Warning: Permanently added '[localhost]:6139' (ECDSA) to the list of known hosts.
2022/09/25 03:31:17 fuzzer started
2022/09/25 03:31:17 dialing manager at localhost:38881
syzkaller login: [   36.233175] cgroup: Unknown subsys name 'net'
[   36.337124] cgroup: Unknown subsys name 'rlimit'
2022/09/25 03:31:30 syscalls: 2215
2022/09/25 03:31:30 code coverage: enabled
2022/09/25 03:31:30 comparison tracing: enabled
2022/09/25 03:31:30 extra coverage: enabled
2022/09/25 03:31:30 setuid sandbox: enabled
2022/09/25 03:31:30 namespace sandbox: enabled
2022/09/25 03:31:30 Android sandbox: enabled
2022/09/25 03:31:30 fault injection: enabled
2022/09/25 03:31:30 leak checking: enabled
2022/09/25 03:31:30 net packet injection: enabled
2022/09/25 03:31:30 net device setup: enabled
2022/09/25 03:31:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/25 03:31:30 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/25 03:31:30 USB emulation: enabled
2022/09/25 03:31:30 hci packet injection: enabled
2022/09/25 03:31:30 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220923                                          )
2022/09/25 03:31:30 802.15.4 emulation: enabled
2022/09/25 03:31:30 fetching corpus: 50, signal 29450/31205 (executing program)
2022/09/25 03:31:30 fetching corpus: 100, signal 39585/42947 (executing program)
2022/09/25 03:31:30 fetching corpus: 150, signal 45471/50406 (executing program)
2022/09/25 03:31:31 fetching corpus: 200, signal 50891/57280 (executing program)
2022/09/25 03:31:31 fetching corpus: 250, signal 59370/67052 (executing program)
2022/09/25 03:31:31 fetching corpus: 300, signal 63847/72856 (executing program)
2022/09/25 03:31:31 fetching corpus: 350, signal 66048/76400 (executing program)
2022/09/25 03:31:31 fetching corpus: 400, signal 73543/84913 (executing program)
2022/09/25 03:31:31 fetching corpus: 450, signal 79810/92198 (executing program)
2022/09/25 03:31:31 fetching corpus: 500, signal 83413/96862 (executing program)
2022/09/25 03:31:32 fetching corpus: 550, signal 85580/100135 (executing program)
2022/09/25 03:31:32 fetching corpus: 600, signal 90778/106111 (executing program)
2022/09/25 03:31:32 fetching corpus: 650, signal 93039/109434 (executing program)
2022/09/25 03:31:32 fetching corpus: 700, signal 95199/112596 (executing program)
2022/09/25 03:31:32 fetching corpus: 750, signal 98056/116377 (executing program)
2022/09/25 03:31:32 fetching corpus: 800, signal 99790/119106 (executing program)
2022/09/25 03:31:32 fetching corpus: 850, signal 102023/122231 (executing program)
2022/09/25 03:31:32 fetching corpus: 900, signal 104773/125863 (executing program)
2022/09/25 03:31:33 fetching corpus: 950, signal 106474/128479 (executing program)
2022/09/25 03:31:33 fetching corpus: 1000, signal 108541/131367 (executing program)
2022/09/25 03:31:33 fetching corpus: 1050, signal 110709/134279 (executing program)
2022/09/25 03:31:33 fetching corpus: 1100, signal 113746/137903 (executing program)
2022/09/25 03:31:33 fetching corpus: 1150, signal 115324/140304 (executing program)
2022/09/25 03:31:33 fetching corpus: 1200, signal 116428/142301 (executing program)
2022/09/25 03:31:33 fetching corpus: 1250, signal 117772/144450 (executing program)
2022/09/25 03:31:33 fetching corpus: 1300, signal 119865/147199 (executing program)
2022/09/25 03:31:33 fetching corpus: 1350, signal 121093/149222 (executing program)
2022/09/25 03:31:34 fetching corpus: 1400, signal 122555/151392 (executing program)
2022/09/25 03:31:34 fetching corpus: 1450, signal 123652/153268 (executing program)
2022/09/25 03:31:34 fetching corpus: 1500, signal 125015/155338 (executing program)
2022/09/25 03:31:34 fetching corpus: 1550, signal 126059/157110 (executing program)
2022/09/25 03:31:34 fetching corpus: 1600, signal 127047/158815 (executing program)
2022/09/25 03:31:34 fetching corpus: 1650, signal 129320/161509 (executing program)
2022/09/25 03:31:34 fetching corpus: 1700, signal 130498/163303 (executing program)
2022/09/25 03:31:34 fetching corpus: 1750, signal 131883/165258 (executing program)
2022/09/25 03:31:34 fetching corpus: 1800, signal 134340/167947 (executing program)
2022/09/25 03:31:34 fetching corpus: 1850, signal 135341/169571 (executing program)
2022/09/25 03:31:35 fetching corpus: 1900, signal 136641/171469 (executing program)
2022/09/25 03:31:35 fetching corpus: 1950, signal 137510/173025 (executing program)
2022/09/25 03:31:35 fetching corpus: 2000, signal 138692/174757 (executing program)
2022/09/25 03:31:35 fetching corpus: 2050, signal 139708/176307 (executing program)
2022/09/25 03:31:35 fetching corpus: 2100, signal 140689/177845 (executing program)
2022/09/25 03:31:35 fetching corpus: 2150, signal 142089/179685 (executing program)
2022/09/25 03:31:35 fetching corpus: 2200, signal 143081/181222 (executing program)
2022/09/25 03:31:35 fetching corpus: 2250, signal 144675/183115 (executing program)
2022/09/25 03:31:35 fetching corpus: 2300, signal 145470/184460 (executing program)
2022/09/25 03:31:36 fetching corpus: 2350, signal 146485/185923 (executing program)
2022/09/25 03:31:36 fetching corpus: 2400, signal 147778/187561 (executing program)
2022/09/25 03:31:36 fetching corpus: 2450, signal 149889/189622 (executing program)
2022/09/25 03:31:36 fetching corpus: 2500, signal 150905/191047 (executing program)
2022/09/25 03:31:36 fetching corpus: 2550, signal 151965/192468 (executing program)
2022/09/25 03:31:36 fetching corpus: 2600, signal 152792/193770 (executing program)
2022/09/25 03:31:36 fetching corpus: 2650, signal 154188/195326 (executing program)
2022/09/25 03:31:36 fetching corpus: 2700, signal 154971/196582 (executing program)
2022/09/25 03:31:37 fetching corpus: 2750, signal 157359/198686 (executing program)
2022/09/25 03:31:37 fetching corpus: 2800, signal 158439/200030 (executing program)
2022/09/25 03:31:37 fetching corpus: 2850, signal 159313/201253 (executing program)
2022/09/25 03:31:37 fetching corpus: 2900, signal 159976/202353 (executing program)
2022/09/25 03:31:37 fetching corpus: 2950, signal 160913/203564 (executing program)
2022/09/25 03:31:37 fetching corpus: 3000, signal 161639/204700 (executing program)
2022/09/25 03:31:37 fetching corpus: 3050, signal 162021/205624 (executing program)
2022/09/25 03:31:37 fetching corpus: 3100, signal 163334/207033 (executing program)
2022/09/25 03:31:37 fetching corpus: 3150, signal 164248/208203 (executing program)
2022/09/25 03:31:38 fetching corpus: 3200, signal 165535/209559 (executing program)
2022/09/25 03:31:38 fetching corpus: 3250, signal 166155/210573 (executing program)
2022/09/25 03:31:38 fetching corpus: 3300, signal 166963/211643 (executing program)
2022/09/25 03:31:38 fetching corpus: 3350, signal 167846/212788 (executing program)
2022/09/25 03:31:38 fetching corpus: 3400, signal 168939/213958 (executing program)
2022/09/25 03:31:38 fetching corpus: 3450, signal 169874/215074 (executing program)
2022/09/25 03:31:38 fetching corpus: 3500, signal 171516/216492 (executing program)
2022/09/25 03:31:38 fetching corpus: 3550, signal 172129/217364 (executing program)
2022/09/25 03:31:39 fetching corpus: 3600, signal 172988/218365 (executing program)
2022/09/25 03:31:39 fetching corpus: 3650, signal 173772/219350 (executing program)
2022/09/25 03:31:39 fetching corpus: 3700, signal 174512/220287 (executing program)
2022/09/25 03:31:39 fetching corpus: 3750, signal 175143/221141 (executing program)
2022/09/25 03:31:39 fetching corpus: 3800, signal 176770/222417 (executing program)
2022/09/25 03:31:39 fetching corpus: 3850, signal 178136/223550 (executing program)
2022/09/25 03:31:39 fetching corpus: 3900, signal 179547/224617 (executing program)
2022/09/25 03:31:39 fetching corpus: 3950, signal 180791/225675 (executing program)
2022/09/25 03:31:40 fetching corpus: 4000, signal 181472/226468 (executing program)
2022/09/25 03:31:40 fetching corpus: 4050, signal 182154/227265 (executing program)
2022/09/25 03:31:40 fetching corpus: 4100, signal 183589/228324 (executing program)
2022/09/25 03:31:40 fetching corpus: 4150, signal 184146/229032 (executing program)
2022/09/25 03:31:40 fetching corpus: 4200, signal 184610/229764 (executing program)
2022/09/25 03:31:40 fetching corpus: 4250, signal 185904/230717 (executing program)
2022/09/25 03:31:40 fetching corpus: 4300, signal 187199/231605 (executing program)
2022/09/25 03:31:41 fetching corpus: 4350, signal 187681/232281 (executing program)
2022/09/25 03:31:41 fetching corpus: 4400, signal 188252/232979 (executing program)
2022/09/25 03:31:41 fetching corpus: 4450, signal 188854/233643 (executing program)
2022/09/25 03:31:41 fetching corpus: 4500, signal 189961/234460 (executing program)
2022/09/25 03:31:41 fetching corpus: 4550, signal 190576/235127 (executing program)
2022/09/25 03:31:41 fetching corpus: 4600, signal 191117/235774 (executing program)
2022/09/25 03:31:41 fetching corpus: 4650, signal 191346/236331 (executing program)
2022/09/25 03:31:41 fetching corpus: 4700, signal 191874/236943 (executing program)
2022/09/25 03:31:41 fetching corpus: 4750, signal 192483/237611 (executing program)
2022/09/25 03:31:41 fetching corpus: 4800, signal 192853/238200 (executing program)
2022/09/25 03:31:42 fetching corpus: 4850, signal 193612/238858 (executing program)
2022/09/25 03:31:42 fetching corpus: 4900, signal 194399/239502 (executing program)
2022/09/25 03:31:42 fetching corpus: 4950, signal 194856/240120 (executing program)
2022/09/25 03:31:42 fetching corpus: 5000, signal 195321/240658 (executing program)
2022/09/25 03:31:42 fetching corpus: 5050, signal 196109/241284 (executing program)
2022/09/25 03:31:42 fetching corpus: 5100, signal 197094/241877 (executing program)
2022/09/25 03:31:42 fetching corpus: 5150, signal 197840/242426 (executing program)
2022/09/25 03:31:42 fetching corpus: 5200, signal 198337/242998 (executing program)
2022/09/25 03:31:42 fetching corpus: 5250, signal 199280/243580 (executing program)
2022/09/25 03:31:43 fetching corpus: 5300, signal 199835/244073 (executing program)
2022/09/25 03:31:43 fetching corpus: 5350, signal 200539/244611 (executing program)
2022/09/25 03:31:43 fetching corpus: 5400, signal 200897/245064 (executing program)
2022/09/25 03:31:43 fetching corpus: 5450, signal 201710/245732 (executing program)
2022/09/25 03:31:43 fetching corpus: 5500, signal 202269/246208 (executing program)
2022/09/25 03:31:43 fetching corpus: 5550, signal 202844/246730 (executing program)
2022/09/25 03:31:43 fetching corpus: 5600, signal 203594/247216 (executing program)
2022/09/25 03:31:44 fetching corpus: 5650, signal 204003/247674 (executing program)
2022/09/25 03:31:44 fetching corpus: 5700, signal 204403/248084 (executing program)
2022/09/25 03:31:44 fetching corpus: 5750, signal 204780/248517 (executing program)
2022/09/25 03:31:44 fetching corpus: 5800, signal 205068/248925 (executing program)
2022/09/25 03:31:44 fetching corpus: 5850, signal 205627/249312 (executing program)
2022/09/25 03:31:44 fetching corpus: 5900, signal 206396/249731 (executing program)
2022/09/25 03:31:44 fetching corpus: 5950, signal 207372/250142 (executing program)
2022/09/25 03:31:44 fetching corpus: 6000, signal 208121/250536 (executing program)
2022/09/25 03:31:45 fetching corpus: 6050, signal 208965/250930 (executing program)
2022/09/25 03:31:45 fetching corpus: 6100, signal 209415/251303 (executing program)
2022/09/25 03:31:45 fetching corpus: 6150, signal 209781/251720 (executing program)
2022/09/25 03:31:45 fetching corpus: 6200, signal 210490/252085 (executing program)
2022/09/25 03:31:45 fetching corpus: 6250, signal 211772/252230 (executing program)
2022/09/25 03:31:45 fetching corpus: 6300, signal 212191/252230 (executing program)
2022/09/25 03:31:45 fetching corpus: 6350, signal 212516/252234 (executing program)
2022/09/25 03:31:45 fetching corpus: 6400, signal 212999/252241 (executing program)
2022/09/25 03:31:46 fetching corpus: 6450, signal 213437/252249 (executing program)
2022/09/25 03:31:46 fetching corpus: 6500, signal 213848/252250 (executing program)
2022/09/25 03:31:46 fetching corpus: 6550, signal 214701/252257 (executing program)
2022/09/25 03:31:46 fetching corpus: 6600, signal 215276/252262 (executing program)
2022/09/25 03:31:46 fetching corpus: 6626, signal 215538/252262 (executing program)
2022/09/25 03:31:46 fetching corpus: 6626, signal 215538/252262 (executing program)
2022/09/25 03:31:48 starting 8 fuzzer processes
03:31:48 executing program 0:
sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x40, 0x15, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x3}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000801)
getpeername$netlink(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NLBL_CALIPSO_C_ADD(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008c00}, 0x4004)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'macvlan1\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'team0\x00', <r3=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000006c0)={&(0x7f0000000380)={0x340, 0x0, 0x10, 0x70bd25, 0x25dfdbfb, {}, [{{0x8, 0x1, r2}, {0x108, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x35fb, 0x2, 0xff, 0x9}, {0xff01, 0x7, 0xa6}, {0x3, 0x40, 0x6, 0xe5}]}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4de}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}]}}, {{0x8}, {0x1c8, 0x2, 0x0, 0x1, [{0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x8, 0x3, 0x80, 0x6}, {0x8, 0x3d, 0x40, 0x8}, {0x3ff, 0x2, 0x2, 0x10001}]}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x50f7}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x101}}, {0x8, 0x6, r3}}}]}}]}, 0x340}}, 0x4000000)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000740), r4)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000007c0), r4)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r4, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x40, r5, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @remote}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}]}, 0x40}, 0x1, 0x0, 0x0, 0x8805}, 0x4000001)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f00000008c0), r6)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x34, 0x0, 0x2, 0x70bd2c, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x1, 0x1, @udp='udp:syz0\x00'}}}, [""]}, 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x40004)
getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000a00)={'raw\x00', 0xe2, "797ab3603a9ec9469ba7721a397518e2071205518152e195cdc2fb1873f0e5218071d69560c7e8d03e44b4934bdf732872cd7f63413238cafa29064fe1758eade29a0db9252e2bb7e45e2d6865c6e04bc90fb03a5a8c4ff89d73bec9b0b70f4e9ea5cf59acc1a9006a0b5a1d4d1884e8187dd55d6ca2f602442ca4194a5bfeb7029e23dd3489b3012ee34b3d7f41567580cb77bd94c2a28b7331b67c00de5e03e2bd74f08169db22d8a5f6b5b71228b9d8a3508969e8aab223f552ba2307ca1549896968f772a45121667b4484d59be84bd4bce54ed371c3250b27934d2c13683de5"}, &(0x7f0000000b40)=0x106)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000bc0)=0x14)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000c00)={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, r7}, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, &(0x7f0000000d00)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x14, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008800}, 0x51)

03:31:48 executing program 1:
ioctl$AUTOFS_IOC_EXPIRE_MULTI(0xffffffffffffffff, 0x40049366, &(0x7f0000000000)=0x2)
r0 = timerfd_create(0x8, 0x0)
ioctl$FITHAW(r0, 0xc0045878)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000080)='net/igmp\x00')
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f00000000c0)={0x9, 0x40})
ioctl$KDSKBMODE(r2, 0x4b45, &(0x7f0000000100)=0x3)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2}, './file0\x00'})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc018937e, &(0x7f0000000180)={{0x1, 0x1, 0x18, r3, @out_args}, './file0\x00'})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/workqueue', 0x402, 0x28)
r5 = openat(r4, &(0x7f0000000200)='./file0\x00', 0x0, 0x20)
r6 = syz_open_dev$vcsa(&(0x7f0000000240), 0x0, 0x801)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x100, 0x70bd25, 0x25dfdbfb, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7ff}]]}, 0x1c}, 0x1, 0x0, 0x0, 0x20044840}, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r6, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000005c0)={&(0x7f00000003c0)={0x1c8, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7fffffff}, {0x6, 0x16, 0x6d}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x4}, {0x6}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x10000}, {0x6, 0x16, 0x200}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x1ff}, {0x6, 0x16, 0x9}, {0x5, 0x12, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x400}, {0x5, 0x12, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x54cdacf8}, {0x6, 0x16, 0x4}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x619}, {0x5, 0x12, 0x1}}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004800)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r5, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x1c, 0x0, 0x1, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4004004)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_STATION(r7, &(0x7f00000009c0)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000980)={&(0x7f00000007c0)={0x188, r8, 0x200, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0xb9, 0xac, "569284a24e638a889cdd0f9a59d95a40e4f44889a75fad6a8aab12d0e46f258c6cca112703aae01bcb71e7614fceca49d8b5c6de987e7e06d49316887b9e394eeb33dbf3c26b58cfde909484e4355549f6d772a55e035ab7a9694a883345ff29248d98dfd5435f561e8aa16fa64cefa7a5953dfb7a041edafbd8bc741eb16d7b378492cfd8c312e0c3f246f8017056582712e18b3482a80122be6930cf0f802d68a2c76d5a2878c99879c9dcda48ff54a558458bb8"}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x2}, @NL80211_ATTR_STA_FLAGS={0x10, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_AUTHENTICATED={0x4}, @NL80211_STA_FLAG_TDLS_PEER={0x4}, @NL80211_STA_FLAG_AUTHENTICATED={0x4}]}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x1}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x8e, 0xac, "cbda267551c4413efec4c7bf23c2f46f95f76b9e25c00f06bf9f5210ed70b476add609461618a3d46d3c7991c5b1139e99c1efb3100246f754df8616f8fbd44e2d87d8622a743ec01de0e48de7b8d2dd9b03a863ac295d69ad03bbbea0ab6cf2813588f4403e3139bf2742dfb42bf31b9456ca6b1ec0df71b02ce3a6321a9fa1bf119acd6fb21ca5cbe6"}]}, 0x188}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x2c, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x100}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x1}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000000}, 0x894)

03:31:48 executing program 2:
getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000000), &(0x7f0000000040)=0x8)
r0 = mmap$IORING_OFF_SQES(&(0x7f0000bfd000/0x400000)=nil, 0x400000, 0x4, 0x4010, 0xffffffffffffffff, 0x10000000)
r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd_index=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r1}}, 0x80000000)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8983, &(0x7f00000000c0))
setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000100)={'security\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78)
fadvise64(0xffffffffffffffff, 0x2, 0x1, 0x3)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff}, './file0\x00'})
r4 = syz_io_uring_setup(0x1441, &(0x7f0000000200)={0x0, 0x41e2, 0x20, 0x1, 0xe7, 0x0, r3}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000c06000/0x4000)=nil, &(0x7f0000000280)=<r5=>0x0, &(0x7f00000002c0))
r6 = syz_open_dev$vcsn(&(0x7f0000000300), 0x800, 0x200100)
r7 = accept$packet(r3, 0x0, &(0x7f0000000340))
r8 = openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x20000, 0x0)
io_uring_register$IORING_REGISTER_FILES(r6, 0x2, &(0x7f00000003c0)=[r4, r4, r3, r3, r7, r8], 0x6)
ioctl$sock_inet_SIOCSIFBRDADDR(r6, 0x891a, &(0x7f0000000400)={'veth0_to_team\x00', {0x2, 0x0, @multicast2}})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r6, 0xc0189378, &(0x7f0000000440)={{0x1, 0x1, 0x18, <r9=>r3, {r4}}, './file0\x00'})
ioctl$F2FS_IOC_MOVE_RANGE(r9, 0xc020f509, &(0x7f0000000480)={r3, 0x40, 0x2, 0x3b92})
syz_io_uring_setup(0x3549, &(0x7f00000004c0)={0x0, 0xf885, 0x10, 0x0, 0x157, 0x0, r9}, &(0x7f0000fb6000/0x4000)=nil, &(0x7f0000e9e000/0x4000)=nil, &(0x7f0000000540), &(0x7f0000000580)=<r10=>0x0)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_io_uring_submit(r5, r10, &(0x7f00000005c0)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r11, 0x0, 0x0, 0x0, {0x88}, 0x1}, 0x5)

03:31:48 executing program 3:
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {<r1=>0xffffffffffffffff}}, './file0\x00'})
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='\x00', &(0x7f0000000080)='$/+-{!\x00', 0x0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0)
r3 = fsmount(r1, 0x1, 0x82)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r3, 0x80089419, &(0x7f0000000100))
open_by_handle_at(r0, &(0x7f0000000140)=@ceph_nfs_fh={0x8, 0x1, {0x1}}, 0x200001)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000180)={0x4, 0x4, 0x4})
r4 = dup2(r1, r2)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r4, 0x80083314, &(0x7f00000001c0))
fstat(r4, &(0x7f0000000200))
r5 = memfd_secret(0x0)
ioctl$SNAPSHOT_S2RAM(r5, 0x330b)
ioctl$RTC_UIE_OFF(r5, 0x7004)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/ip_mr_vif\x00')
r6 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r7 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x420240, 0x0)
r8 = openat$incfs(r3, &(0x7f0000000300)='.pending_reads\x00', 0x40040, 0x2)
poll(&(0x7f0000000340)=[{r4, 0x2420}, {r6, 0x200}, {r7, 0x8}, {r1, 0x80}, {r8, 0x4006}], 0x5, 0x7f)
syz_io_uring_complete(0x0)
preadv(r2, &(0x7f0000000540)=[{&(0x7f0000000380)=""/125, 0x7d}, {&(0x7f0000000400)=""/74, 0x4a}, {&(0x7f0000000480)=""/162, 0xa2}], 0x3, 0x2cef, 0x9)

03:31:48 executing program 4:
r0 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x111040, 0x80, 0x19}, 0x18)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x280, 0x70bd29, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x40f, 0x23}}}}, ["", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x8000010}, 0x4)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000180)={<r1=>r0, 0x8000, 0xffffffffffff5c84, 0x9})
getdents64(r1, &(0x7f00000001c0)=""/168, 0xa8)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000280), 0x80000, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f00000003c0)={'syztnl2\x00', &(0x7f0000000340)={'syztnl1\x00', <r3=>0x0, 0x2f, 0x9, 0x6, 0x9, 0x26, @private1, @mcast1, 0x8, 0x10, 0x4, 0x80000001}})
ioctl$sock_ipv6_tunnel_SIOCGETPRL(0xffffffffffffffff, 0x89f4, &(0x7f0000000480)={'ip6gre0\x00', &(0x7f0000000400)={'ip6_vti0\x00', <r4=>0x0, 0x4, 0x81, 0x80, 0xbe7, 0x8, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8000, 0x8, 0x0, 0x4}})
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000000540)={'ip6gre0\x00', &(0x7f00000004c0)={'syztnl2\x00', <r5=>0x0, 0x2f, 0x3, 0x49, 0x3, 0x18, @dev={0xfe, 0x80, '\x00', 0x3e}, @mcast2, 0x8, 0x7, 0x9, 0x1}})
getsockname$packet(r0, &(0x7f0000000580)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000005c0)=0x14)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r0, 0x89f5, &(0x7f0000000680)={'ip6gre0\x00', &(0x7f0000000600)={'ip6_vti0\x00', <r7=>0x0, 0x2f, 0x0, 0x20, 0x7e5e, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x1, 0x80, 0x5, 0x1}})
sendmsg$TEAM_CMD_PORT_LIST_GET(r2, &(0x7f0000000ac0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000a80)={&(0x7f00000006c0)={0x3a0, 0x0, 0x4, 0x70bd28, 0x25dfdbff, {}, [{{0x8}, {0x134, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r3}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1102f0c4}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8}, {0xbc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x6, 0xfc, 0x0, 0xf936}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xccff}}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}, {{0x8, 0x1, r5}, {0x4}}, {{0x8, 0x1, r6}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8, 0x1, r7}, {0x12c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x7f}}}]}}]}, 0x3a0}}, 0x20000000)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r8, &(0x7f0000000fc0)=[{{&(0x7f0000000b00)={0xa, 0x4e20, 0xffff, @ipv4={'\x00', '\xff\xff', @empty}, 0x7fffffff}, 0x1c, &(0x7f0000000d80)=[{&(0x7f0000000b40)="5e9fe4db8e93d54ae1f5a604630d7b4eb49aa7e46da28f22bc7ae90339ecd7315735d2f85c8605196e5742e3803de5c1e9ba7930b2d245645fd4b76ae390ba46e687799467e1cab86d60188c0649ef34989af8c0b178c7495b4be3669601fa5df93f2567a219a248", 0x68}, {&(0x7f0000000bc0)="a1192d25e7f0893f0f371ce6d8a5fea97410d60382e0e6dbe6ea7ba4086967ce0ae963ec238764de732a9ea8e9ff3987d83955d1b4e3541484b398053f5d44a878b65702ed4d4aadfce00161e606896c0a21427827310562038c4b356bdc56aea520207a2d0417a54a2fa6976203ec0df203a623422dab9865965535df71abd0bc89bf7234e82a4d", 0x88}, {&(0x7f0000000c80)="67dd64758c127af0065341567eeef27cab09e63ab6ebddeed9bbb5ca5c783d7360c1e1adf2db80940e6237d100d848e1986739fc8f8bb6a24b3597bc3b9891d59efe6c3379151da90be1e475600588dd1073176f34d12848d8b094461b86b77b5e92f9f24362689dfc878a32e04235598c405f5dbd08f8a7a3a70d28de7071a87a0814a5dcf38607b7a3485e3e07aeb46998ee074cb8eaea499a2a2b9fbb105fed6db3a9939042c9ea0825c44f0db22f0638cad750185108dccffe20091cd755c234b19ca483623eed4c5746d59f8dc6019c94e6d2ca6ee79f2ff98063b283f49685e4f4dad87fff9497975a", 0xec}], 0x3, &(0x7f0000000dc0)=[@tclass={{0x14, 0x29, 0x43, 0x1ff}}, @flowinfo={{0x14, 0x29, 0xb, 0x1000}}, @dstopts={{0x20, 0x29, 0x37, {0x2c, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x3}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@remote, r3}}}, @tclass={{0x14, 0x29, 0x43, 0x8}}, @hopopts={{0xf0, 0x29, 0x36, {0x67, 0x1a, '\x00', [@pad1, @generic={0x9, 0xbe, "cf4f6204407635692bfc4dbc81670b576b5b5119657b11cd5356fa29725af6b5a55f4c82a4f4a3d813ac53ecd3835bf53735c98f647041a9f16adeea90c8443fec02b7b0374f7821aa198cc64088a0f6a66fe4ebb02231174ee4c57b48ba4860f6f4d0d9fadddf203af777c1e95f57895c316cc9a05ec28ef1d9f318c86ca6713049a5312f22a4c0079dda185acecc3699d931fd83a31e8401857a786184ad3ee71a4b65d60f2487ab367a9dd493393dbeb18826ded597560cbb739fa69a"}, @calipso={0x7, 0x10, {0x2, 0x2, 0x8, 0x5, [0x2fa7]}}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0xe0}}, @rthdrdstopts={{0x30, 0x29, 0x37, {0x32, 0x2, '\x00', [@pad1, @hao={0xc9, 0x10, @mcast1}]}}}, @tclass={{0x14, 0x29, 0x43, 0x5}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x84, 0x0, '\x00', [@padn={0x1, 0x1, [0x0]}]}}}], 0x200}}], 0x1, 0x4)
sendmsg$NL80211_CMD_SET_PMK(r1, &(0x7f0000001140)={&(0x7f0000001000), 0xc, &(0x7f0000001100)={&(0x7f0000001040)={0xa0, 0x0, 0x300, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "6e15e7d0ca7e301cdbdb726602acf15e"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "82230a602f7d2cb54449d417993f0571"}, @NL80211_ATTR_PMK={0x14, 0xfe, "2e1cd86da7063d4dae16bec717cee967"}, @NL80211_ATTR_PMK={0x14, 0xfe, "55c5753e2a7882fb6d114c112e9e37d5"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "11bad8bf41b5378ebdf372ffed95f954"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "c6682c6f3c149e04c1240c8eade6f545"}]}, 0xa0}, 0x1, 0x0, 0x0, 0xa040}, 0x44045)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00')
getsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000001200)={@dev, @multicast1, <r10=>0x0}, &(0x7f0000001240)=0xc)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r9, &(0x7f0000001380)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x21b0088}, 0xc, &(0x7f0000001340)={&(0x7f0000001280)={0x90, 0x0, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x40088c4}, 0x4000001)
r11 = openat$sr(0xffffffffffffff9c, &(0x7f00000013c0), 0x210480, 0x0)
fsetxattr$security_capability(r11, &(0x7f0000001400), &(0x7f0000001440)=@v1={0x1000000, [{0xd5d9, 0x7fffffff}]}, 0xc, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f0000001500)={'ip6_vti0\x00', &(0x7f0000001480)={'ip6_vti0\x00', r3, 0x29, 0x2, 0x3f, 0x0, 0x6c, @mcast1, @mcast2, 0x1, 0x700, 0x3, 0x7}})

03:31:48 executing program 5:
ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, &(0x7f0000000000)=""/4096)
ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, &(0x7f0000001000)=0x1)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000001040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x7}}, './file0\x00'})
ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f0000001080)=""/201)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001180)='/proc/sysvipc/shm\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f00000011c0)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000001200)={{0x1, 0x1, 0x18, <r3=>r2, @out_args}, './file0\x00'})
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000001240), 0x202101, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r4, 0x80089419, &(0x7f0000001280))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000012c0)={{0x1, 0x1, 0x18, <r5=>r2, {0x0, 0xee01}}, './file0\x00'})
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000001300)=0x8)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000001340))
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000001440)=0x9)
ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0xb45)
r6 = inotify_init()
pwritev2(r6, &(0x7f0000001500)=[{&(0x7f0000001480)="be3683111f71bd6559e147f9ff91e494dc3afea945d01d8d400b51f35256d34fcc007de7c46e59dcd41e41567c73844e0b2b077eabcacf6ee0a3d4423691f35131b4cc9a275b10aef09ba780b2eb38c5d130b6f69d132cd6ec149c4895c633e0baeeb58181eb", 0x66}], 0x1, 0x80000000, 0x3, 0x8)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000001540)=@FILEID_BTRFS_WITH_PARENT_ROOT={0x28, 0x4e, {0x10001, 0x0, 0x0, 0x9, 0x4, 0x4}}, 0x800)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000001580)=""/4096)

[   67.381094] audit: type=1400 audit(1664076708.841:6): avc:  denied  { execmem } for  pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
03:31:48 executing program 7:
r0 = request_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='.\x00', 0xfffffffffffffffe)
add_key$user(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000140)="5f72d79554a2b237761f0a6e39663263e3fc28583eb9bfe676531963954427b4318b0cb00aa7ea724b3d1f95270e4059168b69aab2f0ba82dd3951dedd7e35cd3ff5c5cec3986c1cb596b03bb921809b485dd8c3f92fc1484fdbb88cad4e626dd095260397bb52c1d158332dc0d77c1653be3cec226168987c84d87c664f6cebb1f16730d28a7d102d1ebda67d5758b83fba88270de2f49171226850f392ad49a8414b46c3ebea46b8d54da52fba8e452552b0c77d1bcdbc4521039004a58057f2", 0xc1, r0)
add_key$fscrypt_provisioning(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, &(0x7f00000002c0)={0x0, 0x0, @c}, 0x29, r0)
r1 = add_key$keyring(&(0x7f0000000400), &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$fscrypt_provisioning(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000380)={0x3, 0x0, @a}, 0x48, r1)
add_key(&(0x7f0000000480)='keyring\x00', &(0x7f00000004c0)={'syz', 0x1}, &(0x7f0000000500)="b099725903d7580eaa7c8e77db95c5470ac06fa61b8c5e716411d87661a531cb118b49690f525cba5a18065a5df0e06ea2226959f20587edda92b3ec4bfaea35e61e0daec227411fc71a16fa69f3db9324b50e72c9670bbc80dd1c6d4ec674533e61b2d53e1a36fe64198a8cd7033d921feed802e988d45034507a78ab79563aaf8734b26b0775c2338b8796a335ebc5746ed5bb8ae22263faa87b145cc76ebdd9efbe", 0xa3, r1)
keyctl$unlink(0x9, 0x0, r1)
r3 = add_key$keyring(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r2, r3, r1, 0x0)
keyctl$setperm(0x5, r0, 0x2000000)
r4 = add_key$keyring(&(0x7f0000000700), &(0x7f0000000740)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
r5 = add_key(&(0x7f0000000640)='.dead\x00', &(0x7f0000000680)={'syz', 0x3}, &(0x7f00000006c0)="ccb2157d98847b", 0x7, r4)
r6 = request_key(&(0x7f0000000780)='keyring\x00', &(0x7f00000007c0)={'syz', 0x3}, &(0x7f0000000800)='%-\x00', 0xfffffffffffffffb)
add_key(&(0x7f0000000840)='syzkaller\x00', &(0x7f0000000880)={'syz', 0x1}, &(0x7f00000008c0), 0x0, r6)
r7 = request_key(&(0x7f0000000900)='rxrpc\x00', &(0x7f0000000940)={'syz', 0x3}, &(0x7f0000000980)='fscrypt-provisioning\x00', r5)
keyctl$KEYCTL_MOVE(0x1e, r2, r5, r7, 0x1)
request_key(&(0x7f00000009c0)='trusted\x00', &(0x7f0000000a00)={'syz', 0x2}, &(0x7f0000000a40)='[}@,\x00', r5)
request_key(&(0x7f0000000a80)='.dead\x00', &(0x7f0000000ac0)={'syz', 0x2}, &(0x7f0000000b00)='*/.\'\x00', r1)
keyctl$join(0x1, 0x0)
add_key$keyring(&(0x7f0000000b40), &(0x7f0000000b80)={'syz', 0x3}, 0x0, 0x0, 0x0)

03:31:48 executing program 6:
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0bc5310, &(0x7f0000000000))
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x3, 0x4}}, './file0\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000100)={0x3, 0x0, 0x0, 'queue0\x00', 0x2})
open_by_handle_at(r0, &(0x7f00000001c0)=@OVL_FILEID_V1={0x10f, 0xf8, {'\x00', {0x0, 0xfb, 0x10c, 0x6, 0x3f, "5267f9b7bc3f07316657b98225ec4bc9", "2dc869cf44e5501ce2db7b79df93c6e83d96eeaebec09c087029acb2aab02e772ec5a96a87f3928286bfccf3b0a89b02aab8013ced9d5b08f6e09da1fa2d2932a25d3c4cd43ea0ab0af46248bce7e87904f92de577c420766fff9fb676942918da1f844154ee57da08dfcf44ca5b22a3c06c3eaec2496e90e63ccc8b98cbd58c6a775120fc5add9b38c6853c8da53f2c5bd9d20a54aa4d5ee1adb417196b20db408fbbaed3640f7dd14463526c9e0937c03d13974abc289015bfad6304f24105ba6765087484d70864e28270af6982a04a27c2228e2be3aaea953c85452c34aa050b019257192cedeb429f92e6b98d6732a55f4e098afc"}}}, 0x2)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8c1}, 0x4000)
fcntl$addseals(r0, 0x409, 0x1)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000400)={{0x5, 0x7f}, 'port0\x00', 0x80, 0x30000, 0xff, 0x83, 0x7ff, 0x0, 0x9, 0x0, 0x6, 0x13})
ioctl$AUTOFS_IOC_PROTOVER(r0, 0x80049363, &(0x7f00000004c0))
r1 = accept(r0, &(0x7f0000000500)=@nfc_llcp, &(0x7f0000000580)=0x80)
ioctl$BTRFS_IOC_LOGICAL_INO(r1, 0xc0389424, &(0x7f0000000600)={0xbd, 0x28, '\x00', 0x0, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000640)={{0x1, 0x1, 0x18, <r2=>r0, {0xee01, 0xee00}}, './file0\x00'})
sendmsg$SEG6_CMD_GET_TUNSRC(r2, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x38, 0x0, 0x20, 0x70bd26, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}, @SEG6_ATTR_DST={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x5}]}, 0x38}}, 0x80)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r1)
sendmsg$DEVLINK_CMD_PORT_GET(r2, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x14, r3, 0x800, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4004880}, 0x4008881)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f00000008c0))
accept$packet(r2, &(0x7f0000000940)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000980)=0x14)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r1, 0x89fa, &(0x7f0000000a40)={'ip6_vti0\x00', &(0x7f00000009c0)={'syztnl1\x00', <r5=>0x0, 0x2f, 0x8, 0x81, 0x1, 0x71, @empty, @remote, 0x1, 0x20, 0x6}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000a80)={'vxcan1\x00', <r6=>0x0})
getsockname$packet(r0, &(0x7f0000000ac0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000b00)=0x14)
sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f0000004080)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000004040)={&(0x7f0000003780)={0x898, 0x0, 0x300, 0x70bd27, 0x25dfdbfd, {}, [{{0x8}, {0x110, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1ff}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8}, {0xf0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9a4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}]}}, {{0x8, 0x1, r5}, {0x1ec, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x56}}, {0x8, 0x7, 0x6}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x90b5}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x200}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r7}}, {0x8}}}]}}, {{0x8}, {0x220, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x12}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1f}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}, {0x8}}}]}}, {{0x8}, {0xcc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7ff}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8001}}}]}}]}, 0x898}, 0x1, 0x0, 0x0, 0x48080}, 0x4040)

[   68.696089] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   68.697730] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   68.699413] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   68.700524] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   68.704710] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   68.706272] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   68.707709] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   68.708843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   68.710160] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   68.714273] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   68.716386] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   68.717701] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   68.719310] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   68.721854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   68.726570] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   68.739696] Bluetooth: hci1: HCI_REQ-0x0c1a
[   68.747031] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   68.748043] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   68.750827] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   68.752327] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   68.753693] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   68.762320] Bluetooth: hci2: HCI_REQ-0x0c1a
[   68.769260] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   68.772998] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   68.775335] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   68.777408] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   68.777885] Bluetooth: hci0: HCI_REQ-0x0c1a
[   68.779431] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   68.780953] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   68.783138] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   68.784714] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   68.786314] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   68.792808] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   68.796044] Bluetooth: hci3: HCI_REQ-0x0c1a
[   68.803631] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   68.805002] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   68.807046] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   68.808327] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   68.809656] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   68.810984] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   68.815374] Bluetooth: hci4: HCI_REQ-0x0c1a
[   68.818952] Bluetooth: hci5: HCI_REQ-0x0c1a
[   68.833199] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   68.838887] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   68.843500] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   68.846862] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   68.851330] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   68.853911] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   68.855139] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   68.858442] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   68.864963] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   68.866166] Bluetooth: hci6: HCI_REQ-0x0c1a
[   68.878897] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   68.883861] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   68.885308] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   68.894773] Bluetooth: hci7: HCI_REQ-0x0c1a
[   70.773105] Bluetooth: hci1: command 0x0409 tx timeout
[   70.836726] Bluetooth: hci5: command 0x0409 tx timeout
[   70.837714] Bluetooth: hci2: command 0x0409 tx timeout
[   70.838461] Bluetooth: hci4: command 0x0409 tx timeout
[   70.839297] Bluetooth: hci3: command 0x0409 tx timeout
[   70.840038] Bluetooth: hci0: command 0x0409 tx timeout
[   70.900803] Bluetooth: hci6: command 0x0409 tx timeout
[   70.964735] Bluetooth: hci7: command 0x0409 tx timeout
[   72.821809] Bluetooth: hci1: command 0x041b tx timeout
[   72.885333] Bluetooth: hci0: command 0x041b tx timeout
[   72.885786] Bluetooth: hci3: command 0x041b tx timeout
[   72.886211] Bluetooth: hci4: command 0x041b tx timeout
[   72.886631] Bluetooth: hci2: command 0x041b tx timeout
[   72.887020] Bluetooth: hci5: command 0x041b tx timeout
[   72.948671] Bluetooth: hci6: command 0x041b tx timeout
[   73.012644] Bluetooth: hci7: command 0x041b tx timeout
[   74.868968] Bluetooth: hci1: command 0x040f tx timeout
[   74.932691] Bluetooth: hci5: command 0x040f tx timeout
[   74.933144] Bluetooth: hci2: command 0x040f tx timeout
[   74.933561] Bluetooth: hci4: command 0x040f tx timeout
[   74.934120] Bluetooth: hci3: command 0x040f tx timeout
[   74.934528] Bluetooth: hci0: command 0x040f tx timeout
[   74.996666] Bluetooth: hci6: command 0x040f tx timeout
[   75.060814] Bluetooth: hci7: command 0x040f tx timeout
[   76.916653] Bluetooth: hci1: command 0x0419 tx timeout
[   76.980731] Bluetooth: hci0: command 0x0419 tx timeout
[   76.981163] Bluetooth: hci3: command 0x0419 tx timeout
[   76.981560] Bluetooth: hci4: command 0x0419 tx timeout
[   76.982020] Bluetooth: hci2: command 0x0419 tx timeout
[   76.982428] Bluetooth: hci5: command 0x0419 tx timeout
[   77.044646] Bluetooth: hci6: command 0x0419 tx timeout
[   77.108654] Bluetooth: hci7: command 0x0419 tx timeout
03:32:43 executing program 2:
timerfd_create(0x0, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x40c0, 0x55)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
preadv2(r0, &(0x7f0000000440)=[{&(0x7f0000000200)=""/49, 0x31}, {&(0x7f00000003c0)=""/77, 0x4d}], 0x2, 0x1, 0x6, 0x9)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r0)
timerfd_gettime(r0, &(0x7f00000009c0))
r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r1, 0x0, 0x0, 0x0, 0x0)
preadv2(r1, &(0x7f0000000440), 0x0, 0x1, 0x6, 0x9)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r1)
timerfd_settime(r1, 0x1, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, &(0x7f0000000040))

03:32:43 executing program 2:
r0 = perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000100))
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_mreq(r2, 0x0, 0x0, &(0x7f0000000000)={@multicast1}, &(0x7f0000000080)=0x9a2e602e41634ae)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_mreq(r3, 0x0, 0x0, &(0x7f0000000000)={@multicast1}, &(0x7f0000000080)=0x9a2e602e41634ae)
getsockopt$inet_mreq(r3, 0x0, 0x20, &(0x7f0000000000)={@multicast1}, &(0x7f0000000080)=0x8)
getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000000), &(0x7f0000000040)=0x8)

[  122.163508] audit: type=1400 audit(1664076763.623:7): avc:  denied  { open } for  pid=3834 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  122.165271] audit: type=1400 audit(1664076763.623:8): avc:  denied  { kernel } for  pid=3834 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  122.203095] ------------[ cut here ]------------
[  122.203133] 
[  122.203138] ======================================================
[  122.203145] WARNING: possible circular locking dependency detected
[  122.203153] 6.0.0-rc6-next-20220923 #1 Not tainted
[  122.203167] ------------------------------------------------------
[  122.203174] syz-executor.2/3836 is trying to acquire lock:
[  122.203187] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  122.203261] 
[  122.203261] but task is already holding lock:
[  122.203266] ffff888040b63c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  122.203325] 
[  122.203325] which lock already depends on the new lock.
[  122.203325] 
[  122.203331] 
[  122.203331] the existing dependency chain (in reverse order) is:
[  122.203338] 
[  122.203338] -> #3 (&ctx->lock){....}-{2:2}:
[  122.203367]        _raw_spin_lock+0x2a/0x40
[  122.203407]        __perf_event_task_sched_out+0x53b/0x18d0
[  122.203435]        __schedule+0xedd/0x2470
[  122.203464]        preempt_schedule_common+0x45/0xc0
[  122.203495]        __cond_resched+0x17/0x30
[  122.203525]        __mutex_lock+0xa3/0x14d0
[  122.203556]        __do_sys_perf_event_open+0x1eec/0x32c0
[  122.203584]        do_syscall_64+0x3b/0x90
[  122.203626]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  122.203653] 
[  122.203653] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  122.203683]        _raw_spin_lock_nested+0x30/0x40
[  122.203722]        raw_spin_rq_lock_nested+0x1e/0x30
[  122.203749]        task_fork_fair+0x63/0x4d0
[  122.203785]        sched_cgroup_fork+0x3d0/0x540
[  122.203815]        copy_process+0x4183/0x6e20
[  122.203836]        kernel_clone+0xe7/0x890
[  122.203857]        user_mode_thread+0xad/0xf0
[  122.203879]        rest_init+0x24/0x250
[  122.203903]        arch_call_rest_init+0xf/0x14
[  122.203939]        start_kernel+0x4c1/0x4e6
[  122.203972]        secondary_startup_64_no_verify+0xe0/0xeb
[  122.204002] 
[  122.204002] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  122.204031]        _raw_spin_lock_irqsave+0x39/0x60
[  122.204071]        try_to_wake_up+0xab/0x1930
[  122.204100]        up+0x75/0xb0
[  122.204129]        __up_console_sem+0x6e/0x80
[  122.204162]        console_unlock+0x46a/0x590
[  122.204196]        vt_ioctl+0x2822/0x2ca0
[  122.204223]        tty_ioctl+0x7c4/0x1700
[  122.204247]        __x64_sys_ioctl+0x19a/0x210
[  122.204279]        do_syscall_64+0x3b/0x90
[  122.204315]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  122.204341] 
[  122.204341] -> #0 ((console_sem).lock){....}-{2:2}:
[  122.204371]        __lock_acquire+0x2a02/0x5e70
[  122.204407]        lock_acquire+0x1a2/0x530
[  122.204440]        _raw_spin_lock_irqsave+0x39/0x60
[  122.204481]        down_trylock+0xe/0x70
[  122.204512]        __down_trylock_console_sem+0x3b/0xd0
[  122.204547]        vprintk_emit+0x16b/0x560
[  122.204582]        vprintk+0x84/0xa0
[  122.204616]        _printk+0xba/0xf1
[  122.204638]        report_bug.cold+0x72/0xab
[  122.204673]        handle_bug+0x3c/0x70
[  122.204707]        exc_invalid_op+0x14/0x50
[  122.204743]        asm_exc_invalid_op+0x16/0x20
[  122.204768]        group_sched_out.part.0+0x2c7/0x460
[  122.204791]        ctx_sched_out+0x8f1/0xc10
[  122.204813]        __perf_event_task_sched_out+0x6d0/0x18d0
[  122.204841]        __schedule+0xedd/0x2470
[  122.204869]        preempt_schedule_common+0x45/0xc0
[  122.204901]        __cond_resched+0x17/0x30
[  122.204930]        __mutex_lock+0xa3/0x14d0
[  122.204961]        __do_sys_perf_event_open+0x1eec/0x32c0
[  122.204989]        do_syscall_64+0x3b/0x90
[  122.205025]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  122.205051] 
[  122.205051] other info that might help us debug this:
[  122.205051] 
[  122.205057] Chain exists of:
[  122.205057]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  122.205057] 
[  122.205089]  Possible unsafe locking scenario:
[  122.205089] 
[  122.205094]        CPU0                    CPU1
[  122.205098]        ----                    ----
[  122.205103]   lock(&ctx->lock);
[  122.205115]                                lock(&rq->__lock);
[  122.205129]                                lock(&ctx->lock);
[  122.205142]   lock((console_sem).lock);
[  122.205155] 
[  122.205155]  *** DEADLOCK ***
[  122.205155] 
[  122.205158] 2 locks held by syz-executor.2/3836:
[  122.205173]  #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  122.205236]  #1: ffff888040b63c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  122.205296] 
[  122.205296] stack backtrace:
[  122.205301] CPU: 0 PID: 3836 Comm: syz-executor.2 Not tainted 6.0.0-rc6-next-20220923 #1
[  122.205328] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  122.205344] Call Trace:
[  122.205351]  <TASK>
[  122.205359]  dump_stack_lvl+0x8b/0xb3
[  122.205397]  check_noncircular+0x263/0x2e0
[  122.205433]  ? format_decode+0x26c/0xb50
[  122.205467]  ? print_circular_bug+0x450/0x450
[  122.205504]  ? enable_ptr_key_workfn+0x20/0x20
[  122.205539]  ? lock_release+0x547/0x750
[  122.205575]  ? format_decode+0x26c/0xb50
[  122.205612]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  122.205650]  __lock_acquire+0x2a02/0x5e70
[  122.205697]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  122.205746]  lock_acquire+0x1a2/0x530
[  122.205782]  ? down_trylock+0xe/0x70
[  122.205819]  ? lock_release+0x750/0x750
[  122.205863]  ? vprintk+0x84/0xa0
[  122.205901]  _raw_spin_lock_irqsave+0x39/0x60
[  122.205943]  ? down_trylock+0xe/0x70
[  122.205977]  down_trylock+0xe/0x70
[  122.206011]  ? vprintk+0x84/0xa0
[  122.206048]  __down_trylock_console_sem+0x3b/0xd0
[  122.206085]  vprintk_emit+0x16b/0x560
[  122.206126]  vprintk+0x84/0xa0
[  122.206164]  _printk+0xba/0xf1
[  122.206188]  ? record_print_text.cold+0x16/0x16
[  122.206220]  ? perf_event_update_userpage+0x4e8/0x7c0
[  122.206249]  ? report_bug.cold+0x66/0xab
[  122.206288]  ? group_sched_out.part.0+0x2c7/0x460
[  122.206313]  report_bug.cold+0x72/0xab
[  122.206353]  handle_bug+0x3c/0x70
[  122.206391]  exc_invalid_op+0x14/0x50
[  122.206429]  asm_exc_invalid_op+0x16/0x20
[  122.206456] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  122.206485] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  122.206551] RSP: 0018:ffff88803f797978 EFLAGS: 00010006
[  122.206570] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  122.206587] RDX: ffff88800ff48000 RSI: ffffffff81564fb7 RDI: 0000000000000005
[  122.206604] RBP: ffff8880086685c8 R08: 0000000000000005 R09: 0000000000000001
[  122.206620] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888040b63c00
[  122.206636] R13: ffff88806ce3f000 R14: ffffffff85238040 R15: 0000000000000002
[  122.206660]  ? group_sched_out.part.0+0x2c7/0x460
[  122.206690]  ? group_sched_out.part.0+0x2c7/0x460
[  122.206719]  ctx_sched_out+0x8f1/0xc10
[  122.206747]  __perf_event_task_sched_out+0x6d0/0x18d0
[  122.206782]  ? lock_is_held_type+0xd7/0x130
[  122.206811]  ? __perf_cgroup_move+0x160/0x160
[  122.206838]  ? set_next_entity+0x304/0x550
[  122.206876]  ? update_curr+0x267/0x740
[  122.206916]  ? lock_is_held_type+0xd7/0x130
[  122.206946]  __schedule+0xedd/0x2470
[  122.206982]  ? io_schedule_timeout+0x150/0x150
[  122.207015]  ? find_held_lock+0x2c/0x110
[  122.207050]  ? lock_is_held_type+0xd7/0x130
[  122.207078]  ? __cond_resched+0x17/0x30
[  122.207111]  preempt_schedule_common+0x45/0xc0
[  122.207146]  __cond_resched+0x17/0x30
[  122.207177]  __mutex_lock+0xa3/0x14d0
[  122.207213]  ? lock_is_held_type+0xd7/0x130
[  122.207240]  ? __do_sys_perf_event_open+0x1eec/0x32c0
[  122.207273]  ? mutex_lock_io_nested+0x1310/0x1310
[  122.207309]  ? lock_release+0x3b2/0x750
[  122.207346]  ? __up_read+0x192/0x730
[  122.207378]  ? up_write+0x520/0x520
[  122.207410]  ? _raw_spin_unlock_irqrestore+0x28/0x60
[  122.207440]  __do_sys_perf_event_open+0x1eec/0x32c0
[  122.207476]  ? __up_read+0x192/0x730
[  122.207506]  ? perf_compat_ioctl+0x130/0x130
[  122.207535]  ? up_write+0x520/0x520
[  122.207574]  ? syscall_enter_from_user_mode+0x1d/0x50
[  122.207604]  ? syscall_enter_from_user_mode+0x1d/0x50
[  122.207637]  do_syscall_64+0x3b/0x90
[  122.207675]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  122.207704] RIP: 0033:0x7fd203f43b19
[  122.207722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  122.207746] RSP: 002b:00007fd2014b9188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  122.207769] RAX: ffffffffffffffda RBX: 00007fd204056f60 RCX: 00007fd203f43b19
[  122.207786] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000080
[  122.207803] RBP: 00007fd203f9df6d R08: 0000000000000000 R09: 0000000000000000
[  122.207818] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  122.207834] R13: 00007ffc477ac94f R14: 00007fd2014b9300 R15: 0000000000022000
[  122.207863]  </TASK>
[  122.319388] WARNING: CPU: 0 PID: 3836 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  122.320593] Modules linked in:
[  122.321040] CPU: 0 PID: 3836 Comm: syz-executor.2 Not tainted 6.0.0-rc6-next-20220923 #1
[  122.322127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  122.323617] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  122.324356] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  122.326755] RSP: 0018:ffff88803f797978 EFLAGS: 00010006
[  122.327450] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  122.328380] RDX: ffff88800ff48000 RSI: ffffffff81564fb7 RDI: 0000000000000005
[  122.329307] RBP: ffff8880086685c8 R08: 0000000000000005 R09: 0000000000000001
[  122.330249] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888040b63c00
[  122.331182] R13: ffff88806ce3f000 R14: ffffffff85238040 R15: 0000000000000002
[  122.332113] FS:  00007fd2014b9700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  122.333178] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  122.333989] CR2: 00007f82b51f31f0 CR3: 000000004098e000 CR4: 0000000000350ef0
[  122.334978] Call Trace:
[  122.335340]  <TASK>
[  122.335663]  ctx_sched_out+0x8f1/0xc10
[  122.336205]  __perf_event_task_sched_out+0x6d0/0x18d0
[  122.336915]  ? lock_is_held_type+0xd7/0x130
[  122.337500]  ? __perf_cgroup_move+0x160/0x160
[  122.338093]  ? set_next_entity+0x304/0x550
[  122.338700]  ? update_curr+0x267/0x740
[  122.339226]  ? lock_is_held_type+0xd7/0x130
[  122.339825]  __schedule+0xedd/0x2470
[  122.340351]  ? io_schedule_timeout+0x150/0x150
[  122.340991]  ? find_held_lock+0x2c/0x110
[  122.341558]  ? lock_is_held_type+0xd7/0x130
[  122.342147]  ? __cond_resched+0x17/0x30
[  122.342722]  preempt_schedule_common+0x45/0xc0
[  122.343354]  __cond_resched+0x17/0x30
[  122.343890]  __mutex_lock+0xa3/0x14d0
[  122.344423]  ? lock_is_held_type+0xd7/0x130
[  122.345018]  ? __do_sys_perf_event_open+0x1eec/0x32c0
[  122.345721]  ? mutex_lock_io_nested+0x1310/0x1310
[  122.346388]  ? lock_release+0x3b2/0x750
[  122.346959]  ? __up_read+0x192/0x730
[  122.347482]  ? up_write+0x520/0x520
[  122.347992]  ? _raw_spin_unlock_irqrestore+0x28/0x60
[  122.348669]  __do_sys_perf_event_open+0x1eec/0x32c0
[  122.349372]  ? __up_read+0x192/0x730
[  122.349901]  ? perf_compat_ioctl+0x130/0x130
[  122.350517]  ? up_write+0x520/0x520
[  122.351019]  ? syscall_enter_from_user_mode+0x1d/0x50
[  122.351699]  ? syscall_enter_from_user_mode+0x1d/0x50
[  122.352398]  do_syscall_64+0x3b/0x90
[  122.352905]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  122.353578] RIP: 0033:0x7fd203f43b19
[  122.354071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  122.356448] RSP: 002b:00007fd2014b9188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  122.357473] RAX: ffffffffffffffda RBX: 00007fd204056f60 RCX: 00007fd203f43b19
[  122.358435] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000080
[  122.359401] RBP: 00007fd203f9df6d R08: 0000000000000000 R09: 0000000000000000
[  122.360360] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  122.361319] R13: 00007ffc477ac94f R14: 00007fd2014b9300 R15: 0000000000022000
[  122.362293]  </TASK>
[  122.362635] irq event stamp: 440
[  122.363101] hardirqs last  enabled at (439): [<ffffffff84270c88>] _raw_spin_unlock_irqrestore+0x28/0x60
[  122.364340] hardirqs last disabled at (440): [<ffffffff84259645>] __schedule+0x1225/0x2470
[  122.365461] softirqs last  enabled at (436): [<ffffffff8116fa8b>] __irq_exit_rcu+0x11b/0x180
[  122.366573] softirqs last disabled at (427): [<ffffffff8116fa8b>] __irq_exit_rcu+0x11b/0x180
[  122.367693] ---[ end trace 0000000000000000 ]---
[  122.451723] audit: type=1400 audit(1664076763.911:9): avc:  denied  { write } for  pid=3834 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
03:32:43 executing program 2:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f00000004c0)=[{0x0, 0x0, 0x8001}])
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000080)={0x1f, 0x40, '\x00', 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r1 = memfd_secret(0x0)
ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000000))

[  122.537882] loop2: detected capacity change from 0 to 128
03:32:44 executing program 2:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f00000004c0)=[{0x0, 0x0, 0x8001}])
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000080)={0x1f, 0x40, '\x00', 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r1 = memfd_secret(0x0)
ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000000))

03:32:44 executing program 2:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f00000004c0)=[{0x0, 0x0, 0x8001}])
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000080)={0x1f, 0x40, '\x00', 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r1 = memfd_secret(0x0)
ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000000))

[  122.906551] loop2: detected capacity change from 0 to 128
03:32:44 executing program 2:
r0 = semget$private(0x0, 0x3, 0x600)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000200)=[0xff, 0x7, 0xff, 0x5])
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={<r1=>0x0}, &(0x7f0000000080)=0xc)
waitid(0x2, r1, &(0x7f0000000240), 0x1000000, &(0x7f00000000c0))
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cgroups\x00', 0x0, 0x0)

03:32:44 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x80)
syz_open_dev$sg(&(0x7f0000000080), 0x3, 0xc0)
ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000040))

03:32:44 executing program 1:
sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, 0x0, 0x24005004)
sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='freezer.self_freezing\x00', 0x0, 0x0)
syz_genetlink_get_family_id$team(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000540))
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000580))
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0))
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000800))
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000900)={'syztnl2\x00', 0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000a00)={{{@in=@private, @in=@multicast1}}, {{@in6=@private0}, 0x0, @in=@multicast2}}, 0x0)
recvmmsg(r0, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/242, 0xf2}, {&(0x7f0000000100)=""/185, 0xb9}, {&(0x7f00000001c0)=""/79, 0x4f}], 0x3, &(0x7f0000000280)=""/134, 0x86}, 0x100}, {{&(0x7f0000000340)=@nfc_llcp, 0x80, &(0x7f0000000480)=[{&(0x7f00000003c0)=""/39, 0x27}], 0x1}, 0x4}], 0x2, 0x2100, &(0x7f0000000500)={0x77359400})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r1, 0x0, 0x0, 0x0, 0x0)
preadv2(r1, &(0x7f0000000440)=[{&(0x7f0000000200)=""/49, 0x31}, {&(0x7f00000003c0)=""/77, 0x4d}], 0x2, 0x1, 0x6, 0x9)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r1)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000006c0), r0)
sendmsg$TIPC_NL_LINK_RESET_STATS(r1, &(0x7f0000000880)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000840)={&(0x7f0000000700)={0xd4, r2, 0x800, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x3c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x2, @private2, 0xc34}}, {0x14, 0x2, @in={0x2, 0x4e24, @empty}}}}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3f}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x82c}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1f}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1f}, @TIPC_NLA_PUBL_TYPE={0x8}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7f}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x20004005}, 0x1)


VM DIAGNOSIS:
03:32:43  Registers:
info registers vcpu 0
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822b17e1 RDI=ffffffff87645be0 RBP=ffffffff87645ba0 RSP=ffff88803f7973c8
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000020 R11=0000000000000001
R12=0000000000000020 R13=ffffffff87645ba0 R14=0000000000000010 R15=ffffffff822b17d0
RIP=ffffffff822b1839 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fd2014b9700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f82b51f31f0 CR3=000000004098e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f
YMM01=0000000000000000 0000000000000000 6461657268747062 696c2f756e672d78
YMM02=0000000000000000 0000000000000000 00302e6f732e6461 657268747062696c
YMM03=0000000000000000 0000000000000000 2f756e672d78756e 696c2d34365f3638
YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=dffffc0000000000 RBX=ffffffff8111a2ec RCX=1ffffffff0e0b8e0 RDX=1ffff11001fe9c74
RSI=ffffffff8135a03c RDI=ffff88800ff4e3a0 RBP=ffff88800ff4d040 RSP=ffff88802042f4b0
R8 =ffffffff85e30d1c R9 =ffffffff85e30d20 R10=ffffed1004085eb6 R11=ffff88802042f588
R12=ffff88802042f610 R13=0000000000000000 R14=ffff88802042f548 R15=ffff888007c75000
RIP=ffffffff812052a1 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f29764f34a1 CR3=000000000f918000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000