476441192a5da61150a118ac787ee4f556f96e7832de56337f70739a8f732660201bcedb8867c07b50b02e53e96cc08f7e6ae60f089251913452295958da7de28a8d15d1fd0f697cbb3f41254ab3df28788ae93dc6d70378dd8bd0a572211c098a071e346efd48c4a245c6869c12a32bfc7cd5eec63ebb2e857581d1133829d48cdcf86738010326cd115e4db10b9787e14272e0c33d59c94a2be3bdd5bacb6637be7c611d84596225763d205f47a94f944b4a2803de8e01495273563d4b132719c6547b1becbd9a559870d3610bdf217678da65fc151bb9c25eb0837991ba1342d03b28444fda67bfd7f855c36baed1194afab0ba28b3dae85801101e00d65ae21715faf4d504c08a88d56d852ae6309cd869e93197fadea4f255bddb9aee0ac41c02ace8cde101963077934e41f734f6a20cf75d10883c0f876b3d676530d5f6174513fe8cd7bc9b68a6055f7b293875849433b72fe197260637d950f2c8d48cc2a8325268c5d4a742664732fdcc30e26ba4ff838f34c74cdcc8cb72b3a1c2f86bdb318c5f8ab3840adb6d7b9a70fbcefd7c10fdbfa424a0533a6fa75f5254d0e0b0fe04459d298dd01a89694249099b407dcf728874942d5eb414eeecf866ca5f145b018ac40d1d195851d5b9db1fe8dffd51fd56cb67fcb4bddb363d9157be3fcb2abe52c6dcd4df76a3bb6437417ff2c06c03d9454d9a9f2bcd769928eaa79ef5394e83159b5648069726ee668d69160edde893a227b0e89ebac7f497f6f8176eba9eef4bd3ec2182ecbe96e9200c622bca1342630783ca315f07da25232dd52db8ad919388092cd2a437b18251948243203658a9a624decec2f6e72c719db79ebf915d4131393fb2b05735e81fcefb3bda10a89c45451addf5ba595eed4cb1462d67440b85777b30b2383242202cde7ae3c3def1bf05ae643448f97d"}) r2 = accept$unix(r1, &(0x7f0000002180)=@abs, &(0x7f0000002200)=0x6e) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000002280)=0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000022c0)={{{@in=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@private0}}, &(0x7f00000023c0)=0xe8) r5 = getuid() fsetxattr$system_posix_acl(r2, &(0x7f0000002240)='system.posix_acl_default\x00', &(0x7f0000002400)={{}, {0x1, 0x4}, [{0x2, 0x7, r3}, {0x2, 0x0, r4}, {0x2, 0x2, r5}, {0x2, 0x4, 0xee00}, {0x2, 0x4}], {0x4, 0x7}, [{0x8, 0x3, 0xee01}, {0x8, 0x2, 0xffffffffffffffff}, {0x8, 0x4}, {0x8, 0x6, 0xee00}, {0x8, 0x7, 0xee01}, {0x8, 0x1}], {0x10, 0x6}, {0x20, 0x4}}, 0x7c, 0x1) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000002480), 0x2, 0x0) openat(r6, &(0x7f00000024c0)='./file0\x00', 0x4a0000, 0x0) r7 = fsopen(&(0x7f0000002500)='xfs\x00', 0x0) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r7, 0xc038943b, &(0x7f0000002580)={0x5, 0x20, '\x00', 0x1, &(0x7f0000002540)=[0x0, 0x0, 0x0, 0x0]}) ioctl$FIONCLEX(r2, 0x5450) ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r2, 0x8010671f, &(0x7f0000002640)={&(0x7f00000025c0)=""/65, 0x41}) r8 = syz_open_dev$hiddev(&(0x7f0000002680), 0xffffffffffffff62, 0xb0003) close(r8) r9 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000026c0), 0x400040, 0x0) pwritev(r9, &(0x7f0000002900)=[{&(0x7f0000002700)="4c3afe3cbd97967eeda83f6160b4bb291eb1b38e4a5f3a44c20a49968ef2a153de6262d46bf6fcc2c4e7a263e00b9b757b778865cc9861c91ccdb4124885d310e1b8c140bfa25f2808a67bbb2533664c0f679bba660bf92dfea71cb6065dd5bb2abd115634d0788a47df88ef499aba9dbc7b9328d11941be6bf66eaaaadde2cfaa1edca9e4eb3338a2184b13ff5f0b290fc962fb197be020809b115f02e86402de85e21f3c8787fa152455f88946e881efd9a194b72ce376ecb893545f85f6834034f310ab305789006538ee305504014f70c0052a", 0xd5}, {&(0x7f0000002800)="0658aeec8cd97ba11f246b9781b37ccb5eaec8133f8f0168546925e6863c266d4063b4a6758a2655dea586638ffd2e8585afece4c103ca96066cc96654d9a89e368bf49de82b23bb25718fa4eb87cafe1c81955eb678afd744a55b7ab2ef55ea8b642b859ef68bef340ca0520cf99021ebd9cc7ab85e9242e45e2392fa69b091c4ada2f935cf5f57939ad7b5a80f2ed7a91e9be76cb29d43e4afa5f2b6a04c589584d12cfd55ff234739b38962ea4d70b8b64a5b87c2a62bd54bee333520d157c89fa796593f0c46fab7ed0aeec3ae55de2ec748128f3df45a87291f0fbda294ddcdbc6d61927f20f3e152112f52b80b21a07b43c691", 0xf6}], 0x2, 0x1, 0x3) fsetxattr$system_posix_acl(r7, &(0x7f0000002940)='system.posix_acl_access\x00', &(0x7f0000002c40)={{}, {}, [{0x2, 0x2}, {0x2, 0x1, r3}, {}, {0x2, 0x0, r5}, {0x2, 0x4, r4}], {0x4, 0x4}, [{0x8, 0x4}, {}, {0x8, 0x3, 0xee01}], {0x10, 0x4}, {0x20, 0x1}}, 0x64, 0x3) [ 73.911108] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.913621] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.915667] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.919383] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.921777] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 73.923679] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.928625] Bluetooth: hci0: HCI_REQ-0x0c1a [ 73.950032] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.952687] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.954082] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.957499] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.962243] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 73.963590] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.974545] Bluetooth: hci1: HCI_REQ-0x0c1a [ 74.044191] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 74.045703] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.050518] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.051521] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 74.053317] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 74.054446] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.056703] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.066114] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.067051] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 74.071379] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 74.072398] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 74.074399] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.091481] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.097267] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.098458] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.106581] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 74.107876] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 74.109292] Bluetooth: hci2: HCI_REQ-0x0c1a [ 74.110248] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 74.111683] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 74.112588] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 74.113944] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 74.121243] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 74.122400] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 74.123243] Bluetooth: hci4: HCI_REQ-0x0c1a [ 74.124266] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 74.124401] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 74.126663] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 74.127869] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 74.137814] Bluetooth: hci7: HCI_REQ-0x0c1a [ 74.140484] Bluetooth: hci6: HCI_REQ-0x0c1a [ 74.162950] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.169239] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 74.170760] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.180571] Bluetooth: hci3: HCI_REQ-0x0c1a [ 74.183772] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 74.189496] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 74.190896] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 74.231471] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 74.236028] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 74.241317] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 74.255091] Bluetooth: hci5: HCI_REQ-0x0c1a [ 75.993327] Bluetooth: hci0: command 0x0409 tx timeout [ 75.993343] Bluetooth: hci1: command 0x0409 tx timeout [ 76.185152] Bluetooth: hci7: command 0x0409 tx timeout [ 76.185847] Bluetooth: hci4: command 0x0409 tx timeout [ 76.186384] Bluetooth: hci2: command 0x0409 tx timeout [ 76.187392] Bluetooth: hci6: command 0x0409 tx timeout [ 76.249081] Bluetooth: hci3: command 0x0409 tx timeout [ 76.314100] Bluetooth: hci5: command 0x0409 tx timeout [ 78.041029] Bluetooth: hci0: command 0x041b tx timeout [ 78.042117] Bluetooth: hci1: command 0x041b tx timeout [ 78.234084] Bluetooth: hci6: command 0x041b tx timeout [ 78.234490] Bluetooth: hci2: command 0x041b tx timeout [ 78.234852] Bluetooth: hci4: command 0x041b tx timeout [ 78.235262] Bluetooth: hci7: command 0x041b tx timeout [ 78.298025] Bluetooth: hci3: command 0x041b tx timeout [ 78.362790] Bluetooth: hci5: command 0x041b tx timeout [ 80.089113] Bluetooth: hci1: command 0x040f tx timeout [ 80.089560] Bluetooth: hci0: command 0x040f tx timeout [ 80.281103] Bluetooth: hci7: command 0x040f tx timeout [ 80.281539] Bluetooth: hci4: command 0x040f tx timeout [ 80.281891] Bluetooth: hci2: command 0x040f tx timeout [ 80.282311] Bluetooth: hci6: command 0x040f tx timeout [ 80.346071] Bluetooth: hci3: command 0x040f tx timeout [ 80.409090] Bluetooth: hci5: command 0x040f tx timeout [ 82.138093] Bluetooth: hci0: command 0x0419 tx timeout [ 82.138518] Bluetooth: hci1: command 0x0419 tx timeout [ 82.329115] Bluetooth: hci6: command 0x0419 tx timeout [ 82.329561] Bluetooth: hci2: command 0x0419 tx timeout [ 82.329933] Bluetooth: hci4: command 0x0419 tx timeout [ 82.330342] Bluetooth: hci7: command 0x0419 tx timeout [ 82.394012] Bluetooth: hci3: command 0x0419 tx timeout [ 82.457011] Bluetooth: hci5: command 0x0419 tx timeout 00:38:11 executing program 1: clock_getres(0x0, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000000040)) clock_getres(0x2, &(0x7f0000000080)) clock_getres(0x3, &(0x7f00000000c0)) clock_gettime(0x3, &(0x7f0000000100)) clock_gettime(0x7, &(0x7f0000000140)) clock_gettime(0x2, &(0x7f0000000180)) r0 = semget(0x1, 0x8, 0x200) semtimedop(r0, &(0x7f00000001c0)=[{0x4, 0x2, 0x800}, {0x3, 0x2, 0x1800}, {0x4, 0x800}, {0x0, 0x0, 0x1000}, {0x1, 0x9b, 0x800}, {0x7, 0x5, 0x800}, {0x4, 0x2, 0x1000}, {0x3, 0x0, 0x800}], 0x8, &(0x7f0000000200)={0x0, 0x3938700}) io_getevents(0x0, 0x9, 0x1, &(0x7f0000000240)=[{}], &(0x7f0000000280)={0x77359400}) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000002c0)={0x9, 0xc5, 0x1000, 0x7, 0x9, 0x14fc000000000, 0x4, 0x1ff}, &(0x7f0000000300)={0x5, 0xfffffffffffffff7, 0x8001, 0x2, 0x5, 0xfff00000, 0x1, 0x4}, &(0x7f0000000340)={0x7acd, 0x1, 0x7, 0x8, 0x2, 0x6, 0x5, 0x1}, &(0x7f00000003c0)={r1, r2+10000000}, &(0x7f0000000440)={&(0x7f0000000400)={[0x4]}, 0x8}) futex(&(0x7f0000000480), 0x7, 0x1, &(0x7f00000004c0)={0x77359400}, &(0x7f0000000500), 0x1) clock_gettime(0x0, &(0x7f00000005c0)={0x0, 0x0}) epoll_pwait2(0xffffffffffffffff, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}], 0x7, &(0x7f0000000600)={r3, r4+60000000}, &(0x7f0000000640)={[0x1]}, 0x8) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004, 0x10, 0xffffffffffffffff, 0x10000000) r6 = syz_io_uring_complete(0x0) syz_io_uring_submit(0x0, r5, &(0x7f00000007c0)=@IORING_OP_STATX={0x15, 0x2, 0x0, r6, &(0x7f0000000680), &(0x7f0000000780)='\x00', 0x161}, 0x6) syz_io_uring_submit(0x0, r5, &(0x7f0000000880)=@IORING_OP_OPENAT2={0x1c, 0x5, 0x0, r6, &(0x7f0000000800)={0x400, 0x10, 0xf}, &(0x7f0000000840)='./file0\x00', 0x18, 0x0, 0x23456}, 0x3) mq_timedsend(0xffffffffffffffff, &(0x7f0000000900)="eab71ab23391b64be0243eee02ee2323e48a32420c1cab1505780c78db4f469ce101fd3a4d6543e161e96e86477b", 0x2e, 0x5, &(0x7f0000000940)={0x77359400}) 00:38:11 executing program 1: clock_getres(0x0, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000000040)) clock_getres(0x2, &(0x7f0000000080)) clock_getres(0x3, &(0x7f00000000c0)) clock_gettime(0x3, &(0x7f0000000100)) clock_gettime(0x7, &(0x7f0000000140)) clock_gettime(0x2, &(0x7f0000000180)) r0 = semget(0x1, 0x8, 0x200) semtimedop(r0, &(0x7f00000001c0)=[{0x4, 0x2, 0x800}, {0x3, 0x2, 0x1800}, {0x4, 0x800}, {0x0, 0x0, 0x1000}, {0x1, 0x9b, 0x800}, {0x7, 0x5, 0x800}, {0x4, 0x2, 0x1000}, {0x3, 0x0, 0x800}], 0x8, &(0x7f0000000200)={0x0, 0x3938700}) io_getevents(0x0, 0x9, 0x1, &(0x7f0000000240)=[{}], &(0x7f0000000280)={0x77359400}) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000002c0)={0x9, 0xc5, 0x1000, 0x7, 0x9, 0x14fc000000000, 0x4, 0x1ff}, &(0x7f0000000300)={0x5, 0xfffffffffffffff7, 0x8001, 0x2, 0x5, 0xfff00000, 0x1, 0x4}, &(0x7f0000000340)={0x7acd, 0x1, 0x7, 0x8, 0x2, 0x6, 0x5, 0x1}, &(0x7f00000003c0)={r1, r2+10000000}, &(0x7f0000000440)={&(0x7f0000000400)={[0x4]}, 0x8}) futex(&(0x7f0000000480), 0x7, 0x1, &(0x7f00000004c0)={0x77359400}, &(0x7f0000000500), 0x1) clock_gettime(0x0, &(0x7f00000005c0)={0x0, 0x0}) epoll_pwait2(0xffffffffffffffff, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}], 0x7, &(0x7f0000000600)={r3, r4+60000000}, &(0x7f0000000640)={[0x1]}, 0x8) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004, 0x10, 0xffffffffffffffff, 0x10000000) r6 = syz_io_uring_complete(0x0) syz_io_uring_submit(0x0, r5, &(0x7f00000007c0)=@IORING_OP_STATX={0x15, 0x2, 0x0, r6, &(0x7f0000000680), &(0x7f0000000780)='\x00', 0x161}, 0x6) syz_io_uring_submit(0x0, r5, &(0x7f0000000880)=@IORING_OP_OPENAT2={0x1c, 0x5, 0x0, r6, &(0x7f0000000800)={0x400, 0x10, 0xf}, &(0x7f0000000840)='./file0\x00', 0x18, 0x0, 0x23456}, 0x3) mq_timedsend(0xffffffffffffffff, &(0x7f0000000900)="eab71ab23391b64be0243eee02ee2323e48a32420c1cab1505780c78db4f469ce101fd3a4d6543e161e96e86477b", 0x2e, 0x5, &(0x7f0000000940)={0x77359400}) 00:38:11 executing program 1: clock_getres(0x0, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000000040)) clock_getres(0x2, &(0x7f0000000080)) clock_getres(0x3, &(0x7f00000000c0)) clock_gettime(0x3, &(0x7f0000000100)) clock_gettime(0x7, &(0x7f0000000140)) clock_gettime(0x2, &(0x7f0000000180)) r0 = semget(0x1, 0x8, 0x200) semtimedop(r0, &(0x7f00000001c0)=[{0x4, 0x2, 0x800}, {0x3, 0x2, 0x1800}, {0x4, 0x800}, {0x0, 0x0, 0x1000}, {0x1, 0x9b, 0x800}, {0x7, 0x5, 0x800}, {0x4, 0x2, 0x1000}, {0x3, 0x0, 0x800}], 0x8, &(0x7f0000000200)={0x0, 0x3938700}) io_getevents(0x0, 0x9, 0x1, &(0x7f0000000240)=[{}], &(0x7f0000000280)={0x77359400}) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000002c0)={0x9, 0xc5, 0x1000, 0x7, 0x9, 0x14fc000000000, 0x4, 0x1ff}, &(0x7f0000000300)={0x5, 0xfffffffffffffff7, 0x8001, 0x2, 0x5, 0xfff00000, 0x1, 0x4}, &(0x7f0000000340)={0x7acd, 0x1, 0x7, 0x8, 0x2, 0x6, 0x5, 0x1}, &(0x7f00000003c0)={r1, r2+10000000}, &(0x7f0000000440)={&(0x7f0000000400)={[0x4]}, 0x8}) futex(&(0x7f0000000480), 0x7, 0x1, &(0x7f00000004c0)={0x77359400}, &(0x7f0000000500), 0x1) clock_gettime(0x0, &(0x7f00000005c0)={0x0, 0x0}) epoll_pwait2(0xffffffffffffffff, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}], 0x7, &(0x7f0000000600)={r3, r4+60000000}, &(0x7f0000000640)={[0x1]}, 0x8) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004, 0x10, 0xffffffffffffffff, 0x10000000) r6 = syz_io_uring_complete(0x0) syz_io_uring_submit(0x0, r5, &(0x7f00000007c0)=@IORING_OP_STATX={0x15, 0x2, 0x0, r6, &(0x7f0000000680), &(0x7f0000000780)='\x00', 0x161}, 0x6) syz_io_uring_submit(0x0, r5, &(0x7f0000000880)=@IORING_OP_OPENAT2={0x1c, 0x5, 0x0, r6, &(0x7f0000000800)={0x400, 0x10, 0xf}, &(0x7f0000000840)='./file0\x00', 0x18, 0x0, 0x23456}, 0x3) mq_timedsend(0xffffffffffffffff, &(0x7f0000000900)="eab71ab23391b64be0243eee02ee2323e48a32420c1cab1505780c78db4f469ce101fd3a4d6543e161e96e86477b", 0x2e, 0x5, &(0x7f0000000940)={0x77359400}) 00:38:11 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() ioprio_get$pid(0x2, r1) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x30656, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x11108, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000001200)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0xee00, @ANYRES32, @ANYBLOB='n/file0\x00']) r4 = fcntl$dupfd(r2, 0x406, r3) getgid() r5 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0x0, 0xffffffffffffffff, 0x3) ioctl$AUTOFS_DEV_IOCTL_READY(r4, 0xc0189376, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="00800000f3ff000c2e2f66693f003100"]) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r6, 0xc0189374, &(0x7f0000000180)={{0x1, 0x1, 0x18, r5, {0x2}}, './file1\x00'}) write(r3, &(0x7f0000000080)="01", 0x41030) 00:38:11 executing program 1: clock_getres(0x0, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000000040)) clock_getres(0x2, &(0x7f0000000080)) clock_getres(0x3, &(0x7f00000000c0)) clock_gettime(0x3, &(0x7f0000000100)) clock_gettime(0x7, &(0x7f0000000140)) clock_gettime(0x2, &(0x7f0000000180)) r0 = semget(0x1, 0x8, 0x200) semtimedop(r0, &(0x7f00000001c0)=[{0x4, 0x2, 0x800}, {0x3, 0x2, 0x1800}, {0x4, 0x800}, {0x0, 0x0, 0x1000}, {0x1, 0x9b, 0x800}, {0x7, 0x5, 0x800}, {0x4, 0x2, 0x1000}, {0x3, 0x0, 0x800}], 0x8, &(0x7f0000000200)={0x0, 0x3938700}) io_getevents(0x0, 0x9, 0x1, &(0x7f0000000240)=[{}], &(0x7f0000000280)={0x77359400}) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000002c0)={0x9, 0xc5, 0x1000, 0x7, 0x9, 0x14fc000000000, 0x4, 0x1ff}, &(0x7f0000000300)={0x5, 0xfffffffffffffff7, 0x8001, 0x2, 0x5, 0xfff00000, 0x1, 0x4}, &(0x7f0000000340)={0x7acd, 0x1, 0x7, 0x8, 0x2, 0x6, 0x5, 0x1}, &(0x7f00000003c0)={r1, r2+10000000}, &(0x7f0000000440)={&(0x7f0000000400)={[0x4]}, 0x8}) futex(&(0x7f0000000480), 0x7, 0x1, &(0x7f00000004c0)={0x77359400}, &(0x7f0000000500), 0x1) clock_gettime(0x0, &(0x7f00000005c0)={0x0, 0x0}) epoll_pwait2(0xffffffffffffffff, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}], 0x7, &(0x7f0000000600)={r3, r4+60000000}, &(0x7f0000000640)={[0x1]}, 0x8) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004, 0x10, 0xffffffffffffffff, 0x10000000) r6 = syz_io_uring_complete(0x0) syz_io_uring_submit(0x0, r5, &(0x7f00000007c0)=@IORING_OP_STATX={0x15, 0x2, 0x0, r6, &(0x7f0000000680), &(0x7f0000000780)='\x00', 0x161}, 0x6) syz_io_uring_submit(0x0, r5, &(0x7f0000000880)=@IORING_OP_OPENAT2={0x1c, 0x5, 0x0, r6, &(0x7f0000000800)={0x400, 0x10, 0xf}, &(0x7f0000000840)='./file0\x00', 0x18, 0x0, 0x23456}, 0x3) [ 127.524592] audit: type=1400 audit(1665103091.741:7): avc: denied { open } for pid=3861 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 127.525943] audit: type=1400 audit(1665103091.741:8): avc: denied { kernel } for pid=3861 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 127.543640] ------------[ cut here ]------------ [ 127.543660] [ 127.543663] ====================================================== [ 127.543667] WARNING: possible circular locking dependency detected [ 127.543671] 6.0.0-next-20221006 #1 Not tainted [ 127.543677] ------------------------------------------------------ [ 127.543681] syz-executor.4/3862 is trying to acquire lock: [ 127.543687] ffffffff853fac98 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 127.543729] [ 127.543729] but task is already holding lock: [ 127.543732] ffff88803f665820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 127.543759] [ 127.543759] which lock already depends on the new lock. [ 127.543759] [ 127.543762] [ 127.543762] the existing dependency chain (in reverse order) is: [ 127.543765] [ 127.543765] -> #3 (&ctx->lock){....}-{2:2}: [ 127.543779] _raw_spin_lock+0x2a/0x40 [ 127.543792] __perf_event_task_sched_out+0x53b/0x18d0 [ 127.543803] __schedule+0xedd/0x2470 [ 127.543818] schedule+0xda/0x1b0 [ 127.543833] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.543845] syscall_exit_to_user_mode+0x19/0x40 [ 127.543860] do_syscall_64+0x48/0x90 [ 127.543870] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.543884] [ 127.543884] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 127.543898] _raw_spin_lock_nested+0x30/0x40 [ 127.543910] raw_spin_rq_lock_nested+0x1e/0x30 [ 127.543923] task_fork_fair+0x63/0x4d0 [ 127.543940] sched_cgroup_fork+0x3d0/0x540 [ 127.543954] copy_process+0x4183/0x6e20 [ 127.543968] kernel_clone+0xe7/0x890 [ 127.543978] user_mode_thread+0xad/0xf0 [ 127.543988] rest_init+0x24/0x250 [ 127.544001] arch_call_rest_init+0xf/0x14 [ 127.544013] start_kernel+0x4c6/0x4eb [ 127.544022] secondary_startup_64_no_verify+0xe0/0xeb [ 127.544037] [ 127.544037] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 127.544050] _raw_spin_lock_irqsave+0x39/0x60 [ 127.544063] try_to_wake_up+0xab/0x1930 [ 127.544076] up+0x75/0xb0 [ 127.544097] __up_console_sem+0x6e/0x80 [ 127.544114] console_unlock+0x46a/0x590 [ 127.544129] do_con_write+0xc05/0x1d50 [ 127.544141] con_write+0x21/0x40 [ 127.544151] n_tty_write+0x4d4/0xfe0 [ 127.544164] file_tty_write.constprop.0+0x455/0x8a0 [ 127.544177] vfs_write+0x9c3/0xd90 [ 127.544193] ksys_write+0x127/0x250 [ 127.544209] do_syscall_64+0x3b/0x90 [ 127.544219] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.544232] [ 127.544232] -> #0 ((console_sem).lock){....}-{2:2}: [ 127.544246] __lock_acquire+0x2a02/0x5e70 [ 127.544263] lock_acquire+0x1a2/0x530 [ 127.544278] _raw_spin_lock_irqsave+0x39/0x60 [ 127.544290] down_trylock+0xe/0x70 [ 127.544306] __down_trylock_console_sem+0x3b/0xd0 [ 127.544323] vprintk_emit+0x16b/0x560 [ 127.544338] vprintk+0x84/0xa0 [ 127.544354] _printk+0xba/0xf1 [ 127.544367] report_bug.cold+0x72/0xab [ 127.544376] handle_bug+0x3c/0x70 [ 127.544385] exc_invalid_op+0x14/0x50 [ 127.544395] asm_exc_invalid_op+0x16/0x20 [ 127.544409] group_sched_out.part.0+0x2c7/0x460 [ 127.544427] ctx_sched_out+0x8f1/0xc10 [ 127.544443] __perf_event_task_sched_out+0x6d0/0x18d0 [ 127.544454] __schedule+0xedd/0x2470 [ 127.544469] schedule+0xda/0x1b0 [ 127.544484] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.544495] syscall_exit_to_user_mode+0x19/0x40 [ 127.544508] do_syscall_64+0x48/0x90 [ 127.544518] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.544532] [ 127.544532] other info that might help us debug this: [ 127.544532] [ 127.544535] Chain exists of: [ 127.544535] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 127.544535] [ 127.544550] Possible unsafe locking scenario: [ 127.544550] [ 127.544552] CPU0 CPU1 [ 127.544554] ---- ---- [ 127.544557] lock(&ctx->lock); [ 127.544562] lock(&rq->__lock); [ 127.544569] lock(&ctx->lock); [ 127.544575] lock((console_sem).lock); [ 127.544581] [ 127.544581] *** DEADLOCK *** [ 127.544581] [ 127.544583] 2 locks held by syz-executor.4/3862: [ 127.544590] #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 127.544620] #1: ffff88803f665820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 127.544647] [ 127.544647] stack backtrace: [ 127.544650] CPU: 1 PID: 3862 Comm: syz-executor.4 Not tainted 6.0.0-next-20221006 #1 [ 127.544662] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.544669] Call Trace: [ 127.544672] [ 127.544676] dump_stack_lvl+0x8b/0xb3 [ 127.544688] check_noncircular+0x263/0x2e0 [ 127.544704] ? format_decode+0x26c/0xb50 [ 127.544722] ? print_circular_bug+0x450/0x450 [ 127.544739] ? simple_strtoul+0x30/0x30 [ 127.544755] ? format_decode+0x26c/0xb50 [ 127.544774] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 127.544791] __lock_acquire+0x2a02/0x5e70 [ 127.544813] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 127.544835] lock_acquire+0x1a2/0x530 [ 127.544851] ? down_trylock+0xe/0x70 [ 127.544870] ? lock_release+0x750/0x750 [ 127.544890] ? vprintk+0x84/0xa0 [ 127.544908] _raw_spin_lock_irqsave+0x39/0x60 [ 127.544920] ? down_trylock+0xe/0x70 [ 127.544938] down_trylock+0xe/0x70 [ 127.544955] ? vprintk+0x84/0xa0 [ 127.544972] __down_trylock_console_sem+0x3b/0xd0 [ 127.544989] vprintk_emit+0x16b/0x560 [ 127.545007] vprintk+0x84/0xa0 [ 127.545025] _printk+0xba/0xf1 [ 127.545037] ? record_print_text.cold+0x16/0x16 [ 127.545054] ? report_bug.cold+0x66/0xab [ 127.545065] ? group_sched_out.part.0+0x2c7/0x460 [ 127.545084] report_bug.cold+0x72/0xab [ 127.545095] handle_bug+0x3c/0x70 [ 127.545106] exc_invalid_op+0x14/0x50 [ 127.545118] asm_exc_invalid_op+0x16/0x20 [ 127.545132] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 127.545152] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 127.545164] RSP: 0018:ffff88804006fc48 EFLAGS: 00010006 [ 127.545173] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 127.545180] RDX: ffff8880400a1ac0 RSI: ffffffff815677b7 RDI: 0000000000000005 [ 127.545188] RBP: ffff8880400b0000 R08: 0000000000000005 R09: 0000000000000001 [ 127.545196] R10: 0000000000000000 R11: ffffffff865b605b R12: ffff88803f665800 [ 127.545203] R13: ffff88806cf3d2c0 R14: ffffffff8547d200 R15: 0000000000000002 [ 127.545214] ? group_sched_out.part.0+0x2c7/0x460 [ 127.545234] ? group_sched_out.part.0+0x2c7/0x460 [ 127.545257] ctx_sched_out+0x8f1/0xc10 [ 127.545276] __perf_event_task_sched_out+0x6d0/0x18d0 [ 127.545290] ? lock_is_held_type+0xd7/0x130 [ 127.545306] ? __perf_cgroup_move+0x160/0x160 [ 127.545316] ? set_next_entity+0x304/0x550 [ 127.545334] ? update_curr+0x267/0x740 [ 127.545352] ? lock_is_held_type+0xd7/0x130 [ 127.545367] __schedule+0xedd/0x2470 [ 127.545386] ? io_schedule_timeout+0x150/0x150 [ 127.545403] ? rcu_read_lock_sched_held+0x3e/0x80 [ 127.545424] schedule+0xda/0x1b0 [ 127.545440] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.545452] syscall_exit_to_user_mode+0x19/0x40 [ 127.545467] do_syscall_64+0x48/0x90 [ 127.545478] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.545493] RIP: 0033:0x7f9b0c53bb19 [ 127.545501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.545512] RSP: 002b:00007f9b09ab1218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.545523] RAX: 0000000000000001 RBX: 00007f9b0c64ef68 RCX: 00007f9b0c53bb19 [ 127.545530] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9b0c64ef6c [ 127.545537] RBP: 00007f9b0c64ef60 R08: 000000000000000e R09: 0000000000000000 [ 127.545544] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f9b0c64ef6c [ 127.545552] R13: 00007fffab03adcf R14: 00007f9b09ab1300 R15: 0000000000022000 [ 127.545564] [ 127.635676] WARNING: CPU: 1 PID: 3862 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 127.636791] Modules linked in: [ 127.637183] CPU: 1 PID: 3862 Comm: syz-executor.4 Not tainted 6.0.0-next-20221006 #1 [ 127.638097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.639056] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 127.639709] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 127.641803] RSP: 0018:ffff88804006fc48 EFLAGS: 00010006 [ 127.642428] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 127.643255] RDX: ffff8880400a1ac0 RSI: ffffffff815677b7 RDI: 0000000000000005 [ 127.644107] RBP: ffff8880400b0000 R08: 0000000000000005 R09: 0000000000000001 [ 127.644987] R10: 0000000000000000 R11: ffffffff865b605b R12: ffff88803f665800 [ 127.645865] R13: ffff88806cf3d2c0 R14: ffffffff8547d200 R15: 0000000000000002 [ 127.646751] FS: 00007f9b09ab1700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 127.647747] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.648475] CR2: 0000000020000000 CR3: 00000000204fc000 CR4: 0000000000350ee0 [ 127.649358] Call Trace: [ 127.649685] [ 127.649976] ctx_sched_out+0x8f1/0xc10 [ 127.650484] __perf_event_task_sched_out+0x6d0/0x18d0 [ 127.651125] ? lock_is_held_type+0xd7/0x130 [ 127.651661] ? __perf_cgroup_move+0x160/0x160 [ 127.652235] ? set_next_entity+0x304/0x550 [ 127.652781] ? update_curr+0x267/0x740 [ 127.653284] ? lock_is_held_type+0xd7/0x130 [ 127.653826] __schedule+0xedd/0x2470 [ 127.654304] ? io_schedule_timeout+0x150/0x150 [ 127.654863] ? rcu_read_lock_sched_held+0x3e/0x80 [ 127.655461] schedule+0xda/0x1b0 [ 127.655891] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.656494] syscall_exit_to_user_mode+0x19/0x40 [ 127.657073] do_syscall_64+0x48/0x90 [ 127.657527] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.658148] RIP: 0033:0x7f9b0c53bb19 [ 127.658598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.660716] RSP: 002b:00007f9b09ab1218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.661607] RAX: 0000000000000001 RBX: 00007f9b0c64ef68 RCX: 00007f9b0c53bb19 [ 127.662440] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9b0c64ef6c [ 127.663270] RBP: 00007f9b0c64ef60 R08: 000000000000000e R09: 0000000000000000 [ 127.664123] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f9b0c64ef6c [ 127.664948] R13: 00007fffab03adcf R14: 00007f9b09ab1300 R15: 0000000000022000 [ 127.665787] [ 127.666072] irq event stamp: 964 [ 127.666471] hardirqs last enabled at (963): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 127.667560] hardirqs last disabled at (964): [] __schedule+0x1225/0x2470 [ 127.668548] softirqs last enabled at (750): [] __irq_exit_rcu+0x11b/0x180 [ 127.669547] softirqs last disabled at (589): [] __irq_exit_rcu+0x11b/0x180 [ 127.670540] ---[ end trace 0000000000000000 ]--- 00:38:11 executing program 1: clock_getres(0x0, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000000040)) clock_getres(0x2, &(0x7f0000000080)) clock_getres(0x3, &(0x7f00000000c0)) clock_gettime(0x3, &(0x7f0000000100)) clock_gettime(0x7, &(0x7f0000000140)) clock_gettime(0x2, &(0x7f0000000180)) r0 = semget(0x1, 0x8, 0x200) semtimedop(r0, &(0x7f00000001c0)=[{0x4, 0x2, 0x800}, {0x3, 0x2, 0x1800}, {0x4, 0x800}, {0x0, 0x0, 0x1000}, {0x1, 0x9b, 0x800}, {0x7, 0x5, 0x800}, {0x4, 0x2, 0x1000}, {0x3, 0x0, 0x800}], 0x8, &(0x7f0000000200)={0x0, 0x3938700}) io_getevents(0x0, 0x9, 0x1, &(0x7f0000000240)=[{}], &(0x7f0000000280)={0x77359400}) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000002c0)={0x9, 0xc5, 0x1000, 0x7, 0x9, 0x14fc000000000, 0x4, 0x1ff}, &(0x7f0000000300)={0x5, 0xfffffffffffffff7, 0x8001, 0x2, 0x5, 0xfff00000, 0x1, 0x4}, &(0x7f0000000340)={0x7acd, 0x1, 0x7, 0x8, 0x2, 0x6, 0x5, 0x1}, &(0x7f00000003c0)={r1, r2+10000000}, &(0x7f0000000440)={&(0x7f0000000400)={[0x4]}, 0x8}) futex(&(0x7f0000000480), 0x7, 0x1, &(0x7f00000004c0)={0x77359400}, &(0x7f0000000500), 0x1) clock_gettime(0x0, &(0x7f00000005c0)={0x0, 0x0}) epoll_pwait2(0xffffffffffffffff, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}], 0x7, &(0x7f0000000600)={r3, r4+60000000}, &(0x7f0000000640)={[0x1]}, 0x8) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004, 0x10, 0xffffffffffffffff, 0x10000000) r6 = syz_io_uring_complete(0x0) syz_io_uring_submit(0x0, r5, &(0x7f00000007c0)=@IORING_OP_STATX={0x15, 0x2, 0x0, r6, &(0x7f0000000680), &(0x7f0000000780)='\x00', 0x161}, 0x6) 00:38:12 executing program 1: clock_getres(0x0, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000000040)) clock_getres(0x2, &(0x7f0000000080)) clock_getres(0x3, &(0x7f00000000c0)) clock_gettime(0x3, &(0x7f0000000100)) clock_gettime(0x7, &(0x7f0000000140)) clock_gettime(0x2, &(0x7f0000000180)) r0 = semget(0x1, 0x8, 0x200) semtimedop(r0, &(0x7f00000001c0)=[{0x4, 0x2, 0x800}, {0x3, 0x2, 0x1800}, {0x4, 0x800}, {0x0, 0x0, 0x1000}, {0x1, 0x9b, 0x800}, {0x7, 0x5, 0x800}, {0x4, 0x2, 0x1000}, {0x3, 0x0, 0x800}], 0x8, &(0x7f0000000200)={0x0, 0x3938700}) io_getevents(0x0, 0x9, 0x1, &(0x7f0000000240)=[{}], &(0x7f0000000280)={0x77359400}) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000002c0)={0x9, 0xc5, 0x1000, 0x7, 0x9, 0x14fc000000000, 0x4, 0x1ff}, &(0x7f0000000300)={0x5, 0xfffffffffffffff7, 0x8001, 0x2, 0x5, 0xfff00000, 0x1, 0x4}, &(0x7f0000000340)={0x7acd, 0x1, 0x7, 0x8, 0x2, 0x6, 0x5, 0x1}, &(0x7f00000003c0)={r1, r2+10000000}, &(0x7f0000000440)={&(0x7f0000000400)={[0x4]}, 0x8}) futex(&(0x7f0000000480), 0x7, 0x1, &(0x7f00000004c0)={0x77359400}, &(0x7f0000000500), 0x1) clock_gettime(0x0, &(0x7f00000005c0)={0x0, 0x0}) epoll_pwait2(0xffffffffffffffff, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}], 0x7, &(0x7f0000000600)={r3, r4+60000000}, &(0x7f0000000640)={[0x1]}, 0x8) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004, 0x10, 0xffffffffffffffff, 0x10000000) syz_io_uring_complete(0x0) 00:38:12 executing program 1: clock_getres(0x0, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000000040)) clock_getres(0x2, &(0x7f0000000080)) clock_getres(0x3, &(0x7f00000000c0)) clock_gettime(0x3, &(0x7f0000000100)) clock_gettime(0x7, &(0x7f0000000140)) clock_gettime(0x2, &(0x7f0000000180)) r0 = semget(0x1, 0x8, 0x200) semtimedop(r0, &(0x7f00000001c0)=[{0x4, 0x2, 0x800}, {0x3, 0x2, 0x1800}, {0x4, 0x800}, {0x0, 0x0, 0x1000}, {0x1, 0x9b, 0x800}, {0x7, 0x5, 0x800}, {0x4, 0x2, 0x1000}, {0x3, 0x0, 0x800}], 0x8, &(0x7f0000000200)={0x0, 0x3938700}) io_getevents(0x0, 0x9, 0x1, &(0x7f0000000240)=[{}], &(0x7f0000000280)={0x77359400}) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000002c0)={0x9, 0xc5, 0x1000, 0x7, 0x9, 0x14fc000000000, 0x4, 0x1ff}, &(0x7f0000000300)={0x5, 0xfffffffffffffff7, 0x8001, 0x2, 0x5, 0xfff00000, 0x1, 0x4}, &(0x7f0000000340)={0x7acd, 0x1, 0x7, 0x8, 0x2, 0x6, 0x5, 0x1}, &(0x7f00000003c0)={r1, r2+10000000}, &(0x7f0000000440)={&(0x7f0000000400)={[0x4]}, 0x8}) futex(&(0x7f0000000480), 0x7, 0x1, &(0x7f00000004c0)={0x77359400}, &(0x7f0000000500), 0x1) clock_gettime(0x0, &(0x7f00000005c0)={0x0, 0x0}) epoll_pwait2(0xffffffffffffffff, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}], 0x7, &(0x7f0000000600)={r3, r4+60000000}, &(0x7f0000000640)={[0x1]}, 0x8) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004, 0x10, 0xffffffffffffffff, 0x10000000) [ 128.058111] audit: type=1400 audit(1665103092.274:9): avc: denied { write } for pid=3861 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.980598] ======================================================= [ 128.980598] WARNING: The mand mount option has been deprecated and [ 128.980598] and is ignored by this kernel. Remove the mand [ 128.980598] option from the mount to silence this warning. [ 128.980598] ======================================================= VM DIAGNOSIS: 00:38:12 Registers: info registers vcpu 0 RAX=ffff8880187eff40 RBX=0000000000000001 RCX=ffff8880187eff30 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000001 RBP=ffff8880187efa40 RSP=ffff8880187ef968 R8 =ffffffff86248312 R9 =ffffffff86248316 R10=ffffed10030fdf4a R11=000000000003603d R12=ffff8880187efa29 R13=ffff8880187efa48 R14=ffff8880187ef9e8 R15=ffffffff86248317 RIP=ffffffff8111b6d6 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff00b393900 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000562ec2e0c080 CR3=000000000ebdc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffffffffffff XMM01=30306234386136303638616663356134 XMM02=38303062343861363036386166633561 XMM03=2f6c616e72756f6a2f676f6c2f6e7572 XMM04=00000000000000100000560bbfcebaa4 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=0000560bc1b0c7400000000000000012 XMM08=0000560bc1b167100000000000000013 XMM09=00000000000000000000000000000000 XMM10=00000000000000000020000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000063 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823c0801 RDI=ffffffff8765c9e0 RBP=ffffffff8765c9a0 RSP=ffff88804006f690 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000063 R11=0000000000000001 R12=0000000000000063 R13=ffffffff8765c9a0 R14=0000000000000010 R15=ffffffff823c07f0 RIP=ffffffff823c0859 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f9b09ab1700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020000000 CR3=00000000204fc000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffff00000000000000000000 XMM01=23232323232323232323232323232323 XMM02=ffffffffffffffffffffffffffffffff XMM03=00000000000000000000000000000000 XMM04=ffffffffffff00000000000000000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000