Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:42028' (ECDSA) to the list of known hosts. 2022/09/30 14:16:13 fuzzer started 2022/09/30 14:16:13 dialing manager at localhost:40535 syzkaller login: [ 35.230482] cgroup: Unknown subsys name 'net' [ 35.307011] cgroup: Unknown subsys name 'rlimit' 2022/09/30 14:16:28 syscalls: 2215 2022/09/30 14:16:28 code coverage: enabled 2022/09/30 14:16:28 comparison tracing: enabled 2022/09/30 14:16:28 extra coverage: enabled 2022/09/30 14:16:28 setuid sandbox: enabled 2022/09/30 14:16:28 namespace sandbox: enabled 2022/09/30 14:16:28 Android sandbox: enabled 2022/09/30 14:16:28 fault injection: enabled 2022/09/30 14:16:28 leak checking: enabled 2022/09/30 14:16:28 net packet injection: enabled 2022/09/30 14:16:28 net device setup: enabled 2022/09/30 14:16:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/30 14:16:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/30 14:16:28 USB emulation: enabled 2022/09/30 14:16:28 hci packet injection: enabled 2022/09/30 14:16:28 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220929) 2022/09/30 14:16:28 802.15.4 emulation: enabled 2022/09/30 14:16:28 fetching corpus: 50, signal 27728/29484 (executing program) 2022/09/30 14:16:28 fetching corpus: 100, signal 39361/42671 (executing program) 2022/09/30 14:16:28 fetching corpus: 150, signal 46811/51590 (executing program) 2022/09/30 14:16:28 fetching corpus: 200, signal 54516/60633 (executing program) 2022/09/30 14:16:29 fetching corpus: 250, signal 59764/67133 (executing program) 2022/09/30 14:16:29 fetching corpus: 300, signal 63997/72601 (executing program) 2022/09/30 14:16:29 fetching corpus: 350, signal 68658/78448 (executing program) 2022/09/30 14:16:29 fetching corpus: 400, signal 71630/82584 (executing program) 2022/09/30 14:16:29 fetching corpus: 450, signal 74755/86846 (executing program) 2022/09/30 14:16:29 fetching corpus: 500, signal 77850/91016 (executing program) 2022/09/30 14:16:29 fetching corpus: 550, signal 80291/94562 (executing program) 2022/09/30 14:16:29 fetching corpus: 600, signal 82550/97910 (executing program) 2022/09/30 14:16:30 fetching corpus: 650, signal 85690/101972 (executing program) 2022/09/30 14:16:30 fetching corpus: 700, signal 91207/108086 (executing program) 2022/09/30 14:16:30 fetching corpus: 750, signal 92650/110576 (executing program) 2022/09/30 14:16:30 fetching corpus: 800, signal 95841/114640 (executing program) 2022/09/30 14:16:30 fetching corpus: 850, signal 97482/117199 (executing program) 2022/09/30 14:16:30 fetching corpus: 900, signal 100372/120792 (executing program) 2022/09/30 14:16:30 fetching corpus: 950, signal 102507/123685 (executing program) 2022/09/30 14:16:30 fetching corpus: 1000, signal 104843/126746 (executing program) 2022/09/30 14:16:31 fetching corpus: 1050, signal 106266/129081 (executing program) 2022/09/30 14:16:31 fetching corpus: 1100, signal 108233/131719 (executing program) 2022/09/30 14:16:31 fetching corpus: 1150, signal 108961/133376 (executing program) 2022/09/30 14:16:31 fetching corpus: 1200, signal 112476/137230 (executing program) 2022/09/30 14:16:31 fetching corpus: 1250, signal 114228/139644 (executing program) 2022/09/30 14:16:31 fetching corpus: 1300, signal 116032/141993 (executing program) 2022/09/30 14:16:31 fetching corpus: 1350, signal 117546/144157 (executing program) 2022/09/30 14:16:31 fetching corpus: 1400, signal 119289/146458 (executing program) 2022/09/30 14:16:31 fetching corpus: 1450, signal 121536/149086 (executing program) 2022/09/30 14:16:31 fetching corpus: 1500, signal 123066/151153 (executing program) 2022/09/30 14:16:32 fetching corpus: 1550, signal 125029/153555 (executing program) 2022/09/30 14:16:32 fetching corpus: 1600, signal 125885/155094 (executing program) 2022/09/30 14:16:32 fetching corpus: 1650, signal 127945/157501 (executing program) 2022/09/30 14:16:32 fetching corpus: 1700, signal 128912/159077 (executing program) 2022/09/30 14:16:32 fetching corpus: 1750, signal 130443/161053 (executing program) 2022/09/30 14:16:32 fetching corpus: 1800, signal 132583/163342 (executing program) 2022/09/30 14:16:32 fetching corpus: 1850, signal 134648/165576 (executing program) 2022/09/30 14:16:32 fetching corpus: 1900, signal 135737/167182 (executing program) 2022/09/30 14:16:32 fetching corpus: 1950, signal 137000/168861 (executing program) 2022/09/30 14:16:33 fetching corpus: 2000, signal 137902/170278 (executing program) 2022/09/30 14:16:33 fetching corpus: 2050, signal 139314/171983 (executing program) 2022/09/30 14:16:33 fetching corpus: 2100, signal 140773/173708 (executing program) 2022/09/30 14:16:33 fetching corpus: 2150, signal 141705/175072 (executing program) 2022/09/30 14:16:33 fetching corpus: 2200, signal 142624/176430 (executing program) 2022/09/30 14:16:33 fetching corpus: 2250, signal 143179/177606 (executing program) 2022/09/30 14:16:33 fetching corpus: 2300, signal 145444/179729 (executing program) 2022/09/30 14:16:33 fetching corpus: 2350, signal 147317/181780 (executing program) 2022/09/30 14:16:34 fetching corpus: 2400, signal 148340/183119 (executing program) 2022/09/30 14:16:34 fetching corpus: 2450, signal 148756/184050 (executing program) 2022/09/30 14:16:34 fetching corpus: 2500, signal 150312/185685 (executing program) 2022/09/30 14:16:34 fetching corpus: 2550, signal 151448/187010 (executing program) 2022/09/30 14:16:34 fetching corpus: 2600, signal 152328/188173 (executing program) 2022/09/30 14:16:34 fetching corpus: 2650, signal 153306/189450 (executing program) 2022/09/30 14:16:34 fetching corpus: 2700, signal 154269/190640 (executing program) 2022/09/30 14:16:34 fetching corpus: 2750, signal 155376/191926 (executing program) 2022/09/30 14:16:34 fetching corpus: 2800, signal 156673/193229 (executing program) 2022/09/30 14:16:35 fetching corpus: 2850, signal 157607/194310 (executing program) 2022/09/30 14:16:35 fetching corpus: 2900, signal 158453/195375 (executing program) 2022/09/30 14:16:35 fetching corpus: 2950, signal 159355/196445 (executing program) 2022/09/30 14:16:35 fetching corpus: 3000, signal 160207/197516 (executing program) 2022/09/30 14:16:35 fetching corpus: 3050, signal 161751/199026 (executing program) 2022/09/30 14:16:35 fetching corpus: 3100, signal 162248/199860 (executing program) 2022/09/30 14:16:35 fetching corpus: 3150, signal 164913/201808 (executing program) 2022/09/30 14:16:35 fetching corpus: 3200, signal 166089/202851 (executing program) 2022/09/30 14:16:36 fetching corpus: 3250, signal 167491/204043 (executing program) 2022/09/30 14:16:36 fetching corpus: 3300, signal 168306/204931 (executing program) 2022/09/30 14:16:36 fetching corpus: 3350, signal 169469/206024 (executing program) 2022/09/30 14:16:36 fetching corpus: 3400, signal 170660/207070 (executing program) 2022/09/30 14:16:36 fetching corpus: 3450, signal 171447/207947 (executing program) 2022/09/30 14:16:36 fetching corpus: 3500, signal 172307/208816 (executing program) 2022/09/30 14:16:36 fetching corpus: 3550, signal 173196/209696 (executing program) 2022/09/30 14:16:36 fetching corpus: 3600, signal 173797/210442 (executing program) 2022/09/30 14:16:36 fetching corpus: 3650, signal 174273/211163 (executing program) 2022/09/30 14:16:37 fetching corpus: 3700, signal 174839/211884 (executing program) 2022/09/30 14:16:37 fetching corpus: 3750, signal 175711/212671 (executing program) 2022/09/30 14:16:37 fetching corpus: 3800, signal 176552/213402 (executing program) 2022/09/30 14:16:37 fetching corpus: 3850, signal 177351/214176 (executing program) 2022/09/30 14:16:37 fetching corpus: 3900, signal 178048/214919 (executing program) 2022/09/30 14:16:37 fetching corpus: 3950, signal 178673/215600 (executing program) 2022/09/30 14:16:37 fetching corpus: 4000, signal 179566/216418 (executing program) 2022/09/30 14:16:37 fetching corpus: 4050, signal 180034/217062 (executing program) 2022/09/30 14:16:38 fetching corpus: 4100, signal 180561/217690 (executing program) 2022/09/30 14:16:38 fetching corpus: 4150, signal 181373/218366 (executing program) 2022/09/30 14:16:38 fetching corpus: 4200, signal 182136/219042 (executing program) 2022/09/30 14:16:38 fetching corpus: 4250, signal 183028/219705 (executing program) 2022/09/30 14:16:38 fetching corpus: 4300, signal 184043/220407 (executing program) 2022/09/30 14:16:38 fetching corpus: 4350, signal 184660/220959 (executing program) 2022/09/30 14:16:38 fetching corpus: 4400, signal 185564/221673 (executing program) 2022/09/30 14:16:38 fetching corpus: 4450, signal 186207/222275 (executing program) 2022/09/30 14:16:38 fetching corpus: 4500, signal 186986/222832 (executing program) 2022/09/30 14:16:39 fetching corpus: 4550, signal 187468/223315 (executing program) 2022/09/30 14:16:39 fetching corpus: 4600, signal 188028/223808 (executing program) 2022/09/30 14:16:39 fetching corpus: 4650, signal 188776/224293 (executing program) 2022/09/30 14:16:39 fetching corpus: 4700, signal 189171/224774 (executing program) 2022/09/30 14:16:39 fetching corpus: 4750, signal 189528/225218 (executing program) 2022/09/30 14:16:39 fetching corpus: 4800, signal 190040/225685 (executing program) 2022/09/30 14:16:39 fetching corpus: 4850, signal 190523/226079 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/226472 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/226814 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/227193 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/227537 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/227872 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/228266 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/228635 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/228981 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/229309 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/229683 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/230020 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/230378 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/230731 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/231080 (executing program) 2022/09/30 14:16:39 fetching corpus: 4872, signal 190746/231458 (executing program) 2022/09/30 14:16:40 fetching corpus: 4872, signal 190746/231794 (executing program) 2022/09/30 14:16:40 fetching corpus: 4872, signal 190746/232165 (executing program) 2022/09/30 14:16:40 fetching corpus: 4872, signal 190746/232255 (executing program) 2022/09/30 14:16:40 fetching corpus: 4872, signal 190746/232255 (executing program) 2022/09/30 14:16:42 starting 8 fuzzer processes 14:16:42 executing program 0: delete_module(&(0x7f0000000000)=':}\x04-\x00', 0x200) delete_module(&(0x7f0000000040)='\\\x00', 0x0) delete_module(&(0x7f0000000080)=':}\x04-\x00', 0x0) delete_module(&(0x7f00000000c0)='@\x00', 0xa00) delete_module(&(0x7f0000000100)=',\x00', 0x200) delete_module(&(0x7f0000000140)='##\x00', 0x800) delete_module(&(0x7f0000000180)='\\\x00', 0x0) delete_module(&(0x7f00000001c0)='##\x00', 0x0) delete_module(&(0x7f0000000200)=',\x00', 0xc00) delete_module(&(0x7f0000000240)='\x00', 0x0) delete_module(&(0x7f0000000280)='\xdc\x00', 0x800) delete_module(&(0x7f00000002c0)='+^^.,\x00', 0x200) delete_module(&(0x7f0000000300)='\\#$:@::\x00', 0x200) delete_module(&(0x7f0000000340)='\x1f%\'[\x00', 0x200) delete_module(&(0x7f0000000380)=',\x00', 0x800) delete_module(&(0x7f00000003c0)='\x1f%\'[\x00', 0x0) delete_module(&(0x7f0000000400)='\\#$:@::\x00', 0xa00) delete_module(&(0x7f0000000440)='\x00', 0xa00) delete_module(&(0x7f0000000480)='\x00', 0x600) delete_module(&(0x7f00000004c0)=':}\x04-\x00', 0xa00) 14:16:42 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x8, 0x8000) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xf0, 0x2, 0x7, 0x801, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x3}, @NFACCT_BYTES={0xc}, @NFACCT_FILTER={0x54, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x7fffffff}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x101}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x8}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x4}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xd270}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xfffffff8}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x1}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x2}]}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_FILTER={0x4c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x5}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x80}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xfffffffa}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x7}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x10001}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x9}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFACCT_FILTER_MASK={0x8}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xf96}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x4}, 0x810) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x80, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@nodevmap}, {@version_u}, {@cache_mmap}], [{@fowner_gt={'fowner>', r2}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x39, 0x38, 0x36, 0x66, 0x65, 0x39, 0x32], 0x2d, [0x39, 0x61, 0x34, 0x35], 0x2d, [0x66, 0x31, 0x32, 0x36], 0x2d, [0x61, 0x63, 0x62, 0x64], 0x2d, [0x38, 0x30, 0x33, 0x0, 0x34, 0x61, 0x65]}}}]}}) r3 = signalfd(r1, &(0x7f0000000440)={[0x4]}, 0x8) write$cgroup_devices(r3, &(0x7f0000000480)={'c', ' *:* ', 'w\x00'}, 0x8) setxattr$security_selinux(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500), &(0x7f0000000540)='system_u:object_r:mqueue_spool_t:s0\x00', 0x24, 0x3) lstat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000640), 0x52400, 0x0) ioctl$FS_IOC_GETFLAGS(r4, 0x80086601, &(0x7f0000000680)) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f00000006c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$KDSKBMODE(r5, 0x4b45, &(0x7f0000000700)=0x1) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000740)='./binderfs2/custom0\x00', 0x800, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0xc0189379, &(0x7f0000000780)={{0x1, 0x1, 0x18, r6}, './file0/file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000007c0)={{0x1, 0x1, 0x18, r5, {0x5}}, './file0/file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r7, 0xc0a85352, &(0x7f0000000800)={{0x3}, 'port1\x00', 0x40, 0x40000, 0x6, 0x40, 0x6, 0x81, 0x7fff, 0x0, 0x0, 0xc6}) chroot(&(0x7f00000008c0)='./file0/file0\x00') stat(&(0x7f0000000900)='./file0\x00', &(0x7f0000000940)) sendmsg(r3, &(0x7f0000000c40)={&(0x7f00000009c0)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1}}, 0x80, &(0x7f0000000b00)=[{&(0x7f0000000a40)="727c767d502dcc576701eb0e454a1a8ed67a9f734fef3f366867246382332fe0e8a0fa4b9c79dcdd8ce45571c263c3bcb6af6446a7d38e1a5863f2ce03fb213869ca595225460d4a525f15d6eea4dfcdf4fb34b2730948c6f1898035b9754fed0cac78e8536926566384e7e8941da8834f6bd9d34a6bc70c48f29577c2e01264d933a9361e11c9eebcd96964a9321263917bfddd1e3f1eec7ccd4a76ec71b3bf2971561492", 0xa5}], 0x1, &(0x7f0000000b40)=[{0x28, 0x102, 0x3, "3b13b9c0709665dec8ad985b5841cacad37e73"}, {0x90, 0xa8, 0xff, "6369f3c0fc8cdba4fa2fca96fa15dcb367753a0f18fce9a9c73c050383f0a3c30e1ef165cdd27ea4f0b4a4738372ebf184f813a37466ec68fabc2a27319c8b2f3b6710c0458b4dc91bcd698c5b7d995e329145f92899ece09906ba8751bea78d04c528d8cb7bc663909445ca0050566c930da5280d0949f30cf3"}, {0x20, 0x10e, 0x200, "a4ae013da335d937ca8bf2"}], 0xd8}, 0x4000) 14:16:42 executing program 3: ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x80000001}}, './file0\x00'}) ioctl$SG_SET_KEEP_ORPHAN(r0, 0x2287, &(0x7f0000000040)=0x4b0) ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000080)=0x1) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f00000000c0)) flistxattr(r0, &(0x7f0000000100)=""/251, 0xfb) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x4002, 0x80) r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x2540, 0x150) ioctl$SG_SET_FORCE_PACK_ID(0xffffffffffffffff, 0x227b, &(0x7f0000000280)=0x1) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f00000002c0)={0x401, 0x6, 0x9}) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000300), 0x404000, 0x0) openat$cgroup_int(r3, &(0x7f0000000340)='io.max\x00', 0x2, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x121200, 0x0) ioctl$TIOCSRS485(r4, 0x542f, &(0x7f00000003c0)={0x5, 0x8, 0x80000000}) ioctl$TIOCSPTLCK(r4, 0x40045431, &(0x7f0000000400)) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r2, 0x5386, &(0x7f0000000440)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000480)=0x9) sendmsg$NL80211_CMD_NOTIFY_RADAR(r0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x48, 0x0, 0x4, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x46}}}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14b4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x54}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000600)=0x19, 0x4) syz_open_procfs(0x0, &(0x7f00000006c0)='net/rpc\x00') [ 64.395056] audit: type=1400 audit(1664547402.976:6): avc: denied { execmem } for pid=285 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 14:16:43 executing program 2: getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x1b, &(0x7f0000000000)=""/61, &(0x7f0000000040)=0x3d) r0 = mq_open(&(0x7f0000000080)='[&\'.]-G\x00', 0x80, 0x20, &(0x7f00000000c0)={0x7, 0x582, 0x7, 0x4}) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000100)={0x9, 0x0, 0x8, 0x2, 0x3}) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x408820}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, r1, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3ff}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x10) r2 = open(&(0x7f0000000280)='./file0\x00', 0x200040, 0x14) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r2, &(0x7f0000000d00)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000300)={0x98c, 0x0, 0x2, 0x70bd25, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x7fff, 0x75}}}}, [@NL80211_PMSR_ATTR_PEERS={0x8c8, 0x5, 0x0, 0x1, [{0xf8, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0xf4, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0xd4, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x14}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xff5f}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}]}, @NL80211_PMSR_TYPE_FTM={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x18}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x80}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}]}]}]}, {0x178, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_CHAN={0x14, 0x2, 0x0, 0x1, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xa}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x160, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x15c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1a}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1a}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xa}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x3c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x401}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x12}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x26}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x3c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x81}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x4c4d}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1e}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1f}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xd}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x44b}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xc}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x3}]}]}]}]}, {0x3bc, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_CHAN={0x24, 0x2, 0x0, 0x1, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e9}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_FREQ={0x8}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x254, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x80, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x7f}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xc}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0xfc}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1d}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xa}]}, @NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0xd8, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x81}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x1ff}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}]}, @NL80211_PMSR_TYPE_FTM={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xe}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x5}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xe}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x4}, @NL80211_PMSR_TYPE_FTM={0x3c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x11}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xa}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xe}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x4c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x55a}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xa}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x38, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x9}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x70, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1b}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x5}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xd}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}]}]}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x134, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x6c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xfff9}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x5}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xfc01}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x81}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x8}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x7ff}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x48, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x2f}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x19}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}]}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x6bd85e8e}]}]}, {0x128, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_CHAN={0x1c, 0x2, 0x0, 0x1, [@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x154}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}, @NL80211_PMSR_PEER_ATTR_REQ={0xe4, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x3c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xfffc}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x9}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xc}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x54, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x19}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x2}]}]}]}]}, {0xe0, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_REQ={0xc4, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x70, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x38, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x10}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1f}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xc}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x439e}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x9}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x48, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x9}]}, @NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x14}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}]}, {0x80, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_CHAN={0x2c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x17}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9b4}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x3aa}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_CHAN={0x24, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x30}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xc4}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x14, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xf}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}]}]}, @NL80211_PMSR_ATTR_PEERS={0xa4, 0x5, 0x0, 0x1, [{0xa0, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0x68, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x64, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}]}, @NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1c}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x1}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}]}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x34, 0x2, 0x0, 0x1, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x80000000}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e9}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xb9b}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]}]}]}]}, 0x98c}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) ioctl$FS_IOC_MEASURE_VERITY(r2, 0xc0046686, &(0x7f0000000d40)={0x1, 0x73, "f7318ed6cb899bd13cfaf65059d8b85b5e89062569c5e02763d91aba70f1a80e21105fb999b35f39fea3de0d202c183b3f541193d2d17a539542a0dd585cde1585f249fb1fd771d9eaabc81a3634405ad36070abbbdf6e432840bcfb2da77ca81255cf0f90339926b010f6986efd0f29ccee1c"}) mq_timedsend(r2, &(0x7f0000000dc0)="55a9b8007587fb21c119309812e7be361722c7ec909128615c0fb6f57af620ea2e165bfea092b91034ab2eb368651e24445b129f9b52f247f5f0ad182d0e0302d2e51d83b181a3b434349ad9263e5cdde2795b01b13f7be7d31974f874ec8587378b", 0x62, 0x10001, 0x0) ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, &(0x7f0000000e80)={0xae5c, 0x10, [0x0, 0x7, 0x6, 0x80], &(0x7f0000000e40)=[0x0, 0x0]}) r3 = accept$inet(r2, &(0x7f0000000ec0), &(0x7f0000000f00)=0x10) fsetxattr$security_capability(r3, &(0x7f0000000f40), &(0x7f0000000f80)=@v2={0x2000000, [{0xc000, 0x9}, {0x2d, 0x200}]}, 0x14, 0x1) rename(&(0x7f0000000fc0)='./file0\x00', &(0x7f0000001000)='./file0\x00') sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000001100)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000010c0)={&(0x7f0000001080)={0x24, r1, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xffffffe1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8040}, 0x4) r4 = openat(r2, &(0x7f0000001140)='./file0\x00', 0x0, 0x15d) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000011c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_STATION(r4, &(0x7f0000001280)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001240)={&(0x7f0000001200)={0x24, 0x0, 0x300, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_PEER_AID={0x6, 0xb5, 0xd0}]}, 0x24}, 0x1, 0x0, 0x0, 0x8001}, 0x5814) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000019c0)={0xfc, 0x0, &(0x7f00000017c0)=[@acquire, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f00000013c0)={@ptr={0x70742a85, 0x1, &(0x7f00000012c0)=""/205, 0xcd, 0x0, 0x16}, @fda={0x66646185, 0x3, 0x2}, @flat=@weak_binder={0x77622a85, 0x100, 0x3}}, &(0x7f0000001440)={0x0, 0x28, 0x48}}, 0x1440}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000001480)={@fd={0x66642a85, 0x0, r2}, @fd={0x66642a85, 0x0, r4}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000001500)={0x0, 0x18, 0x30}}}, @dead_binder_done, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x70, 0x18, &(0x7f0000001700)={@ptr={0x70742a85, 0x1, &(0x7f0000001540)=""/142, 0x8e, 0x2, 0x39}, @fda={0x66646185, 0x3, 0x0, 0x26}, @ptr={0x70742a85, 0x0, &(0x7f0000001600)=""/199, 0xc7, 0x0, 0x2a}}, &(0x7f0000001780)={0x0, 0x28, 0x48}}}, @acquire_done={0x40106309, 0x1}], 0xc9, 0x0, &(0x7f00000018c0)="9c7fd3b013dd56e4d6baed3737f5b95241b1bff9e157f009e6dc5d00306c3c07d1f89b0e3d868c18b2603479676f03954045aef68e4c3ab37540fb0045958bee92d242443d1aa8d8bd91234d325473ccea53255d186066e5a8325c75b8ab19fe8ecd0cb97eeb8b25002c10cd3d989d30041ca20b43fffbb923be6ec9d81142295b28614ed91b9203c394c7a858e581c84b9825e6f72a48f9adb691300eb4c0df4a2d0b5bb6ab4a636668e4cf9c694248e9099e2bb55a2de7b8a9d8995fdb9bb6f19194cfa2d429842e"}) r6 = open_tree(r4, &(0x7f0000001a00)='.\x00', 0xbbf6e6dcbd16d09f) setsockopt$IP_VS_SO_SET_DELDEST(r6, 0x0, 0x488, &(0x7f0000001a40)={{0x2f, @multicast1, 0x4e24, 0x3, 'wrr\x00', 0x1e, 0x5, 0xc}, {@local, 0x4e20, 0x2000, 0x20, 0x0, 0x1}}, 0x44) 14:16:43 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x6) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x4e24, 0x101, @private1, 0x7}}, {{0xa, 0x4e20, 0x1, @local, 0xec}}}, 0x108) r1 = accept4$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs, &(0x7f00000001c0)=0x6e, 0x0) getsockopt$IP_SET_OP_GET_FNAME(r1, 0x1, 0x53, &(0x7f0000000200)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000240)=0x2c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@empty, 0x6, 0x0, 0x0, 0x9, 0x1, 0x20}, &(0x7f00000002c0)=0x20) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000300)={0x6, {{0xa, 0x4e22, 0x10001, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80000000}}, {{0xa, 0x4e20, 0xde, @empty, 0x1}}}, 0x108) getsockname$inet6(r0, &(0x7f0000000440)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000480)=0x1c) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000500)={0x3b, 0x10, 0x0, 0xe0, 0x0, [@local, @remote, @mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @private2, @mcast2, @private0]}, 0x88) r4 = open(&(0x7f00000005c0)='./file0\x00', 0x14080, 0x90) getsockopt$IP_SET_OP_GET_BYNAME(r4, 0x1, 0x53, &(0x7f0000000600)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000640)=0x28) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000680), 0x14d000, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r3, 0xc018937a, &(0x7f0000000700)={{0x1, 0x1, 0x18, r2, {0x1}}, './file0\x00'}) mount_setattr(r5, &(0x7f00000006c0)='./file0\x00', 0x800, &(0x7f0000000740)={0x0, 0x2, 0x100000, {r6}}, 0x20) pipe2(&(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) lseek(r7, 0x6, 0x3) r8 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f00000007c0)={'wg2\x00'}) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000800)={@loopback, 0x7, 0x1, 0xff, 0x0, 0x1}, &(0x7f0000000840)=0x20) close_range(r8, r7, 0x0) 14:16:43 executing program 5: write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x2}, 0x7) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000040)={0x14, 0x13, 0x2, {0x16f1bb4211998cb4, 0x2, 0x7}}, 0x14) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @out_args}, './file0\x00'}) write$9p(r0, &(0x7f00000000c0)="2478702bf7070931a330ff70a8e69914a5dad4bed0efb13d8bcf7230742d5d6a03ff09e9bfab19e80be747b0e8d1abc2dcaa9f323d33f5bc417cd31d873a46e1ea39eee7535448a8e0c03ae4ca28e4bf9e1aae43744d4ed84f2e35605069", 0x5e) write$P9_RSTATFS(r0, &(0x7f0000000140)={0x43, 0x9, 0x2, {0x5, 0x14136ccf, 0x3, 0xffff, 0xffffffffffffffe0, 0x6, 0xd1, 0x2, 0x1}}, 0x43) write$P9_RWALK(r0, &(0x7f00000001c0)={0x57, 0x6f, 0x2, {0x6, [{0x4, 0x0, 0x8}, {0x0, 0x1, 0x6}, {0x0, 0x4, 0x3}, {0x363ba98c760101c3, 0x0, 0x1}, {0x10, 0x3, 0x5}, {0x40, 0x1, 0x3}]}}, 0x57) fstatfs(r0, &(0x7f0000000240)=""/84) write$P9_RCREATE(r0, &(0x7f00000002c0)={0x18, 0x73, 0x2, {{0x1, 0x0, 0x8}, 0xfffffffb}}, 0x18) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$AUTOFS_IOC_FAIL(r1, 0x9361, 0x5) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000300), 0x280400, 0x0) write$binfmt_aout(r2, &(0x7f0000000340)={{0x10b, 0x3, 0x20, 0x230, 0x10, 0xae, 0x3bf, 0x2}, "f774543d9295591cba86376dc673dd97e63db3c2f1325dbf18cb1c592a4bf43bf7c297935f8134e319b796d3e93e3e25df391f5448807026373cbebc65e6641512357c90053b9ed5af2b332e218404272742771495947ef1297227a502ceeb6473d790298ee248125304591298fe005d2183ba66f12113283cdc629602018fb8067ff653043aeaf82c3dd36f7184d2a279ea07da97ca5d50e14ed40ed632ec807e1fa184d0ad0e3590b801435e9e20de7a5be5fd5f92094520c76611a7b77180eebf336510fdd217f22e5d85f00b84eac0fc556a7e5862a83a97a99e1b9eba31f69c30b495df2cd5b26b5ebeb87cb0907e3d702922e25326aa3da24dfb1d7ed6a489d6f0399656a59222da30d43d3d983fa0541478776081017924521b09e82be5be8de1f75183c7e8c978a7988feac175ab4a2056914efe5dbe6e15d2a5bf920d23eea6799d7be991328ddba4933f2547e935bd1fe8a728b194d03b8664a1eea38ae5a0abe876968023799c4260b944975bd74b11d76949d1f787146b790490a35794f6f8d64ea2553b7a0089ade2a9d877c785dde85e1f377dc52f223e91356608651e8e1ee94efd6daf24f242bed7d18824644df42465871e09fa1ae3bfe96f4a13c49068ef3fc82f4c3f4b647b2b5cc2e1368b4f1431a30011602201f5f99f0839a787f5c2b72fc335860eafd118dd87589bdfbbe07e2dd7c819a44b9722a604e80a483251c3ba2c3aa6111bf7801feebd66c69e3026de9ea1babcb7f40749781f3cce3a17e386c5c0053c5d4e47d0cae23c989fa58322a7790b987df43f25b7857b8bac91cac4001b595675548d2781896775e4e8bbd98819e3c5e78936999c27c853790562aee80197af64fb872b564cd6d309a78e619d7da4e8369bb0072eef36cc46bb820168cb7153a99fe3cac3abdd7769fd85de13f8e0e6eec3f4df5508ccc07bbd0e4b6bace6b42766b978dd1cfbb20d1013c02513b2f2dda732af62b2b24796077869e031a1f91a40e16c29b104e5a4912c1c2ac54f40da1c82ab5216e6707648416f777083e5f4a36fe4a7e3d171e546a40503d20bb8fb2f50377f0c2848eef071372f1a26b8c429117e8b01489c5177728a203ee25d839ce53f5353cd6398b523543c2491c541a2b4039ee39e9531e2517b3063dca4f78e45e4007e781cc57558ee80653288490e727c96e1a75ddfd23c08664e1676d44cf817fe71c3fdcc897bdeb3b8ed210380c8d7eeb19f3fb3fb06dbd33a1da0978fe146b838442756d09058d9451633d3f7105c514e45c81b441841707d9d16133cad07b86a257af2528fb86bef9c7325130bde141328b568a36ea21ca7324b551609435d7ec8e329a391373ac25512ac223e8e87adc38ab0e0d86ff1f59c1bfdabe4380120a9da3446e668962b4ffd2284f5fa73d8f3cecf9680bf35a692c2762a09774ac571f05b334411b527c44d77d301d85be45a1d6d53778f4029340a78ae995b915092b18c903fa1d75f8a46d9aef8a82189de1d78ca5923669d4693ba3a41bd3d456a9457e81115b0b6728b750f6ccc3d9c5d33fc43a22fb69a0a7d1f6cb47665a029daafa28c68420c60326e546be6d46437622ef368197f6e74a5160bca41f72a7fda579681cc9cd8777aefdf60ab28f5d1e3cddaf238d1e5de9427131dc8e1cddaf15ae509195ccad4136ba0632e901fe00a63ae2b17d14fb584fd5caca705dc66a1bacb5257a3b3569747dd4260903351d18bb8052eb5deab8bad5d296d7dbe79094533e2403a624946bae075a7e4de9712d8ba24fa6076123dc017634b0240986f8bdde2eb6b1c5aba282fa2e79445787f006ff46a25671aa2f4aa82638a0e2bf024e5bd58c0e1224f4b591ac20d95363742b8ad6a6727a064635b5a4bbe07f95565b939d093e9823a362a1ee8a00eb750dafbed14e7bb6f6ebac547ecd966e54c246e7ad249dd52cfa730eb4078ad3c7a52212dada6246ae3ce5494be39a1c7d0185148a43e1133b547cb0e682495bfb1bca811b230787c6e0935c36129a011965925c9739e036d27a39a8fb4a9892ab9c496ed6f687341a85f63b762a0541cac93de8cdfcfbf71b804c6349a58a51c199cc1a62592c054ee272823fb98d45ba8a21c10df74cb127e83beb97bbcc386954e5e7452bed8795c8267e72d1209598a65677390eafcea3850ccf5785e2bf50112fa7ffe939d67b0d13273ff655c28a22392a62f2c7a7ac7c533390a114e98dcd0fc54ae4e5dfd1ffb2f921ce3b6706b7d28214396b625c2e95955cd23b2d5c9ebe6786e7726acf9643fa168ae12fe13841e0da23cac08e741bb9da2d03383529f9cfdbbfb7ee8ca7d408c7c900b5ec90b92c3040d306b4492c7fcb54818be3f9a7175ae4184a4eef089884cae8f291699cebec168a303f27d760200fd87d30ed9fc557f0da8808d945711f454d363da5c51fe307cc9a5affccb4a8cc6d7b64aa0fcf80c4d446487c3ce072bc5d87f73b01e8d43fe093b44ce87d44bf169b828829554e2c4525f3a91a1879b4896b5e07a5778d11c92ebe4fce696784df213bd38907e44df9f81e794fc73fa55c4cdafcc655223b1ea35af8d14920332b62eb45a28c05c0dd8052824efa0b6c88b58de0fb23d8f1197a3b80070d776fb7ac94825a22381baa8f3e5da4da4580dbc2161a6cdd1e38bd1e1d428062735ae2791fe827888320a574ffd91c31f28b1fb23a7385df4be9d1ece332498039912c742a181b8fd2a2cad95cfa0ed12bbbc426e24f9d4410898c3bedb180f72285a66df041287e3a67dd811beb7c462db66e3d3f87c54ce9f5d607828bd7f988aa2914eb6fb89fea555e7ad7303918a842e8ea8ce9be8a0361e81f9ac52d2372cc1848a3b1cc2d0bebb7b77457991e8feec02ff114e4b08f3e5317a02d4215531257350797768c7e1445d3b4a48b44836cd699fa79cc5704d03505885adc897cca071de6a70738be4e405d85cd8b10f2bd88d5ed0d06b0734271f5689e7de6a5c7a4f20a63c8405fc678af32620e89ee98054042faf98320d7ea4e043b2cfc6038303be345c26cc6481f382b2069c068c91d6c9b49129a7b5ac851e1430cacd30774ad8f3a48c0c431c9a3ec962b6b4e6508232c0caa3fc93e051707f28f5ba366e920b5a0a7143b82f44bd231bba78203a59796423202a1f5385bf52795567320eea3673947a0fca1e452bf5684afc2995015a5a48bf8e0bd6c12b3f3b0046d29dedce423f1097e2bbc26fea36db1fe6bceb9b2309da843961bf6df5bb7c92e686c011d90da3cb159b66bf0e5ae616a904894dacca759944aae90d381692410e0e83b33fa394d1bd9168d81c54b5f45ca51fe48f88feb68aed204aa6e3adfd009490b6e166244dcb86875ae82a6f7ab3f32f2f9afeb555218f526ef00cb661ebdc94113dbf2ddd12adff8c754026ca1bc851b28a9aae497e4eb6a210c798a03843c08a24dc5185b58db2ad4204d18196bbcf28e7a5e11c1ddabf523f3a3a2daf6119ca5762ed24b63cd3374acdcd4ec8f390f3b128dc55ce8a1119e62a42ef2647cc58fcdcab523576a2835116997e182e31916ed08939ace8ec794f8d6be30ef0d8a2dc1245e9bbb96c90cb2d4dbc03150b11c717811930a67a9e88f9a804794c9cefaeabed810112737d25ba1d57f9c959b88d2edb422975138e7c8ef370b83b533f4936c91bee2c575d11c9a1176f9db6524f2844cbef3e8b152aef8ce2b6e1305b005159bc72056565c338cbabe90394a2042c6e1732fd018a2e0a7fa09f2643a9a703c696997fca9db7a554ed2e547b3bad02307be0630585393ed8f26a8ca6bb23fe25922e8427137bc2d6c478c6a1915b8fe486add5e43b95216e2dfbe5dc76656baade84a7cde67328d823ad0466487af094faa25a1d17e91a93d0d2cbb1c44fd8f441d7c10dc41f8230cf81fd1180e9268461ffba94b7b41ce4caf563062536fbdccc554727b6dc064251339023986c7f0fd8c90c29ebb9c1e7842a9520661c395a3a4975639db94271c83ed3c60012ced50cd487d1c6f67a215066e3ffcd4d073ea5606fa109f6c78a1c06ba95ad8708c4d5f1b0579798110f73b45c6bf99160bf2686b2ae754b060e729ea17d5365dbd5931e31735a2140cbb231a9146eb0a8f784b398bc10e5152028a52973f0741c9c0b40828d02b449e663fcb208bbdf42d4ed0c493b21d9ef3335988a71354421b5af7f4ececef628bfd758097d83f780dcaf0d352fcd65049c21202b1576751ac1cc6dd616bef22a89c3ff4115a308a8cda7a7a2e692580fe4ae98237e3c5efd2272908e641d8bb82269124188355d3bac3aefb168d7bb859d7a86c48beecb1717f9a7159a67f01634f2b34d5b7afa59a4c5159d4373b88610b077ba89d28ef98f28c45a8e49c7fc3298100b2bc3ddbe210b83770a22dd90f83a7f98756d9dd640ea8e4de8f09762aa990dde5c72c0cdf1808e5e4023c4e6cd1289c06d3210137af0cd0051366ff30a88bf3a902bff525dd7a592ae98143e97c57b8b62a29c8ceb20fac727399ed985d964f868bc263d388b3797e09ecb55615500b20458e3240ec42c985f661165d1e917c8e572879dde27b5e4b49207c2d3a9dbedab81af65980fad0ec05ed7e5a43b4864d4bc7a3bb15a4c3874cd634717b8187b7dc3a63823ae0aad2720d130024f3a3fdea13a849050f6b8a1dfdf627c9b2fb4d2e3c441c15a10d4edfef92ab39960623af15a76f69ba175fb0d8fc939e1f61996d66b8f54471f32b52d8e4b56e37c287fd9aa833a66ead21fadccf8cbb395228b14e9621f20c5182fbe3ec25aed9e86bdab697aa39632b604c4f7d9b4de2a3076c9f2cfa6bb8cb74af9e5ac6af7a8a9268a6c6b4dc365309e0a79e1bc495b863ba2fad55e325e7758a512368ffea97b58afa9da314c8f9bd11e0029f58b93f9a6f0c5eb122a3b8f2f78afdbc915b16bac96b8a34a9477db0eaa6c1fd8708a941c4a4d5d31fd58283fd5d2d2740453ef5b5c2aa7ea4ba8691ea673f80e4a64bc5448d81646f2dcd93a291749aa136a21365d067b2630f845cf011004659bdaab7422c3ef330f9fc48698079f39d5a5ac37c963a1f1cf903fa15302954cd4c475d9b00c1b426472b833ed37198d39230cbd9f7e3836fce906c50d3c73faee06fa65ddd6cdf5cbf44eefaa66ef61ddf51e57e94f959c0fd22eefeb44dc3de0b22a7589c380744aabcc1df5da2bcc672c85ab70229694bb59d02b037ff65ce2b2317cb583fb94121ef37a6606ab79cc54864918601be0e2a9689a35350b710e961ee9f686eac5c099788c6880abc30369f06c66bdb66ba1887bb2f35e7ded52d61f9ebda932931895c8117d9d76a898ab1ac01c9dab34d68f06c153146a97f090b592f7e815c7e413cfa3bd7ff9d27243cd787b8611a17d8abc78067e799faac66e791a81144053c957abe067e1ed7c64bf1dfcc0a117e9f453568d5adb4814c2502ee62ffbb09ede509e7938a7d19438983153ebbd758f9ce78697354fd1a5b5a1d064d8a2e740a91027963d3ec2342de59ca062661dec83952dcf0ce28a9091c8011c2a11f0ace3c02ce915f7759d43ed1bcfffba1c16bfa7d9adbe140dc281c35c160077ddb4ed0efdba4fd6d9d90a310a2638be617ee43da0465ed25f0fefe09b337b803ca6fad927d9f890f90f9454ca52702a81f7779e3c8342348aed34e0b95e356372f759d27598a0c97596fbfca90a28f7f6f84833d38b5e5abf031ee6bdbbf1fcdd934ee8acd48aa368416ce8653cd21a61577fe4eda4e7758466", ['\x00']}, 0x1120) r3 = fsmount(r2, 0x1, 0x88) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r3, 0xc02c5341, &(0x7f0000001480)) r4 = fork() write$P9_RGETLOCK(r0, &(0x7f0000001500)={0x1e, 0x37, 0x2, {0x6, 0x0, 0xffff, r4}}, 0x1e) r5 = open_tree(r3, &(0x7f0000001540)='./file0\x00', 0x800) tee(r1, r5, 0x7, 0x4) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r5, 0xc018937a, &(0x7f0000001580)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'}) sendmsg$NL80211_CMD_TDLS_OPER(0xffffffffffffffff, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x34, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x80000000, 0x7}}}}, [@NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 14:16:43 executing program 6: ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x9}}, './file0\x00'}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x0, 0xee00}}, './file1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2) poll(&(0x7f00000000c0)=[{r2, 0x400}, {r1, 0x4409}], 0x2, 0x9) close_range(r0, r1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611) r4 = accept$inet6(r0, &(0x7f0000000100), &(0x7f0000000140)=0x1c) r5 = fcntl$dupfd(r1, 0x0, r4) r6 = syz_open_dev$vcsn(&(0x7f0000000180), 0x4, 0x2402) ioctl$AUTOFS_DEV_IOCTL_READY(r6, 0xc0189376, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3, {0x2}}, './file1\x00'}) r8 = signalfd4(r5, &(0x7f0000000280)={[0x5]}, 0x8, 0x80800) r9 = perf_event_open(&(0x7f0000000200)={0x5, 0x80, 0x0, 0x5, 0x7f, 0x3, 0x0, 0x4, 0x6028, 0x6, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x4, @perf_config_ext={0x1, 0x1f}, 0x48800, 0xff, 0x5, 0x4, 0x2, 0x5, 0x7, 0x0, 0x7, 0x0, 0x80}, 0xffffffffffffffff, 0x4, r8, 0x9) r10 = openat$full(0xffffffffffffff9c, &(0x7f00000002c0), 0x80000, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r10, 0xc0189376, &(0x7f0000000300)={{0x1, 0x1, 0x18, r7}, './file1\x00'}) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r8, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r9}, './file1\x00'}) r11 = memfd_secret(0x80000) syz_genetlink_get_family_id$l2tp(&(0x7f0000000380), r11) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r2) 14:16:43 executing program 7: sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x3, 0x2, 0x301, 0x0, 0x0, {0x5, 0x0, 0x2}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24004011}, 0x10002000) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x3c, 0x2, 0x9, 0x201, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0xc}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x24004000) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x400, 0x70bd2d, 0x25dfdbfd, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20040840}, 0x4000052) r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000005c0)={&(0x7f0000000380)={0x234, r0, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x401}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xcf4}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xf21}]}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xb7f2}]}, @TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0xec, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x429}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_LINK={0x88, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}]}]}, 0x234}}, 0x4000) sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, 0x5, 0x1, 0x104, 0x0, 0x0, {0x5, 0x0, 0x9}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x20, r1, 0x400, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x1c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x61b9abb7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x84}, 0x8004) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000009c0), 0xffffffffffffffff) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000b80)={@local, @remote, 0x0}, &(0x7f0000000bc0)=0xc) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000c00)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000cc0)={'syztnl0\x00', &(0x7f0000000c40)={'syztnl0\x00', 0x0, 0x2f, 0x20, 0x8, 0xf8c, 0x30, @private2, @remote, 0x1, 0x20, 0xff, 0x3cc}}) ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000d80)={'ip6tnl0\x00', &(0x7f0000000d00)={'ip6tnl0\x00', 0x0, 0x4, 0x4, 0x0, 0x101, 0x80, @private2={0xfc, 0x2, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x20, 0x20, 0xd23d, 0x207f}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000e40)={'sit0\x00', &(0x7f0000000dc0)={'syztnl2\x00', 0x0, 0x4, 0x1, 0xec, 0x1, 0x51, @remote, @mcast1, 0x10, 0x7800, 0xfffffeff, 0xffff6f13}}) sendmsg$ETHTOOL_MSG_FEATURES_GET(0xffffffffffffffff, &(0x7f0000001040)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001000)={&(0x7f0000000e80)={0x150, r2, 0x4, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x40844}, 0x800) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000010c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x24, r8, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x1}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x40}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4048040) r9 = accept(0xffffffffffffffff, &(0x7f0000001200)=@can, &(0x7f0000001280)=0x80) syz_genetlink_get_family_id$wireguard(&(0x7f00000011c0), r9) [ 65.682870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.685021] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.686618] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.690902] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.693714] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.695608] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.701513] Bluetooth: hci0: HCI_REQ-0x0c1a [ 65.745505] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.747286] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.749870] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.750935] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.753414] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.755706] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.759147] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.763447] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 65.765123] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.767091] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.769951] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 65.771926] Bluetooth: hci1: HCI_REQ-0x0c1a [ 65.773203] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.823974] Bluetooth: hci2: HCI_REQ-0x0c1a [ 65.825614] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 65.827517] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 65.829475] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 65.832419] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 65.837637] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 65.839144] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 65.849928] Bluetooth: hci7: HCI_REQ-0x0c1a [ 65.902538] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.907075] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.912074] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.919100] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.919543] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 65.922913] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 65.924471] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 65.926035] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 65.926108] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.932445] Bluetooth: hci3: HCI_REQ-0x0c1a [ 65.958033] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 65.960729] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 65.962325] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 65.967885] Bluetooth: hci6: HCI_REQ-0x0c1a [ 67.767374] Bluetooth: hci0: command 0x0409 tx timeout [ 67.829899] Bluetooth: hci1: command 0x0409 tx timeout [ 67.829921] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 67.831513] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 67.893972] Bluetooth: hci7: command 0x0409 tx timeout [ 67.894692] Bluetooth: hci2: command 0x0409 tx timeout [ 67.957868] Bluetooth: hci3: command 0x0409 tx timeout [ 68.022955] Bluetooth: hci6: command 0x0409 tx timeout [ 69.814862] Bluetooth: hci0: command 0x041b tx timeout [ 69.878866] Bluetooth: hci1: command 0x041b tx timeout [ 69.941920] Bluetooth: hci2: command 0x041b tx timeout [ 69.942872] Bluetooth: hci7: command 0x041b tx timeout [ 70.005892] Bluetooth: hci3: command 0x041b tx timeout [ 70.069965] Bluetooth: hci6: command 0x041b tx timeout [ 71.229441] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.231998] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.232935] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.234170] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.234935] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.236215] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.238159] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.240131] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 71.240779] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.242194] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.243657] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 71.244711] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 71.249863] Bluetooth: hci4: HCI_REQ-0x0c1a [ 71.264333] Bluetooth: hci5: HCI_REQ-0x0c1a [ 71.861936] Bluetooth: hci0: command 0x040f tx timeout [ 71.925925] Bluetooth: hci1: command 0x040f tx timeout [ 71.990070] Bluetooth: hci7: command 0x040f tx timeout [ 71.990927] Bluetooth: hci2: command 0x040f tx timeout [ 72.053878] Bluetooth: hci3: command 0x040f tx timeout [ 72.117926] Bluetooth: hci6: command 0x040f tx timeout [ 73.269866] Bluetooth: hci4: command 0x0409 tx timeout [ 73.334124] Bluetooth: hci5: command 0x0409 tx timeout [ 73.909864] Bluetooth: hci0: command 0x0419 tx timeout [ 73.973857] Bluetooth: hci1: command 0x0419 tx timeout [ 74.037977] Bluetooth: hci2: command 0x0419 tx timeout [ 74.038600] Bluetooth: hci7: command 0x0419 tx timeout [ 74.101851] Bluetooth: hci3: command 0x0419 tx timeout [ 74.165856] Bluetooth: hci6: command 0x0419 tx timeout [ 75.317903] Bluetooth: hci4: command 0x041b tx timeout [ 75.381904] Bluetooth: hci5: command 0x041b tx timeout [ 77.365893] Bluetooth: hci4: command 0x040f tx timeout [ 77.429854] Bluetooth: hci5: command 0x040f tx timeout [ 79.413970] Bluetooth: hci4: command 0x0419 tx timeout [ 79.477868] Bluetooth: hci5: command 0x0419 tx timeout [ 120.296300] audit: type=1400 audit(1664547458.878:7): avc: denied { open } for pid=3623 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 14:17:39 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x244b43, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setns(r1, 0x0) syz_io_uring_setup(0x383d, &(0x7f0000000000)={0x0, 0xb883, 0x1, 0x402, 0x2e5, 0x0, r0}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000800000/0x800000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) ioctl$SG_EMULATED_HOST(r0, 0x5307, 0x0) 14:17:39 executing program 6: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setns(r0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000bc0), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0), 0x1000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@nodevmap}, {@msize={'msize', 0x3d, 0xd5f}}, {@dfltgid={'dfltgid', 0x3d, 0xee01}}], [{@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@subj_type={'subj_type', 0x3d, 'system.posix_acl_default\x00'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@measure}, {@fsuuid={'fsuuid', 0x3d, {[0x63, 0x37, 0x62, 0x39, 0x36, 0x34, 0x61, 0x39], 0x2d, [0x37, 0x38, 0x36, 0x2], 0x2d, [0x36, 0x34, 0x38, 0x36], 0x2d, [0x33, 0x61, 0x36, 0x39], 0x2d, [0x65, 0x3f, 0x61, 0x34, 0x38, 0x31, 0x35, 0x65]}}}, {@euid_gt}]}}) syz_mount_image$tmpfs(0x0, &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f0000000340)={{}, {0x10}}, 0x24, 0x0) 14:17:39 executing program 6: gettid() socketpair$unix(0x1, 0x0, 0x0, 0x0) gettid() r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setns(r2, 0x0) openat(r2, &(0x7f0000000040)='./file1\x00', 0x181140, 0x188) ftruncate(r0, 0x0) r3 = memfd_secret(0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000000200)={{0x1, 0x1, 0x18, r3, {0x9}}, './file1\x00'}) r4 = getpid() pidfd_open(r4, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe2, 0x0, 0xfd, 0x0, 0x0, 0x1ff, 0x12a600, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0xfe4a, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x7ff}, r4, 0x1, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x7, 0x7f, 0x1, 0x9e, 0x0, 0x3, 0x100, 0xd, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x401, 0x2, @perf_bp={&(0x7f0000000140), 0x1}, 0x220, 0xffffffffffffef80, 0xfff, 0x1, 0xffffffffffffffff, 0x2, 0xfff8, 0x0, 0xe0000000, 0x0, 0x5}, r4, 0xe, 0xffffffffffffffff, 0x8) write(r1, &(0x7f0000000080)="01", 0x41030) [ 120.866611] audit: type=1400 audit(1664547459.448:8): avc: denied { kernel } for pid=3667 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 120.874762] ------------[ cut here ]------------ [ 120.875331] WARNING: CPU: 0 PID: 3663 at kernel/events/core.c:2233 event_filter_match+0x422/0x660 [ 120.876018] Modules linked in: [ 120.876266] CPU: 0 PID: 3663 Comm: modprobe Not tainted 6.0.0-rc7-next-20220929 #1 [ 120.876826] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 120.877646] RIP: 0010:event_filter_match+0x422/0x660 [ 120.878019] Code: 00 00 00 e9 7c fc ff ff e8 7b 33 f1 ff 65 8b 2d 60 9c ad 7e 31 ff 89 ee e8 1b 30 f1 ff 85 ed 0f 84 ef 00 00 00 e8 5e 33 f1 ff <0f> 0b eb 9f e8 d5 a1 23 00 e9 17 fc ff ff e8 4b 33 f1 ff 48 8d 7b [ 120.880412] RSP: 0018:ffff88806ce09c70 EFLAGS: 00010046 [ 120.880826] RAX: 0000000080010001 RBX: ffff888040c58000 RCX: 0000000000000000 [ 120.881351] RDX: ffff888015d55040 RSI: ffffffff8154d972 RDI: 0000000000000005 [ 120.881883] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001 [ 120.882412] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff888040c58220 [ 120.882952] R13: 0000000000000000 R14: ffff888040c580a8 R15: ffff888040c58220 [ 120.883487] FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 120.884092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.884529] CR2: 00007f4e6dba0b70 CR3: 0000000008b2e000 CR4: 0000000000350ef0 [ 120.885059] Call Trace: [ 120.885255] [ 120.885433] merge_sched_in+0x107/0x1110 [ 120.885758] visit_groups_merge.constprop.0.isra.0+0x4fc/0xef0 [ 120.886227] ? merge_sched_in+0x1110/0x1110 [ 120.886559] ? lock_is_held_type+0xd7/0x130 [ 120.886903] ctx_sched_in+0x2e6/0x770 [ 120.887210] ? lock_acquire+0x1b2/0x530 [ 120.887526] ? visit_groups_merge.constprop.0.isra.0+0xef0/0xef0 [ 120.887993] ? lock_is_held_type+0xd7/0x130 [ 120.888329] perf_event_sched_in+0x75/0x80 [ 120.888658] ctx_resched+0x1ce/0x390 [ 120.888952] __perf_install_in_context+0x285/0x9c0 [ 120.889331] ? ctx_resched+0x390/0x390 [ 120.889636] remote_function+0x125/0x1b0 [ 120.889955] __flush_smp_call_function_queue+0x1df/0x5a0 [ 120.890373] ? perf_duration_warn+0x40/0x40 [ 120.890709] __sysvec_call_function_single+0x92/0x3a0 [ 120.891107] sysvec_call_function_single+0x89/0xc0 [ 120.891496] [ 120.891670] [ 120.891846] asm_sysvec_call_function_single+0x16/0x20 [ 120.892245] RIP: 0010:stack_trace_consume_entry+0xa/0x160 [ 120.892665] Code: 00 48 8b 44 24 10 e9 22 fe ff ff e8 90 de 42 00 e9 52 fd ff ff e8 26 73 ef 02 cc cc cc cc cc cc 48 b8 00 00 00 00 00 fc ff df <55> 53 48 89 fb 48 83 c7 10 48 89 fa 48 c1 ea 03 48 83 ec 08 0f b6 [ 120.894013] RSP: 0018:ffff888040aef4f0 EFLAGS: 00000282 [ 120.894414] RAX: dffffc0000000000 RBX: ffffffff81359ce0 RCX: 0000000000000000 [ 120.894940] RDX: 1ffff1100815deaa RSI: ffffffff817856ce RDI: ffff888040aef5c0 [ 120.895476] RBP: ffff888040aef590 R08: ffffffff85e802f8 R09: ffffffff85e802fc [ 120.896015] R10: ffffed100815deac R11: ffff888040aef538 R12: ffff888040aef5c0 [ 120.896550] R13: 0000000000000000 R14: ffff888015d55040 R15: ffff88803dbf9400 [ 120.897085] ? write_profile+0x3a0/0x3a0 [ 120.897408] ? kasan_save_stack+0x1e/0x40 [ 120.897728] arch_stack_walk+0x73/0xf0 [ 120.898036] ? kasan_save_stack+0x1e/0x40 [ 120.898356] stack_trace_save+0x8c/0xc0 [ 120.898660] ? filter_irq_stacks+0x90/0x90 [ 120.898983] ? mas_destroy+0x380/0x560 [ 120.899295] kasan_save_stack+0x1e/0x40 [ 120.899625] ? mark_lock.part.0+0xef/0x2f70 [ 120.899961] ? mark_lock.part.0+0xef/0x2f70 [ 120.900298] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 120.900704] ? lock_chain_count+0x20/0x20 [ 120.901022] ? lock_chain_count+0x20/0x20 [ 120.901353] ? lock_is_held_type+0xd7/0x130 [ 120.901679] ? find_held_lock+0x2c/0x110 [ 120.901998] ? lock_release+0x3b2/0x750 [ 120.902303] ? __delete_object+0xb3/0x100 [ 120.902629] ? __virt_addr_valid+0xfe/0x340 [ 120.902946] ? hugetlb_cgroup_migrate+0xf60/0xf60 [ 120.903307] __kasan_record_aux_stack+0x95/0xb0 [ 120.903658] ? hugetlb_cgroup_migrate+0xf60/0xf60 [ 120.904022] call_rcu+0x6a/0xa30 [ 120.904282] ? _raw_spin_unlock_irqrestore+0x33/0x60 [ 120.904660] kmem_cache_free_bulk.part.0+0x305/0x770 [ 120.905044] ? mas_destroy+0x380/0x560 [ 120.905338] mas_destroy+0x380/0x560 [ 120.905619] mas_store_prealloc+0xf0/0x160 [ 120.905932] ? mas_destroy+0x560/0x560 [ 120.906243] do_mas_align_munmap.constprop.0+0x59f/0x1000 [ 120.906657] ? __split_vma+0x5d0/0x5d0 [ 120.906956] ? mas_walk+0x48a/0x670 [ 120.907234] ? mas_find+0x209/0xdd0 [ 120.907529] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 120.907920] do_mas_munmap+0x1e8/0x2b0 [ 120.908215] mmap_region+0x21c/0x1a00 [ 120.908514] ? asm_sysvec_call_function_single+0x16/0x20 [ 120.908910] ? do_munmap+0x100/0x100 [ 120.909199] ? do_mmap+0x2ad/0xf40 [ 120.909468] do_mmap+0x828/0xf40 [ 120.909735] vm_mmap_pgoff+0x1af/0x270 [ 120.910030] ? randomize_page+0xb0/0xb0 [ 120.910341] ksys_mmap_pgoff+0x79/0x4f0 [ 120.910640] do_syscall_64+0x3b/0x90 [ 120.910927] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 120.911325] RIP: 0033:0x7f4e6dbeed82 [ 120.911612] Code: eb aa 66 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 33 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 56 5b 5d c3 0f 1f 00 c7 05 ae 03 01 00 16 00 [ 120.912978] RSP: 002b:00007ffd4cb46f18 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 120.913547] RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 00007f4e6dbeed82 [ 120.914070] RDX: 0000000000000003 RSI: 0000000000003f90 RDI: 00007f4e6dba1000 [ 120.914602] RBP: 00007f4e6dba1000 R08: 00000000ffffffff R09: 0000000000000000 [ 120.915134] R10: 0000000000000032 R11: 0000000000000206 R12: 00007f4e6dbcd510 [ 120.915680] R13: 00007ffd4cb46f30 R14: 00007ffd4cb46fc0 R15: 00007ffd4cb472c0 [ 120.916243] [ 120.916425] irq event stamp: 5440 [ 120.916686] hardirqs last enabled at (5439): [] _raw_spin_unlock_irqrestore+0x28/0x60 [ 120.917389] hardirqs last disabled at (5440): [] sysvec_call_function_single+0xb/0xc0 [ 120.918096] softirqs last enabled at (4732): [] __irq_exit_rcu+0x11b/0x180 [ 120.918736] softirqs last disabled at (4727): [] __irq_exit_rcu+0x11b/0x180 [ 120.919396] ---[ end trace 0000000000000000 ]--- [ 120.919778] ------------[ cut here ]------------ [ 120.920131] WARNING: CPU: 0 PID: 3663 at kernel/events/core.c:2557 merge_sched_in+0xadb/0x1110 [ 120.920782] Modules linked in: [ 120.921034] CPU: 0 PID: 3663 Comm: modprobe Tainted: G W 6.0.0-rc7-next-20220929 #1 [ 120.921708] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 120.922548] RIP: 0010:merge_sched_in+0xadb/0x1110 [ 120.922926] Code: ff ff e8 08 0e ef ff 65 8b 05 ed 76 ab 7e 31 ff 89 c6 89 04 24 e8 a5 0a ef ff 8b 04 24 85 c0 0f 84 13 02 00 00 e8 e5 0d ef ff <0f> 0b e9 c4 fb ff ff e8 d9 0d ef ff 4c 89 e8 48 05 18 01 00 00 e9 [ 120.924305] RSP: 0018:ffff88806ce09cb0 EFLAGS: 00010046 [ 120.924724] RAX: 0000000080010001 RBX: ffff88806ce3d2c0 RCX: 0000000000000000 [ 120.925276] RDX: ffff888015d55040 RSI: ffffffff8156feeb RDI: 0000000000000005 [ 120.925826] RBP: ffff888040c58000 R08: 0000000000000005 R09: 0000000000000001 [ 120.926366] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88806ce3d2c0 [ 120.926901] R13: ffff88806ce00000 R14: ffff888040c580a8 R15: ffff888040c58220 [ 120.927441] FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 120.928041] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.928477] CR2: 00007f4e6dba0b70 CR3: 0000000008b2e000 CR4: 0000000000350ef0 [ 120.929017] Call Trace: [ 120.929214] [ 120.929390] visit_groups_merge.constprop.0.isra.0+0x4fc/0xef0 [ 120.929857] ? merge_sched_in+0x1110/0x1110 [ 120.930197] ? lock_is_held_type+0xd7/0x130 [ 120.930535] ctx_sched_in+0x2e6/0x770 [ 120.930839] ? lock_acquire+0x1b2/0x530 [ 120.931147] ? visit_groups_merge.constprop.0.isra.0+0xef0/0xef0 [ 120.931631] ? lock_is_held_type+0xd7/0x130 [ 120.931976] perf_event_sched_in+0x75/0x80 [ 120.932302] ctx_resched+0x1ce/0x390 [ 120.932588] __perf_install_in_context+0x285/0x9c0 [ 120.932964] ? ctx_resched+0x390/0x390 [ 120.933267] remote_function+0x125/0x1b0 [ 120.933580] __flush_smp_call_function_queue+0x1df/0x5a0 [ 120.933987] ? perf_duration_warn+0x40/0x40 [ 120.934324] __sysvec_call_function_single+0x92/0x3a0 [ 120.934717] sysvec_call_function_single+0x89/0xc0 [ 120.935102] [ 120.935281] [ 120.935465] asm_sysvec_call_function_single+0x16/0x20 [ 120.935863] RIP: 0010:stack_trace_consume_entry+0xa/0x160 [ 120.936281] Code: 00 48 8b 44 24 10 e9 22 fe ff ff e8 90 de 42 00 e9 52 fd ff ff e8 26 73 ef 02 cc cc cc cc cc cc 48 b8 00 00 00 00 00 fc ff df <55> 53 48 89 fb 48 83 c7 10 48 89 fa 48 c1 ea 03 48 83 ec 08 0f b6 [ 120.937620] RSP: 0018:ffff888040aef4f0 EFLAGS: 00000282 [ 120.938028] RAX: dffffc0000000000 RBX: ffffffff81359ce0 RCX: 0000000000000000 [ 120.938564] RDX: 1ffff1100815deaa RSI: ffffffff817856ce RDI: ffff888040aef5c0 [ 120.939101] RBP: ffff888040aef590 R08: ffffffff85e802f8 R09: ffffffff85e802fc [ 120.939645] R10: ffffed100815deac R11: ffff888040aef538 R12: ffff888040aef5c0 [ 120.940179] R13: 0000000000000000 R14: ffff888015d55040 R15: ffff88803dbf9400 [ 120.940713] ? write_profile+0x3a0/0x3a0 [ 120.941031] ? kasan_save_stack+0x1e/0x40 [ 120.941349] arch_stack_walk+0x73/0xf0 [ 120.941658] ? kasan_save_stack+0x1e/0x40 [ 120.941984] stack_trace_save+0x8c/0xc0 [ 120.942290] ? filter_irq_stacks+0x90/0x90 [ 120.942615] ? mas_destroy+0x380/0x560 [ 120.942920] kasan_save_stack+0x1e/0x40 [ 120.943231] ? mark_lock.part.0+0xef/0x2f70 [ 120.943567] ? mark_lock.part.0+0xef/0x2f70 [ 120.943904] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 120.944305] ? lock_chain_count+0x20/0x20 [ 120.944621] ? lock_chain_count+0x20/0x20 [ 120.944956] ? lock_is_held_type+0xd7/0x130 [ 120.945286] ? find_held_lock+0x2c/0x110 [ 120.945597] ? lock_release+0x3b2/0x750 [ 120.945902] ? __delete_object+0xb3/0x100 [ 120.946217] ? __virt_addr_valid+0xfe/0x340 [ 120.946546] ? hugetlb_cgroup_migrate+0xf60/0xf60 [ 120.946918] __kasan_record_aux_stack+0x95/0xb0 [ 120.947281] ? hugetlb_cgroup_migrate+0xf60/0xf60 [ 120.947659] call_rcu+0x6a/0xa30 [ 120.947924] ? _raw_spin_unlock_irqrestore+0x33/0x60 [ 120.948317] kmem_cache_free_bulk.part.0+0x305/0x770 [ 120.948702] ? mas_destroy+0x380/0x560 [ 120.949001] mas_destroy+0x380/0x560 [ 120.949292] mas_store_prealloc+0xf0/0x160 [ 120.949614] ? mas_destroy+0x560/0x560 [ 120.949924] do_mas_align_munmap.constprop.0+0x59f/0x1000 [ 120.950348] ? __split_vma+0x5d0/0x5d0 [ 120.950654] ? mas_walk+0x48a/0x670 [ 120.950939] ? mas_find+0x209/0xdd0 [ 120.951223] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 120.951635] do_mas_munmap+0x1e8/0x2b0 [ 120.951940] mmap_region+0x21c/0x1a00 [ 120.952236] ? asm_sysvec_call_function_single+0x16/0x20 [ 120.952647] ? do_munmap+0x100/0x100 [ 120.952944] ? do_mmap+0x2ad/0xf40 [ 120.953222] do_mmap+0x828/0xf40 [ 120.953494] vm_mmap_pgoff+0x1af/0x270 [ 120.953797] ? randomize_page+0xb0/0xb0 [ 120.954111] ksys_mmap_pgoff+0x79/0x4f0 [ 120.954424] do_syscall_64+0x3b/0x90 [ 120.954713] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 120.955111] RIP: 0033:0x7f4e6dbeed82 [ 120.955403] Code: eb aa 66 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 33 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 56 5b 5d c3 0f 1f 00 c7 05 ae 03 01 00 16 00 [ 120.956689] RSP: 002b:00007ffd4cb46f18 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 120.957232] RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 00007f4e6dbeed82 [ 120.957749] RDX: 0000000000000003 RSI: 0000000000003f90 RDI: 00007f4e6dba1000 [ 120.958270] RBP: 00007f4e6dba1000 R08: 00000000ffffffff R09: 0000000000000000 [ 120.958811] R10: 0000000000000032 R11: 0000000000000206 R12: 00007f4e6dbcd510 [ 120.959343] R13: 00007ffd4cb46f30 R14: 00007ffd4cb46fc0 R15: 00007ffd4cb472c0 [ 120.959908] [ 120.960088] irq event stamp: 5440 [ 120.960345] hardirqs last enabled at (5439): [] _raw_spin_unlock_irqrestore+0x28/0x60 [ 120.961045] hardirqs last disabled at (5440): [] sysvec_call_function_single+0xb/0xc0 [ 120.961733] softirqs last enabled at (4732): [] __irq_exit_rcu+0x11b/0x180 [ 120.962369] softirqs last disabled at (4727): [] __irq_exit_rcu+0x11b/0x180 [ 120.962999] ---[ end trace 0000000000000000 ]--- 14:17:39 executing program 6: gettid() socketpair$unix(0x1, 0x0, 0x0, 0x0) gettid() r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setns(r2, 0x0) openat(r2, &(0x7f0000000040)='./file1\x00', 0x181140, 0x188) ftruncate(r0, 0x0) r3 = memfd_secret(0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000000200)={{0x1, 0x1, 0x18, r3, {0x9}}, './file1\x00'}) r4 = getpid() pidfd_open(r4, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe2, 0x0, 0xfd, 0x0, 0x0, 0x1ff, 0x12a600, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0xfe4a, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x7ff}, r4, 0x1, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x7, 0x7f, 0x1, 0x9e, 0x0, 0x3, 0x100, 0xd, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x401, 0x2, @perf_bp={&(0x7f0000000140), 0x1}, 0x220, 0xffffffffffffef80, 0xfff, 0x1, 0xffffffffffffffff, 0x2, 0xfff8, 0x0, 0xe0000000, 0x0, 0x5}, r4, 0xe, 0xffffffffffffffff, 0x8) write(r1, &(0x7f0000000080)="01", 0x41030) 14:17:39 executing program 4: syz_mount_image$vfat(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}], 0x0, &(0x7f0000011200)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x18, 0x1, 0x2, 0x5, 0x0, 0x0, {}, [@CTA_EXPECT_MASTER={0x4, 0x2}]}, 0x18}}, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f00000004c0)=0x33f) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000740)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xee00}}, './file0\x00'}) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r3, 0x0) syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', 0x7, 0x2, &(0x7f0000000440)=[{&(0x7f0000000500)="1163ab84eb4ad69f1f14f61130664b7902cc5acec250823fea6cdf9820b1b48e01c6184b02f50553d2cd9cf9a1f6915fd47a5abd4d8a70fd38a0594aa9c82df48d1bc9b05fc8ef0d43c2bd920cd1526306f0aa68c2fd1886692eff4b45591c330faef1f1abf3f6e1285623af85fd40cd996ac61cfff6df7743305f3e6e90d759c75c108aac04d747c3c71b88", 0x8c, 0x1}, {&(0x7f0000000240)="4a20aca00b2f429b7c10235f45aeebce64a03a080515c513c77ec6a602d9d1", 0x1f, 0x8001}], 0x4000, &(0x7f00000007c0)={[{@check_relaxed}, {@check_strict}, {@overriderock}, {@gid={'gid', 0x3d, 0xee00}}, {@unhide}, {@hide}, {@sbsector={'sbsector', 0x3d, 0xffff}}], [{@appraise}, {@dont_measure}, {@fsuuid={'fsuuid', 0x3d, {[0x39, 0x37, 0x31, 0x38, 0x34, 0x33, 0x39, 0x31], 0x2d, [0x62, 0x32, 0x37, 0x34a2a5b97b3b2564], 0x2d, [0x38, 0x33, 0x33, 0x31], 0x2d, [0x34, 0x63, 0x31, 0x63], 0x2d, [0x35, 0x39, 0x34, 0x35, 0x38, 0x39, 0x62, 0x39]}}}, {@uid_lt}, {@fowner_gt={'fowner>', r2}}, {@obj_role={'obj_role', 0x3d, ']@'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@uid_eq={'uid', 0x3d, r3}}]}) r4 = open(&(0x7f0000000400)='./file1\x00', 0x117c80, 0x48) r5 = open_tree(r4, &(0x7f0000000480)='./file1\x00', 0x8100) mount_setattr(r5, &(0x7f00000000c0)='./file1\x00', 0x1000, &(0x7f0000000180)={0x8, 0x80, 0x1e0000}, 0x20) lseek(0xffffffffffffffff, 0x0, 0x3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0xe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'sit0\x00', 0x0}) sendmsg$inet(r6, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @remote, @broadcast}}}], 0x20}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x80200, 0x2) 14:17:39 executing program 6: gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x49, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write(r0, &(0x7f0000000080)="01", 0x41030) [ 121.341184] ------------[ cut here ]------------ [ 121.341207] [ 121.341210] ====================================================== [ 121.341214] WARNING: possible circular locking dependency detected [ 121.341219] 6.0.0-rc7-next-20220929 #1 Tainted: G W [ 121.341226] ------------------------------------------------------ [ 121.341230] syz-executor.4/3689 is trying to acquire lock: [ 121.341236] ffffffff853faab8 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0xe/0x70 [ 121.341278] [ 121.341278] but task is already holding lock: [ 121.341281] ffff88800ec6a020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 121.341308] [ 121.341308] which lock already depends on the new lock. [ 121.341308] [ 121.341311] [ 121.341311] the existing dependency chain (in reverse order) is: [ 121.341315] [ 121.341315] -> #3 (&ctx->lock){....}-{2:2}: [ 121.341329] _raw_spin_lock+0x2a/0x40 [ 121.341340] __perf_event_task_sched_out+0x53b/0x18d0 [ 121.341351] __schedule+0xedd/0x2470 [ 121.341365] schedule+0xda/0x1b0 [ 121.341379] exit_to_user_mode_prepare+0x114/0x1a0 [ 121.341392] syscall_exit_to_user_mode+0x19/0x40 [ 121.341405] do_syscall_64+0x48/0x90 [ 121.341422] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.341435] [ 121.341435] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 121.341449] _raw_spin_lock_nested+0x30/0x40 [ 121.341463] raw_spin_rq_lock_nested+0x1e/0x30 [ 121.341476] task_fork_fair+0x63/0x4d0 [ 121.341493] sched_cgroup_fork+0x3d0/0x540 [ 121.341507] copy_process+0x4183/0x6e20 [ 121.341518] kernel_clone+0xe7/0x890 [ 121.341527] user_mode_thread+0xad/0xf0 [ 121.341538] rest_init+0x24/0x250 [ 121.341549] arch_call_rest_init+0xf/0x14 [ 121.341567] start_kernel+0x4c6/0x4eb [ 121.341581] secondary_startup_64_no_verify+0xe0/0xeb [ 121.341595] [ 121.341595] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 121.341609] _raw_spin_lock_irqsave+0x39/0x60 [ 121.341620] try_to_wake_up+0xab/0x1930 [ 121.341633] up+0x75/0xb0 [ 121.341646] __up_console_sem+0x6e/0x80 [ 121.341663] console_unlock+0x46a/0x590 [ 121.341679] vprintk_emit+0x1bd/0x560 [ 121.341695] vprintk+0x84/0xa0 [ 121.341711] _printk+0xba/0xf1 [ 121.341723] regdb_fw_cb.cold+0x6c/0xa7 [ 121.341740] request_firmware_work_func+0x12e/0x240 [ 121.341760] process_one_work+0xa17/0x16a0 [ 121.341778] worker_thread+0x637/0x1260 [ 121.341794] kthread+0x2ed/0x3a0 [ 121.341809] ret_from_fork+0x22/0x30 [ 121.341821] [ 121.341821] -> #0 ((console_sem).lock){-...}-{2:2}: [ 121.341835] __lock_acquire+0x2a02/0x5e70 [ 121.341852] lock_acquire+0x1a2/0x530 [ 121.341867] _raw_spin_lock_irqsave+0x39/0x60 [ 121.341878] down_trylock+0xe/0x70 [ 121.341892] __down_trylock_console_sem+0x3b/0xd0 [ 121.341908] vprintk_emit+0x16b/0x560 [ 121.341924] vprintk+0x84/0xa0 [ 121.341940] _printk+0xba/0xf1 [ 121.341950] report_bug.cold+0x72/0xab [ 121.341966] handle_bug+0x3c/0x70 [ 121.341982] exc_invalid_op+0x14/0x50 [ 121.341999] asm_exc_invalid_op+0x16/0x20 [ 121.342011] group_sched_out.part.0+0x2c7/0x460 [ 121.342029] ctx_sched_out+0x8f1/0xc10 [ 121.342045] __perf_event_task_sched_out+0x6d0/0x18d0 [ 121.342056] __schedule+0xedd/0x2470 [ 121.342070] schedule+0xda/0x1b0 [ 121.342083] exit_to_user_mode_prepare+0x114/0x1a0 [ 121.342093] syscall_exit_to_user_mode+0x19/0x40 [ 121.342106] do_syscall_64+0x48/0x90 [ 121.342122] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.342135] [ 121.342135] other info that might help us debug this: [ 121.342135] [ 121.342137] Chain exists of: [ 121.342137] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 121.342137] [ 121.342152] Possible unsafe locking scenario: [ 121.342152] [ 121.342155] CPU0 CPU1 [ 121.342157] ---- ---- [ 121.342159] lock(&ctx->lock); [ 121.342165] lock(&rq->__lock); [ 121.342172] lock(&ctx->lock); [ 121.342178] lock((console_sem).lock); [ 121.342184] [ 121.342184] *** DEADLOCK *** [ 121.342184] [ 121.342185] 2 locks held by syz-executor.4/3689: [ 121.342193] #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 121.342222] #1: ffff88800ec6a020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 121.342248] [ 121.342248] stack backtrace: [ 121.342251] CPU: 1 PID: 3689 Comm: syz-executor.4 Tainted: G W 6.0.0-rc7-next-20220929 #1 [ 121.342265] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 121.342272] Call Trace: [ 121.342276] [ 121.342280] dump_stack_lvl+0x8b/0xb3 [ 121.342298] check_noncircular+0x263/0x2e0 [ 121.342315] ? format_decode+0x26c/0xb50 [ 121.342331] ? print_circular_bug+0x450/0x450 [ 121.342348] ? enable_ptr_key_workfn+0x20/0x20 [ 121.342364] ? __lockdep_reset_lock+0x180/0x180 [ 121.342381] ? format_decode+0x26c/0xb50 [ 121.342398] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 121.342415] __lock_acquire+0x2a02/0x5e70 [ 121.342437] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 121.342459] lock_acquire+0x1a2/0x530 [ 121.342476] ? down_trylock+0xe/0x70 [ 121.342493] ? lock_release+0x750/0x750 [ 121.342511] ? find_held_lock+0x2c/0x110 [ 121.342528] ? vprintk+0x84/0xa0 [ 121.342545] _raw_spin_lock_irqsave+0x39/0x60 [ 121.342557] ? down_trylock+0xe/0x70 [ 121.342573] down_trylock+0xe/0x70 [ 121.342589] ? vprintk+0x84/0xa0 [ 121.342605] __down_trylock_console_sem+0x3b/0xd0 [ 121.342622] vprintk_emit+0x16b/0x560 [ 121.342641] vprintk+0x84/0xa0 [ 121.342658] _printk+0xba/0xf1 [ 121.342670] ? record_print_text.cold+0x16/0x16 [ 121.342684] ? hrtimer_try_to_cancel+0x163/0x2c0 [ 121.342698] ? lock_downgrade+0x6d0/0x6d0 [ 121.342715] ? report_bug.cold+0x66/0xab [ 121.342733] ? group_sched_out.part.0+0x2c7/0x460 [ 121.342752] report_bug.cold+0x72/0xab [ 121.342770] handle_bug+0x3c/0x70 [ 121.342787] exc_invalid_op+0x14/0x50 [ 121.342805] asm_exc_invalid_op+0x16/0x20 [ 121.342818] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 121.342838] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 6b 17 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 121.342849] RSP: 0018:ffff88801d51fc48 EFLAGS: 00010006 [ 121.342858] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 121.342866] RDX: ffff888018561ac0 RSI: ffffffff81565e67 RDI: 0000000000000005 [ 121.342874] RBP: ffff888040c585c8 R08: 0000000000000005 R09: 0000000000000001 [ 121.342881] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800ec6a000 [ 121.342889] R13: ffff88806cf3d2c0 R14: ffffffff8547c9a0 R15: 0000000000000002 [ 121.342900] ? group_sched_out.part.0+0x2c7/0x460 [ 121.342919] ? group_sched_out.part.0+0x2c7/0x460 [ 121.342939] ctx_sched_out+0x8f1/0xc10 [ 121.342959] __perf_event_task_sched_out+0x6d0/0x18d0 [ 121.342973] ? lock_is_held_type+0xd7/0x130 [ 121.342986] ? __perf_cgroup_move+0x160/0x160 [ 121.342997] ? set_next_entity+0x304/0x550 [ 121.343015] ? update_curr+0x267/0x740 [ 121.343033] ? lock_is_held_type+0xd7/0x130 [ 121.343047] __schedule+0xedd/0x2470 [ 121.343064] ? io_schedule_timeout+0x150/0x150 [ 121.343080] ? __x64_sys_futex_time32+0x480/0x480 [ 121.343095] schedule+0xda/0x1b0 [ 121.343110] exit_to_user_mode_prepare+0x114/0x1a0 [ 121.343122] syscall_exit_to_user_mode+0x19/0x40 [ 121.343136] do_syscall_64+0x48/0x90 [ 121.343153] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.343167] RIP: 0033:0x7f63bc6f5b19 [ 121.343175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.343186] RSP: 002b:00007f63b9c6b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.343197] RAX: 0000000000000001 RBX: 00007f63bc808f68 RCX: 00007f63bc6f5b19 [ 121.343204] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f63bc808f6c [ 121.343211] RBP: 00007f63bc808f60 R08: 000000000000000e R09: 0000000000000000 [ 121.343218] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f63bc808f6c [ 121.343226] R13: 00007ffdda9844cf R14: 00007f63b9c6b300 R15: 0000000000022000 [ 121.343238] [ 121.400872] WARNING: CPU: 1 PID: 3689 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 121.401566] Modules linked in: [ 121.401806] CPU: 1 PID: 3689 Comm: syz-executor.4 Tainted: G W 6.0.0-rc7-next-20220929 #1 [ 121.402496] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 121.403317] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 121.403735] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 6b 17 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 121.405060] RSP: 0018:ffff88801d51fc48 EFLAGS: 00010006 [ 121.405453] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 121.405977] RDX: ffff888018561ac0 RSI: ffffffff81565e67 RDI: 0000000000000005 [ 121.406503] RBP: ffff888040c585c8 R08: 0000000000000005 R09: 0000000000000001 [ 121.407024] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800ec6a000 [ 121.407558] R13: ffff88806cf3d2c0 R14: ffffffff8547c9a0 R15: 0000000000000002 [ 121.408078] FS: 00007f63b9c6b700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 121.408672] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.409097] CR2: 00007ff97ff93028 CR3: 000000003feae000 CR4: 0000000000350ee0 [ 121.409622] Call Trace: [ 121.409817] [ 121.409993] ctx_sched_out+0x8f1/0xc10 [ 121.410292] __perf_event_task_sched_out+0x6d0/0x18d0 [ 121.410674] ? lock_is_held_type+0xd7/0x130 [ 121.410996] ? __perf_cgroup_move+0x160/0x160 [ 121.411326] ? set_next_entity+0x304/0x550 [ 121.411660] ? update_curr+0x267/0x740 [ 121.411956] ? lock_is_held_type+0xd7/0x130 [ 121.412280] __schedule+0xedd/0x2470 [ 121.412563] ? io_schedule_timeout+0x150/0x150 [ 121.412912] ? __x64_sys_futex_time32+0x480/0x480 [ 121.413278] schedule+0xda/0x1b0 [ 121.413535] exit_to_user_mode_prepare+0x114/0x1a0 [ 121.413899] syscall_exit_to_user_mode+0x19/0x40 [ 121.414257] do_syscall_64+0x48/0x90 [ 121.414540] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.414921] RIP: 0033:0x7f63bc6f5b19 [ 121.415203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.416529] RSP: 002b:00007f63b9c6b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.417087] RAX: 0000000000000001 RBX: 00007f63bc808f68 RCX: 00007f63bc6f5b19 [ 121.417608] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f63bc808f6c [ 121.418128] RBP: 00007f63bc808f60 R08: 000000000000000e R09: 0000000000000000 [ 121.418646] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f63bc808f6c [ 121.419164] R13: 00007ffdda9844cf R14: 00007f63b9c6b300 R15: 0000000000022000 [ 121.419701] [ 121.419876] irq event stamp: 1988 [ 121.420132] hardirqs last enabled at (1987): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 121.420821] hardirqs last disabled at (1988): [] __schedule+0x1225/0x2470 [ 121.421424] softirqs last enabled at (1472): [] __irq_exit_rcu+0x11b/0x180 [ 121.422058] softirqs last disabled at (1401): [] __irq_exit_rcu+0x11b/0x180 [ 121.422687] ---[ end trace 0000000000000000 ]--- 14:17:40 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) eventfd2(0x0, 0x80000) r0 = getpid() pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe2, 0x0, 0xfd, 0x0, 0x0, 0x1ff, 0x12a600, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0xfe4a, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x7ff}, r0, 0x1, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x7f, 0x8e, 0x5, 0x3a, 0x0, 0x6, 0x10, 0x10, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffe5b, 0x2, @perf_config_ext={0x5, 0x4}, 0xc0, 0x4, 0x9, 0x8, 0x800, 0x8, 0x800, 0x0, 0x1, 0x0, 0x40}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) pidfd_send_signal(0xffffffffffffffff, 0x57aa, 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000001300)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x800010, &(0x7f0000000040)=ANY=[]) r2 = openat(r1, &(0x7f0000000180)='./file0\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) syz_open_dev$ptys(0xc, 0x3, 0x1) lremovexattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=ANY=[@ANYBLOB]) write(r2, &(0x7f0000000080)="01", 0xffff8000) 14:17:40 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r0) r1 = eventfd(0x3) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'}) [ 121.716014] loop6: detected capacity change from 0 to 256 [ 121.747221] audit: type=1400 audit(1664547460.329:9): avc: denied { write } for pid=3728 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.757826] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 122.024672] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) VM DIAGNOSIS: 14:17:39 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823ba3c1 RDI=ffffffff8765a9c0 RBP=ffffffff8765a980 RSP=ffff88806ce09590 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000020 R11=0000000000000001 R12=0000000000000020 R13=ffffffff8765a980 R14=0000000000000010 R15=ffffffff823ba3b0 RIP=ffffffff823ba419 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4e6dba0b70 CR3=0000000008b2e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 2e6f747079726362 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 00312e312e6f732e 6f74707972636269 YMM03=0000000000000000 0000000000000000 6c2f756e672d7875 6e696c2d34365f36 YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000025b0c RBX=1ffff11003b04f84 RCX=ffffc90006dfa000 RDX=0000000000040000 RSI=ffffffff813bb223 RDI=0000000000000005 RBP=ffff88801d827cc8 RSP=ffff88801d827c00 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000000000001 R13=0000000000000000 R14=0000000000000000 R15=0000000000000200 RIP=ffffffff813bb225 RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f92a9a44700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fccfa71e288 CR3=000000003f7ac000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 6f732e616d7a6c62 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 00352e6f732e616d 7a6c62696c2f756e YMM03=0000000000000000 0000000000000000 672d78756e696c2d 34365f3638782f62 YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000