Warning: Permanently added '[localhost]:9417' (ECDSA) to the list of known hosts.
2022/09/13 16:19:34 fuzzer started
2022/09/13 16:19:34 dialing manager at localhost:36597
syzkaller login: [   44.534799] cgroup: Unknown subsys name 'net'
[   44.684381] cgroup: Unknown subsys name 'rlimit'
2022/09/13 16:19:48 syscalls: 2215
2022/09/13 16:19:48 code coverage: enabled
2022/09/13 16:19:48 comparison tracing: enabled
2022/09/13 16:19:48 extra coverage: enabled
2022/09/13 16:19:48 setuid sandbox: enabled
2022/09/13 16:19:48 namespace sandbox: enabled
2022/09/13 16:19:48 Android sandbox: enabled
2022/09/13 16:19:48 fault injection: enabled
2022/09/13 16:19:48 leak checking: enabled
2022/09/13 16:19:48 net packet injection: enabled
2022/09/13 16:19:48 net device setup: enabled
2022/09/13 16:19:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/13 16:19:48 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/13 16:19:48 USB emulation: enabled
2022/09/13 16:19:48 hci packet injection: enabled
2022/09/13 16:19:48 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220913                                          )
2022/09/13 16:19:48 802.15.4 emulation: enabled
2022/09/13 16:19:48 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/13 16:19:48 fetching corpus: 50, signal 25886/29494 (executing program)
2022/09/13 16:19:48 fetching corpus: 100, signal 42352/47374 (executing program)
2022/09/13 16:19:48 fetching corpus: 150, signal 52502/58893 (executing program)
2022/09/13 16:19:48 fetching corpus: 200, signal 59392/67109 (executing program)
2022/09/13 16:19:48 fetching corpus: 250, signal 63470/72551 (executing program)
2022/09/13 16:19:48 fetching corpus: 300, signal 71029/81181 (executing program)
2022/09/13 16:19:49 fetching corpus: 350, signal 77529/88703 (executing program)
2022/09/13 16:19:49 fetching corpus: 400, signal 81201/93502 (executing program)
2022/09/13 16:19:49 fetching corpus: 450, signal 85252/98546 (executing program)
2022/09/13 16:19:49 fetching corpus: 500, signal 88436/102762 (executing program)
2022/09/13 16:19:49 fetching corpus: 550, signal 92965/108150 (executing program)
2022/09/13 16:19:49 fetching corpus: 600, signal 97978/113884 (executing program)
2022/09/13 16:19:49 fetching corpus: 650, signal 102093/118816 (executing program)
2022/09/13 16:19:50 fetching corpus: 700, signal 104375/122023 (executing program)
2022/09/13 16:19:50 fetching corpus: 750, signal 108737/127074 (executing program)
2022/09/13 16:19:50 fetching corpus: 800, signal 111947/131010 (executing program)
2022/09/13 16:19:50 fetching corpus: 850, signal 115017/134776 (executing program)
2022/09/13 16:19:50 fetching corpus: 900, signal 117649/138148 (executing program)
2022/09/13 16:19:51 fetching corpus: 950, signal 123492/144207 (executing program)
2022/09/13 16:19:51 fetching corpus: 1000, signal 125066/146604 (executing program)
2022/09/13 16:19:51 fetching corpus: 1050, signal 126618/148944 (executing program)
2022/09/13 16:19:51 fetching corpus: 1100, signal 128616/151618 (executing program)
2022/09/13 16:19:51 fetching corpus: 1150, signal 130624/154241 (executing program)
2022/09/13 16:19:51 fetching corpus: 1200, signal 133502/157529 (executing program)
2022/09/13 16:19:51 fetching corpus: 1250, signal 136053/160522 (executing program)
2022/09/13 16:19:52 fetching corpus: 1300, signal 138953/163753 (executing program)
2022/09/13 16:19:52 fetching corpus: 1350, signal 141304/166499 (executing program)
2022/09/13 16:19:52 fetching corpus: 1400, signal 142493/168307 (executing program)
2022/09/13 16:19:52 fetching corpus: 1450, signal 145077/171173 (executing program)
2022/09/13 16:19:52 fetching corpus: 1500, signal 147331/173808 (executing program)
2022/09/13 16:19:52 fetching corpus: 1550, signal 149481/176302 (executing program)
2022/09/13 16:19:52 fetching corpus: 1600, signal 151151/178320 (executing program)
2022/09/13 16:19:53 fetching corpus: 1650, signal 152788/180318 (executing program)
2022/09/13 16:19:53 fetching corpus: 1700, signal 153959/181989 (executing program)
2022/09/13 16:19:53 fetching corpus: 1750, signal 156105/184281 (executing program)
2022/09/13 16:19:53 fetching corpus: 1800, signal 157491/186090 (executing program)
2022/09/13 16:19:53 fetching corpus: 1850, signal 158893/187859 (executing program)
2022/09/13 16:19:53 fetching corpus: 1900, signal 159960/189378 (executing program)
2022/09/13 16:19:53 fetching corpus: 1950, signal 160900/190749 (executing program)
2022/09/13 16:19:54 fetching corpus: 2000, signal 162373/192558 (executing program)
2022/09/13 16:19:54 fetching corpus: 2050, signal 163520/194065 (executing program)
2022/09/13 16:19:54 fetching corpus: 2100, signal 164939/195730 (executing program)
2022/09/13 16:19:54 fetching corpus: 2150, signal 166182/197309 (executing program)
2022/09/13 16:19:54 fetching corpus: 2200, signal 167396/198802 (executing program)
2022/09/13 16:19:54 fetching corpus: 2250, signal 168621/200303 (executing program)
2022/09/13 16:19:54 fetching corpus: 2300, signal 169816/201792 (executing program)
2022/09/13 16:19:54 fetching corpus: 2350, signal 171599/203641 (executing program)
2022/09/13 16:19:55 fetching corpus: 2400, signal 172857/205086 (executing program)
2022/09/13 16:19:55 fetching corpus: 2450, signal 174198/206533 (executing program)
2022/09/13 16:19:55 fetching corpus: 2500, signal 175435/207907 (executing program)
2022/09/13 16:19:55 fetching corpus: 2550, signal 176302/209058 (executing program)
2022/09/13 16:19:55 fetching corpus: 2600, signal 177571/210428 (executing program)
2022/09/13 16:19:56 fetching corpus: 2650, signal 179272/212059 (executing program)
2022/09/13 16:19:56 fetching corpus: 2700, signal 179864/213002 (executing program)
2022/09/13 16:19:56 fetching corpus: 2750, signal 180787/214131 (executing program)
2022/09/13 16:19:56 fetching corpus: 2800, signal 182152/215510 (executing program)
2022/09/13 16:19:56 fetching corpus: 2850, signal 183544/216908 (executing program)
2022/09/13 16:19:56 fetching corpus: 2900, signal 185223/218300 (executing program)
2022/09/13 16:19:56 fetching corpus: 2950, signal 186188/219343 (executing program)
2022/09/13 16:19:56 fetching corpus: 3000, signal 186901/220252 (executing program)
2022/09/13 16:19:57 fetching corpus: 3050, signal 188002/221377 (executing program)
2022/09/13 16:19:57 fetching corpus: 3100, signal 189287/222583 (executing program)
2022/09/13 16:19:57 fetching corpus: 3150, signal 190054/223462 (executing program)
2022/09/13 16:19:57 fetching corpus: 3200, signal 190936/224413 (executing program)
2022/09/13 16:19:57 fetching corpus: 3250, signal 191826/225333 (executing program)
2022/09/13 16:19:57 fetching corpus: 3300, signal 192789/226285 (executing program)
2022/09/13 16:19:57 fetching corpus: 3350, signal 193519/227137 (executing program)
2022/09/13 16:19:58 fetching corpus: 3400, signal 194491/228059 (executing program)
2022/09/13 16:19:58 fetching corpus: 3450, signal 195566/228995 (executing program)
2022/09/13 16:19:58 fetching corpus: 3500, signal 196188/229740 (executing program)
2022/09/13 16:19:58 fetching corpus: 3550, signal 196994/230574 (executing program)
2022/09/13 16:19:58 fetching corpus: 3600, signal 198127/231510 (executing program)
2022/09/13 16:19:58 fetching corpus: 3650, signal 199063/232370 (executing program)
2022/09/13 16:19:58 fetching corpus: 3700, signal 199897/233151 (executing program)
2022/09/13 16:19:59 fetching corpus: 3750, signal 200588/233824 (executing program)
2022/09/13 16:19:59 fetching corpus: 3800, signal 201538/234619 (executing program)
2022/09/13 16:19:59 fetching corpus: 3850, signal 202714/235504 (executing program)
2022/09/13 16:19:59 fetching corpus: 3900, signal 203503/236220 (executing program)
2022/09/13 16:19:59 fetching corpus: 3950, signal 204177/236898 (executing program)
2022/09/13 16:19:59 fetching corpus: 4000, signal 205570/237807 (executing program)
2022/09/13 16:19:59 fetching corpus: 4050, signal 206244/238409 (executing program)
2022/09/13 16:19:59 fetching corpus: 4100, signal 206750/238988 (executing program)
2022/09/13 16:20:00 fetching corpus: 4150, signal 207716/239786 (executing program)
2022/09/13 16:20:00 fetching corpus: 4200, signal 208342/240367 (executing program)
2022/09/13 16:20:00 fetching corpus: 4250, signal 209145/241002 (executing program)
2022/09/13 16:20:00 fetching corpus: 4300, signal 209717/241522 (executing program)
2022/09/13 16:20:00 fetching corpus: 4350, signal 210262/242095 (executing program)
2022/09/13 16:20:00 fetching corpus: 4400, signal 210718/242574 (executing program)
2022/09/13 16:20:00 fetching corpus: 4450, signal 211551/243176 (executing program)
2022/09/13 16:20:00 fetching corpus: 4500, signal 212143/243694 (executing program)
2022/09/13 16:20:01 fetching corpus: 4550, signal 212902/244239 (executing program)
2022/09/13 16:20:01 fetching corpus: 4600, signal 213585/244798 (executing program)
2022/09/13 16:20:01 fetching corpus: 4650, signal 214755/245489 (executing program)
2022/09/13 16:20:01 fetching corpus: 4700, signal 215486/246008 (executing program)
2022/09/13 16:20:01 fetching corpus: 4750, signal 216558/246605 (executing program)
2022/09/13 16:20:01 fetching corpus: 4800, signal 217180/247079 (executing program)
2022/09/13 16:20:01 fetching corpus: 4850, signal 218013/247569 (executing program)
2022/09/13 16:20:02 fetching corpus: 4900, signal 218650/248014 (executing program)
2022/09/13 16:20:02 fetching corpus: 4950, signal 219236/248412 (executing program)
2022/09/13 16:20:02 fetching corpus: 5000, signal 219868/248821 (executing program)
2022/09/13 16:20:02 fetching corpus: 5050, signal 220486/249198 (executing program)
2022/09/13 16:20:02 fetching corpus: 5100, signal 221351/249628 (executing program)
2022/09/13 16:20:02 fetching corpus: 5149, signal 222083/250063 (executing program)
2022/09/13 16:20:02 fetching corpus: 5199, signal 222911/250502 (executing program)
2022/09/13 16:20:03 fetching corpus: 5248, signal 224102/250976 (executing program)
2022/09/13 16:20:03 fetching corpus: 5298, signal 224541/251279 (executing program)
2022/09/13 16:20:03 fetching corpus: 5348, signal 225280/251628 (executing program)
2022/09/13 16:20:03 fetching corpus: 5398, signal 226138/252063 (executing program)
2022/09/13 16:20:03 fetching corpus: 5448, signal 226724/252415 (executing program)
2022/09/13 16:20:03 fetching corpus: 5498, signal 227229/252738 (executing program)
2022/09/13 16:20:03 fetching corpus: 5548, signal 227761/253049 (executing program)
2022/09/13 16:20:03 fetching corpus: 5598, signal 228233/253332 (executing program)
2022/09/13 16:20:04 fetching corpus: 5648, signal 228902/253628 (executing program)
2022/09/13 16:20:04 fetching corpus: 5698, signal 229368/253860 (executing program)
2022/09/13 16:20:04 fetching corpus: 5748, signal 230085/254128 (executing program)
2022/09/13 16:20:04 fetching corpus: 5798, signal 230750/254462 (executing program)
2022/09/13 16:20:04 fetching corpus: 5848, signal 231368/254702 (executing program)
2022/09/13 16:20:04 fetching corpus: 5898, signal 231955/254921 (executing program)
2022/09/13 16:20:04 fetching corpus: 5948, signal 232482/255180 (executing program)
2022/09/13 16:20:04 fetching corpus: 5998, signal 233097/255393 (executing program)
2022/09/13 16:20:05 fetching corpus: 6048, signal 233627/255602 (executing program)
2022/09/13 16:20:05 fetching corpus: 6098, signal 234269/255779 (executing program)
2022/09/13 16:20:05 fetching corpus: 6148, signal 234833/255989 (executing program)
2022/09/13 16:20:05 fetching corpus: 6198, signal 235196/256159 (executing program)
2022/09/13 16:20:05 fetching corpus: 6248, signal 235532/256161 (executing program)
2022/09/13 16:20:05 fetching corpus: 6298, signal 236081/256161 (executing program)
2022/09/13 16:20:05 fetching corpus: 6348, signal 236932/256161 (executing program)
2022/09/13 16:20:05 fetching corpus: 6398, signal 238042/256163 (executing program)
2022/09/13 16:20:06 fetching corpus: 6448, signal 238620/256176 (executing program)
2022/09/13 16:20:06 fetching corpus: 6498, signal 239162/256177 (executing program)
2022/09/13 16:20:06 fetching corpus: 6548, signal 239625/256198 (executing program)
2022/09/13 16:20:06 fetching corpus: 6598, signal 240539/256201 (executing program)
2022/09/13 16:20:06 fetching corpus: 6648, signal 241161/256201 (executing program)
2022/09/13 16:20:06 fetching corpus: 6698, signal 241687/256209 (executing program)
2022/09/13 16:20:06 fetching corpus: 6748, signal 242083/256225 (executing program)
2022/09/13 16:20:07 fetching corpus: 6798, signal 242905/256262 (executing program)
2022/09/13 16:20:07 fetching corpus: 6848, signal 243430/256282 (executing program)
2022/09/13 16:20:07 fetching corpus: 6898, signal 244028/256291 (executing program)
2022/09/13 16:20:07 fetching corpus: 6948, signal 245193/256307 (executing program)
2022/09/13 16:20:07 fetching corpus: 6998, signal 245646/256359 (executing program)
2022/09/13 16:20:07 fetching corpus: 7048, signal 246032/256361 (executing program)
2022/09/13 16:20:07 fetching corpus: 7098, signal 246405/256367 (executing program)
2022/09/13 16:20:07 fetching corpus: 7136, signal 246858/256384 (executing program)
2022/09/13 16:20:07 fetching corpus: 7136, signal 246858/256384 (executing program)
2022/09/13 16:20:10 starting 8 fuzzer processes
16:20:10 executing program 0:
syz_emit_ethernet(0x3e, &(0x7f0000000080)={@multicast, @broadcast, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, {0x14, 0x0, 0x0, @empty, "39a4ba8385314b5edc3d8aabae540cb5a69bcbd9"}}}}}, 0x0)

16:20:10 executing program 1:
r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000140), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0x8001, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0)
io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0)

16:20:10 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='status\x00')
pread64(r0, &(0x7f0000003680)=""/237, 0xed, 0x0)

[   79.611790] audit: type=1400 audit(1663086010.188:6): avc:  denied  { execmem } for  pid=289 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
16:20:10 executing program 3:
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000200), 0x2f0180, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000003000000876c1a39773a3856a40dbdba0dd642eb6613793952eb9193570aed85700479c7dac1ff1f080bb6f6aeccce3710b8867378846217a70b21aab77724d0680e45"])
r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1, {0x0, r0}}, 0x7)
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000380)={@in={{0x2, 0x4e21, @multicast2}}, 0x0, 0x0, 0x844, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00b51b808c412ed6b9fcbb5be4a2fb7dd8fd0dfa22b4100"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000), 0x4)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000040)={r1, 0xb58a, 0x100000001, 0x2})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40843, 0x0)
pwritev(r3, &(0x7f0000000140)=[{&(0x7f0000000000)='P', 0x1}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611)
openat(0xffffffffffffffff, 0x0, 0x400000, 0x8)
openat(r3, &(0x7f0000000080)='./file1\x00', 0x3039c2, 0x102)

16:20:10 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW(r0, 0x4b41, 0x0)

16:20:10 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x100)
io_setup(0x7, &(0x7f0000000000))
syz_open_procfs(0x0, &(0x7f0000000040)='personality\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00')
stat(0x0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
setresuid(0x0, r2, 0x0)
stat(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
setresuid(0x0, r3, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80))
dup3(r0, r1, 0x80000)

16:20:10 executing program 6:
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty, 0x0, 0x32}, @in6=@private2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_auth={0x48, 0x1, {{'xcbc(aes)\x00'}}}]}, 0x138}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty}, @in6=@private2, {}, {}, {}, 0x0, 0x0, 0xa}}, 0xf0}}, 0x0)

16:20:10 executing program 7:
ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000000))
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f0000000040)={{0x2, 0x4e21, @multicast1}, {0x6}, 0x34, {0x2, 0x0, @loopback}, 'bond_slave_1\x00'})
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000000c0)=""/195, &(0x7f00000001c0)=0xc3)
syz_io_uring_setup(0x3ebf, &(0x7f00000013c0)={0x0, 0xe29e, 0x2, 0x3, 0x2f0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000001440), &(0x7f0000001480))

[   80.901805] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.905444] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.906839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.911733] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.914329] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   80.915825] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.921324] Bluetooth: hci0: HCI_REQ-0x0c1a
[   80.954138] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   80.957705] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   80.959535] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   80.960931] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   80.962736] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   80.964352] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   80.964532] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   80.965553] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   80.967933] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   80.967939] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   80.970336] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   80.970573] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   80.975498] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   80.979921] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   80.980584] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   80.982870] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   80.983591] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   80.986103] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   80.989395] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   80.990309] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   80.991579] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   80.992803] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   80.993973] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   80.995884] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   81.001030] Bluetooth: hci3: HCI_REQ-0x0c1a
[   81.002513] Bluetooth: hci2: HCI_REQ-0x0c1a
[   81.013130] Bluetooth: hci4: HCI_REQ-0x0c1a
[   81.028675] Bluetooth: hci1: HCI_REQ-0x0c1a
[   81.084846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   81.085114] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   81.087781] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   81.087983] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   81.088867] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   81.090761] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   81.090769] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   81.091650] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   81.094085] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   81.097129] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   81.099862] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   81.101083] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   81.106816] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   81.106924] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   81.113765] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   81.119796] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   81.121223] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   81.126328] Bluetooth: hci7: HCI_REQ-0x0c1a
[   81.137467] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   81.156233] Bluetooth: hci5: HCI_REQ-0x0c1a
[   81.178305] Bluetooth: hci6: HCI_REQ-0x0c1a
[   82.982940] Bluetooth: hci0: command 0x0409 tx timeout
[   83.046354] Bluetooth: hci1: command 0x0409 tx timeout
[   83.046706] Bluetooth: hci2: command 0x0409 tx timeout
[   83.046865] Bluetooth: hci4: command 0x0409 tx timeout
[   83.047260] Bluetooth: hci3: command 0x0409 tx timeout
[   83.174283] Bluetooth: hci7: command 0x0409 tx timeout
[   83.175442] Bluetooth: hci5: command 0x0409 tx timeout
[   83.239256] Bluetooth: hci6: command 0x0409 tx timeout
[   85.031273] Bluetooth: hci0: command 0x041b tx timeout
[   85.094404] Bluetooth: hci3: command 0x041b tx timeout
[   85.095130] Bluetooth: hci4: command 0x041b tx timeout
[   85.095605] Bluetooth: hci2: command 0x041b tx timeout
[   85.096011] Bluetooth: hci1: command 0x041b tx timeout
[   85.223265] Bluetooth: hci5: command 0x041b tx timeout
[   85.223795] Bluetooth: hci7: command 0x041b tx timeout
[   85.286218] Bluetooth: hci6: command 0x041b tx timeout
[   87.079198] Bluetooth: hci0: command 0x040f tx timeout
[   87.142338] Bluetooth: hci1: command 0x040f tx timeout
[   87.142949] Bluetooth: hci2: command 0x040f tx timeout
[   87.143496] Bluetooth: hci4: command 0x040f tx timeout
[   87.143987] Bluetooth: hci3: command 0x040f tx timeout
[   87.270251] Bluetooth: hci7: command 0x040f tx timeout
[   87.271038] Bluetooth: hci5: command 0x040f tx timeout
[   87.335945] Bluetooth: hci6: command 0x040f tx timeout
[   89.126351] Bluetooth: hci0: command 0x0419 tx timeout
[   89.190333] Bluetooth: hci3: command 0x0419 tx timeout
[   89.191127] Bluetooth: hci4: command 0x0419 tx timeout
[   89.191898] Bluetooth: hci2: command 0x0419 tx timeout
[   89.192648] Bluetooth: hci1: command 0x0419 tx timeout
[   89.318256] Bluetooth: hci5: command 0x0419 tx timeout
[   89.319020] Bluetooth: hci7: command 0x0419 tx timeout
[   89.382222] Bluetooth: hci6: command 0x0419 tx timeout
[  135.658452] audit: type=1400 audit(1663086066.235:7): avc:  denied  { open } for  pid=3778 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  135.660076] audit: type=1400 audit(1663086066.235:8): avc:  denied  { kernel } for  pid=3778 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  135.671648] ------------[ cut here ]------------
[  135.671669] 
[  135.671672] ======================================================
[  135.671676] WARNING: possible circular locking dependency detected
[  135.671680] 6.0.0-rc5-next-20220913 #1 Not tainted
[  135.671687] ------------------------------------------------------
[  135.671690] syz-executor.3/3779 is trying to acquire lock:
[  135.671696] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  135.671731] 
[  135.671731] but task is already holding lock:
[  135.671734] ffff888008e6d420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  135.671761] 
[  135.671761] which lock already depends on the new lock.
[  135.671761] 
[  135.671763] 
[  135.671763] the existing dependency chain (in reverse order) is:
[  135.671767] 
[  135.671767] -> #3 (&ctx->lock){....}-{2:2}:
[  135.671780]        _raw_spin_lock+0x2a/0x40
[  135.671797]        __perf_event_task_sched_out+0x53b/0x18d0
[  135.671809]        __schedule+0xedd/0x2470
[  135.671819]        schedule+0xda/0x1b0
[  135.671828]        exit_to_user_mode_prepare+0x114/0x1a0
[  135.671849]        syscall_exit_to_user_mode+0x19/0x40
[  135.671866]        do_syscall_64+0x48/0x90
[  135.671879]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  135.671897] 
[  135.671897] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  135.671910]        _raw_spin_lock_nested+0x30/0x40
[  135.671925]        raw_spin_rq_lock_nested+0x1e/0x30
[  135.671938]        task_fork_fair+0x63/0x4d0
[  135.671955]        sched_cgroup_fork+0x3d0/0x540
[  135.671969]        copy_process+0x3f9e/0x6df0
[  135.671979]        kernel_clone+0xe7/0x890
[  135.671988]        user_mode_thread+0xad/0xf0
[  135.671998]        rest_init+0x24/0x250
[  135.672014]        arch_call_rest_init+0xf/0x14
[  135.672034]        start_kernel+0x4c1/0x4e6
[  135.672051]        secondary_startup_64_no_verify+0xe0/0xeb
[  135.672065] 
[  135.672065] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  135.672079]        _raw_spin_lock_irqsave+0x39/0x60
[  135.672094]        try_to_wake_up+0xab/0x1920
[  135.672107]        up+0x75/0xb0
[  135.672118]        __up_console_sem+0x6e/0x80
[  135.672134]        console_unlock+0x46a/0x590
[  135.672150]        vprintk_emit+0x1bd/0x560
[  135.672170]        vprintk+0x84/0xa0
[  135.672186]        _printk+0xba/0xf1
[  135.672204]        kauditd_hold_skb.cold+0x3f/0x4e
[  135.672218]        kauditd_send_queue+0x233/0x290
[  135.672232]        kauditd_thread+0x5da/0x9a0
[  135.672246]        kthread+0x2ed/0x3a0
[  135.672261]        ret_from_fork+0x22/0x30
[  135.672273] 
[  135.672273] -> #0 ((console_sem).lock){....}-{2:2}:
[  135.672286]        __lock_acquire+0x2a02/0x5e70
[  135.672303]        lock_acquire+0x1a2/0x530
[  135.672319]        _raw_spin_lock_irqsave+0x39/0x60
[  135.672337]        down_trylock+0xe/0x70
[  135.672349]        __down_trylock_console_sem+0x3b/0xd0
[  135.672366]        vprintk_emit+0x16b/0x560
[  135.672382]        vprintk+0x84/0xa0
[  135.672398]        _printk+0xba/0xf1
[  135.672415]        report_bug.cold+0x72/0xab
[  135.672427]        handle_bug+0x3c/0x70
[  135.672440]        exc_invalid_op+0x14/0x50
[  135.672453]        asm_exc_invalid_op+0x16/0x20
[  135.672469]        group_sched_out.part.0+0x2c7/0x460
[  135.672479]        ctx_sched_out+0x8f1/0xc10
[  135.672489]        __perf_event_task_sched_out+0x6d0/0x18d0
[  135.672501]        __schedule+0xedd/0x2470
[  135.672511]        schedule+0xda/0x1b0
[  135.672520]        exit_to_user_mode_prepare+0x114/0x1a0
[  135.672539]        syscall_exit_to_user_mode+0x19/0x40
[  135.672556]        do_syscall_64+0x48/0x90
[  135.672569]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  135.672586] 
[  135.672586] other info that might help us debug this:
[  135.672586] 
[  135.672589] Chain exists of:
[  135.672589]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  135.672589] 
[  135.672603]  Possible unsafe locking scenario:
[  135.672603] 
[  135.672606]        CPU0                    CPU1
[  135.672608]        ----                    ----
[  135.672610]   lock(&ctx->lock);
[  135.672616]                                lock(&rq->__lock);
[  135.672622]                                lock(&ctx->lock);
[  135.672628]   lock((console_sem).lock);
[  135.672634] 
[  135.672634]  *** DEADLOCK ***
[  135.672634] 
[  135.672636] 2 locks held by syz-executor.3/3779:
[  135.672642]  #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  135.672668]  #1: ffff888008e6d420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  135.672695] 
[  135.672695] stack backtrace:
[  135.672698] CPU: 1 PID: 3779 Comm: syz-executor.3 Not tainted 6.0.0-rc5-next-20220913 #1
[  135.672711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  135.672719] Call Trace:
[  135.672722]  <TASK>
[  135.672727]  dump_stack_lvl+0x8b/0xb3
[  135.672741]  check_noncircular+0x263/0x2e0
[  135.672758]  ? format_decode+0x26c/0xb50
[  135.672773]  ? print_circular_bug+0x450/0x450
[  135.672790]  ? enable_ptr_key_workfn+0x20/0x20
[  135.672805]  ? format_decode+0x26c/0xb50
[  135.672820]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  135.672838]  __lock_acquire+0x2a02/0x5e70
[  135.672860]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  135.672883]  lock_acquire+0x1a2/0x530
[  135.672900]  ? down_trylock+0xe/0x70
[  135.672914]  ? rcu_read_unlock+0x40/0x40
[  135.672935]  ? vprintk+0x84/0xa0
[  135.672954]  _raw_spin_lock_irqsave+0x39/0x60
[  135.672969]  ? down_trylock+0xe/0x70
[  135.672983]  down_trylock+0xe/0x70
[  135.672996]  ? vprintk+0x84/0xa0
[  135.673013]  __down_trylock_console_sem+0x3b/0xd0
[  135.673031]  vprintk_emit+0x16b/0x560
[  135.673050]  vprintk+0x84/0xa0
[  135.673068]  _printk+0xba/0xf1
[  135.673086]  ? record_print_text.cold+0x16/0x16
[  135.673108]  ? report_bug.cold+0x66/0xab
[  135.673122]  ? group_sched_out.part.0+0x2c7/0x460
[  135.673133]  report_bug.cold+0x72/0xab
[  135.673148]  handle_bug+0x3c/0x70
[  135.673162]  exc_invalid_op+0x14/0x50
[  135.673176]  asm_exc_invalid_op+0x16/0x20
[  135.673195] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  135.673210] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  135.673224] RSP: 0018:ffff888015cdfc48 EFLAGS: 00010006
[  135.673233] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  135.673240] RDX: ffff888022061ac0 RSI: ffffffff81566027 RDI: 0000000000000005
[  135.673248] RBP: ffff888040f78000 R08: 0000000000000005 R09: 0000000000000001
[  135.673255] R10: 0000000000000000 R11: ffffffff865aa05b R12: ffff888008e6d400
[  135.673263] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  135.673274]  ? group_sched_out.part.0+0x2c7/0x460
[  135.673287]  ? group_sched_out.part.0+0x2c7/0x460
[  135.673300]  ctx_sched_out+0x8f1/0xc10
[  135.673312]  __perf_event_task_sched_out+0x6d0/0x18d0
[  135.673327]  ? lock_is_held_type+0xd7/0x130
[  135.673346]  ? __perf_cgroup_move+0x160/0x160
[  135.673358]  ? set_next_entity+0x304/0x550
[  135.673376]  ? update_curr+0x267/0x740
[  135.673394]  ? lock_is_held_type+0xd7/0x130
[  135.673413]  __schedule+0xedd/0x2470
[  135.673426]  ? io_schedule_timeout+0x150/0x150
[  135.673439]  ? rcu_read_lock_sched_held+0x3e/0x80
[  135.673459]  schedule+0xda/0x1b0
[  135.673470]  exit_to_user_mode_prepare+0x114/0x1a0
[  135.673491]  syscall_exit_to_user_mode+0x19/0x40
[  135.673509]  do_syscall_64+0x48/0x90
[  135.673523]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  135.673541] RIP: 0033:0x7f8b932ddb19
[  135.673549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  135.673560] RSP: 002b:00007f8b90853218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  135.673571] RAX: 0000000000000001 RBX: 00007f8b933f0f68 RCX: 00007f8b932ddb19
[  135.673578] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8b933f0f6c
[  135.673586] RBP: 00007f8b933f0f60 R08: 000000000000000e R09: 0000000000000000
[  135.673593] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8b933f0f6c
[  135.673600] R13: 00007ffddf5f5f3f R14: 00007f8b90853300 R15: 0000000000022000
[  135.673613]  </TASK>
[  135.730436] WARNING: CPU: 1 PID: 3779 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  135.731106] Modules linked in:
[  135.731347] CPU: 1 PID: 3779 Comm: syz-executor.3 Not tainted 6.0.0-rc5-next-20220913 #1
[  135.731939] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  135.732744] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  135.733141] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  135.734447] RSP: 0018:ffff888015cdfc48 EFLAGS: 00010006
[  135.734836] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  135.735350] RDX: ffff888022061ac0 RSI: ffffffff81566027 RDI: 0000000000000005
[  135.735872] RBP: ffff888040f78000 R08: 0000000000000005 R09: 0000000000000001
[  135.736395] R10: 0000000000000000 R11: ffffffff865aa05b R12: ffff888008e6d400
[  135.736909] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  135.737428] FS:  00007f8b90853700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  135.738013] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  135.738441] CR2: 00007ff70776a438 CR3: 000000004111c000 CR4: 0000000000350ee0
[  135.738958] Call Trace:
[  135.739151]  <TASK>
[  135.739324]  ctx_sched_out+0x8f1/0xc10
[  135.739625]  __perf_event_task_sched_out+0x6d0/0x18d0
[  135.740008]  ? lock_is_held_type+0xd7/0x130
[  135.740331]  ? __perf_cgroup_move+0x160/0x160
[  135.740664]  ? set_next_entity+0x304/0x550
[  135.740985]  ? update_curr+0x267/0x740
[  135.741279]  ? lock_is_held_type+0xd7/0x130
[  135.741598]  __schedule+0xedd/0x2470
[  135.741881]  ? io_schedule_timeout+0x150/0x150
[  135.742219]  ? rcu_read_lock_sched_held+0x3e/0x80
[  135.742586]  schedule+0xda/0x1b0
[  135.742847]  exit_to_user_mode_prepare+0x114/0x1a0
[  135.743216]  syscall_exit_to_user_mode+0x19/0x40
[  135.743586]  do_syscall_64+0x48/0x90
[  135.743870]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  135.744251] RIP: 0033:0x7f8b932ddb19
[  135.744525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  135.745830] RSP: 002b:00007f8b90853218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  135.746394] RAX: 0000000000000001 RBX: 00007f8b933f0f68 RCX: 00007f8b932ddb19
[  135.746904] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8b933f0f6c
[  135.747424] RBP: 00007f8b933f0f60 R08: 000000000000000e R09: 0000000000000000
[  135.747943] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8b933f0f6c
[  135.748454] R13: 00007ffddf5f5f3f R14: 00007f8b90853300 R15: 0000000000022000
[  135.748976]  </TASK>
[  135.749148] irq event stamp: 718
[  135.749397] hardirqs last  enabled at (717): [<ffffffff8133ffc9>] exit_to_user_mode_prepare+0x109/0x1a0
[  135.750077] hardirqs last disabled at (718): [<ffffffff8424b1d5>] __schedule+0x1225/0x2470
[  135.750669] softirqs last  enabled at (374): [<ffffffff8117060b>] __irq_exit_rcu+0x11b/0x180
[  135.751284] softirqs last disabled at (341): [<ffffffff8117060b>] __irq_exit_rcu+0x11b/0x180
[  135.751919] ---[ end trace 0000000000000000 ]---
16:21:06 executing program 6:
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty, 0x0, 0x32}, @in6=@private2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_auth={0x48, 0x1, {{'xcbc(aes)\x00'}}}]}, 0x138}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty}, @in6=@private2, {}, {}, {}, 0x0, 0x0, 0xa}}, 0xf0}}, 0x0)

16:21:06 executing program 3:
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000200), 0x2f0180, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000003000000876c1a39773a3856a40dbdba0dd642eb6613793952eb9193570aed85700479c7dac1ff1f080bb6f6aeccce3710b8867378846217a70b21aab77724d0680e45"])
r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1, {0x0, r0}}, 0x7)
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000380)={@in={{0x2, 0x4e21, @multicast2}}, 0x0, 0x0, 0x844, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00b51b808c412ed6b9fcbb5be4a2fb7dd8fd0dfa22b4100"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000), 0x4)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000040)={r1, 0xb58a, 0x100000001, 0x2})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40843, 0x0)
pwritev(r3, &(0x7f0000000140)=[{&(0x7f0000000000)='P', 0x1}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611)
openat(0xffffffffffffffff, 0x0, 0x400000, 0x8)
openat(r3, &(0x7f0000000080)='./file1\x00', 0x3039c2, 0x102)

16:21:06 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW(r0, 0x4b41, 0x0)

16:21:06 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW(r0, 0x4b41, 0x0)

[  136.296177] hrtimer: interrupt took 16882 ns
16:21:06 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW(r0, 0x4b41, 0x0)

16:21:06 executing program 6:
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty, 0x0, 0x32}, @in6=@private2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_auth={0x48, 0x1, {{'xcbc(aes)\x00'}}}]}, 0x138}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty}, @in6=@private2, {}, {}, {}, 0x0, 0x0, 0xa}}, 0xf0}}, 0x0)

16:21:06 executing program 4:
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000200), 0x2f0180, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000003000000876c1a39773a3856a40dbdba0dd642eb6613793952eb9193570aed85700479c7dac1ff1f080bb6f6aeccce3710b8867378846217a70b21aab77724d0680e45"])
r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1, {0x0, r0}}, 0x7)
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000380)={@in={{0x2, 0x4e21, @multicast2}}, 0x0, 0x0, 0x844, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00b51b808c412ed6b9fcbb5be4a2fb7dd8fd0dfa22b4100"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000), 0x4)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000040)={r1, 0xb58a, 0x100000001, 0x2})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40843, 0x0)
pwritev(r3, &(0x7f0000000140)=[{&(0x7f0000000000)='P', 0x1}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611)
openat(0xffffffffffffffff, 0x0, 0x400000, 0x8)
openat(r3, &(0x7f0000000080)='./file1\x00', 0x3039c2, 0x102)

16:21:07 executing program 3:
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000200), 0x2f0180, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000003000000876c1a39773a3856a40dbdba0dd642eb6613793952eb9193570aed85700479c7dac1ff1f080bb6f6aeccce3710b8867378846217a70b21aab77724d0680e45"])
r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1, {0x0, r0}}, 0x7)
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000380)={@in={{0x2, 0x4e21, @multicast2}}, 0x0, 0x0, 0x844, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00b51b808c412ed6b9fcbb5be4a2fb7dd8fd0dfa22b4100"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000), 0x4)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000040)={r1, 0xb58a, 0x100000001, 0x2})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40843, 0x0)
pwritev(r3, &(0x7f0000000140)=[{&(0x7f0000000000)='P', 0x1}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611)
openat(0xffffffffffffffff, 0x0, 0x400000, 0x8)
openat(r3, &(0x7f0000000080)='./file1\x00', 0x3039c2, 0x102)

[  144.614240] Bluetooth: hci2: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
16:21:06  Registers:
info registers vcpu 0
RAX=ffffed100d9c6f99 RBX=ffff88806ce37cc0 RCX=ffffffff812aad3f RDX=ffffed100d9c6f99
RSI=0000000000000004 RDI=ffff88806ce37cc0 RBP=ffffed100d9c6f98 RSP=ffff88803cbb7ae8
R8 =0000000000000000 R9 =ffff88806ce37cc3 R10=ffffed100d9c6f98 R11=0000000000000001
R12=ffff88806ce37cd8 R13=ffff888018670000 R14=ffff88800ff83a30 R15=ffff88806ce37cc0
RIP=ffffffff81787f14 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555556561400 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f6c7c3cf368 CR3=000000003c15c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
YMM02=0000000000000000 0000000000000000 00524f5252450040 0000000000000000
YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822b25c1 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff888015cdf698
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000020 R11=0000000000000001
R12=0000000000000020 R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b25b0
RIP=ffffffff822b2619 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f8b90853700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ff70776a438 CR3=000000004111c000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007f8b933c47c0 00007f8b933c47c8
YMM02=0000000000000000 0000000000000000 00007f8b933c47e0 00007f8b933c47c0
YMM03=0000000000000000 0000000000000000 00007f8b933c47c8 00007f8b933c47c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000