Warning: Permanently added '[localhost]:33316' (ECDSA) to the list of known hosts. 2022/10/03 04:41:08 fuzzer started 2022/10/03 04:41:08 dialing manager at localhost:35095 syzkaller login: [ 46.512773] cgroup: Unknown subsys name 'net' [ 46.587364] cgroup: Unknown subsys name 'rlimit' 2022/10/03 04:41:22 syscalls: 2215 2022/10/03 04:41:22 code coverage: enabled 2022/10/03 04:41:22 comparison tracing: enabled 2022/10/03 04:41:22 extra coverage: enabled 2022/10/03 04:41:22 setuid sandbox: enabled 2022/10/03 04:41:22 namespace sandbox: enabled 2022/10/03 04:41:22 Android sandbox: enabled 2022/10/03 04:41:22 fault injection: enabled 2022/10/03 04:41:22 leak checking: enabled 2022/10/03 04:41:22 net packet injection: enabled 2022/10/03 04:41:22 net device setup: enabled 2022/10/03 04:41:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/03 04:41:22 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/03 04:41:22 USB emulation: enabled 2022/10/03 04:41:22 hci packet injection: enabled 2022/10/03 04:41:22 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930) 2022/10/03 04:41:22 802.15.4 emulation: enabled 2022/10/03 04:41:22 fetching corpus: 50, signal 18401/20288 (executing program) 2022/10/03 04:41:22 fetching corpus: 100, signal 31642/35209 (executing program) 2022/10/03 04:41:22 fetching corpus: 150, signal 40124/45290 (executing program) 2022/10/03 04:41:22 fetching corpus: 200, signal 45551/52315 (executing program) 2022/10/03 04:41:22 fetching corpus: 250, signal 52226/60473 (executing program) 2022/10/03 04:41:22 fetching corpus: 300, signal 57855/67501 (executing program) 2022/10/03 04:41:22 fetching corpus: 350, signal 60838/71958 (executing program) 2022/10/03 04:41:22 fetching corpus: 400, signal 65611/78071 (executing program) 2022/10/03 04:41:23 fetching corpus: 450, signal 68801/82610 (executing program) 2022/10/03 04:41:23 fetching corpus: 500, signal 71647/86801 (executing program) 2022/10/03 04:41:23 fetching corpus: 550, signal 77426/93680 (executing program) 2022/10/03 04:41:23 fetching corpus: 600, signal 81441/98861 (executing program) 2022/10/03 04:41:23 fetching corpus: 650, signal 85254/103806 (executing program) 2022/10/03 04:41:23 fetching corpus: 700, signal 89755/109274 (executing program) 2022/10/03 04:41:23 fetching corpus: 750, signal 95198/115567 (executing program) 2022/10/03 04:41:23 fetching corpus: 800, signal 96492/118092 (executing program) 2022/10/03 04:41:24 fetching corpus: 850, signal 98562/121282 (executing program) 2022/10/03 04:41:24 fetching corpus: 900, signal 100028/123926 (executing program) 2022/10/03 04:41:24 fetching corpus: 950, signal 101555/126567 (executing program) 2022/10/03 04:41:24 fetching corpus: 1000, signal 104989/130829 (executing program) 2022/10/03 04:41:24 fetching corpus: 1050, signal 106702/133586 (executing program) 2022/10/03 04:41:24 fetching corpus: 1100, signal 108294/136180 (executing program) 2022/10/03 04:41:24 fetching corpus: 1150, signal 110903/139695 (executing program) 2022/10/03 04:41:24 fetching corpus: 1200, signal 112491/142274 (executing program) 2022/10/03 04:41:24 fetching corpus: 1250, signal 113534/144367 (executing program) 2022/10/03 04:41:25 fetching corpus: 1300, signal 115475/147198 (executing program) 2022/10/03 04:41:25 fetching corpus: 1350, signal 116994/149644 (executing program) 2022/10/03 04:41:25 fetching corpus: 1400, signal 119603/152966 (executing program) 2022/10/03 04:41:25 fetching corpus: 1450, signal 120993/155253 (executing program) 2022/10/03 04:41:25 fetching corpus: 1500, signal 124252/159035 (executing program) 2022/10/03 04:41:25 fetching corpus: 1550, signal 125652/161265 (executing program) 2022/10/03 04:41:25 fetching corpus: 1600, signal 126957/163388 (executing program) 2022/10/03 04:41:25 fetching corpus: 1650, signal 128035/165345 (executing program) 2022/10/03 04:41:25 fetching corpus: 1700, signal 128831/167094 (executing program) 2022/10/03 04:41:25 fetching corpus: 1750, signal 130030/169056 (executing program) 2022/10/03 04:41:26 fetching corpus: 1800, signal 131787/171486 (executing program) 2022/10/03 04:41:26 fetching corpus: 1850, signal 133435/173816 (executing program) 2022/10/03 04:41:26 fetching corpus: 1900, signal 136939/177545 (executing program) 2022/10/03 04:41:26 fetching corpus: 1950, signal 138081/179491 (executing program) 2022/10/03 04:41:26 fetching corpus: 2000, signal 139320/181545 (executing program) 2022/10/03 04:41:26 fetching corpus: 2050, signal 140981/183767 (executing program) 2022/10/03 04:41:26 fetching corpus: 2100, signal 141920/185493 (executing program) 2022/10/03 04:41:27 fetching corpus: 2150, signal 143161/187440 (executing program) 2022/10/03 04:41:27 fetching corpus: 2200, signal 143985/189077 (executing program) 2022/10/03 04:41:27 fetching corpus: 2250, signal 144611/190531 (executing program) 2022/10/03 04:41:27 fetching corpus: 2300, signal 145740/192347 (executing program) 2022/10/03 04:41:27 fetching corpus: 2350, signal 146471/193855 (executing program) 2022/10/03 04:41:27 fetching corpus: 2400, signal 147720/195738 (executing program) 2022/10/03 04:41:27 fetching corpus: 2450, signal 148359/197162 (executing program) 2022/10/03 04:41:27 fetching corpus: 2500, signal 149580/198989 (executing program) 2022/10/03 04:41:28 fetching corpus: 2550, signal 150611/200670 (executing program) 2022/10/03 04:41:28 fetching corpus: 2600, signal 151558/202237 (executing program) 2022/10/03 04:41:28 fetching corpus: 2650, signal 153464/204487 (executing program) 2022/10/03 04:41:28 fetching corpus: 2700, signal 154279/205965 (executing program) 2022/10/03 04:41:28 fetching corpus: 2750, signal 155662/207799 (executing program) 2022/10/03 04:41:28 fetching corpus: 2800, signal 156787/209414 (executing program) 2022/10/03 04:41:28 fetching corpus: 2850, signal 158047/211141 (executing program) 2022/10/03 04:41:28 fetching corpus: 2900, signal 159343/212907 (executing program) 2022/10/03 04:41:29 fetching corpus: 2950, signal 159942/214223 (executing program) 2022/10/03 04:41:29 fetching corpus: 3000, signal 161237/215914 (executing program) 2022/10/03 04:41:29 fetching corpus: 3050, signal 162663/217690 (executing program) 2022/10/03 04:41:29 fetching corpus: 3100, signal 164009/219369 (executing program) 2022/10/03 04:41:29 fetching corpus: 3150, signal 165021/220892 (executing program) 2022/10/03 04:41:29 fetching corpus: 3200, signal 165747/222211 (executing program) 2022/10/03 04:41:29 fetching corpus: 3250, signal 167099/223820 (executing program) 2022/10/03 04:41:30 fetching corpus: 3300, signal 168272/225338 (executing program) 2022/10/03 04:41:30 fetching corpus: 3350, signal 169492/226832 (executing program) 2022/10/03 04:41:30 fetching corpus: 3400, signal 170201/228027 (executing program) 2022/10/03 04:41:30 fetching corpus: 3450, signal 170945/229277 (executing program) 2022/10/03 04:41:30 fetching corpus: 3500, signal 172076/230738 (executing program) 2022/10/03 04:41:30 fetching corpus: 3550, signal 173139/232168 (executing program) 2022/10/03 04:41:30 fetching corpus: 3600, signal 173893/233381 (executing program) 2022/10/03 04:41:30 fetching corpus: 3650, signal 175126/234842 (executing program) 2022/10/03 04:41:31 fetching corpus: 3700, signal 175922/236046 (executing program) 2022/10/03 04:41:31 fetching corpus: 3750, signal 176390/237071 (executing program) 2022/10/03 04:41:31 fetching corpus: 3800, signal 177443/238393 (executing program) 2022/10/03 04:41:31 fetching corpus: 3850, signal 178148/239511 (executing program) 2022/10/03 04:41:31 fetching corpus: 3900, signal 178967/240723 (executing program) 2022/10/03 04:41:31 fetching corpus: 3950, signal 179492/241743 (executing program) 2022/10/03 04:41:31 fetching corpus: 4000, signal 180297/242887 (executing program) 2022/10/03 04:41:31 fetching corpus: 4050, signal 181193/244087 (executing program) 2022/10/03 04:41:32 fetching corpus: 4100, signal 181813/245136 (executing program) 2022/10/03 04:41:32 fetching corpus: 4150, signal 183097/246479 (executing program) 2022/10/03 04:41:32 fetching corpus: 4200, signal 184614/247870 (executing program) 2022/10/03 04:41:32 fetching corpus: 4250, signal 185087/248807 (executing program) 2022/10/03 04:41:32 fetching corpus: 4300, signal 185985/249932 (executing program) 2022/10/03 04:41:32 fetching corpus: 4350, signal 186455/250867 (executing program) 2022/10/03 04:41:32 fetching corpus: 4400, signal 186876/251806 (executing program) 2022/10/03 04:41:32 fetching corpus: 4450, signal 187530/252773 (executing program) 2022/10/03 04:41:33 fetching corpus: 4500, signal 188463/253997 (executing program) 2022/10/03 04:41:33 fetching corpus: 4550, signal 189217/254955 (executing program) 2022/10/03 04:41:33 fetching corpus: 4600, signal 190217/256034 (executing program) 2022/10/03 04:41:33 fetching corpus: 4650, signal 190590/256913 (executing program) 2022/10/03 04:41:33 fetching corpus: 4700, signal 191032/257788 (executing program) 2022/10/03 04:41:33 fetching corpus: 4750, signal 191464/258608 (executing program) 2022/10/03 04:41:33 fetching corpus: 4800, signal 192324/259605 (executing program) 2022/10/03 04:41:33 fetching corpus: 4850, signal 192956/260567 (executing program) 2022/10/03 04:41:33 fetching corpus: 4900, signal 193507/261440 (executing program) 2022/10/03 04:41:34 fetching corpus: 4950, signal 193953/262294 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/263255 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/263948 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/264662 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/265342 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/266067 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/266764 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/267452 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/268143 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/268830 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/269530 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/270235 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/270959 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/271651 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/272316 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/273010 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/273735 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/274433 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/275112 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/275799 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/276513 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/277170 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/277862 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/278572 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/279237 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/279936 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/280666 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/281328 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/282018 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/282755 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/283447 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/284103 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/284756 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/285436 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/286102 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/286827 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/287502 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/288191 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/288861 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/289556 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/290234 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/290916 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/291577 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/292261 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/292953 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/293647 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/294366 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/294966 (executing program) 2022/10/03 04:41:34 fetching corpus: 4997, signal 194783/294966 (executing program) 2022/10/03 04:41:37 starting 8 fuzzer processes 04:41:37 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x9, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="c62820ee9a1749fd961fde07b60c7287f8d61df659180c60313a4b1dbe05f68fd2813dc0f10abadc75809afbe008be1ffea59dfeddfdfc5efa678ee475a7fb3dbd6b915ad44d80d60b2142b3529787c41e5aa11699c2fd8ff2608fe145dd49ed920f2eedc33dd9235b8ff6fd7764740d69e39225f26bbfe93b95c4984a032ebec6af1b41c199ffd22bc648854048e03ae785a220e0d6d313b6e3167a979aa6424cd5187df888ad83232091c9b3a1672471bfcbd3afc9b76c971ef2952b05331a9ad2ac55684847acd43f86325d0d19aa308a1763", 0xd4, 0x7fffffff}], 0x1088800, &(0x7f00000001c0)={[{@huge_advise}, {@nr_inodes={'nr_inodes', 0x3d, [0x25, 0x5fb3f93a8607f3e1, 0x74, 0x31, 0x6b, 0x37]}}, {@mpol={'mpol', 0x3d, {'local', '', @val={0x3a, [0x34]}}}}, {@mpol={'mpol', 0x3d, {'default', '', @void}}}, {@huge_never}, {@huge_never}, {@huge_never}, {@nr_inodes={'nr_inodes', 0x3d, [0x6b, 0x33]}}], [{@uid_eq}, {@fowner_eq={'fowner', 0x3d, 0xee01}}]}) r1 = memfd_secret(0x80000) mkdirat(r1, &(0x7f0000000280)='./file0\x00', 0x2) lchown(&(0x7f00000002c0)='./file0\x00', 0xee01, 0x0) lchown(&(0x7f0000000300)='./file0\x00', 0xee01, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x200200, 0x10) r3 = openat(r2, &(0x7f0000000380)='./file0\x00', 0x3, 0x24) r4 = syz_open_dev$mouse(&(0x7f00000003c0), 0xff, 0x200) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, &(0x7f0000000400)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) ioctl$TUNSETTXFILTER(r5, 0x400454d1, &(0x7f0000000440)={0x1, 0x8, [@random="a40b4ed0d410", @empty, @empty, @random="5aaaa9c81c52", @local, @empty, @empty, @multicast]}) write$P9_RCREATE(r5, &(0x7f0000000480)={0x18, 0x73, 0x1, {{0x0, 0x4, 0x1}, 0x5}}, 0x18) ioctl$AUTOFS_DEV_IOCTL_READY(r4, 0xc0189376, &(0x7f00000004c0)={{0x1, 0x1, 0x18, r0, {0x200}}, './file0\x00'}) lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$FS_IOC_SETFSLABEL(r6, 0x41009432, &(0x7f00000005c0)="fbaae09c2ac85a68b844c02e925beb179e8a1ccbe3eae9adc32a770c0de7ee534f4d5757c1e4c3a84892adf41af3188833ed1486d1ab1f3cca611fbd36834ba91da7bbd3d698bcc124b754dea3070bc080a3e26d17805ff65a194accf314dbf329d32652fdfce5953bfee4701adb9bfe58fa694283aade83c55c9f679d9b12230a8bab2d5635da262d6fe5521d4f4b19b119615dacdbeaa64df96a6b842ab978e67b98e10285c95ca4dd7a961d9618fe89e1c663991e3a817ddbd236d0b938a92769296cd94c671a9e5cf6b5cb95983c69bedc024e5b07aaed499fd20334b0a75c169d71b7afe3797e6b937381b1fb65bb1392d4a2ef2435590602ad2a873c0d") write$binfmt_aout(r0, &(0x7f00000006c0)={{0x10b, 0x3, 0x4, 0x71, 0x2df, 0x10001, 0x35a, 0x5c7}, "ee642cc65889f2ffc738d9aca103843d343a45727cfb244ca78c6c9f2db7a89764cec8b763c921126a7950dc16a4b2919ce5b5b86f7607558458751d7a8efa7aac113acfd1969c021a08ae1e07a768df71484704f441c22b0c5c2583f80e9fb5058b78f17dd511cffd7994e3e0a639a5f5b25d9bd1cf574fe1cde739f24941f134f2b4a1e085674f4971c35aa959e7082d84ea8c03167bd6c145917283c3a0b3a46183488881d3a4", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xac8) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000011c0)={0x400, 0x1, 0x4, 0x100, 0x3, [{0x0, 0x9, 0x4, '\x00', 0x2081}, {0x3, 0x1, 0x7, '\x00', 0x7000}, {0x8, 0x9, 0x0, '\x00', 0x2000}]}) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000012c0), 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r7, 0xc018937d, &(0x7f0000001300)={{0x1, 0x1, 0x18, r6, {0x7}}, './file0\x00'}) perf_event_open(&(0x7f0000001380)={0x5, 0x80, 0x81, 0x0, 0x9a, 0x6, 0x0, 0xff, 0x40000, 0x3, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_bp={&(0x7f0000001340), 0x4}, 0x508, 0x9, 0x8000, 0x7, 0x6, 0x4, 0x0, 0x0, 0x7, 0x0, 0x9}, 0x0, 0xc, 0xffffffffffffffff, 0x2) 04:41:37 executing program 1: prctl$PR_SET_THP_DISABLE(0x29, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0x0) 04:41:37 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000080)={{r0}, 0x0, 0x12, @inherit={0x50, &(0x7f0000000000)={0x0, 0x1, 0x7f, 0x20, {0x20, 0x2, 0x1, 0x8, 0x23}, [0x200]}}, @devid}) syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000001080)) r1 = syz_open_dev$vcsu(&(0x7f00000010c0), 0x2, 0x20000) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000001100)) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000017c0), 0x612240, 0x0) fremovexattr(r2, &(0x7f0000001800)=@random={'user.', '-.+]/\\^\x00'}) r3 = syz_open_dev$sg(&(0x7f0000001840), 0x86, 0x400000) r4 = eventfd2(0xffff1a9d, 0x1) sendfile(r3, r4, 0x0, 0xcc8c537) ioctl$BTRFS_IOC_QUOTA_CTL(r2, 0xc0109428, &(0x7f0000001880)={0x1, 0x3}) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000018c0)=0x1, 0x4) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000001900)=""/89, &(0x7f0000001980)=0x59) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000001a00)={0x1, &(0x7f00000019c0)=[{0x8, 0x7f, 0xb9, 0x80000000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r5, 0x40082102, &(0x7f0000001a40)) ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000001a80)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000001ac0)={@in6={{0xa, 0x4e23, 0x1, @local, 0x1}}, 0x0, 0x0, 0xa, 0x0, "42cd61e8e0e88aee490584292b8df1ea681e13b9e8c20d313385c5091fa1bbb1f33caf8366917c78c9e6a185535ff290434fd9cc140ad1d35a3c5efff50cc909b66a60bb27e318158522975ec858b6b3"}, 0xd8) rename(&(0x7f0000001bc0)='./file0\x00', &(0x7f0000001c00)='./file0\x00') r7 = syz_open_dev$vcsn(&(0x7f0000001c40), 0x3, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r7, 0x6, 0xe, &(0x7f0000001c80)={@in6={{0xa, 0x4e24, 0x2, @mcast1, 0x400}}, 0x0, 0x0, 0x2, 0x0, "e1be71a5c8974b30824e7e48e828a5ce3a611238950a2f383e46681ace0f83430dbeab879a0a37d790939e723a99f577a9c9362ba873c52d11decf742e6f18853e9313ba97d5315fbd54029c03d948d4"}, 0xd8) 04:41:37 executing program 3: prctl$PR_GET_NAME(0x10, &(0x7f0000000000)=""/4096) prctl$PR_GET_NAME(0x10, &(0x7f0000001000)=""/85) prctl$PR_GET_NAME(0x10, &(0x7f0000001080)=""/18) prctl$PR_GET_NAME(0x10, &(0x7f00000010c0)=""/55) prctl$PR_GET_NAME(0x10, &(0x7f0000001100)=""/179) prctl$PR_GET_NAME(0x10, &(0x7f00000011c0)=""/219) prctl$PR_GET_NAME(0x10, &(0x7f00000012c0)=""/12) prctl$PR_GET_NAME(0x10, &(0x7f0000001300)=""/215) prctl$PR_GET_NAME(0x10, &(0x7f0000001400)=""/114) prctl$PR_GET_NAME(0x10, &(0x7f0000001480)=""/170) prctl$PR_GET_NAME(0x10, &(0x7f0000001540)=""/143) prctl$PR_GET_NAME(0x10, &(0x7f0000001600)=""/237) prctl$PR_GET_NAME(0x10, &(0x7f0000001700)=""/126) prctl$PR_GET_NAME(0x10, &(0x7f0000001780)) prctl$PR_GET_NAME(0x10, &(0x7f00000017c0)=""/96) prctl$PR_GET_NAME(0x10, &(0x7f0000001840)=""/185) prctl$PR_GET_NAME(0x10, &(0x7f0000001900)=""/60) prctl$PR_GET_NAME(0x10, &(0x7f0000001940)=""/164) prctl$PR_GET_NAME(0x10, &(0x7f0000001a00)=""/128) prctl$PR_GET_NAME(0x10, &(0x7f0000001a80)=""/47) 04:41:37 executing program 4: r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r0, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x58}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x62}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x41}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x39}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xffffffff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x30}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7f}]}, 0x68}, 0x1, 0x0, 0x0, 0x4094}, 0x41) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x84, r1, 0x200, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "5cc57f532aa97864fb2b36e2e742d63f83f9e7f00ca7604b"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "cebd57fb1676a5243d7db2aac6c6b72c5359ba592f3b0f3b"}], @NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x1c, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}], @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x84}, 0x1, 0x0, 0x0, 0x14}, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0xa0080000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x34, r1, 0x800, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xf0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xf0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}]}, 0x34}}, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000440), 0x2400c0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000007c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x852841}, 0xc, &(0x7f0000000780)={&(0x7f0000000540)={0x214, r3, 0x841ee7338898346, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x0, 0x65}}}}, [@NL80211_ATTR_TX_RATES={0x1c8, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x80, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x1d, 0x8, 0xb3, 0x101, 0x6, 0x628f]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x36, 0x2, 0xb, 0x4, 0x9, 0x60, 0x48, 0x30, 0xb, 0xc7, 0x1b, 0x2ea140b4f5125f14, 0x4, 0x60, 0xc, 0x16, 0x0, 0x12, 0x30, 0x30, 0x3c, 0xc, 0x6c, 0x4, 0x48]}, @NL80211_TXRATE_HT={0x3d, 0x2, [{0x7, 0xa}, {0x7, 0x1}, {0x2, 0x9}, {0x0, 0x7}, {0x4}, {0x1, 0xa}, {0x2, 0x2}, {0x2, 0x8}, {0x5, 0x7}, {0x5, 0x5}, {0x5, 0x8}, {0x6, 0x5}, {0x0, 0x9}, {0x1, 0x6}, {0x1, 0x2}, {0x2, 0x1}, {0x7, 0xa}, {0x4, 0x9}, {0x0, 0x6}, {0x3, 0x3}, {0x3, 0x6}, {0x6, 0x5}, {0x3, 0x2}, {0x2, 0x4}, {0x0, 0xc}, {0x6, 0x1}, {0x0, 0x8}, {0x6, 0x6}, {0x0, 0x7}, {0x1, 0x4}, {0x5, 0x1}, {0x4}, {0x0, 0x1}, {0x6, 0x6}, {0x5, 0x3}, {0x7}, {0x5, 0x1}, {0x0, 0x3}, {0x3, 0x7}, {0x5}, {0x7, 0x5}, {0x2, 0xa}, {0x0, 0x8}, {0x4, 0x5}, {0x6, 0x1}, {0x2, 0xa}, {0x6, 0x3}, {0x6, 0xa}, {0x5, 0x5}, {0x5, 0x8}, {0x7, 0x1}, {0x0, 0x3}, {0x1, 0x5}, {0x7, 0x4}, {0x3, 0x4}, {0x1, 0x3}, {0x7, 0x3}]}]}, @NL80211_BAND_5GHZ={0x50, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x9, 0x1, [0x6, 0x6, 0x1, 0xb, 0xc]}, @NL80211_TXRATE_HT={0x16, 0x2, [{0x7, 0x5}, {0x1, 0x8}, {0x0, 0x9}, {0x4, 0x6}, {}, {0x0, 0x4}, {0x3, 0x9}, {0x7, 0x2}, {0x6, 0x9}, {0x0, 0x3}, {0x7, 0x9}, {0x0, 0x9}, {0x7, 0x5}, {0x0, 0x8}, {0x6, 0x5}, {0x6, 0x3}, {0x3, 0x8}, {0x0, 0xf}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x40, 0x400, 0xdad, 0xffff, 0x3, 0xab1, 0x100, 0x6]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4a7, 0x5, 0xfff8, 0xfaa8, 0x3, 0x1000, 0x9, 0x7fff]}}]}, @NL80211_BAND_2GHZ={0x3c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x1ff, 0x8, 0x9998, 0x90, 0x7f, 0xfffd, 0x3ff, 0xfff]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x1, 0x5, 0xff81, 0x0, 0x8000, 0x1, 0xe30e]}}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0xc]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_5GHZ={0xa0, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x1c7, 0x1, 0x100, 0x73c, 0x3, 0x20, 0x1, 0x6]}}, @NL80211_TXRATE_HT={0x1e, 0x2, [{0x0, 0x9}, {0x0, 0x8}, {0x4, 0x8}, {0x7, 0x4}, {0x6, 0x5}, {0x6, 0xa}, {0x6}, {0x2, 0x2}, {0x7, 0xa}, {0x5, 0x3}, {0x0, 0xa}, {0x6, 0x9}, {0x1, 0x3}, {0x1, 0x4}, {0x0, 0x1}, {0x2, 0xa}, {0x1, 0x3}, {0x1, 0x3}, {0x0, 0x3}, {0x2, 0x6}, {0x7, 0x4}, {0x4, 0x7}, {0x6, 0xa}, {0x6, 0x6}, {0x0, 0x8}, {0x4, 0x4}]}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x16, 0x18, 0x6, 0x6, 0x12, 0x5, 0x16, 0xb, 0x2, 0x16]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x1, 0x5}, {0x2, 0x2}, {0x2, 0x2}, {0x0, 0x1}, {0x7, 0xa}, {0x4, 0x5}, {0x3, 0xa}, {0x2, 0x1}, {0x4, 0x1}, {0x0, 0xa}, {0x1}, {0x0, 0x3}, {0x0, 0x8}, {0x5, 0x2}, {0x5, 0x9}, {0x6, 0x3}, {0x3, 0x7}, {0x5, 0x8}, {0x1, 0x7}, {0x5, 0x8}, {0x1, 0x8}, {0x1, 0x3}, {0x6}, {0x7, 0x1}, {0x3, 0xa}, {0x4, 0xa}, {0x3, 0xa}, {0x5, 0x4}, {0x2, 0x8}, {0x6, 0x7}, {0x4, 0x3}, {0x5, 0x7}, {0x5, 0x4}, {0x1, 0x7}, {0x5, 0x7}, {0x0, 0xa}, {0x6, 0x3}, {0x2, 0xa}, {0x1, 0x5}, {0x3, 0x5}, {0x0, 0x3}, {0x6, 0x8}, {0x7}, {0x7, 0x5}]}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x0, 0x1, 0x18, 0x9, 0x18, 0x5, 0x60, 0x4, 0x9, 0x12, 0x3a, 0x9, 0x18, 0x18, 0x9, 0x30, 0x48, 0x36, 0x18, 0x5, 0x9, 0x6, 0x5, 0x6c, 0x36, 0x12, 0x30, 0x1]}]}, @NL80211_BAND_60GHZ={0x18, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0xcd, 0xff, 0x0, 0x4, 0x4, 0x508, 0x1000]}}]}]}, @NL80211_ATTR_BSS_BASIC_RATES={0x23, 0x24, [{0x3}, {0x3, 0x1}, {0x6c}, {0x24}, {0xc, 0x1}, {0x60}, {0x9, 0x1}, {0x30, 0x1}, {0x1, 0x1}, {0xc, 0x1}, {0x30, 0x1}, {0x24}, {0x6c, 0x1}, {0x3, 0x1}, {0x30}, {0x1, 0x1}, {0x3, 0x1}, {0x36, 0x1}, {0x9}, {0x6, 0x1}, {0x12, 0x1}, {0x60, 0x1}, {0x18}, {0x6}, {0x3, 0x1}, {0xb}, {0x36}, {0x48}, {0xb, 0x1}, {0x1}, {0x1b, 0x1}]}]}, 0x214}, 0x1, 0x0, 0x0, 0x20000010}, 0x4) r5 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000800), 0x100000, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r5, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x60, 0x0, 0x300, 0x70bd2d, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8881}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000009c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r2, &(0x7f0000000a80)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x28, r1, 0x800, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x7f, 0x58}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20040840}, 0x8000) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), r2) sendmsg$NL80211_CMD_LEAVE_IBSS(r2, &(0x7f0000000bc0)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x14, r7, 0x20, 0x70bd25, 0x25dfdbfb, {{}, {@void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000c40), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r2, &(0x7f0000000d00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x14, r8, 0x200, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4004808}, 0x0) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000e00)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x28, r7, 0x400, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x7, 0x45}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x2d1}]}, 0x28}, 0x1, 0x0, 0x0, 0x24040001}, 0x20040001) sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000f00)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x30, r3, 0x800, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x1d}, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x401, 0x1b}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x48000}, 0x54844) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000f40)={'wlan1\x00'}) 04:41:37 executing program 5: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x48002, 0x0) fallocate(r0, 0x10, 0x2, 0x81) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xa202, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)={0x7, 0x100000000, 0x3, 0x81, 0xbae8, 0x5}) ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000100)={0x0, 0x1000, 0x9, 0xffffffffffffff7f, 0x6, 0x6}) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7, 0x3}}, './file1\x00'}) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r2, 0x4018f50b, &(0x7f0000000180)={0x0, 0x9, 0x6}) sendmsg(r2, &(0x7f0000000600)={&(0x7f00000001c0)=@vsock={0x28, 0x0, 0xffffffff}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000240)="32ea22db628a5ea46c3e25c06e69176a624641838eda9552f21150b690cefbc72fa2383905e2c73cf8f5b7fae34332711fe1dd6e8f727f30bbbf9f7c1fc50666b01caed24a3fbaecede1a08277a6d48bd14c2965124d59011951994cd607ef5426a86bacc4c9a3d833848652fc519e6ef6d9872f3f4fee657e4c8745097de2ac7ea17e441d8421ef4ca86a8fa17012f4a8303e5092ab429a9002b8de48635f03d7d7ceb10e042790e4f779e4d9b858c58f3ed6a16da71e46a5dfd571b24d51b393328d579a", 0xc5}, {&(0x7f0000000340)="47c2592879d782c1bcebd7fb73c6481e7ea89562e4d08529402efbfd29e91f6fe5fd9e62ff2a030185ceab847a781d702ae299789ae1dc846d63e76087900c40feea3882b2cdc592f3ec7313cfb2888110cc2d7899478bb00d51b672da5e00a63c21f9278c", 0x65}], 0x2, &(0x7f0000000400)=[{0x20, 0x1, 0x6c2, "58ba060a38077e69e7"}, {0xa8, 0x0, 0x4, "7b323555d98013da3ae0d8cd2d60e11fe3ea6c84c4fbe29165a346cb1e7eee209cc4c6e373cccc9e2e7098307b13855fcab2e3563601aac2217f090cc7542e7b405a7edfd54c7eb375ce315399bc699836cc9d316b91a74e3fe3a75f4c34ef1327c08a7535ad9b5fa34e5f71a73669a0b11789a2562dd58204fc2a74bcc03721ca34efdcf4a295059ab7b1fcb90d3d2af4844c05978556"}, {0x80, 0x10c, 0xffffffc1, "e8cbba31ffb4edcae4610fda3a03e6d7b460c2c0a6fcf61744c49700ad2cb2f97ac32260310472124b998a7386730f01e05e25916cda33c288f11b32e0e5896f11c3373a13900ea810756475731ec6ee3921bab443f76b354c22f59b57dc6d767ac1ee547e80d47f758d"}, {0x90, 0x10f, 0x8, "185fa0463745cb4466256efa5f594ed5a3b55ad79a1a451dc2d4fecbc53a09c493e66b7b73ad84a441a82073c9b5326682c1fc29d2cdbbde97ef2dc91f8f396b941551a8f96d483be55f32b07fc493c1a0d8307e663b8815bc926d4e3fd985cfe329a15cc245a560793846c9f1449254cf8c4134f29f6db5c249790c601692e2"}], 0x1d8}, 0x40) r3 = openat$cgroup_ro(r2, &(0x7f0000000640)='cgroup.kill\x00', 0x0, 0x0) r4 = ioctl$TIOCGPTPEER(r3, 0x5441, 0x40) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f0000000680)={0x80000000, 0x1, 0x4, 0x80000000, 0xfff, 0xfe00}) r5 = socket$netlink(0x10, 0x3, 0x14) fadvise64(r5, 0xb92, 0x7ff, 0x5) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000006c0)="675791e497dc6f061629a662fe3f3df5078702ed3eb703864c3b1fa1b7f5b1dd4a68b9354c46d73a8ec2f6d8951c9849595f008bf69cdce6d776194dfb6a0f13", 0x40) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000700), 0x20801, 0x0) ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000740)="3711cd4506493369734b6de37f09db8d2c2651e4f6ac6156f865e7a44efd555c25da8375e01b0b77b4407c591d7048a570125c8f7cca9c07b4d4d8990889201bad1041294e59dfc907b1df59e00fd66338b2f865407058285fca79122e753cdeba6cb1c5e6") sendmsg$GTP_CMD_NEWPDP(r4, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x28, 0x0, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@GTPA_FLOW={0x6}, @GTPA_TID={0xc, 0x3, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040}, 0xc011) recvmsg$unix(r2, &(0x7f0000001e80)={&(0x7f00000008c0), 0x6e, &(0x7f0000001dc0)=[{&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000001940)=""/60, 0x3c}, {&(0x7f0000001980)=""/38, 0x26}, {&(0x7f00000019c0)=""/8, 0x8}, {&(0x7f0000001a00)=""/170, 0xaa}, {&(0x7f0000001ac0)=""/189, 0xbd}, {&(0x7f0000001b80)=""/169, 0xa9}, {&(0x7f0000001c40)=""/154, 0x9a}, {&(0x7f0000001d00)=""/5, 0x5}, {&(0x7f0000001d40)=""/91, 0x5b}], 0xa}, 0x2142) [ 75.294330] audit: type=1400 audit(1664772097.551:6): avc: denied { execmem } for pid=289 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 04:41:37 executing program 7: r0 = semget(0x1, 0x2, 0x0) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000000)=""/163) semctl$SETALL(r0, 0x0, 0x11, &(0x7f00000000c0)=[0x4]) r1 = semget$private(0x0, 0x0, 0x702) semctl$IPC_RMID(r1, 0x0, 0x0) semctl$SEM_INFO(r0, 0x0, 0x13, &(0x7f0000000100)=""/173) r2 = semget(0x1, 0x3, 0x104) semctl$IPC_RMID(r2, 0x0, 0x0) semtimedop(r2, &(0x7f00000001c0)=[{0x0, 0x6, 0x800}, {0x1, 0x6}, {0x4, 0x5, 0x1800}, {0x4, 0x2, 0x1c00}], 0x4, &(0x7f0000000200)={0x0, 0x989680}) r3 = semget(0x3, 0x1, 0x200) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000240)=[{0x1, 0x7, 0x800}, {0x0, 0x6, 0x1000}, {0x4, 0x7f}, {0x1, 0x4, 0x1800}, {0x3, 0x2, 0x1000}, {0x4, 0x3f, 0x800}], 0x6, &(0x7f00000002c0)={r4, r5+60000000}) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000300)=""/123) clock_gettime(0x0, &(0x7f00000003c0)={0x0, 0x0}) io_getevents(0x0, 0x9, 0x2, &(0x7f0000000380)=[{}, {}], &(0x7f0000000400)={r6, r7+60000000}) semctl$SEM_INFO(r1, 0x2, 0x13, &(0x7f0000000440)=""/239) semctl$IPC_RMID(r2, 0x0, 0x0) r8 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r9 = eventfd(0x3) io_submit(0x0, 0x9, &(0x7f0000000d00)=[&(0x7f0000000640)={0x0, 0x0, 0x0, 0x7, 0x8, 0xffffffffffffffff, &(0x7f0000000540)="7edc965f5ba71a941b605152f640b795e187cdedb60a2ed96f5628878a8c573e51b21325436f1ae5e170b49048ab5b361a8ea54e873d5fbfa75cc444760a78dae1bb2d612da769bf0da853841d0bc61792e0763c1a161ccfeec2eaec659a273de1358dbb5a27ca1f49a2268d74017d9a5b9f06df8fcdebbf69be055ba8709a8ceb5edbdd609512ef6d7c7c186893800a3a20bb20813991630fcc7bcf9927fcdf05b20f207a7789cee595a3773f52f0db2dea7e57ae19271d4bcdfc9f70a68ab4913283edf906660ad8b49b", 0xcb, 0x9, 0x0, 0x2, r8}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x5, 0x4, 0xffffffffffffffff, &(0x7f0000000680)="f3caf817cf7a51baea3813372b81010736ff7afc25e8502f3078e76a84e77b12f452f9e8a7e6e8b5d180fcbc544cc2f551b2fe6f83b6941e2aa3", 0x3a, 0x80000000, 0x0, 0x1}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0xc105b9fe89f3ed38, 0x0, 0xffffffffffffffff, &(0x7f0000000700)="7c503dccbeece433c13c5f661d099fac9acc5a1fba8492d7398a28ffa76e18585041a6bbf076d0d10ba3cb0bec1028dc4116042c0433d892da3294b2c73eb29b2e013ebcb6ef5ec44d7e97f0d50810829495687f45b8d65e5eee06b96b5f85c3276637dc7badc8a33f8bc4f61ddb6e9090d5cca640df6ce2a955089027e3aa0292a6b6eec70c710fe2c291100e3ceafe1b2857f4cb9577326a68437715c5f426bbf68919dcc512f30b9a09213397d39e702b8609573ae5eda6765d75b368c5b1657e5f1650f9ca20990dda5748ea028ffb370c833f350ea5f932b938fe48f560e4ed3a517c7bb160795364ccb2f8eeba5e", 0xf1, 0xffff, 0x0, 0x2}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, &(0x7f0000000840)="c6ba8e2915714be20f02c354e5ab12c2e4894cb06c6ec153fac905d2ee664bacea5fb0f253494cd0cf39055a7b367c0eb94d0794c25930fec04482865cc87d07f0a5c3bbb106f1d7fe457e82cd1a6df6b894ebaa61e0357ecf664df4abdef9472343466a54c4099bd84e96317416da6c5841843268253ad2187e0ebe1e814817ab", 0x81, 0x52e93ba3, 0x0, 0x2}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, &(0x7f0000000940)="ee77202964577b1a729d6600d0d582cc47fe9272baacf0035443494e89f62b50a49e0b3da4e0f6898eee254882b66f5bb68ded4635f7b42733e28457e85eda66f73611a9c34dfedf8c8afa223301833d3c2cf74bf8dc50401b1fe34bb54b1af52b5346b74b7e62344133c10033d79b4030ed883ebb44710c620974f12c9272961b1c76dacc787bc539cea2f8fe79ac370305b15a25825acf227a10824e4448adb0c82d042ad8bba59d72cba09e3c51ad452f43bdea51cff88ecf110c08e422aeca52c60e525765ece6dcee53c235a8ef6c478ad637faa6d8d60119bdca750de00d64", 0xe2, 0x1ff, 0x0, 0x1}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x6, 0x7ff, r9, &(0x7f0000000a80)="ef97e2f3dc29c12382c8e8da02706ba043548ba3820e074eb4baa6ea", 0x1c, 0x3, 0x0, 0x1}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x6, 0x8b, 0xffffffffffffffff, &(0x7f0000000b00)="8600ef4ac657952520fb51af534da1aa40ec0a6e3c60c6c0da025041cfbe6fb1a89757aa", 0x24, 0x50}, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x9, 0x8000, 0xffffffffffffffff, &(0x7f0000000b80)="35bc1fe248cff9b2b6a8ba4e1e98902ba5981b839f1992f215d1b228e57993aaf15968b2120031ab9fabbcbe164d13299c43c909349f19e2be57b42637f646192e813adb25ae2ae54374061dff91dfc60d3e9b12023a71dff99f0cc6a436cc6888d5cd0863915f1d00206888900ca3593bc46ca75378cd2c1dc22c4c1aaea3c443a63210d8021022873774c710c79a922762f7f2d930ba50424cf148f47e92451b961966", 0xa4, 0x2, 0x0, 0x6e22c4c7a24e5c6d}, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x3, 0x4, 0xffffffffffffffff, &(0x7f0000000c80)="c2602aa8c6f4805a6be556898a5abc0338801629c3d5ae", 0x17, 0x1, 0x0, 0x3}]) 04:41:37 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x42400, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x0, 0x9, 0x201, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x80}}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x2}}, @NFCTH_STATUS={0x8}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x8}]}, 0x48}}, 0x4040080) preadv(r0, &(0x7f0000000280)=[{&(0x7f0000000180)=""/237, 0xed}], 0x1, 0x6, 0xfffffffd) pread64(r0, &(0x7f00000002c0)=""/122, 0x7a, 0x40) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f0000000340)) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000380)='syz1\x00', 0x200002, 0x0) r3 = pidfd_getfd(r0, r2, 0x0) ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f00000003c0)={0x0, {}, 0x0, {}, 0x4, 0x6, 0xa, 0x18, "6abb2b571ce34b4fae74f2369d2b02ae6d832e985dfdca60a3908ecba1d26e730abd41b253fcd670f58be0eb45b46dc7615db4a593bcb137684718bf6aa9b7c0", "a7608b9fde7851b8c0e72aa8e0aec3aba6dabdf0735f133c30eb478004dde2f7", [0x1]}) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r3, 0xf503, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0x2, 0x8c, 0xf5, 0xe9, 0x0, 0x7, 0x8024d, 0x9, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000480), 0x6}, 0x300, 0x7, 0x1, 0x2, 0xffffffffffffff81, 0x7fff0, 0x2, 0x0, 0x7f, 0x0, 0xffffffffffffff78}, 0x0, 0x8, r3, 0x9) recvmmsg$unix(r3, &(0x7f0000003a00)=[{{&(0x7f0000000540), 0x6e, &(0x7f0000000600)=[{&(0x7f00000005c0)=""/25, 0x19}], 0x1, &(0x7f0000000640)=[@cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}], 0x88}}, {{&(0x7f0000000700), 0x6e, &(0x7f0000000940)=[{&(0x7f0000000780)=""/54, 0x36}, {&(0x7f00000007c0)=""/118, 0x76}, {&(0x7f0000000840)=""/57, 0x39}, {&(0x7f0000000880)=""/69, 0x45}, {&(0x7f0000000900)=""/13, 0xd}], 0x5}}, {{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000019c0)=""/63, 0x3f}, {&(0x7f0000001a00)=""/238, 0xee}, {&(0x7f0000001b00)=""/95, 0x5f}], 0x4}}, {{&(0x7f0000001bc0)=@abs, 0x6e, &(0x7f0000001fc0)=[{&(0x7f0000001c40)=""/227, 0xe3}, {&(0x7f0000001d40)=""/185, 0xb9}, {&(0x7f0000001e00)=""/12, 0xc}, {&(0x7f0000001e40)=""/116, 0x74}, {&(0x7f0000001ec0)=""/234, 0xea}], 0x5, &(0x7f0000002040)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}, {{&(0x7f00000020c0), 0x6e, &(0x7f0000003300)=[{&(0x7f0000002140)=""/100, 0x64}, {&(0x7f00000021c0)=""/136, 0x88}, {&(0x7f0000002280)=""/4096, 0x1000}, {&(0x7f0000003280)=""/124, 0x7c}], 0x4, &(0x7f0000003340)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000003380)=@abs, 0x6e, &(0x7f0000003800)=[{&(0x7f0000003400)=""/232, 0xe8}, {&(0x7f0000003500)=""/213, 0xd5}, {&(0x7f0000003600)=""/187, 0xbb}, {&(0x7f00000036c0)=""/98, 0x62}, {&(0x7f0000003740)=""/155, 0x9b}], 0x5, &(0x7f0000003880)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x158}}], 0x6, 0x0, &(0x7f0000003b80)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000003bc0)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r1, 0x5000943f, &(0x7f0000003dc0)={{r4}, r8, 0x6, @unused=[0x7fff, 0xffffffffffff0000, 0x5, 0x10001], @devid}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r6, 0xc0709411, &(0x7f0000004dc0)={{r7, 0x1, 0x7, 0x80, 0xb83, 0x3, 0x4000000000000, 0x2e, 0xf1, 0x1, 0x0, 0xe8c1, 0x1, 0x7f, 0x200}, 0x18, [0x0, 0x0, 0x0]}) r9 = openat$urandom(0xffffffffffffff9c, &(0x7f0000004e80), 0xb0982, 0x0) sendfile(r9, r5, &(0x7f0000004ec0)=0x8, 0x80000001) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000004f00)) fsetxattr(r0, &(0x7f0000005100)=@known='com.apple.FinderInfo\x00', &(0x7f0000005140)='-\x00', 0x2, 0x0) [ 76.565600] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.568535] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.570109] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.574009] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.576161] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.578280] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.588002] Bluetooth: hci0: HCI_REQ-0x0c1a [ 76.622965] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.625283] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.627156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.630256] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.632645] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.634084] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.639158] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.640333] Bluetooth: hci3: HCI_REQ-0x0c1a [ 76.646330] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.648608] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.652986] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.655268] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 76.657159] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.669148] Bluetooth: hci4: HCI_REQ-0x0c1a [ 76.677746] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.683863] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.687074] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.692355] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.694197] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 76.700893] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 76.706183] Bluetooth: hci5: HCI_REQ-0x0c1a [ 76.715188] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.716659] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.718137] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 76.719726] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.722575] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.724490] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.726799] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.731858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.733264] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.735659] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 76.738970] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.740533] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 76.742476] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.744007] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.746742] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.756632] Bluetooth: hci2: HCI_REQ-0x0c1a [ 76.757659] Bluetooth: hci1: HCI_REQ-0x0c1a [ 76.764524] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 76.794698] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 76.798807] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 76.807735] Bluetooth: hci6: HCI_REQ-0x0c1a [ 78.646504] Bluetooth: hci0: command 0x0409 tx timeout [ 78.709980] Bluetooth: hci5: command 0x0409 tx timeout [ 78.710050] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 78.710791] Bluetooth: hci4: command 0x0409 tx timeout [ 78.712541] Bluetooth: hci3: command 0x0409 tx timeout [ 78.773573] Bluetooth: hci1: command 0x0409 tx timeout [ 78.774595] Bluetooth: hci2: command 0x0409 tx timeout [ 78.837487] Bluetooth: hci6: command 0x0409 tx timeout [ 80.694834] Bluetooth: hci0: command 0x041b tx timeout [ 80.757576] Bluetooth: hci4: command 0x041b tx timeout [ 80.758381] Bluetooth: hci3: command 0x041b tx timeout [ 80.759241] Bluetooth: hci5: command 0x041b tx timeout [ 80.821572] Bluetooth: hci2: command 0x041b tx timeout [ 80.822349] Bluetooth: hci1: command 0x041b tx timeout [ 80.885464] Bluetooth: hci6: command 0x041b tx timeout [ 82.742464] Bluetooth: hci0: command 0x040f tx timeout [ 82.805552] Bluetooth: hci5: command 0x040f tx timeout [ 82.805579] Bluetooth: hci3: command 0x040f tx timeout [ 82.806030] Bluetooth: hci4: command 0x040f tx timeout [ 82.869452] Bluetooth: hci1: command 0x040f tx timeout [ 82.869896] Bluetooth: hci2: command 0x040f tx timeout [ 82.934461] Bluetooth: hci6: command 0x040f tx timeout [ 83.893452] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 84.790489] Bluetooth: hci0: command 0x0419 tx timeout [ 84.853441] Bluetooth: hci4: command 0x0419 tx timeout [ 84.853871] Bluetooth: hci3: command 0x0419 tx timeout [ 84.854265] Bluetooth: hci5: command 0x0419 tx timeout [ 84.918452] Bluetooth: hci2: command 0x0419 tx timeout [ 84.918872] Bluetooth: hci1: command 0x0419 tx timeout [ 84.982498] Bluetooth: hci6: command 0x0419 tx timeout [ 86.640346] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 86.642413] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 86.644739] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 86.650591] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 86.656524] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 86.658497] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 86.668226] Bluetooth: hci7: HCI_REQ-0x0c1a [ 88.694570] Bluetooth: hci7: command 0x0409 tx timeout [ 90.742516] Bluetooth: hci7: command 0x041b tx timeout [ 92.789608] Bluetooth: hci7: command 0x040f tx timeout [ 94.838466] Bluetooth: hci7: command 0x0419 tx timeout 04:42:31 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000000, 0x81}, 0x703, 0x0, 0x0, 0x9, 0x7}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x0, 0x12) sendfile(0xffffffffffffffff, r0, 0x0, 0x7fffffff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) sendfile(r2, r1, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000100000033ffde00", @ANYRES32=r1, @ANYBLOB='B\x00\x00\x00\x00\x00\x00\x00./file1\x00']) openat(r1, &(0x7f0000000140)='./file1\x00', 0x1, 0x42) r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r3, &(0x7f00000011c0), 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fcntl$dupfd(r3, 0x0, r4) write(r4, &(0x7f0000000080)="01", 0x41030) close(r4) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000000040)=ANY=[]) r5 = creat(&(0x7f0000000100)='./file0/file0\x00', 0xa) openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x8000, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r5, 0xf501, 0x0) [ 129.047565] audit: type=1400 audit(1664772151.303:7): avc: denied { open } for pid=3669 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 129.054257] audit: type=1400 audit(1664772151.303:8): avc: denied { kernel } for pid=3669 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 129.071113] ------------[ cut here ]------------ [ 129.071137] [ 129.071141] ====================================================== [ 129.071145] WARNING: possible circular locking dependency detected [ 129.071149] 6.0.0-rc7-next-20220930 #1 Not tainted [ 129.071156] ------------------------------------------------------ [ 129.071159] syz-executor.1/3671 is trying to acquire lock: [ 129.071165] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 129.071207] [ 129.071207] but task is already holding lock: [ 129.071210] ffff88800f3d2420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 129.071237] [ 129.071237] which lock already depends on the new lock. [ 129.071237] [ 129.071240] [ 129.071240] the existing dependency chain (in reverse order) is: [ 129.071244] [ 129.071244] -> #3 (&ctx->lock){....}-{2:2}: [ 129.071257] _raw_spin_lock+0x2a/0x40 [ 129.071269] __perf_event_task_sched_out+0x53b/0x18d0 [ 129.071280] __schedule+0xedd/0x2470 [ 129.071294] schedule+0xda/0x1b0 [ 129.071307] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.071320] syscall_exit_to_user_mode+0x19/0x40 [ 129.071333] do_syscall_64+0x48/0x90 [ 129.071351] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.071364] [ 129.071364] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 129.071377] _raw_spin_lock_nested+0x30/0x40 [ 129.071390] raw_spin_rq_lock_nested+0x1e/0x30 [ 129.071404] task_fork_fair+0x63/0x4d0 [ 129.071421] sched_cgroup_fork+0x3d0/0x540 [ 129.071435] copy_process+0x4183/0x6e20 [ 129.071446] kernel_clone+0xe7/0x890 [ 129.071455] user_mode_thread+0xad/0xf0 [ 129.071465] rest_init+0x24/0x250 [ 129.071477] arch_call_rest_init+0xf/0x14 [ 129.071495] start_kernel+0x4c6/0x4eb [ 129.071511] secondary_startup_64_no_verify+0xe0/0xeb [ 129.071525] [ 129.071525] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 129.071538] _raw_spin_lock_irqsave+0x39/0x60 [ 129.071550] try_to_wake_up+0xab/0x1930 [ 129.071563] up+0x75/0xb0 [ 129.071577] __up_console_sem+0x6e/0x80 [ 129.071593] console_unlock+0x46a/0x590 [ 129.071609] vprintk_emit+0x1bd/0x560 [ 129.071624] vprintk+0x84/0xa0 [ 129.071640] _printk+0xba/0xf1 [ 129.071652] kauditd_hold_skb.cold+0x3f/0x4e [ 129.071670] kauditd_send_queue+0x233/0x290 [ 129.071685] kauditd_thread+0x5f9/0x9c0 [ 129.071698] kthread+0x2ed/0x3a0 [ 129.071713] ret_from_fork+0x22/0x30 [ 129.071725] [ 129.071725] -> #0 ((console_sem).lock){....}-{2:2}: [ 129.071738] __lock_acquire+0x2a02/0x5e70 [ 129.071755] lock_acquire+0x1a2/0x530 [ 129.071771] _raw_spin_lock_irqsave+0x39/0x60 [ 129.071781] down_trylock+0xe/0x70 [ 129.071796] __down_trylock_console_sem+0x3b/0xd0 [ 129.071819] vprintk_emit+0x16b/0x560 [ 129.071835] vprintk+0x84/0xa0 [ 129.071851] _printk+0xba/0xf1 [ 129.071861] report_bug.cold+0x72/0xab [ 129.071877] handle_bug+0x3c/0x70 [ 129.071893] exc_invalid_op+0x14/0x50 [ 129.071909] asm_exc_invalid_op+0x16/0x20 [ 129.071922] group_sched_out.part.0+0x2c7/0x460 [ 129.071940] ctx_sched_out+0x8f1/0xc10 [ 129.071956] __perf_event_task_sched_out+0x6d0/0x18d0 [ 129.071967] __schedule+0xedd/0x2470 [ 129.071981] schedule+0xda/0x1b0 [ 129.071994] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.072004] syscall_exit_to_user_mode+0x19/0x40 [ 129.072017] do_syscall_64+0x48/0x90 [ 129.072033] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.072045] [ 129.072045] other info that might help us debug this: [ 129.072045] [ 129.072048] Chain exists of: [ 129.072048] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 129.072048] [ 129.072063] Possible unsafe locking scenario: [ 129.072063] [ 129.072065] CPU0 CPU1 [ 129.072067] ---- ---- [ 129.072070] lock(&ctx->lock); [ 129.072075] lock(&rq->__lock); [ 129.072082] lock(&ctx->lock); [ 129.072088] lock((console_sem).lock); [ 129.072094] [ 129.072094] *** DEADLOCK *** [ 129.072094] [ 129.072096] 2 locks held by syz-executor.1/3671: [ 129.072102] #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 129.072131] #1: ffff88800f3d2420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 129.072157] [ 129.072157] stack backtrace: [ 129.072160] CPU: 1 PID: 3671 Comm: syz-executor.1 Not tainted 6.0.0-rc7-next-20220930 #1 [ 129.072173] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 129.072180] Call Trace: [ 129.072184] [ 129.072188] dump_stack_lvl+0x8b/0xb3 [ 129.072206] check_noncircular+0x263/0x2e0 [ 129.072222] ? format_decode+0x26c/0xb50 [ 129.072239] ? print_circular_bug+0x450/0x450 [ 129.072256] ? simple_strtoul+0x30/0x30 [ 129.072270] ? __lockdep_reset_lock+0x180/0x180 [ 129.072287] ? format_decode+0x26c/0xb50 [ 129.072304] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 129.072321] __lock_acquire+0x2a02/0x5e70 [ 129.072342] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 129.072365] lock_acquire+0x1a2/0x530 [ 129.072381] ? down_trylock+0xe/0x70 [ 129.072398] ? lock_release+0x750/0x750 [ 129.072415] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 129.072436] ? vprintk+0x84/0xa0 [ 129.072453] _raw_spin_lock_irqsave+0x39/0x60 [ 129.072464] ? down_trylock+0xe/0x70 [ 129.072480] down_trylock+0xe/0x70 [ 129.072496] ? vprintk+0x84/0xa0 [ 129.072513] __down_trylock_console_sem+0x3b/0xd0 [ 129.072530] vprintk_emit+0x16b/0x560 [ 129.072546] ? lock_downgrade+0x6d0/0x6d0 [ 129.072565] vprintk+0x84/0xa0 [ 129.072582] _printk+0xba/0xf1 [ 129.072593] ? record_print_text.cold+0x16/0x16 [ 129.072607] ? hrtimer_try_to_cancel+0x163/0x2c0 [ 129.072621] ? lock_downgrade+0x6d0/0x6d0 [ 129.072639] ? report_bug.cold+0x66/0xab [ 129.072656] ? group_sched_out.part.0+0x2c7/0x460 [ 129.072675] report_bug.cold+0x72/0xab [ 129.072693] handle_bug+0x3c/0x70 [ 129.072710] exc_invalid_op+0x14/0x50 [ 129.072728] asm_exc_invalid_op+0x16/0x20 [ 129.072741] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 129.072761] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 129.072772] RSP: 0018:ffff88803afcfc48 EFLAGS: 00010006 [ 129.072781] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 129.072789] RDX: ffff88801d571ac0 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 129.072796] RBP: ffff88803afd05c8 R08: 0000000000000005 R09: 0000000000000001 [ 129.072804] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800f3d2400 [ 129.072811] R13: ffff88806cf3d2c0 R14: ffffffff8547d160 R15: 0000000000000002 [ 129.072822] ? group_sched_out.part.0+0x2c7/0x460 [ 129.072841] ? group_sched_out.part.0+0x2c7/0x460 [ 129.072861] ctx_sched_out+0x8f1/0xc10 [ 129.072880] __perf_event_task_sched_out+0x6d0/0x18d0 [ 129.072894] ? lock_is_held_type+0xd7/0x130 [ 129.072908] ? __perf_cgroup_move+0x160/0x160 [ 129.072918] ? set_next_entity+0x304/0x550 [ 129.072936] ? update_curr+0x267/0x740 [ 129.072954] ? lock_is_held_type+0xd7/0x130 [ 129.072968] __schedule+0xedd/0x2470 [ 129.072985] ? io_schedule_timeout+0x150/0x150 [ 129.073001] ? trace_rcu_dyntick+0x1a7/0x250 [ 129.073020] schedule+0xda/0x1b0 [ 129.073035] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.073047] syscall_exit_to_user_mode+0x19/0x40 [ 129.073061] do_syscall_64+0x48/0x90 [ 129.073079] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.073092] RIP: 0033:0x7f4936d6ab19 [ 129.073100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.073110] RSP: 002b:00007f49342e0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.073121] RAX: 0000000000000001 RBX: 00007f4936e7df68 RCX: 00007f4936d6ab19 [ 129.073128] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4936e7df6c [ 129.073135] RBP: 00007f4936e7df60 R08: 000000000000000e R09: 0000000000000000 [ 129.073142] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f4936e7df6c [ 129.073149] R13: 00007ffde087d15f R14: 00007f49342e0300 R15: 0000000000022000 [ 129.073162] [ 129.132028] WARNING: CPU: 1 PID: 3671 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 129.132727] Modules linked in: [ 129.132975] CPU: 1 PID: 3671 Comm: syz-executor.1 Not tainted 6.0.0-rc7-next-20220930 #1 [ 129.133586] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 129.134436] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 129.134860] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 129.136236] RSP: 0018:ffff88803afcfc48 EFLAGS: 00010006 [ 129.136637] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 129.137170] RDX: ffff88801d571ac0 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 129.137706] RBP: ffff88803afd05c8 R08: 0000000000000005 R09: 0000000000000001 [ 129.138243] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800f3d2400 [ 129.138781] R13: ffff88806cf3d2c0 R14: ffffffff8547d160 R15: 0000000000000002 [ 129.139326] FS: 00007f49342e0700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 129.139937] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.140380] CR2: 00007f4936e7a000 CR3: 0000000040444000 CR4: 0000000000350ee0 [ 129.140909] Call Trace: [ 129.141109] [ 129.141290] ctx_sched_out+0x8f1/0xc10 [ 129.141605] __perf_event_task_sched_out+0x6d0/0x18d0 [ 129.142008] ? lock_is_held_type+0xd7/0x130 [ 129.142337] ? __perf_cgroup_move+0x160/0x160 [ 129.142677] ? set_next_entity+0x304/0x550 [ 129.142997] ? update_curr+0x267/0x740 [ 129.143302] ? lock_is_held_type+0xd7/0x130 [ 129.143630] __schedule+0xedd/0x2470 [ 129.143934] ? io_schedule_timeout+0x150/0x150 [ 129.144285] ? trace_rcu_dyntick+0x1a7/0x250 [ 129.144636] schedule+0xda/0x1b0 [ 129.144899] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.145271] syscall_exit_to_user_mode+0x19/0x40 [ 129.145640] do_syscall_64+0x48/0x90 [ 129.145935] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.146326] RIP: 0033:0x7f4936d6ab19 [ 129.146609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.147981] RSP: 002b:00007f49342e0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.148547] RAX: 0000000000000001 RBX: 00007f4936e7df68 RCX: 00007f4936d6ab19 [ 129.149084] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4936e7df6c [ 129.149634] RBP: 00007f4936e7df60 R08: 000000000000000e R09: 0000000000000000 [ 129.150173] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f4936e7df6c [ 129.150707] R13: 00007ffde087d15f R14: 00007f49342e0300 R15: 0000000000022000 [ 129.151245] [ 129.151427] irq event stamp: 1230 [ 129.151686] hardirqs last enabled at (1229): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 129.152415] hardirqs last disabled at (1230): [] __schedule+0x1225/0x2470 [ 129.153044] softirqs last enabled at (982): [] __irq_exit_rcu+0x11b/0x180 [ 129.153672] softirqs last disabled at (853): [] __irq_exit_rcu+0x11b/0x180 [ 129.154312] ---[ end trace 0000000000000000 ]--- [ 129.495573] loop1: detected capacity change from 0 to 256 [ 129.504688] FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 129.723940] FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 04:42:31 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000000, 0x81}, 0x703, 0x0, 0x0, 0x9, 0x7}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x0, 0x12) sendfile(0xffffffffffffffff, r0, 0x0, 0x7fffffff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) sendfile(r2, r1, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000100000033ffde00", @ANYRES32=r1, @ANYBLOB='B\x00\x00\x00\x00\x00\x00\x00./file1\x00']) openat(r1, &(0x7f0000000140)='./file1\x00', 0x1, 0x42) r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r3, &(0x7f00000011c0), 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fcntl$dupfd(r3, 0x0, r4) write(r4, &(0x7f0000000080)="01", 0x41030) close(r4) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000000040)=ANY=[]) r5 = creat(&(0x7f0000000100)='./file0/file0\x00', 0xa) openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x8000, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r5, 0xf501, 0x0) [ 130.133923] loop1: detected capacity change from 0 to 256 04:42:32 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000000, 0x81}, 0x703, 0x0, 0x0, 0x9, 0x7}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x0, 0x12) sendfile(0xffffffffffffffff, r0, 0x0, 0x7fffffff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) sendfile(r2, r1, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000100000033ffde00", @ANYRES32=r1, @ANYBLOB='B\x00\x00\x00\x00\x00\x00\x00./file1\x00']) openat(r1, &(0x7f0000000140)='./file1\x00', 0x1, 0x42) r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r3, &(0x7f00000011c0), 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fcntl$dupfd(r3, 0x0, r4) write(r4, &(0x7f0000000080)="01", 0x41030) close(r4) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000000040)=ANY=[]) r5 = creat(&(0x7f0000000100)='./file0/file0\x00', 0xa) openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x8000, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r5, 0xf501, 0x0) [ 130.720365] loop1: detected capacity change from 0 to 256 [ 130.754437] FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 130.949895] loop0: detected capacity change from 0 to 264192 [ 130.959843] loop0: detected capacity change from 0 to 264192 [ 131.256701] FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) VM DIAGNOSIS: 04:42:31 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000001 RCX=1ffffffff0e0c0d8 RDX=1ffff1100416cc74 RSI=ffffffff81782f40 RDI=ffff888020b663a0 RBP=ffff88804072f778 RSP=ffff88804072f6a0 R8 =ffffffff85edfe8c R9 =ffffffff85edfe90 R10=ffffed10080e5ef1 R11=ffff88804072f760 R12=ffff88804072f7e8 R13=0000000000000000 R14=ffff88804072f720 R15=ffff8880377fce00 RIP=ffffffff8111a26c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff8519a9008 CR3=000000001f8c4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 000000ff00000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=000000000000002c RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823bb0f1 RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff88803afcf690 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002c R11=0000000000000001 R12=000000000000002c R13=ffffffff8765a960 R14=0000000000000010 R15=ffffffff823bb0e0 RIP=ffffffff823bb149 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f49342e0700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4936e7a000 CR3=0000000040444000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f4936e517c0 00007f4936e517c8 YMM02=0000000000000000 0000000000000000 00007f4936e517e0 00007f4936e517c0 YMM03=0000000000000000 0000000000000000 00007f4936e517c8 00007f4936e517c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000