Warning: Permanently added '[localhost]:44520' (ECDSA) to the list of known hosts. 2022/09/30 05:35:44 fuzzer started 2022/09/30 05:35:44 dialing manager at localhost:40535 syzkaller login: [ 43.676141] cgroup: Unknown subsys name 'net' [ 43.757378] cgroup: Unknown subsys name 'rlimit' 2022/09/30 05:35:56 syscalls: 2215 2022/09/30 05:35:56 code coverage: enabled 2022/09/30 05:35:56 comparison tracing: enabled 2022/09/30 05:35:56 extra coverage: enabled 2022/09/30 05:35:56 setuid sandbox: enabled 2022/09/30 05:35:56 namespace sandbox: enabled 2022/09/30 05:35:56 Android sandbox: enabled 2022/09/30 05:35:56 fault injection: enabled 2022/09/30 05:35:56 leak checking: enabled 2022/09/30 05:35:56 net packet injection: enabled 2022/09/30 05:35:56 net device setup: enabled 2022/09/30 05:35:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/30 05:35:56 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/30 05:35:56 USB emulation: enabled 2022/09/30 05:35:56 hci packet injection: enabled 2022/09/30 05:35:56 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220929) 2022/09/30 05:35:56 802.15.4 emulation: enabled 2022/09/30 05:35:57 fetching corpus: 50, signal 28788/30499 (executing program) 2022/09/30 05:35:57 fetching corpus: 100, signal 39592/42787 (executing program) 2022/09/30 05:35:57 fetching corpus: 150, signal 48315/52830 (executing program) 2022/09/30 05:35:57 fetching corpus: 200, signal 52920/58798 (executing program) 2022/09/30 05:35:57 fetching corpus: 250, signal 59129/66197 (executing program) 2022/09/30 05:35:58 fetching corpus: 300, signal 64353/72525 (executing program) 2022/09/30 05:35:58 fetching corpus: 350, signal 68373/77653 (executing program) 2022/09/30 05:35:58 fetching corpus: 400, signal 73066/83283 (executing program) 2022/09/30 05:35:58 fetching corpus: 450, signal 77218/88394 (executing program) 2022/09/30 05:35:58 fetching corpus: 500, signal 80935/92967 (executing program) 2022/09/30 05:35:58 fetching corpus: 550, signal 85144/97899 (executing program) 2022/09/30 05:35:58 fetching corpus: 600, signal 88677/102167 (executing program) 2022/09/30 05:35:58 fetching corpus: 650, signal 91299/105605 (executing program) 2022/09/30 05:35:59 fetching corpus: 700, signal 95190/110058 (executing program) 2022/09/30 05:35:59 fetching corpus: 750, signal 97403/112993 (executing program) 2022/09/30 05:35:59 fetching corpus: 800, signal 100119/116311 (executing program) 2022/09/30 05:35:59 fetching corpus: 850, signal 102299/119138 (executing program) 2022/09/30 05:35:59 fetching corpus: 900, signal 105366/122712 (executing program) 2022/09/30 05:35:59 fetching corpus: 950, signal 107463/125425 (executing program) 2022/09/30 05:35:59 fetching corpus: 1000, signal 108559/127250 (executing program) 2022/09/30 05:35:59 fetching corpus: 1050, signal 110921/130063 (executing program) 2022/09/30 05:36:00 fetching corpus: 1100, signal 112923/132549 (executing program) 2022/09/30 05:36:00 fetching corpus: 1150, signal 114785/134887 (executing program) 2022/09/30 05:36:00 fetching corpus: 1200, signal 117326/137738 (executing program) 2022/09/30 05:36:00 fetching corpus: 1250, signal 118226/139242 (executing program) 2022/09/30 05:36:00 fetching corpus: 1300, signal 119506/141030 (executing program) 2022/09/30 05:36:00 fetching corpus: 1350, signal 121473/143305 (executing program) 2022/09/30 05:36:00 fetching corpus: 1400, signal 123698/145690 (executing program) 2022/09/30 05:36:00 fetching corpus: 1450, signal 124880/147308 (executing program) 2022/09/30 05:36:01 fetching corpus: 1500, signal 126636/149328 (executing program) 2022/09/30 05:36:01 fetching corpus: 1550, signal 127722/150806 (executing program) 2022/09/30 05:36:01 fetching corpus: 1600, signal 129053/152462 (executing program) 2022/09/30 05:36:01 fetching corpus: 1650, signal 130151/153985 (executing program) 2022/09/30 05:36:01 fetching corpus: 1700, signal 131147/155384 (executing program) 2022/09/30 05:36:01 fetching corpus: 1750, signal 132601/157121 (executing program) 2022/09/30 05:36:01 fetching corpus: 1800, signal 133462/158356 (executing program) 2022/09/30 05:36:01 fetching corpus: 1850, signal 136295/160846 (executing program) 2022/09/30 05:36:01 fetching corpus: 1900, signal 137148/162099 (executing program) 2022/09/30 05:36:02 fetching corpus: 1950, signal 138034/163330 (executing program) 2022/09/30 05:36:02 fetching corpus: 2000, signal 139309/164756 (executing program) 2022/09/30 05:36:02 fetching corpus: 2050, signal 140431/166083 (executing program) 2022/09/30 05:36:02 fetching corpus: 2100, signal 141655/167432 (executing program) 2022/09/30 05:36:02 fetching corpus: 2150, signal 142886/168773 (executing program) 2022/09/30 05:36:02 fetching corpus: 2200, signal 143962/169979 (executing program) 2022/09/30 05:36:02 fetching corpus: 2250, signal 145153/171238 (executing program) 2022/09/30 05:36:02 fetching corpus: 2300, signal 145811/172186 (executing program) 2022/09/30 05:36:03 fetching corpus: 2350, signal 147057/173451 (executing program) 2022/09/30 05:36:03 fetching corpus: 2400, signal 147954/174490 (executing program) 2022/09/30 05:36:03 fetching corpus: 2450, signal 149129/175620 (executing program) 2022/09/30 05:36:03 fetching corpus: 2500, signal 150272/176675 (executing program) 2022/09/30 05:36:03 fetching corpus: 2550, signal 151702/177997 (executing program) 2022/09/30 05:36:03 fetching corpus: 2600, signal 152945/179135 (executing program) 2022/09/30 05:36:03 fetching corpus: 2650, signal 154029/180141 (executing program) 2022/09/30 05:36:03 fetching corpus: 2700, signal 154738/180949 (executing program) 2022/09/30 05:36:03 fetching corpus: 2750, signal 155242/181638 (executing program) 2022/09/30 05:36:04 fetching corpus: 2800, signal 155951/182445 (executing program) 2022/09/30 05:36:04 fetching corpus: 2850, signal 156895/183384 (executing program) 2022/09/30 05:36:04 fetching corpus: 2900, signal 157859/184303 (executing program) 2022/09/30 05:36:04 fetching corpus: 2950, signal 158935/185171 (executing program) 2022/09/30 05:36:04 fetching corpus: 3000, signal 160130/186102 (executing program) 2022/09/30 05:36:04 fetching corpus: 3050, signal 161508/187143 (executing program) 2022/09/30 05:36:04 fetching corpus: 3100, signal 162346/187878 (executing program) 2022/09/30 05:36:04 fetching corpus: 3150, signal 163184/188586 (executing program) 2022/09/30 05:36:04 fetching corpus: 3200, signal 164054/189331 (executing program) 2022/09/30 05:36:05 fetching corpus: 3250, signal 164942/190030 (executing program) 2022/09/30 05:36:05 fetching corpus: 3300, signal 165928/190761 (executing program) 2022/09/30 05:36:05 fetching corpus: 3350, signal 166647/191411 (executing program) 2022/09/30 05:36:05 fetching corpus: 3400, signal 167117/191934 (executing program) 2022/09/30 05:36:05 fetching corpus: 3450, signal 168020/192550 (executing program) 2022/09/30 05:36:05 fetching corpus: 3500, signal 169534/193539 (executing program) 2022/09/30 05:36:05 fetching corpus: 3550, signal 170723/194399 (executing program) 2022/09/30 05:36:05 fetching corpus: 3600, signal 171189/194879 (executing program) 2022/09/30 05:36:05 fetching corpus: 3650, signal 171935/195409 (executing program) 2022/09/30 05:36:06 fetching corpus: 3700, signal 172929/195971 (executing program) 2022/09/30 05:36:06 fetching corpus: 3750, signal 173837/196497 (executing program) 2022/09/30 05:36:06 fetching corpus: 3800, signal 174402/196940 (executing program) 2022/09/30 05:36:06 fetching corpus: 3850, signal 175234/197456 (executing program) 2022/09/30 05:36:06 fetching corpus: 3900, signal 175889/197878 (executing program) 2022/09/30 05:36:06 fetching corpus: 3950, signal 176651/198311 (executing program) 2022/09/30 05:36:06 fetching corpus: 4000, signal 177646/198800 (executing program) 2022/09/30 05:36:06 fetching corpus: 4050, signal 178210/199188 (executing program) 2022/09/30 05:36:07 fetching corpus: 4100, signal 178803/199582 (executing program) 2022/09/30 05:36:07 fetching corpus: 4150, signal 179540/199978 (executing program) 2022/09/30 05:36:07 fetching corpus: 4200, signal 180493/200389 (executing program) 2022/09/30 05:36:07 fetching corpus: 4250, signal 181256/201053 (executing program) 2022/09/30 05:36:07 fetching corpus: 4300, signal 181792/201383 (executing program) 2022/09/30 05:36:07 fetching corpus: 4350, signal 182936/201960 (executing program) 2022/09/30 05:36:07 fetching corpus: 4400, signal 184162/202314 (executing program) 2022/09/30 05:36:07 fetching corpus: 4450, signal 184728/202570 (executing program) 2022/09/30 05:36:08 fetching corpus: 4500, signal 185600/202915 (executing program) 2022/09/30 05:36:08 fetching corpus: 4550, signal 186387/203164 (executing program) 2022/09/30 05:36:08 fetching corpus: 4600, signal 187621/203484 (executing program) 2022/09/30 05:36:08 fetching corpus: 4650, signal 188071/203721 (executing program) 2022/09/30 05:36:08 fetching corpus: 4700, signal 189132/203974 (executing program) 2022/09/30 05:36:08 fetching corpus: 4750, signal 189689/204174 (executing program) 2022/09/30 05:36:08 fetching corpus: 4800, signal 190075/204344 (executing program) 2022/09/30 05:36:08 fetching corpus: 4850, signal 190631/204556 (executing program) 2022/09/30 05:36:08 fetching corpus: 4871, signal 190739/204720 (executing program) 2022/09/30 05:36:08 fetching corpus: 4871, signal 190739/204885 (executing program) 2022/09/30 05:36:08 fetching corpus: 4871, signal 190739/205030 (executing program) 2022/09/30 05:36:08 fetching corpus: 4871, signal 190739/205107 (executing program) 2022/09/30 05:36:08 fetching corpus: 4871, signal 190739/205107 (executing program) 2022/09/30 05:36:11 starting 8 fuzzer processes 05:36:11 executing program 0: sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40805}, 0x24002000) r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000100)='.pending_reads\x00', 0x80100, 0x2) sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x68, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {{}, {}, {0x4c, 0x18, {0x0, @link='syz0\x00'}}}, ["", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x881) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r0, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x0, 0x10, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x600e0}, 0x8000) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x74, r1, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_DEVKEY={0x18, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xdc97ec32f83b9e29}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x20008045) sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, 0x0, 0x4, 0x70bd26, 0x25dfdbfd, {{}, {@void, @void, @void}}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x20000814) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_REMOVE(r3, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x28, 0x0, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_MGMT_A_DOMAIN={0x9, 0x1, 'syz0\x00'}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x2c}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000780), r3) sendmsg$NL802154_CMD_SET_CHANNEL(r4, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x1c, r5, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x4000000) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000880), r6) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), r3) sendmsg$NL802154_CMD_GET_WPAN_PHY(r4, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x14, r7, 0x100, 0x70bd29, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x8c0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CCA_MODE(r8, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x1c, r1, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004050}, 0x20000000) sendmsg$NL802154_CMD_SET_SHORT_ADDR(r3, &(0x7f0000000bc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x38, r7, 0x20, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa0}]}, 0x38}, 0x1, 0x0, 0x0, 0x40005}, 0x8000) 05:36:11 executing program 1: ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x3, 0x3f, 0x657b}) write$P9_RRENAME(r0, &(0x7f0000000040)={0x7, 0x15, 0x1}, 0x7) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000080)) r1 = ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f00000000c0)={0x0, 0x7f, 0x0, [0x1ff, 0x9, 0x101, 0x100000000, 0x7], [0x4a, 0x80000000, 0xfff, 0x7fff, 0xec, 0x0, 0x7, 0x6, 0x7, 0x7, 0x200, 0x400, 0x8, 0xb9, 0x3d, 0x6, 0x3f, 0x0, 0x200, 0x1, 0x8, 0x3, 0xff, 0x9057, 0x3, 0xfffffffffffffffd, 0x7ff, 0x6, 0x100, 0x3e3, 0x7fffffff, 0x9, 0x100000000, 0x7, 0x80000001, 0x6, 0x81, 0x7, 0xe8c8, 0x200, 0x9, 0x1f, 0x5, 0x1ff, 0x91, 0x80000001, 0x86c, 0x7fff, 0x7, 0x3, 0x40, 0x2, 0x7fffffff, 0x7ff00000000, 0x7, 0x7ff, 0xfffffffffffffff7, 0x158, 0x9, 0x86e8, 0xffff, 0x0, 0x5, 0xfff, 0x8, 0xb93, 0x3f, 0x7, 0x9, 0x9, 0x7, 0x0, 0x5, 0x4, 0x4, 0x9, 0x3, 0x81, 0x100000000, 0x6, 0x0, 0x400, 0x2, 0x0, 0x2, 0x0, 0x8, 0x7b55d6f0, 0xca, 0x101, 0x100, 0x2, 0x81, 0x6, 0x8000, 0x3f, 0x1000, 0x9e, 0x9, 0x75, 0x1, 0x7ff, 0x2, 0x400, 0x11620000, 0x5, 0x5, 0x2, 0xc23cda3, 0x200, 0x64, 0x7, 0xbc6f, 0x2, 0x9, 0xfff, 0xe6, 0x14000000000, 0xfffffffffffffffa, 0x8, 0x67b4]}) ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000f40)={0x4, 0x0, {0x3, @usage=0xea09, 0x0, 0x7, 0xd2, 0x1000, 0xd1, 0x3, 0x40, @usage=0x80, 0x4, 0xdea, [0x10001, 0x80, 0x7, 0xad22, 0x8, 0x1a]}, {0x6, @usage=0x7d257369, 0x0, 0x400, 0xeb, 0x10000000000, 0x91b3, 0x5, 0x402, @struct={0x9, 0x200}, 0x4, 0x5, [0x7f, 0x9, 0x2, 0x10001, 0x9, 0x5]}, {0x1, @usage, 0x0, 0x10001, 0x7, 0x0, 0x1, 0xfff, 0xe, @struct={0x8, 0x40}, 0x400, 0x7, [0x9, 0x5, 0x9, 0xffffffff, 0x80, 0x81]}, {0x72, 0xd50, 0x9}}) ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000001340)={0x14, 0xd, {0x3, @usage=0xdf3a, r2, 0x9, 0x3f, 0x7, 0x4, 0x1, 0xd4, @struct={0x9, 0x5}, 0x6, 0x10001, [0x2, 0x4, 0x1, 0x20, 0x8, 0x10001]}, {0x9, @usage=0x8001, 0x0, 0x40, 0x2, 0x100000000, 0x8, 0x2, 0x400, @struct={0x400, 0x8}, 0x9, 0x80, [0x9ab, 0x5, 0x80000000, 0xabb, 0xfff, 0xfffffffffffffff7]}, {0x4, @struct={0x6, 0x4}, r3, 0x3, 0x0, 0xffffffffffffffab, 0x608, 0x100, 0x5c4, @struct={0x81, 0x8}, 0x6, 0x1, [0x7fff, 0x401, 0x2, 0x5, 0x1, 0xda03]}, {0x7ff, 0x400, 0x100}}) r4 = open$dir(&(0x7f0000001740)='./file0\x00', 0x402080, 0x104) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000001780)={r0, 0x80000000, 0x6, 0x1}) ioctl$BTRFS_IOC_SEND(r4, 0x40489426, &(0x7f0000001800)={{r5}, 0x1, &(0x7f00000017c0)=[0x3], 0x6, 0x7, [0x0, 0x80000000, 0x1e09, 0x7]}) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f00000018c0)={0x5, 0x80, 0x81, 0x1f, 0x25, 0x40, 0x0, 0x6, 0x10080, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7f, 0x1, @perf_bp={&(0x7f0000001880), 0x8}, 0x4002, 0x3ffc0, 0x3, 0x3, 0x3ff, 0xfffffff9, 0x1, 0x0, 0x3, 0x0, 0x7fffffff}) close(r4) r6 = ioctl$TUNGETDEVNETNS(r5, 0x54e3, 0x0) fsetxattr$trusted_overlay_origin(r6, &(0x7f0000001940), &(0x7f0000001980), 0x2, 0x1) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0) fallocate(r6, 0x72, 0x7, 0x100000001) getsockopt$bt_BT_FLUSHABLE(r5, 0x112, 0x8, &(0x7f00000019c0)=0x80000001, &(0x7f0000001a00)=0x4) r7 = accept$inet6(r0, &(0x7f0000001a40)={0xa, 0x0, 0x0, @dev}, &(0x7f0000001a80)=0x1c) ioctl$FS_IOC_SETVERSION(r7, 0x40087602, &(0x7f0000001ac0)=0x4) 05:36:11 executing program 2: ioctl$KDENABIO(0xffffffffffffffff, 0x4b36) fstatfs(0xffffffffffffffff, &(0x7f0000000000)=""/41) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000040)=""/242) r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r1, 0xf501, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r1, 0xc038943b, &(0x7f0000000180)={0x1, 0x8, '\x00', 0x0, &(0x7f0000000140)=[0x0]}) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(0xffffffffffffffff, &(0x7f0000000e00)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000200)={0xbbc, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xa2, 0x4e}}}}, [@fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x5}, @NL80211_ATTR_FILS_ERP_RRK={0xd6, 0xfc, "281998dbc5b420d45af5e7656a225847254855c1c006e0448bcb78791dda26739e3f017a2db317ae22724eec4743ff96db9217195ee669f561ed2f87177759f1d0f9d2538cbfe04b27c899649a63c3651ec2707dd72895e952d4dd64eb33a2499d3e6c113995f30100104d6f8069733115f7555295e7745a88c7548fa5913af882f487122931e34365a7c5b87d92fa8a80283d0103699da7af980b39e392456080ca701848681c4d5d4da51d64529a81f16dbc7b19e55469b4fe7392879198b03d17e1ed46513a7245d118fdb3e148d43b77"}, @NL80211_ATTR_FILS_ERP_REALM={0x9, 0xfa, "7234b9540a"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x6, 0xf9, "bd4d"}, @NL80211_ATTR_FILS_ERP_RRK={0x26, 0xfc, "06acd9391c926e8333a8ad9dc0e74eaa94257cabc62805c489ec5310d85358fe0286"}, @NL80211_ATTR_FILS_ERP_RRK={0x8a, 0xfc, "43cbaf2213aa3079a05343673c57ccca5177809cbf9192c7d0519f1dfcb20e813a4ed1b71e04d930836abaf0158e5c0fa410cb513afda632e82a0a2179b2e61361f64327b576a3ee084e3329d4dc119333fc3f7e18d5284a1310e370a97e3028d7b062092da4df41e514bc86e6b2230f509bc2255166ba3bfa633cee9be71c74c99946ee82d3"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x11, 0xf9, "ae5bfd6ebfc0b76894ceaffcda"}, @NL80211_ATTR_FILS_ERP_REALM={0xe6, 0xfa, "a217d9e98158776873b834b9c06065e2f0c52e40c42a9df1d01a486d6a5ead40c61f9124c2843cab2784df61880f7d2840606d9bc04346b28a19a1b0f9b6819bf5b9153ec5fe19d0dba9c909bb01fc555e072feafb60a00855f3a7a770c7dd5458c4000a9a852e7136513b6c4496a7b8e33729838cbbc09d34913b2a86662140c2f8195b128edd425afc3edb930cd11247a8a49d63996c014ce8d1271bb344fbd183490409fcbceaf58bfd333a118dabc882ca9e1d9cdb0d1161955971299ed29a1441ca4a904f4625398382afabf85edbee5f847b7c912685e4aa9719fecc82f6ba"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x9, 0xf9, "54550de86d"}, @NL80211_ATTR_FILS_ERP_REALM={0x72, 0xfa, "b61c38cccbbabd3902a72c332604a8138b45f9bae39e23a0b3343f1a789618d9facec8f8d1e6e94ab015b2faca6520b60718ba43830a13cb61f171d671aa62f7cc883dba3e210e6089c6118191dd071c33cb7d2945cf7a217b69cec9041106738c6a1b7d22762aba76787c153ab2"}], @fils_params=[@NL80211_ATTR_FILS_ERP_RRK={0xf1, 0xfc, "a4e5bf52b524a6933645dbb283e1537f2577e32154ab5a463d9bb84610ca4b74cb78bd4732de8d81790ecb61b1e3ef34355b6e019005bbf5466485b1430026c893974f2177cde72594225762fabe71bf16d3decf98d17777a5de484d167b6154c8d1b03df3ef491ab0005cdd571f98c4577f34be2c33acada57e8954ac14913fd4c026750e7092c20ccb21b9b3d5fdbd75cebfce809c9e77d199e45a0a411bffe39115133b5f306582c1e8b4900ccbc70fcd1ee45c16cada9f467ed910ad0c8d6cd0fcd42403968c8a711cc254b4a6c0f9aeb27e663a70b898e5cbfef034135861460fe4c37f40519470b0027b"}, @NL80211_ATTR_FILS_ERP_REALM={0x53, 0xfa, "5c4c71e1ddfb88cb04d38f35572fea1bdc5b6ddb69f2360f865fc342e25b0e446c927c4338b8f9ca185eaa6532e0ae876149940bc7e1fddffef89ae4ec25c52e3ee22797a2c03e0ce4318d8cb83df1"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x101}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x80}], @fils_params=[@NL80211_ATTR_FILS_ERP_REALM={0x35, 0xfa, "10ad2c5b6a85887b09a0fb319a08ea4a0d9d7e4e38d27db6e86376c28f391fb21cd79fea8c06d173dc514a0917f556f8fc"}, @NL80211_ATTR_FILS_ERP_RRK={0x74, 0xfc, "dff4dcc615c7dda3a961faf0b0e04d7a491f6915ee36bf681ba3b05955bbb3e6d573712fcd5138fbb5454e49bf78174237042a5f1bc20f009691b72585cfc8561bbe27b09df20a940708fccde11bed279be454264f0104cbbcefd09163ed3b18e984e96420b5aabd5f1827e8f9768e76"}], @NL80211_ATTR_IE={0x1a1, 0x2a, [@cf={0x4, 0x6, {0x19, 0x0, 0x9, 0x7}}, @ht={0x2d, 0x1a, {0x8, 0x1, 0x4, 0x0, {0xffffffffffffff04, 0x4, 0x0, 0x37f, 0x0, 0x1, 0x0, 0x2}, 0x400, 0x2, 0x8}}, @tim={0x5, 0xfb, {0xff, 0x9d, 0x3d, "b378aad336bfd8153c966ab10b3761714124401c0ee652330eeb1c0c8d6822b5cfbb5af67dc190fab512ea38580588fe1e77c29c156977cdcf80781ff1c0c4485e3c4d3bca706c820993afa330f023728caaa95793799cce7e7ea44aefe4aaa8e8706f2391d666784bfbdd39e8ddcaf2d257a5e091c57eca8daf9c8ac512b6ee0baa0c46e6bbd362a777299a484f07aa4dd545b6882628f406ddd3a5419fa84135cf68400833e2ef9eb424d16db15d6d3cbca47e70a2c704603b66f0b3bcbf8afb83723de6f52dbaa24e3818242b0783951844d62b85afa15dfc7b6fe9c43427e1507cb797ab33a18e90c5475bfa93b4df4f0f7b8f36e1a6"}}, @channel_switch={0x25, 0x3, {0x0, 0x3, 0xbe}}, @sec_chan_ofs={0x3e, 0x1, 0x2}, @random={0x5, 0x46, "aef7a07e2555cda8c624439079420a187848647af575f3ea4b32955ae288baca4036b6a6a34cf3acc295d3385408f42891bbf6e26727984867efbabbdc10658c9366e601c5c9"}, @tim={0x5, 0x14, {0x8, 0x7e, 0x0, "57ecb66bbd2dc5a3dfb9affb4f418cb62e"}}, @cf={0x4, 0x6, {0xf1, 0x1, 0x0, 0x8}}, @ssid={0x0, 0x6, @default_ap_ssid}, @chsw_timing={0x68, 0x4, {0x1ff, 0x7f}}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_USERNAME={0xa, 0xf9, "670a3f8f9562"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x12, 0xf9, "6fa9204d6301d507e30e8b004f2e"}, @NL80211_ATTR_FILS_ERP_REALM={0xe2, 0xfa, "67229c0d9027393fd5a3ef536da817ec734078e47b2a7f744c212db64d13a15c68eb1957198e03a819f249e6e39ea7aedfedb839849f4500f8dca241eefa5943559fc5508fba0c78d9aeaf173184cc42835fcce7c44449a687aad15f39d8ae6af9d3ab964811143242c979820062eb7033a41d946d4297d10a73a4e2e6a64ff685ebb66ece6f6e8d3b5e57217d2b50258d1c9ded05a70a42e1d842c69d28727791dc8049f6ff6f1ad4432ab1eff26ad7eec4c2b5c4c1577c4b10b8b95a85ae24f91ba66e7786e17206dc98551a1ebbccff8eef312b0b7ea5dd647598a5ed"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x6}, @NL80211_ATTR_FILS_ERP_USERNAME={0xa, 0xf9, "a4639ba0f31c"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xa7}, @NL80211_ATTR_FILS_ERP_USERNAME={0xe, 0xf9, "f6eeb8984736ea00192e"}], @NL80211_ATTR_IE={0x117, 0x2a, [@fast_bss_trans={0x37, 0xa1, {0xd4, 0x4, "86eb91b4df2025b1f9e7b5555410a6ec", "d69d77c4564aa7278a9411ea43d90d9f92a977c48023b73ddfd1cffc9049915c", "d424d2504f05345fb88f8148b26d24010fa594c55e1f560400c76973b254cd3f", [{0x3, 0x14, "f938576667d6a7d7ce35c692181549c2965bb2ea"}, {0x3, 0x2, "d6cb"}, {0x1, 0x10, "092ea1b482a955c8ae70f4e40ebe8f5c"}, {0x1, 0x21, "6a65a36ff8d24e8c92dab61822ad62655aee090a4f448810d5fbcc328b2255182d"}]}}, @peer_mgmt={0x75, 0x14, {0x0, 0x9, @void, @void, @val="ceb8c03941e44d54676e2733e2d783a2"}}, @challenge={0x10, 0x1, 0x9}, @link_id={0x65, 0x12, {@initial, @device_a, @device_b}}, @preq={0x82, 0x3b, @not_ext={{0x1, 0x0, 0x1}, 0x1, 0x81, 0x8, @device_b, 0x5, "", 0x6, 0x80000000, 0x3, [{{}, @device_b, 0x4}, {{}, @device_b, 0x1}, {{0x1, 0x0, 0x1}, @device_b, 0x1}]}}, @chsw_timing={0x68, 0x4, {0x25, 0x2}}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_RRK={0xc5, 0xfc, "bb017dd89c6660b24918bc3020d66eb50f132515bf63f98e820ab2c08c04292984be8fd9d72a550ae1e8d840b8999a872e409ddac2a337ae87418fbf32b90998af4d723b033c701613dab9f4db885fa2cf907bd1d4e829676270c1b361fb88e9cf7927fd2370b12044176cb791780391aad8451e78ee9a3d063b4304fcfb4a931b837d8291bd305d0c20c8ade106d19e49f1d0c3128ebfa85886e81de50489f4c0b995fbf6594031ef89da2765c8fab4e59033c6179e5f29bbc24d52dc00f4c622"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x7, 0xf9, "c5b42d"}], @NL80211_ATTR_IE={0xcf, 0x2a, [@fast_bss_trans={0x37, 0xbe, {0x3, 0x4, "d06bb1866976e760249b3e3af28d5905", "168ebb0ea8684a77512575d0373c9d7b90e06751a8fb43703d18f7f704aa09a3", "47716b33c5fefc53a4408318144c79b132e880dce749e710b2ffc3e1c34242d4", [{0x4, 0x24, "e99fa92b4bef556d8cc43be65109ade26b88bd07bcd191e7a4d8a2dae347e549a14b0df0"}, {0x1, 0x1a, "1ce89e3083592bb45fb46407abca83803bbfac219b5846fbade7"}, {0x2, 0x14, "daef8d049714efe7e7342d28305bac5a87981ff3"}, {0x3, 0x12, "e197be19b137151715d1c3cc3e5b91007ea8"}]}}, @cf={0x4, 0x6, {0x6e, 0x0, 0xa7, 0x3f}}, @erp={0x2a, 0x1, {0x1, 0x0, 0x1}}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_USERNAME={0x13, 0xf9, "476ec91513f29dbf074b3af65557a8"}, @NL80211_ATTR_FILS_ERP_USERNAME={0xd, 0xf9, "48ee5b594cea16e0e4"}, @NL80211_ATTR_FILS_ERP_RRK={0xb9, 0xfc, "93dab34ba6fbafc3aeb80fedbc0bf8b9167f6f3a0fd7db79b9bb29652a6eddd1f5ad8f04f15765e994be365de1e7eeb15b504f84154a05ff8ac37b8a179b3c3bdb94b6fc49c291da3c309cc977d30fc0413f038c2c60a179c2217ba6e2365d4002c9eb433d279b5fbc888255391d443edfd61f8e622497ecd934f3cd29ee844e49594a0b839a5c23b447e4873c510a50f223584b4103e94f88e3e73aee84c87c2b13db83fb7fae94f9baa29b068f3e12f4337e5fa0"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x8}]]}, 0xbbc}, 0x1, 0x0, 0x0, 0x20000004}, 0x10) ioctl$KDGETKEYCODE(r1, 0x4b4c, &(0x7f0000000e40)={0x0, 0xc8f1}) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f0000000e80)={{0x1, 0x1, 0x18, r1, {r0}}, './file0\x00'}) r4 = syz_open_dev$hiddev(&(0x7f0000000ec0), 0x6, 0x4800) ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000000f00)={{0x1, 0x1, 0x18, r4, {0x2eee}}, './file0\x00'}) ioctl$KDGKBTYPE(r3, 0x4b33, &(0x7f0000000f40)) r5 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000f80)='./binderfs2/binder-control\x00', 0x0, 0x0) sendfile(r3, r5, &(0x7f0000000fc0)=0x9, 0x0) r6 = openat$hpet(0xffffffffffffff9c, &(0x7f0000001000), 0x20000, 0x0) fsetxattr$security_ima(r6, &(0x7f0000001040), &(0x7f0000001080)=@md5={0x1, "1a770d34aa990ebc94e343104575eef3"}, 0x11, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r6, 0xc018937c, &(0x7f00000010c0)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) fstat(0xffffffffffffffff, &(0x7f0000001100)) 05:36:11 executing program 5: link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') r0 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000100)=0x80, 0x100000) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@initdev, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) lchown(&(0x7f0000000140)='./file0\x00', r3, 0x0) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000002c0)={r2, 0x1, 0x6, @multicast}, 0x10) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x0, 0x408380) recvmmsg(r4, &(0x7f0000001800)=[{{&(0x7f0000000340)=@caif=@dbg, 0x80, &(0x7f0000000780)=[{&(0x7f00000003c0)=""/251, 0xfb}, {&(0x7f00000004c0)=""/217, 0xd9}, {&(0x7f00000005c0)=""/178, 0xb2}, {&(0x7f0000000680)=""/28, 0x1c}, {&(0x7f00000006c0)=""/43, 0x2b}, {&(0x7f0000000700)=""/75, 0x4b}], 0x6, &(0x7f0000000800)=""/4096, 0x1000}, 0xffff}], 0x1, 0x1, 0x0) ioctl$CDROMGETSPINDOWN(r4, 0x531d, &(0x7f0000001840)) unlink(&(0x7f0000001880)='./file0\x00') setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f00000018c0)={@rand_addr=0x64010101, @multicast1, r2}, 0xc) r5 = accept4(r4, &(0x7f0000001900)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, &(0x7f0000001980)=0x80, 0x800) sendto$inet(0xffffffffffffffff, &(0x7f00000019c0)="b23b879e8cf7bb9288cfe57fdf0dea57e616f3b03fe4746e1e969899d4e18cce4933177b7ee14c97331da4495b79e49ea67f720fd7247d0ad9efb198046ef3a970983c87de24219badb9f5f1035cec55e9af365bdae9a6594a0c5cee2b599fe799678beecd5c2bcc7f29eb3dab026c6eb13dcc1ebd1724ad69a96957fa50e50353fa3f5abff83275258c7056f0a863f46f7e723012b1f7d26abdef33b8dc5a3a76eba558c04f7cf238f2ab9e00b5daf2c209f712e5a23ad4be644a326339c75bbdb523", 0xc3, 0x801, &(0x7f0000001ac0)={0x2, 0x4e23, @remote}, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000001b80)={'syztnl2\x00', &(0x7f0000001b00)={'ip6_vti0\x00', r2, 0x2f, 0x4, 0x5, 0x2e, 0x40, @private2, @private0, 0x8, 0x700, 0xc1ac, 0x3}}) r6 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r6, 0x6, 0x12, &(0x7f0000001bc0), &(0x7f0000001c00)=0x4) r7 = openat(0xffffffffffffff9c, &(0x7f0000001c40)='./file0\x00', 0x400102, 0x88) getsockopt$inet_mreqsrc(r5, 0x0, 0x25, &(0x7f0000001c80)={@empty, @loopback, @loopback}, &(0x7f0000001cc0)=0xc) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000001d00)={{0x1, 0x1, 0x18, r7, {0x4}}, './file0\x00'}) ioctl$AUTOFS_IOC_PROTOSUBVER(r8, 0x80049367, &(0x7f0000001d40)) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000001d80)={0x2, {{0x2, 0x4e24, @multicast1}}, 0x1, 0x5, [{{0x2, 0x4e24, @remote}}, {{0x2, 0x4e20, @loopback}}, {{0x2, 0x4e20, @private=0xa010101}}, {{0x2, 0x4e21, @empty}}, {{0x2, 0x4e23, @loopback}}]}, 0x310) 05:36:11 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(r1, r1, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="39f2ed1eca2c0e3971df5233a5f2c779c5ab496da331a5aa4db3e1078237c4040361ce6cf0bba32c717a7a09af1713a3be774bd886a32c8cc047ec67a84f2d8cd1ad77280e43002a462f0102a0516fb7453c2d014d54dee27187", 0x5a) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x1c0070, r0, 0x271dc000) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000000c0)='/!{\x00', &(0x7f0000000100)='!^!\x00', 0x0) r2 = fsmount(0xffffffffffffffff, 0x0, 0x7b) r3 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r3, 0x4018f50b, &(0x7f0000000140)={0x0, 0xd0d5, 0x7}) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r0, 0x40047211, &(0x7f0000000180)=0x2) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000240)=0x0) perf_event_open(&(0x7f00000001c0)={0x5, 0x80, 0x0, 0x1, 0x3, 0x3, 0x0, 0x6, 0x2004, 0xa, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0x2, @perf_config_ext={0x2, 0x1000}, 0x0, 0x9, 0x6, 0x0, 0x3, 0x1000, 0x80, 0x0, 0x7, 0x0, 0x5}, r4, 0x5, r2, 0x8) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/zoneinfo\x00', 0x0, 0x0) r6 = socket$nl_audit(0x10, 0x3, 0x9) getsockname(r5, &(0x7f00000002c0)=@qipcrtr, &(0x7f0000000340)=0x80) ioctl$FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000380)=0x6) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000003c0)='gid_map\x00') ioctl$sock_ipv6_tunnel_SIOCADDPRL(r0, 0x89f5, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000440)={'sit0\x00', 0x0, 0x4, 0x8, 0x6, 0x5, 0x10, @private0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x700, 0x20, 0x84f, 0x2}}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f0000000640)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xe0, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {}, [@HEADER={0x9c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x40481}, 0xf03ae5e86a3832c) pipe(&(0x7f0000000680)) 05:36:11 executing program 4: sendmsg$inet(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000040)="772b13667e604344fc1f6786414dce86f1049f640f2ed0704ce21b803e9d99f9d367f0f9c3dcba97554fd2b4391d7cc3175d1fa576763d3d77988716f2154542d8803e8436804793746ad14f34ef269d2203c4d20713288d44dbb07980b944653cd64432531e9f7c3d5eff8803457394348bb96d0470451365d9a4a971d80d7c41103823aef6aa629b5d8442b06576fec08eb21ca2872d949dea7990d4233a4daaf50585878d7bc4333b71b4f1575bc7b4cedf97c8437a5015f94cb90d7509", 0xbf}, {&(0x7f0000000100)="29075a0c97f4f853e2d7f893884ed27ce7e608cc96846b30a8db16a840974f0b257b1396d22524342f253498f86844ebb848f51544f5499d4c3cecae442543cf1743c8a4e73d11df378d79aa5c98332f1c3862f4c9ebc492dc89a3fed96b12d3d71a3ac54e0348c623f91793d2e128b42da57dcb096e7c0c151c3c56ce01e9027d6f9e9bc58e774c46a0802aabfe64d258272bddc0fc9a9837160b87bcb71d900ac0ce74974a2c49644886082bd68dafc04b44701904f7ba945bd99f77be2248da8024a0bb2667199ca3070073670d6fed18", 0xd2}, {&(0x7f0000000200)="be56d33898fdf51d0ec613aa15947b7bd083da16dd6d99d74a04d280c456949193ebade63efd872797dda2f07b60a3828dca0c7268ea8379431451810a63d1556b0400b456a21539", 0x48}], 0x3, &(0x7f00000002c0)=[@ip_retopts={{0x84, 0x0, 0x7, {[@ssrr={0x89, 0x1b, 0xf, [@dev={0xac, 0x14, 0x14, 0x13}, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010101, @multicast1]}, @timestamp={0x44, 0x10, 0x6e, 0x0, 0x2, [0xdd, 0x7, 0x26ef951b]}, @timestamp_prespec={0x44, 0x1c, 0xa8, 0x3, 0xa, [{@dev={0xac, 0x14, 0x14, 0x37}, 0x1}, {@broadcast, 0x6}, {@loopback, 0x8000}]}, @rr={0x7, 0x7, 0xf6, [@dev={0xac, 0x14, 0x14, 0x28}]}, @ssrr={0x89, 0x7, 0xfa, [@empty]}, @timestamp_addr={0x44, 0x1c, 0xa4, 0x1, 0xf, [{@dev={0xac, 0x14, 0x14, 0x31}, 0x40}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x5}]}]}}}], 0x88}, 0x40) r0 = accept$inet(0xffffffffffffffff, &(0x7f00000003c0)={0x2, 0x0, @initdev}, &(0x7f0000000400)=0x10) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000440)={@broadcast, @multicast2}, &(0x7f0000000480)=0xc) r1 = openat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200, 0x4) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f0000000500)={0x0, {0x2, 0xfe01, @loopback}, {0x2, 0x4e21, @broadcast}, {0x2, 0x4e22, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0xe3, 0x0, 0x8, 0x9, 0x1ff}) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x38, r2, 0x300, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}, @ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_RX={0x5}]}, 0x38}}, 0x850) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000700), r1) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x6c, r3, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x58, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x20}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x20}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x24000841}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f0000000840)={'ip6tnl0\x00', 0xc3}) sendmsg$NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x4c, 0x0, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x213}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2ce}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000000) r5 = syz_open_dev$vcsn(&(0x7f00000009c0), 0x3, 0x8040) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, &(0x7f0000000a00)=""/53, &(0x7f0000000a40)=0x35) write$binfmt_misc(r1, &(0x7f0000000a80)={'syz1', "6c4ed1f754c065eb8b4b80914e0e9673da8a0d3292cb0a2700485a1d64fdd52a06f6b2e86ea965ec193a66f41973decb78b8fafb32adbdd05d9629b765924730262077705a03118a21fd8c"}, 0x4f) getsockopt$inet_udp_int(r0, 0x11, 0x6d, &(0x7f0000000b00), &(0x7f0000000b40)=0x4) setsockopt$IP_VS_SO_SET_TIMEOUT(r5, 0x0, 0x48a, &(0x7f0000000b80)={0xe2, 0x9, 0x1ff}, 0xc) sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x40, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x9a4c336e890c021}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x40}, 0x1, 0x0, 0x0, 0x44880}, 0x24000040) r6 = fcntl$dupfd(r0, 0x406, r4) accept$inet(r6, 0x0, &(0x7f0000000cc0)) 05:36:11 executing program 6: r0 = dup(0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000000000)) ioctl$BTRFS_IOC_SPACE_INFO(r0, 0xc0109414, &(0x7f00000000c0)={0x2f3, 0x8001, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f00000047c0)=0x8) ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000004800)={0x2, 0x8c, "2a183df273068e7c3bac128058b92b8593efbce4faecf33f76899ae32d0235971e68911506202c121cc9daf6e876740ed0dd4d8deba99a27141c0b77acf8e7c503132007750fd43e740125963b1b735e8b665dc14ccc03ed9414e219a43e94eb4b7cdd1dafcce6c734dbb71cfb7a60165a5847bebcdd7dbab5b946e7edf7df2b183f9f071568e32c721b1e4e"}) ioctl$KDGETLED(r0, 0x4b31, &(0x7f00000048c0)) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000004900)) r2 = socket(0xb, 0x1, 0x3) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000009, 0x10, r2, 0x472c5000) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000004a80)={'syztnl0\x00', &(0x7f0000004a00)={'syztnl1\x00', 0x0, 0x2f, 0x2, 0x0, 0x8001, 0x40, @dev={0xfe, 0x80, '\x00', 0x31}, @mcast1, 0x1, 0x47, 0x4, 0x4f295227}}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000004b00)={'veth1_to_hsr\x00', &(0x7f0000004ac0)=@ethtool_regs={0x4, 0x13, 0x1d, "61675d51e3a17cf152c1e0a8b627ca580128f1a1e546710389b52c3313"}}) sendmsg$IPSET_CMD_GET_BYNAME(r0, &(0x7f0000004c00)={&(0x7f0000004b40)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000004bc0)={&(0x7f0000004b80)={0x34, 0xe, 0x6, 0xd4e820386d335624, 0x0, 0x0, {0x5, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x5c8e5) io_uring_setup(0x68ab, &(0x7f0000004c40)={0x0, 0xe8ff, 0x8, 0x0, 0x83}) sendmsg$IPVS_CMD_FLUSH(r2, &(0x7f0000004dc0)={&(0x7f0000004cc0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000004d80)={&(0x7f0000004d00)={0x80, 0x0, 0x1104, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xd6e}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6gretap0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7f}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x80}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffffffff}]}, 0x80}, 0x1, 0x0, 0x0, 0x8010}, 0x801) r3 = syz_io_uring_complete(0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000004e00)) openat(0xffffffffffffff9c, &(0x7f0000004e40)='./file0\x00', 0x18400, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(r3, &(0x7f0000004f80)={&(0x7f0000004e80)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000004f40)={&(0x7f0000004ec0)={0x4c, 0x15, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x6}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x4}]}, 0x4c}}, 0x20040) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000004fc0)={0x0, 0x0, 0x0, 0xffffffffffff7f4d}) [ 70.628592] audit: type=1400 audit(1664516171.681:6): avc: denied { execmem } for pid=286 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 05:36:11 executing program 7: sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x400, 0x70bd2a, 0x25dfdbfb, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, 0x0, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xffff}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x20004040) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)={0x140, 0x0, 0x800, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_IE={0xff, 0x2a, [@mesh_chsw={0x76, 0x6, {0xfb, 0x1, 0x37, 0x1}}, @sec_chan_ofs={0x3e, 0x1, 0x2}, @ssid={0x0, 0x6, @default_ibss_ssid}, @supported_rates, @challenge={0x10, 0x1, 0x17}, @ibss={0x6, 0x2, 0x5}, @random_vendor={0xdd, 0xdd, "081ee77c032bdab21874e598c0d97d6046f5debcee09f52d4456f29e60b718f675ca21d4b5de4e2924e98a892fae829dbe11b164e462b84a3cce7482b387454dcd48d4f18e66402b413c9932838a49a99a6f09ca94109062d3082e8ba215f0ce1e179988bb371e75f63036e735bd1b7ff9fabbf91c1a364ac4896ec1f3968d7b74af3b060ca5efb5fa868cb7d9bc4a6dcfbec1c094175da454bcb0c0a9e24972f7ac1fd79fc552c2dd93d21841df317bbe1f8a30faaca31bf5bffd31d0d9564109e987d207d3aac9b7e356c02a4d8e91e3624cb3d1078eab897404b80d"}]}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x140}, 0x1, 0x0, 0x0, 0x40000}, 0x8040) getsockopt$IP_SET_OP_GET_BYNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000480)={0x6, 0x7, 'syz0\x00'}, &(0x7f00000004c0)=0x28) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) sendmsg$NL80211_CMD_GET_MPP(r1, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x58, 0x0, 0xc650ed7b22b53978, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040}, 0x4010) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x70, 0x0, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x6}]}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x2}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x70}, 0x1, 0x0, 0x0, 0x1}, 0x10000) r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000800), 0x400200, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000880), r1) sendmsg$NL80211_CMD_SET_KEY(r3, &(0x7f0000000980)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x60, r4, 0x62198fe124dad253, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_KEY={0x24, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "a6f78797e9"}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "80f9024ea6"}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "44e2945fae"}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_MODE={0x5}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4010}, 0x80) faccessat(r1, &(0x7f00000009c0)='./file0\x00', 0x4) sendmsg$NL80211_CMD_SET_MPATH(r1, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x38, r4, 0x200, 0x70bd28, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x4040015) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000b00)='comm\x00') ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000b40)={{0x1, 0x1, 0x18, r5, {r3}}, './file0\x00'}) setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000b80)=@ccm_128={{0x303}, "50ea0a9b38a88ae9", "2d0417e8d7508b0a3be62e1e8f59e093", "91e378d1", "5ffcb6f999613b2f"}, 0x28) r6 = syz_mount_image$vfat(&(0x7f0000000bc0), &(0x7f0000000c00)='./file0\x00', 0x2, 0x2, &(0x7f0000000d80)=[{&(0x7f0000000c40)="dc43ae70e1502181fc8f1064bf6a6470defc1918886bde5a852948e52fcfc607a2044d6e8d1ad553a9621892b0d7d716ebbdfbfc2a53dbf1fe0497c529c259a61224b3ab043b3095ed7f6fb6736775d027eb36bed306c48b0920e976e131ab3dec20a987e7a368fa4c71349b1ac3fb6ee5518623f441328b9df1480a63a508862059737b6dd47338c55f754e8fe97d8014303d3e6faf73c9b7872737d595b454b7bd3a54590d64ccf8abcb1e70f97db1f46cd324587600a40a0752149ac57671b82a6d484c80b94853bf870a8e4c6d6f50", 0xd1, 0x400}, {&(0x7f0000000d40)="2887a2a0c1197aaa1baf3259bf", 0xd, 0x9}], 0xc000, &(0x7f0000000dc0)={[{@iocharset={'iocharset', 0x3d, 'cp737'}}, {@shortname_lower}, {@uni_xlateno}, {@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {@uni_xlateno}, {@utf8no}, {@utf8}], [{@smackfsdef={'smackfsdef', 0x3d, '!})^.]#\\'}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]}) fdatasync(r6) open_tree(0xffffffffffffffff, &(0x7f0000000ec0)='./file0\x00', 0x101) [ 72.025905] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.027751] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.029204] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.030693] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.032769] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.034136] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.035122] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.036202] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.056532] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.058560] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.060024] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.061755] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.074655] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.075657] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.076794] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.079691] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.081303] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 72.081994] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 72.082559] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 72.083762] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 72.085494] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.086821] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.088285] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 72.090943] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.096043] Bluetooth: hci0: HCI_REQ-0x0c1a [ 72.097291] Bluetooth: hci2: HCI_REQ-0x0c1a [ 72.100376] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 72.101796] Bluetooth: hci3: HCI_REQ-0x0c1a [ 72.102385] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 72.102981] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 72.109125] Bluetooth: hci1: HCI_REQ-0x0c1a [ 72.109405] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 72.112493] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 72.114206] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 72.115811] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 72.121277] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 72.123246] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 72.123665] Bluetooth: hci5: HCI_REQ-0x0c1a [ 72.136542] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 72.138384] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 72.146033] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 72.151190] Bluetooth: hci7: HCI_REQ-0x0c1a [ 72.160734] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.162904] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.164403] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.167312] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.168931] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 72.170352] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 72.174384] Bluetooth: hci4: HCI_REQ-0x0c1a [ 72.174519] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 72.181736] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 72.183353] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 72.186103] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 72.187577] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 72.189024] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 72.193382] Bluetooth: hci6: HCI_REQ-0x0c1a [ 74.146227] Bluetooth: hci5: command 0x0409 tx timeout [ 74.147125] Bluetooth: hci3: command 0x0409 tx timeout [ 74.147726] Bluetooth: hci1: command 0x0409 tx timeout [ 74.148640] Bluetooth: hci2: command 0x0409 tx timeout [ 74.149271] Bluetooth: hci0: command 0x0409 tx timeout [ 74.209944] Bluetooth: hci7: command 0x0409 tx timeout [ 74.210680] Bluetooth: hci6: command 0x0409 tx timeout [ 74.211330] Bluetooth: hci4: command 0x0409 tx timeout [ 76.194541] Bluetooth: hci0: command 0x041b tx timeout [ 76.195347] Bluetooth: hci2: command 0x041b tx timeout [ 76.196071] Bluetooth: hci1: command 0x041b tx timeout [ 76.196741] Bluetooth: hci3: command 0x041b tx timeout [ 76.197435] Bluetooth: hci5: command 0x041b tx timeout [ 76.259283] Bluetooth: hci4: command 0x041b tx timeout [ 76.260059] Bluetooth: hci6: command 0x041b tx timeout [ 76.260730] Bluetooth: hci7: command 0x041b tx timeout [ 78.242969] Bluetooth: hci5: command 0x040f tx timeout [ 78.243446] Bluetooth: hci3: command 0x040f tx timeout [ 78.244413] Bluetooth: hci1: command 0x040f tx timeout [ 78.244810] Bluetooth: hci2: command 0x040f tx timeout [ 78.245226] Bluetooth: hci0: command 0x040f tx timeout [ 78.308234] Bluetooth: hci7: command 0x040f tx timeout [ 78.308867] Bluetooth: hci6: command 0x040f tx timeout [ 78.309270] Bluetooth: hci4: command 0x040f tx timeout [ 80.290961] Bluetooth: hci0: command 0x0419 tx timeout [ 80.291433] Bluetooth: hci2: command 0x0419 tx timeout [ 80.291886] Bluetooth: hci1: command 0x0419 tx timeout [ 80.292291] Bluetooth: hci3: command 0x0419 tx timeout [ 80.292683] Bluetooth: hci5: command 0x0419 tx timeout [ 80.355018] Bluetooth: hci4: command 0x0419 tx timeout [ 80.355461] Bluetooth: hci6: command 0x0419 tx timeout [ 80.355893] Bluetooth: hci7: command 0x0419 tx timeout 05:37:09 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r2, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000540)=ANY=[@ANYBLOB="e5002571b970cf200cbc25cf34008400000000", @ANYRES16=0x0, @ANYBLOB="1f0a0000000000000000390000000c00280000290000001c005a801800019f42965f5f266f4d8014000300ffff000000000000030000001b000000bdb06bea4ccbd5a5381b0ce76777c61e966aa4ef701a14ec43e1580a61d04b8fa7d41ae54eafdf3d1826407045ca0a843f530700b52bd299cddaab52b70acb29a11c"], 0x3c}}, 0x4e1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) preadv2(r2, &(0x7f0000000440)=[{&(0x7f0000000200)=""/49, 0x31}, {&(0x7f00000003c0)=""/77, 0x4d}], 0x2, 0x1, 0x6, 0x9) perf_event_open(&(0x7f0000000600)={0x4, 0x80, 0x6, 0x4e, 0x5, 0x7, 0x0, 0x3, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1020, 0x2, @perf_bp={&(0x7f0000000240)}, 0x80, 0x33f, 0x8001, 0x4, 0xc87, 0x4, 0x6, 0x0, 0x7631, 0x0, 0x101}, 0x0, 0x6, 0xffffffffffffffff, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000004400000008000300", @ANYRES32, @ANYBLOB="001405000000000500070000080000000600005f3b7d36eff900000000"], 0x38}}, 0x0) sendmsg$NL80211_CMD_SET_KEY(r3, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x1) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000300)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000004, 0x11, r1, 0x0) syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) [ 128.464669] audit: type=1400 audit(1664516229.517:7): avc: denied { open } for pid=3803 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.466374] audit: type=1400 audit(1664516229.517:8): avc: denied { kernel } for pid=3803 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.487008] ------------[ cut here ]------------ [ 128.487027] [ 128.487030] ====================================================== [ 128.487033] WARNING: possible circular locking dependency detected [ 128.487037] 6.0.0-rc7-next-20220929 #1 Not tainted [ 128.487043] ------------------------------------------------------ [ 128.487046] syz-executor.4/3804 is trying to acquire lock: [ 128.487052] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 128.487090] [ 128.487090] but task is already holding lock: [ 128.487093] ffff88800fe76820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 128.487119] [ 128.487119] which lock already depends on the new lock. [ 128.487119] [ 128.487122] [ 128.487122] the existing dependency chain (in reverse order) is: [ 128.487125] [ 128.487125] -> #3 (&ctx->lock){....}-{2:2}: [ 128.487138] _raw_spin_lock+0x2a/0x40 [ 128.487149] __perf_event_task_sched_out+0x53b/0x18d0 [ 128.487160] __schedule+0xedd/0x2470 [ 128.487174] schedule+0xda/0x1b0 [ 128.487187] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.487199] irqentry_exit_to_user_mode+0x5/0x30 [ 128.487212] asm_sysvec_call_function_single+0x16/0x20 [ 128.487226] [ 128.487226] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 128.487240] _raw_spin_lock_nested+0x30/0x40 [ 128.487250] raw_spin_rq_lock_nested+0x1e/0x30 [ 128.487263] task_fork_fair+0x63/0x4d0 [ 128.487279] sched_cgroup_fork+0x3d0/0x540 [ 128.487293] copy_process+0x4183/0x6e20 [ 128.487304] kernel_clone+0xe7/0x890 [ 128.487313] user_mode_thread+0xad/0xf0 [ 128.487323] rest_init+0x24/0x250 [ 128.487335] arch_call_rest_init+0xf/0x14 [ 128.487352] start_kernel+0x4c6/0x4eb [ 128.487366] secondary_startup_64_no_verify+0xe0/0xeb [ 128.487380] [ 128.487380] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 128.487393] _raw_spin_lock_irqsave+0x39/0x60 [ 128.487404] try_to_wake_up+0xab/0x1930 [ 128.487417] up+0x75/0xb0 [ 128.487431] __up_console_sem+0x6e/0x80 [ 128.487447] console_unlock+0x46a/0x590 [ 128.487463] vprintk_emit+0x1bd/0x560 [ 128.487479] vprintk+0x84/0xa0 [ 128.487494] _printk+0xba/0xf1 [ 128.487506] kauditd_hold_skb.cold+0x3f/0x4e [ 128.487522] kauditd_send_queue+0x233/0x290 [ 128.487537] kauditd_thread+0x5f9/0x9c0 [ 128.487551] kthread+0x2ed/0x3a0 [ 128.487565] ret_from_fork+0x22/0x30 [ 128.487577] [ 128.487577] -> #0 ((console_sem).lock){....}-{2:2}: [ 128.487591] __lock_acquire+0x2a02/0x5e70 [ 128.487607] lock_acquire+0x1a2/0x530 [ 128.487623] _raw_spin_lock_irqsave+0x39/0x60 [ 128.487636] down_trylock+0xe/0x70 [ 128.487651] __down_trylock_console_sem+0x3b/0xd0 [ 128.487667] vprintk_emit+0x16b/0x560 [ 128.487683] vprintk+0x84/0xa0 [ 128.487698] _printk+0xba/0xf1 [ 128.487708] report_bug.cold+0x72/0xab [ 128.487725] handle_bug+0x3c/0x70 [ 128.487741] exc_invalid_op+0x14/0x50 [ 128.487757] asm_exc_invalid_op+0x16/0x20 [ 128.487769] group_sched_out.part.0+0x2c7/0x460 [ 128.487787] ctx_sched_out+0x8f1/0xc10 [ 128.487803] __perf_event_task_sched_out+0x6d0/0x18d0 [ 128.487814] __schedule+0xedd/0x2470 [ 128.487827] schedule+0xda/0x1b0 [ 128.487840] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.487851] irqentry_exit_to_user_mode+0x5/0x30 [ 128.487863] asm_sysvec_call_function_single+0x16/0x20 [ 128.487877] [ 128.487877] other info that might help us debug this: [ 128.487877] [ 128.487879] Chain exists of: [ 128.487879] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 128.487879] [ 128.487894] Possible unsafe locking scenario: [ 128.487894] [ 128.487896] CPU0 CPU1 [ 128.487899] ---- ---- [ 128.487901] lock(&ctx->lock); [ 128.487906] lock(&rq->__lock); [ 128.487913] lock(&ctx->lock); [ 128.487919] lock((console_sem).lock); [ 128.487925] [ 128.487925] *** DEADLOCK *** [ 128.487925] [ 128.487926] 2 locks held by syz-executor.4/3804: [ 128.487933] #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 128.487963] #1: ffff88800fe76820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 128.487989] [ 128.487989] stack backtrace: [ 128.487992] CPU: 1 PID: 3804 Comm: syz-executor.4 Not tainted 6.0.0-rc7-next-20220929 #1 [ 128.488004] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 128.488012] Call Trace: [ 128.488016] [ 128.488020] dump_stack_lvl+0x8b/0xb3 [ 128.488038] check_noncircular+0x263/0x2e0 [ 128.488055] ? format_decode+0x26c/0xb50 [ 128.488070] ? print_circular_bug+0x450/0x450 [ 128.488087] ? enable_ptr_key_workfn+0x20/0x20 [ 128.488103] ? perf_mmap_fault+0x780/0x780 [ 128.488121] ? format_decode+0x26c/0xb50 [ 128.488138] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 128.488155] __lock_acquire+0x2a02/0x5e70 [ 128.488177] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 128.488199] lock_acquire+0x1a2/0x530 [ 128.488215] ? down_trylock+0xe/0x70 [ 128.488232] ? lock_release+0x750/0x750 [ 128.488253] ? vprintk+0x84/0xa0 [ 128.488270] _raw_spin_lock_irqsave+0x39/0x60 [ 128.488282] ? down_trylock+0xe/0x70 [ 128.488297] down_trylock+0xe/0x70 [ 128.488313] ? vprintk+0x84/0xa0 [ 128.488330] __down_trylock_console_sem+0x3b/0xd0 [ 128.488347] vprintk_emit+0x16b/0x560 [ 128.488366] vprintk+0x84/0xa0 [ 128.488383] _printk+0xba/0xf1 [ 128.488394] ? record_print_text.cold+0x16/0x16 [ 128.488410] ? report_bug.cold+0x66/0xab [ 128.488428] ? group_sched_out.part.0+0x2c7/0x460 [ 128.488446] report_bug.cold+0x72/0xab [ 128.488465] handle_bug+0x3c/0x70 [ 128.488482] exc_invalid_op+0x14/0x50 [ 128.488500] asm_exc_invalid_op+0x16/0x20 [ 128.488513] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 128.488533] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 6b 17 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 128.488544] RSP: 0000:ffff88801d62fc68 EFLAGS: 00010006 [ 128.488553] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 128.488560] RDX: ffff888018b23580 RSI: ffffffff81565e67 RDI: 0000000000000005 [ 128.488569] RBP: ffff88803f4a8000 R08: 0000000000000005 R09: 0000000000000001 [ 128.488576] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800fe76800 [ 128.488583] R13: ffff88806cf3d2c0 R14: ffffffff8547d040 R15: 0000000000000002 [ 128.488594] ? group_sched_out.part.0+0x2c7/0x460 [ 128.488614] ? group_sched_out.part.0+0x2c7/0x460 [ 128.488634] ctx_sched_out+0x8f1/0xc10 [ 128.488653] __perf_event_task_sched_out+0x6d0/0x18d0 [ 128.488667] ? lock_is_held_type+0xd7/0x130 [ 128.488681] ? __perf_cgroup_move+0x160/0x160 [ 128.488692] ? set_next_entity+0x304/0x550 [ 128.488709] ? update_curr+0x267/0x740 [ 128.488727] ? lock_is_held_type+0xd7/0x130 [ 128.488741] __schedule+0xedd/0x2470 [ 128.488758] ? io_schedule_timeout+0x150/0x150 [ 128.488773] ? lock_is_held_type+0xd7/0x130 [ 128.488789] schedule+0xda/0x1b0 [ 128.488804] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.488816] irqentry_exit_to_user_mode+0x5/0x30 [ 128.488829] asm_sysvec_call_function_single+0x16/0x20 [ 128.488843] RIP: 0033:0x7f89f09ecb19 [ 128.488851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.488862] RSP: 002b:00007f89edf62188 EFLAGS: 00000246 [ 128.488871] RAX: 0000000000000005 RBX: 00007f89f0afff60 RCX: 00007f89f09ecb19 [ 128.488878] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000080 [ 128.488885] RBP: 00007f89f0a46f6d R08: 0000000000000000 R09: 0000000000000000 [ 128.488893] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 128.488900] R13: 00007ffdde53556f R14: 00007f89edf62300 R15: 0000000000022000 [ 128.488913] [ 128.545185] WARNING: CPU: 1 PID: 3804 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 128.545872] Modules linked in: [ 128.546116] CPU: 1 PID: 3804 Comm: syz-executor.4 Not tainted 6.0.0-rc7-next-20220929 #1 [ 128.546727] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 128.547562] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 128.547971] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 6b 17 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 128.549320] RSP: 0000:ffff88801d62fc68 EFLAGS: 00010006 [ 128.549711] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 128.550245] RDX: ffff888018b23580 RSI: ffffffff81565e67 RDI: 0000000000000005 [ 128.550781] RBP: ffff88803f4a8000 R08: 0000000000000005 R09: 0000000000000001 [ 128.551308] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800fe76800 [ 128.551831] R13: ffff88806cf3d2c0 R14: ffffffff8547d040 R15: 0000000000000002 [ 128.552358] FS: 00007f89edf62700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 128.552956] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.553391] CR2: 00007ffd7a5bac48 CR3: 0000000040506000 CR4: 0000000000350ee0 [ 128.553924] Call Trace: [ 128.554119] [ 128.554296] ctx_sched_out+0x8f1/0xc10 [ 128.554624] __perf_event_task_sched_out+0x6d0/0x18d0 [ 128.555020] ? lock_is_held_type+0xd7/0x130 [ 128.555342] ? __perf_cgroup_move+0x160/0x160 [ 128.555681] ? set_next_entity+0x304/0x550 [ 128.556004] ? update_curr+0x267/0x740 [ 128.556304] ? lock_is_held_type+0xd7/0x130 [ 128.556631] __schedule+0xedd/0x2470 [ 128.556917] ? io_schedule_timeout+0x150/0x150 [ 128.557259] ? lock_is_held_type+0xd7/0x130 [ 128.557580] schedule+0xda/0x1b0 [ 128.557844] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.558214] irqentry_exit_to_user_mode+0x5/0x30 [ 128.558577] asm_sysvec_call_function_single+0x16/0x20 [ 128.558971] RIP: 0033:0x7f89f09ecb19 [ 128.559252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.560591] RSP: 002b:00007f89edf62188 EFLAGS: 00000246 [ 128.560982] RAX: 0000000000000005 RBX: 00007f89f0afff60 RCX: 00007f89f09ecb19 [ 128.561507] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000080 [ 128.562045] RBP: 00007f89f0a46f6d R08: 0000000000000000 R09: 0000000000000000 [ 128.562588] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 128.563119] R13: 00007ffdde53556f R14: 00007f89edf62300 R15: 0000000000022000 [ 128.563650] [ 128.563833] irq event stamp: 882 [ 128.564084] hardirqs last enabled at (881): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 128.564770] hardirqs last disabled at (882): [] __schedule+0x1225/0x2470 [ 128.565381] softirqs last enabled at (576): [] __irq_exit_rcu+0x11b/0x180 [ 128.566000] softirqs last disabled at (571): [] __irq_exit_rcu+0x11b/0x180 [ 128.566641] ---[ end trace 0000000000000000 ]--- [ 128.569950] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 130.288310] loop7: detected capacity change from 0 to 4 [ 130.295798] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 VM DIAGNOSIS: 05:37:09 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=1ffff11003675f43 RCX=ffffffff812a241f RDX=0000000000000000 RSI=0000000000000008 RDI=ffffffff85b06a10 RBP=0000000000000001 RSP=ffff88801b3afa08 R8 =0000000000000000 R9 =ffffffff85b06a17 R10=fffffbfff0b60d42 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=ffff88800887ef20 R15=0000000000000000 RIP=ffffffff812a242c RFL=00000247 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555732c400 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2e021000 CR3=000000003f3d8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 0000000000000000 00000000ffffffff YMM02=0000000000000000 0000000000000000 7463656a6e695f31 313230385f7a7973 YMM03=0000000000000000 0000000000000000 00007fe592ce77c8 00007fe592ce77c0 YMM04=0000000000000000 0000000000000000 852bb9588012ac3b 7c8e0673f23d182a YMM05=0000000000000000 0000000000000000 4e1e1b722ce36815 079f3f182bdff7ed YMM06=0000000000000000 0000000000000000 e746b9b5ba7dddbc be47585a16607afb YMM07=0000000000000000 0000000000000000 1cb7db34c7e6ccaf 1ddd7c4beb943ea4 YMM08=0000000000000000 0000000000000000 19e21494ed03cc4c c15d668b5e731b3b YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000028 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823ba3c1 RDI=ffffffff8765a9c0 RBP=ffffffff8765a980 RSP=ffff88801d62f6b0 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000028 R11=0000000000000001 R12=0000000000000028 R13=ffffffff8765a980 R14=0000000000000010 R15=ffffffff823ba3b0 RIP=ffffffff823ba419 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f89edf62700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffd7a5bac48 CR3=0000000040506000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 YMM01=0000000000000000 0000000000000000 2323232323232323 2323232323232323 YMM02=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000