Warning: Permanently added '[localhost]:31248' (ECDSA) to the list of known hosts. 2023/02/10 11:05:48 fuzzer started 2023/02/10 11:05:48 dialing manager at localhost:37753 syzkaller login: [ 46.437720] cgroup: Unknown subsys name 'net' [ 46.528717] cgroup: Unknown subsys name 'rlimit' 2023/02/10 11:06:03 syscalls: 2217 2023/02/10 11:06:03 code coverage: enabled 2023/02/10 11:06:03 comparison tracing: enabled 2023/02/10 11:06:03 extra coverage: enabled 2023/02/10 11:06:03 setuid sandbox: enabled 2023/02/10 11:06:03 namespace sandbox: enabled 2023/02/10 11:06:03 Android sandbox: enabled 2023/02/10 11:06:03 fault injection: enabled 2023/02/10 11:06:03 leak checking: enabled 2023/02/10 11:06:03 net packet injection: enabled 2023/02/10 11:06:03 net device setup: enabled 2023/02/10 11:06:03 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/10 11:06:03 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/10 11:06:03 USB emulation: enabled 2023/02/10 11:06:03 hci packet injection: enabled 2023/02/10 11:06:03 wifi device emulation: enabled 2023/02/10 11:06:03 802.15.4 emulation: enabled 2023/02/10 11:06:03 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/10 11:06:03 fetching corpus: 43, signal 18126/21768 (executing program) 2023/02/10 11:06:03 fetching corpus: 80, signal 28456/33640 (executing program) 2023/02/10 11:06:03 fetching corpus: 126, signal 35722/42372 (executing program) 2023/02/10 11:06:03 fetching corpus: 176, signal 50748/58398 (executing program) 2023/02/10 11:06:03 fetching corpus: 226, signal 61513/70094 (executing program) 2023/02/10 11:06:04 fetching corpus: 272, signal 69940/79367 (executing program) 2023/02/10 11:06:04 fetching corpus: 320, signal 75450/85829 (executing program) 2023/02/10 11:06:04 fetching corpus: 368, signal 81473/92666 (executing program) 2023/02/10 11:06:04 fetching corpus: 417, signal 86165/98194 (executing program) 2023/02/10 11:06:04 fetching corpus: 467, signal 89597/102440 (executing program) 2023/02/10 11:06:04 fetching corpus: 517, signal 93045/106707 (executing program) 2023/02/10 11:06:04 fetching corpus: 566, signal 95530/110048 (executing program) 2023/02/10 11:06:04 fetching corpus: 616, signal 100281/115283 (executing program) 2023/02/10 11:06:05 fetching corpus: 666, signal 105199/120599 (executing program) 2023/02/10 11:06:05 fetching corpus: 715, signal 107499/123577 (executing program) 2023/02/10 11:06:05 fetching corpus: 765, signal 110746/127375 (executing program) 2023/02/10 11:06:05 fetching corpus: 814, signal 112983/130211 (executing program) 2023/02/10 11:06:05 fetching corpus: 864, signal 116366/133903 (executing program) 2023/02/10 11:06:05 fetching corpus: 913, signal 118889/136920 (executing program) 2023/02/10 11:06:05 fetching corpus: 963, signal 121446/139888 (executing program) 2023/02/10 11:06:06 fetching corpus: 1013, signal 123910/142696 (executing program) 2023/02/10 11:06:06 fetching corpus: 1063, signal 126508/145641 (executing program) 2023/02/10 11:06:06 fetching corpus: 1113, signal 129245/148616 (executing program) 2023/02/10 11:06:06 fetching corpus: 1162, signal 130840/150666 (executing program) 2023/02/10 11:06:06 fetching corpus: 1212, signal 133225/153225 (executing program) 2023/02/10 11:06:06 fetching corpus: 1260, signal 135197/155471 (executing program) 2023/02/10 11:06:06 fetching corpus: 1309, signal 136613/157251 (executing program) 2023/02/10 11:06:07 fetching corpus: 1359, signal 138539/159375 (executing program) 2023/02/10 11:06:07 fetching corpus: 1409, signal 140530/161566 (executing program) 2023/02/10 11:06:07 fetching corpus: 1459, signal 141940/163292 (executing program) 2023/02/10 11:06:07 fetching corpus: 1509, signal 143896/165406 (executing program) 2023/02/10 11:06:07 fetching corpus: 1559, signal 145389/167107 (executing program) 2023/02/10 11:06:07 fetching corpus: 1609, signal 146698/168674 (executing program) 2023/02/10 11:06:07 fetching corpus: 1659, signal 148172/170361 (executing program) 2023/02/10 11:06:07 fetching corpus: 1709, signal 149970/172199 (executing program) 2023/02/10 11:06:08 fetching corpus: 1759, signal 151362/173715 (executing program) 2023/02/10 11:06:08 fetching corpus: 1809, signal 152749/175229 (executing program) 2023/02/10 11:06:08 fetching corpus: 1858, signal 154036/176631 (executing program) 2023/02/10 11:06:08 fetching corpus: 1908, signal 155566/178162 (executing program) 2023/02/10 11:06:08 fetching corpus: 1958, signal 156853/179499 (executing program) 2023/02/10 11:06:08 fetching corpus: 2008, signal 158052/180747 (executing program) 2023/02/10 11:06:08 fetching corpus: 2057, signal 159763/182313 (executing program) 2023/02/10 11:06:09 fetching corpus: 2107, signal 160897/183526 (executing program) 2023/02/10 11:06:09 fetching corpus: 2155, signal 162166/184801 (executing program) 2023/02/10 11:06:09 fetching corpus: 2205, signal 162895/185715 (executing program) 2023/02/10 11:06:09 fetching corpus: 2255, signal 164258/186901 (executing program) 2023/02/10 11:06:09 fetching corpus: 2305, signal 165498/188027 (executing program) 2023/02/10 11:06:09 fetching corpus: 2354, signal 166980/189276 (executing program) 2023/02/10 11:06:09 fetching corpus: 2403, signal 168762/190727 (executing program) 2023/02/10 11:06:09 fetching corpus: 2453, signal 169469/191542 (executing program) 2023/02/10 11:06:09 fetching corpus: 2503, signal 170435/192511 (executing program) 2023/02/10 11:06:10 fetching corpus: 2553, signal 171659/193581 (executing program) 2023/02/10 11:06:10 fetching corpus: 2602, signal 172291/194367 (executing program) 2023/02/10 11:06:10 fetching corpus: 2651, signal 173169/195207 (executing program) 2023/02/10 11:06:10 fetching corpus: 2701, signal 174165/196079 (executing program) 2023/02/10 11:06:10 fetching corpus: 2751, signal 175693/197198 (executing program) 2023/02/10 11:06:10 fetching corpus: 2801, signal 176706/198090 (executing program) 2023/02/10 11:06:10 fetching corpus: 2851, signal 178085/199072 (executing program) 2023/02/10 11:06:11 fetching corpus: 2900, signal 178965/199817 (executing program) 2023/02/10 11:06:11 fetching corpus: 2950, signal 179853/200605 (executing program) 2023/02/10 11:06:11 fetching corpus: 3000, signal 180722/201323 (executing program) 2023/02/10 11:06:11 fetching corpus: 3050, signal 181402/201930 (executing program) 2023/02/10 11:06:11 fetching corpus: 3100, signal 182181/202572 (executing program) 2023/02/10 11:06:11 fetching corpus: 3150, signal 182968/203229 (executing program) 2023/02/10 11:06:11 fetching corpus: 3200, signal 183725/203822 (executing program) 2023/02/10 11:06:11 fetching corpus: 3250, signal 184202/204324 (executing program) 2023/02/10 11:06:11 fetching corpus: 3299, signal 184894/204883 (executing program) 2023/02/10 11:06:12 fetching corpus: 3349, signal 185735/205504 (executing program) 2023/02/10 11:06:12 fetching corpus: 3399, signal 186398/206003 (executing program) 2023/02/10 11:06:12 fetching corpus: 3449, signal 187102/206517 (executing program) 2023/02/10 11:06:12 fetching corpus: 3499, signal 187895/207053 (executing program) 2023/02/10 11:06:12 fetching corpus: 3549, signal 188761/207609 (executing program) 2023/02/10 11:06:12 fetching corpus: 3598, signal 189534/208105 (executing program) 2023/02/10 11:06:12 fetching corpus: 3648, signal 190400/208653 (executing program) 2023/02/10 11:06:12 fetching corpus: 3697, signal 191140/209143 (executing program) 2023/02/10 11:06:12 fetching corpus: 3747, signal 191908/209606 (executing program) 2023/02/10 11:06:13 fetching corpus: 3797, signal 192603/209982 (executing program) 2023/02/10 11:06:13 fetching corpus: 3847, signal 193320/210435 (executing program) 2023/02/10 11:06:13 fetching corpus: 3897, signal 194038/210848 (executing program) 2023/02/10 11:06:13 fetching corpus: 3947, signal 194575/211203 (executing program) 2023/02/10 11:06:13 fetching corpus: 3997, signal 195288/211585 (executing program) 2023/02/10 11:06:13 fetching corpus: 4047, signal 196332/211991 (executing program) 2023/02/10 11:06:13 fetching corpus: 4096, signal 197175/212410 (executing program) 2023/02/10 11:06:14 fetching corpus: 4146, signal 197897/212778 (executing program) 2023/02/10 11:06:14 fetching corpus: 4196, signal 199199/213232 (executing program) 2023/02/10 11:06:14 fetching corpus: 4245, signal 199857/213540 (executing program) 2023/02/10 11:06:14 fetching corpus: 4295, signal 200577/213857 (executing program) 2023/02/10 11:06:14 fetching corpus: 4345, signal 201145/214106 (executing program) 2023/02/10 11:06:14 fetching corpus: 4395, signal 202023/214423 (executing program) 2023/02/10 11:06:14 fetching corpus: 4445, signal 202456/214661 (executing program) 2023/02/10 11:06:14 fetching corpus: 4495, signal 203014/214888 (executing program) 2023/02/10 11:06:15 fetching corpus: 4545, signal 203483/215113 (executing program) 2023/02/10 11:06:15 fetching corpus: 4595, signal 204430/215381 (executing program) 2023/02/10 11:06:15 fetching corpus: 4645, signal 204927/215560 (executing program) 2023/02/10 11:06:15 fetching corpus: 4695, signal 205332/215710 (executing program) 2023/02/10 11:06:15 fetching corpus: 4745, signal 205898/215884 (executing program) 2023/02/10 11:06:15 fetching corpus: 4795, signal 206635/216160 (executing program) 2023/02/10 11:06:15 fetching corpus: 4845, signal 207128/216326 (executing program) 2023/02/10 11:06:15 fetching corpus: 4895, signal 207652/216502 (executing program) 2023/02/10 11:06:16 fetching corpus: 4945, signal 208146/216640 (executing program) 2023/02/10 11:06:16 fetching corpus: 4994, signal 208816/216769 (executing program) 2023/02/10 11:06:16 fetching corpus: 5044, signal 209306/216875 (executing program) 2023/02/10 11:06:16 fetching corpus: 5093, signal 209803/216974 (executing program) 2023/02/10 11:06:16 fetching corpus: 5142, signal 210253/217068 (executing program) 2023/02/10 11:06:16 fetching corpus: 5192, signal 211060/217160 (executing program) 2023/02/10 11:06:16 fetching corpus: 5242, signal 211488/217225 (executing program) 2023/02/10 11:06:16 fetching corpus: 5292, signal 212016/217286 (executing program) 2023/02/10 11:06:17 fetching corpus: 5312, signal 212416/217332 (executing program) 2023/02/10 11:06:17 fetching corpus: 5313, signal 212429/217384 (executing program) 2023/02/10 11:06:17 fetching corpus: 5313, signal 212429/217384 (executing program) 2023/02/10 11:06:20 starting 8 fuzzer processes 11:06:20 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x40084503, 0x0) 11:06:20 executing program 1: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x4d031, 0xffffffffffffffff, 0x0) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x0) 11:06:20 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x7}, 0x18292}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r1, 0x1, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000300), 0xffffffffffffffff) 11:06:20 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000000a80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 11:06:20 executing program 4: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(&(0x7f0000000340)=@device_b, &(0x7f0000000380)=@mgmt_frame=@action={@with_ht={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @random="aa5a91c489f4", {0x8}}, @ver_80211n={0x0, 0xdb, 0x3, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, @smps={0x7, 0x1, {0x0, 0x1}}}, 0x1f) r0 = gettid() perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x9, 0x7e, 0x3f, 0x4, 0x0, 0x6, 0x20000, 0x6, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x7f, 0x0, @perf_config_ext={0xfffffffffffffffe, 0x1}, 0x400, 0x6, 0x245dcc2, 0x8, 0x1, 0x5, 0x0, 0x0, 0x9, 0x0, 0x10000}, r0, 0x6, 0xffffffffffffffff, 0xa) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000ac0)={{{@in6=@mcast2, @in=@loopback}}, {{@in6=@private2}, 0x0, @in=@remote}}, 0x0) 11:06:20 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000000)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x6c}, @in6=@mcast2}, 0x0, 0xfffffffe}}, 0xf8}}, 0x0) [ 76.093198] audit: type=1400 audit(1676027180.210:6): avc: denied { execmem } for pid=258 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:06:20 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) r1 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0) fallocate(r1, 0x0, 0x0, 0x87ffffc) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) chdir(&(0x7f0000000140)='./file0\x00') sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1) execveat(r0, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f0000061380)={0x8b9b, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0x6, "ca4bc53da37cdd"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000005c0)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f0000062380)={0x6, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0xce, "88482d28df9bc5"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000063380)={0x3, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {r5, r6}], 0x0, "f0bc242a7bd75a"}) 11:06:20 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000004c0)={0x11100100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 77.351661] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.352605] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.361118] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.363427] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.364740] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.365509] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.408756] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.416111] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.417789] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.419612] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.422159] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.426541] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.432158] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.437924] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.448396] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 77.449661] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.451005] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 77.452225] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.453259] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.454212] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.456242] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.484186] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.486500] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 77.487623] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.504698] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.507370] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 77.508820] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 77.511620] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 77.513271] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 77.514418] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 79.374432] Bluetooth: hci0: command 0x0409 tx timeout [ 79.438031] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 79.502188] Bluetooth: hci3: command 0x0409 tx timeout [ 79.502220] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 79.503293] Bluetooth: hci2: command 0x0409 tx timeout [ 79.504988] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 79.566283] Bluetooth: hci4: command 0x0409 tx timeout [ 79.567410] Bluetooth: hci5: command 0x0409 tx timeout [ 81.422443] Bluetooth: hci0: command 0x041b tx timeout [ 81.550036] Bluetooth: hci2: command 0x041b tx timeout [ 81.551205] Bluetooth: hci3: command 0x041b tx timeout [ 81.615005] Bluetooth: hci5: command 0x041b tx timeout [ 81.615417] Bluetooth: hci4: command 0x041b tx timeout [ 83.411165] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 83.413612] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 83.415741] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 83.422083] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 83.425506] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 83.426906] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 83.470087] Bluetooth: hci0: command 0x040f tx timeout [ 83.599028] Bluetooth: hci3: command 0x040f tx timeout [ 83.599064] Bluetooth: hci2: command 0x040f tx timeout [ 83.663011] Bluetooth: hci4: command 0x040f tx timeout [ 83.663485] Bluetooth: hci5: command 0x040f tx timeout [ 85.006015] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 85.390079] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 85.518138] Bluetooth: hci0: command 0x0419 tx timeout [ 85.518740] Bluetooth: hci7: command 0x0409 tx timeout [ 85.646035] Bluetooth: hci3: command 0x0419 tx timeout [ 85.646630] Bluetooth: hci2: command 0x0419 tx timeout [ 85.710013] Bluetooth: hci5: command 0x0419 tx timeout [ 85.710585] Bluetooth: hci4: command 0x0419 tx timeout [ 87.566981] Bluetooth: hci7: command 0x041b tx timeout [ 89.551055] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 89.614999] Bluetooth: hci7: command 0x040f tx timeout [ 90.063028] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 91.663140] Bluetooth: hci7: command 0x0419 tx timeout [ 94.094000] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 94.671000] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 97.179352] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 97.181134] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 97.193904] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 97.213249] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 97.223729] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 97.233667] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 98.702042] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 99.279025] Bluetooth: hci6: command 0x0409 tx timeout [ 101.326984] Bluetooth: hci6: command 0x041b tx timeout [ 101.649205] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 101.651445] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 101.652733] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 101.655549] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 101.657401] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 101.658670] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 103.375104] Bluetooth: hci6: command 0x040f tx timeout [ 103.759022] Bluetooth: hci1: command 0x0409 tx timeout [ 105.423042] Bluetooth: hci6: command 0x0419 tx timeout [ 105.807063] Bluetooth: hci1: command 0x041b tx timeout [ 107.854995] Bluetooth: hci1: command 0x040f tx timeout [ 109.903031] Bluetooth: hci1: command 0x0419 tx timeout [ 119.368459] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.369113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.370275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.510524] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.511128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.512588] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 119.716787] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.717524] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.755295] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.757142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.757677] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.758926] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.831143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.831737] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.833217] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.953929] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.954836] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.955862] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 120.009739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.010371] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.011773] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 120.066248] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.066837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.068244] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 120.384746] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.385483] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.386779] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 120.520277] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.520868] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.522381] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 120.936269] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=3397 'syz-executor.6' [ 120.947182] loop6: detected capacity change from 0 to 40 [ 120.963928] audit: type=1400 audit(1676027225.081:7): avc: denied { open } for pid=3398 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 120.965462] audit: type=1400 audit(1676027225.081:8): avc: denied { kernel } for pid=3398 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 120.983576] process 'syz-executor.6' launched '/dev/fd/5/./file1' with NULL argv: empty string added [ 120.993960] hrtimer: interrupt took 18966 ns [ 121.050751] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 121.146667] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 121.185456] syz-executor.2 (3401) used greatest stack depth: 22784 bytes left [ 121.218282] syz-executor.6: attempt to access beyond end of device [ 121.218282] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 121.219562] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 121.360887] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 121.688266] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 121.984689] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.985289] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.987077] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 122.023679] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.024350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.025743] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 129.023056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.023645] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.025200] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 129.038754] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.039364] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.040641] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 131.799699] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.801333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.803861] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 131.829941] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.831357] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.833571] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:07:16 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x40084503, 0x0) 11:07:16 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) r1 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0) fallocate(r1, 0x0, 0x0, 0x87ffffc) fcntl$setpipe(0xffffffffffffffff, 0x409, 0x7ee2000000000) chdir(&(0x7f0000000140)='./file0\x00') sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1) execveat(r0, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f0000061380)={0x8b9b, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0x6, "ca4bc53da37cdd"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000005c0)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f0000062380)={0x6, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0xce, "88482d28df9bc5"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000063380)={0x3, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {r5, r6}], 0x0, "f0bc242a7bd75a"}) 11:07:16 executing program 4: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(&(0x7f0000000340)=@device_b, &(0x7f0000000380)=@mgmt_frame=@action={@with_ht={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @random="aa5a91c489f4", {0x8}}, @ver_80211n={0x0, 0xdb, 0x3, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, @smps={0x7, 0x1, {0x0, 0x1}}}, 0x1f) r0 = gettid() perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x9, 0x7e, 0x3f, 0x4, 0x0, 0x6, 0x20000, 0x6, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x7f, 0x0, @perf_config_ext={0xfffffffffffffffe, 0x1}, 0x400, 0x6, 0x245dcc2, 0x8, 0x1, 0x5, 0x0, 0x0, 0x9, 0x0, 0x10000}, r0, 0x6, 0xffffffffffffffff, 0xa) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000ac0)={{{@in6=@mcast2, @in=@loopback}}, {{@in6=@private2}, 0x0, @in=@remote}}, 0x0) 11:07:16 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000000)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x6c}, @in6=@mcast2}, 0x0, 0xfffffffe}}, 0xf8}}, 0x0) 11:07:16 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000000a80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 11:07:16 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000004c0)={0x11100100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:07:16 executing program 1: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x4d031, 0xffffffffffffffff, 0x0) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x0) 11:07:16 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x7}, 0x18292}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r1, 0x1, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000300), 0xffffffffffffffff) [ 132.421523] loop6: detected capacity change from 0 to 40 11:07:16 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000004c0)={0x11100100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:07:16 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000000)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x6c}, @in6=@mcast2}, 0x0, 0xfffffffe}}, 0xf8}}, 0x0) 11:07:16 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x40084503, 0x0) 11:07:16 executing program 1: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x4d031, 0xffffffffffffffff, 0x0) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x0) [ 132.755767] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 134.411996] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 138.958080] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 143.246153] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 145.492120] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 145.499576] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 145.500437] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 145.503475] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 145.504507] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 145.505906] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 147.534098] Bluetooth: hci2: command 0x0409 tx timeout [ 149.582062] Bluetooth: hci2: command 0x041b tx timeout [ 151.630032] Bluetooth: hci2: command 0x040f tx timeout [ 153.678096] Bluetooth: hci2: command 0x0419 tx timeout [ 163.495339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.496376] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.498607] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 163.525258] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.526287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.528181] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 164.161780] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 168.590080] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 170.840648] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 170.844240] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 170.847697] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 170.851567] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 170.853830] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 170.855751] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 172.878104] Bluetooth: hci2: command 0x0409 tx timeout [ 174.926085] Bluetooth: hci2: command 0x041b tx timeout [ 176.975034] Bluetooth: hci2: command 0x040f tx timeout [ 179.022055] Bluetooth: hci2: command 0x0419 tx timeout [ 187.715927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.717034] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.719172] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 187.777690] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.779168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.781410] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 190.002997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.574094] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 196.820134] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 196.830521] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 196.831930] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 196.837455] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 196.839891] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 196.841756] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 198.862092] Bluetooth: hci2: command 0x0409 tx timeout [ 199.950099] Bluetooth: hci3: command 0x0406 tx timeout [ 199.950902] Bluetooth: hci0: command 0x0406 tx timeout [ 199.952779] Bluetooth: hci5: command 0x0406 tx timeout [ 199.953532] Bluetooth: hci4: command 0x0406 tx timeout [ 200.910009] Bluetooth: hci2: command 0x041b tx timeout [ 202.958033] Bluetooth: hci2: command 0x040f tx timeout [ 205.006029] Bluetooth: hci2: command 0x0419 tx timeout [ 208.142029] Bluetooth: hci7: command 0x0406 tx timeout [ 213.984895] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.985985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.988134] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 214.049408] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 214.050527] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 214.056081] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 216.184984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 220.430087] Bluetooth: hci6: command 0x0406 tx timeout [ 220.686185] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 224.526126] Bluetooth: hci1: command 0x0406 tx timeout [ 224.974078] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 229.262123] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 231.510609] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 231.513915] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 231.516031] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 231.519621] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 231.521919] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 231.523868] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 233.550074] Bluetooth: hci2: command 0x0409 tx timeout [ 235.598055] Bluetooth: hci2: command 0x041b tx timeout [ 237.646016] Bluetooth: hci2: command 0x040f tx timeout [ 239.694025] Bluetooth: hci2: command 0x0419 tx timeout [ 248.531838] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 248.533077] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 248.535324] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 248.570465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 248.571642] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 248.573805] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 251.386970] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 2023/02/10 11:09:15 executor 4 failed 11 times: executor 4: exit status 67 SYZFAIL: netlink_send_ext: bad netlink ack type type=30 (errno 22: Invalid argument) SYZFAIL: child failed (errno 0: Success) loop exited with status 67 VM DIAGNOSIS: 11:09:15 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffffea0000ecb480 RCX=0000000000000000 RDX=ffff88800e7f8000 RSI=ffffffff816fb342 RDI=ffffea0000ecb480 RBP=0000000000000000 RSP=ffff888019cbf6e8 R8 =0000000000000001 R9 =ffffea0000ecb487 R10=fffff940001d9690 R11=0000000000000001 R12=0000000000000000 R13=ffff888019cbfad8 R14=dffffc0000000000 R15=ffff88800e673b60 RIP=ffffffff814b6fdb RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe1bee142000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe1bee140000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000559fc7400d10 CR3=00000000098de000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=636578650a3a73656d69742031312064 XMM02=6174732074697865203a3420726f7475 XMM03=203a4c4941465a59530a373620737574 XMM04=7478655f646e65735f6b6e696c74656e XMM05=6361206b6e696c74656e20646162203a XMM06=282030333d657079740a65707974206b XMM07=696c61766e49203a3232206f6e727265 XMM08=6b6361206b6e696c74656e2064616220 XMM09=65282030333d657079740a6570797420 XMM10=64696c61766e49203a3232206f6e7272 XMM11=41465a59530a29746e656d7567726120 XMM12=64656c69616620646c696863203a4c49 XMM13=63637553203a30206f6e72726528200a XMM14=64657469786520706f6f6c0a29737365 XMM15=0a373620737574617473206874697720 info registers vcpu 1 RAX=0000000000000001 RBX=ffff88800fda9b40 RCX=ffffffff81251711 RDX=fffffbfff0ba2b23 RSI=0000000000000008 RDI=ffffffff85d15910 RBP=0000000000000001 RSP=ffff88803426f4e0 R8 =0000000000000000 R9 =ffffffff85d15917 R10=fffffbfff0ba2b22 R11=0000000000000001 R12=0000000000004115 R13=ffff88800fda9ac0 R14=ffff88800fda9b90 R15=ffff88800d9c7400 RIP=ffffffff81251719 RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe16318b2000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe16318b0000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4d03565fb8 CR3=0000000016f9c000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=000000000000000041847ecb00000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000