Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:4952' (ECDSA) to the list of known hosts. 2022/10/03 08:33:38 fuzzer started 2022/10/03 08:33:38 dialing manager at localhost:35095 syzkaller login: [ 36.977133] cgroup: Unknown subsys name 'net' [ 37.060244] cgroup: Unknown subsys name 'rlimit' 2022/10/03 08:33:53 syscalls: 2215 2022/10/03 08:33:53 code coverage: enabled 2022/10/03 08:33:53 comparison tracing: enabled 2022/10/03 08:33:53 extra coverage: enabled 2022/10/03 08:33:53 setuid sandbox: enabled 2022/10/03 08:33:53 namespace sandbox: enabled 2022/10/03 08:33:53 Android sandbox: enabled 2022/10/03 08:33:53 fault injection: enabled 2022/10/03 08:33:53 leak checking: enabled 2022/10/03 08:33:53 net packet injection: enabled 2022/10/03 08:33:53 net device setup: enabled 2022/10/03 08:33:53 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/03 08:33:53 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/03 08:33:53 USB emulation: enabled 2022/10/03 08:33:53 hci packet injection: enabled 2022/10/03 08:33:53 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930) 2022/10/03 08:33:53 802.15.4 emulation: enabled 2022/10/03 08:33:53 fetching corpus: 50, signal 21242/23086 (executing program) 2022/10/03 08:33:54 fetching corpus: 100, signal 36201/39698 (executing program) 2022/10/03 08:33:54 fetching corpus: 150, signal 48688/53695 (executing program) 2022/10/03 08:33:54 fetching corpus: 200, signal 52954/59533 (executing program) 2022/10/03 08:33:54 fetching corpus: 250, signal 58703/66753 (executing program) 2022/10/03 08:33:54 fetching corpus: 300, signal 61684/71245 (executing program) 2022/10/03 08:33:54 fetching corpus: 350, signal 66077/77013 (executing program) 2022/10/03 08:33:54 fetching corpus: 400, signal 70621/82882 (executing program) 2022/10/03 08:33:54 fetching corpus: 450, signal 72552/86200 (executing program) 2022/10/03 08:33:55 fetching corpus: 500, signal 77659/92501 (executing program) 2022/10/03 08:33:55 fetching corpus: 550, signal 80383/96494 (executing program) 2022/10/03 08:33:55 fetching corpus: 600, signal 86075/103145 (executing program) 2022/10/03 08:33:55 fetching corpus: 650, signal 89046/107283 (executing program) 2022/10/03 08:33:55 fetching corpus: 700, signal 94472/113658 (executing program) 2022/10/03 08:33:55 fetching corpus: 750, signal 98928/119022 (executing program) 2022/10/03 08:33:55 fetching corpus: 800, signal 101249/122447 (executing program) 2022/10/03 08:33:56 fetching corpus: 850, signal 103532/125781 (executing program) 2022/10/03 08:33:56 fetching corpus: 900, signal 105337/128729 (executing program) 2022/10/03 08:33:56 fetching corpus: 950, signal 107152/131587 (executing program) 2022/10/03 08:33:56 fetching corpus: 1000, signal 109509/134876 (executing program) 2022/10/03 08:33:56 fetching corpus: 1050, signal 111797/138124 (executing program) 2022/10/03 08:33:56 fetching corpus: 1100, signal 114326/141556 (executing program) 2022/10/03 08:33:56 fetching corpus: 1150, signal 115198/143486 (executing program) 2022/10/03 08:33:56 fetching corpus: 1200, signal 116459/145747 (executing program) 2022/10/03 08:33:56 fetching corpus: 1250, signal 118216/148441 (executing program) 2022/10/03 08:33:57 fetching corpus: 1300, signal 120194/151338 (executing program) 2022/10/03 08:33:57 fetching corpus: 1350, signal 122226/154256 (executing program) 2022/10/03 08:33:57 fetching corpus: 1400, signal 123661/156570 (executing program) 2022/10/03 08:33:57 fetching corpus: 1450, signal 124760/158621 (executing program) 2022/10/03 08:33:57 fetching corpus: 1500, signal 127389/161891 (executing program) 2022/10/03 08:33:57 fetching corpus: 1550, signal 128428/163865 (executing program) 2022/10/03 08:33:57 fetching corpus: 1600, signal 129461/165820 (executing program) 2022/10/03 08:33:57 fetching corpus: 1650, signal 130485/167732 (executing program) 2022/10/03 08:33:57 fetching corpus: 1700, signal 132054/170100 (executing program) 2022/10/03 08:33:57 fetching corpus: 1750, signal 133507/172365 (executing program) 2022/10/03 08:33:58 fetching corpus: 1800, signal 134162/173963 (executing program) 2022/10/03 08:33:58 fetching corpus: 1850, signal 134911/175650 (executing program) 2022/10/03 08:33:58 fetching corpus: 1900, signal 136451/177899 (executing program) 2022/10/03 08:33:58 fetching corpus: 1950, signal 137369/179651 (executing program) 2022/10/03 08:33:58 fetching corpus: 2000, signal 138230/181359 (executing program) 2022/10/03 08:33:58 fetching corpus: 2050, signal 139142/183129 (executing program) 2022/10/03 08:33:58 fetching corpus: 2100, signal 141662/185976 (executing program) 2022/10/03 08:33:58 fetching corpus: 2150, signal 143352/188190 (executing program) 2022/10/03 08:33:59 fetching corpus: 2200, signal 145798/190934 (executing program) 2022/10/03 08:33:59 fetching corpus: 2250, signal 147608/193249 (executing program) 2022/10/03 08:33:59 fetching corpus: 2300, signal 148158/194657 (executing program) 2022/10/03 08:33:59 fetching corpus: 2350, signal 148889/196151 (executing program) 2022/10/03 08:33:59 fetching corpus: 2400, signal 149716/197720 (executing program) 2022/10/03 08:33:59 fetching corpus: 2450, signal 150992/199588 (executing program) 2022/10/03 08:33:59 fetching corpus: 2500, signal 152347/201497 (executing program) 2022/10/03 08:33:59 fetching corpus: 2550, signal 152798/202802 (executing program) 2022/10/03 08:33:59 fetching corpus: 2600, signal 153558/204303 (executing program) 2022/10/03 08:34:00 fetching corpus: 2650, signal 155055/206241 (executing program) 2022/10/03 08:34:00 fetching corpus: 2700, signal 155780/207723 (executing program) 2022/10/03 08:34:00 fetching corpus: 2750, signal 156395/209050 (executing program) 2022/10/03 08:34:00 fetching corpus: 2800, signal 157190/210464 (executing program) 2022/10/03 08:34:00 fetching corpus: 2850, signal 158526/212209 (executing program) 2022/10/03 08:34:00 fetching corpus: 2900, signal 159802/213877 (executing program) 2022/10/03 08:34:00 fetching corpus: 2950, signal 160783/215451 (executing program) 2022/10/03 08:34:00 fetching corpus: 3000, signal 162087/217127 (executing program) 2022/10/03 08:34:01 fetching corpus: 3050, signal 162724/218461 (executing program) 2022/10/03 08:34:01 fetching corpus: 3100, signal 163528/219826 (executing program) 2022/10/03 08:34:01 fetching corpus: 3150, signal 164167/221118 (executing program) 2022/10/03 08:34:01 fetching corpus: 3200, signal 164698/222352 (executing program) 2022/10/03 08:34:01 fetching corpus: 3250, signal 165527/223729 (executing program) 2022/10/03 08:34:01 fetching corpus: 3300, signal 166606/225250 (executing program) 2022/10/03 08:34:01 fetching corpus: 3350, signal 167998/226954 (executing program) 2022/10/03 08:34:01 fetching corpus: 3400, signal 169676/228720 (executing program) 2022/10/03 08:34:02 fetching corpus: 3450, signal 170643/230111 (executing program) 2022/10/03 08:34:02 fetching corpus: 3500, signal 171364/231332 (executing program) 2022/10/03 08:34:02 fetching corpus: 3550, signal 172803/232958 (executing program) 2022/10/03 08:34:02 fetching corpus: 3600, signal 173147/233972 (executing program) 2022/10/03 08:34:02 fetching corpus: 3650, signal 173948/235209 (executing program) 2022/10/03 08:34:02 fetching corpus: 3700, signal 174332/236272 (executing program) 2022/10/03 08:34:02 fetching corpus: 3750, signal 174962/237438 (executing program) 2022/10/03 08:34:02 fetching corpus: 3800, signal 175608/238719 (executing program) 2022/10/03 08:34:02 fetching corpus: 3850, signal 176329/239938 (executing program) 2022/10/03 08:34:03 fetching corpus: 3900, signal 176892/241030 (executing program) 2022/10/03 08:34:03 fetching corpus: 3950, signal 177547/242153 (executing program) 2022/10/03 08:34:03 fetching corpus: 4000, signal 178442/243386 (executing program) 2022/10/03 08:34:03 fetching corpus: 4050, signal 179205/244565 (executing program) 2022/10/03 08:34:03 fetching corpus: 4100, signal 179903/245695 (executing program) 2022/10/03 08:34:03 fetching corpus: 4150, signal 180999/246995 (executing program) 2022/10/03 08:34:03 fetching corpus: 4200, signal 181653/248116 (executing program) 2022/10/03 08:34:04 fetching corpus: 4250, signal 182748/249405 (executing program) 2022/10/03 08:34:04 fetching corpus: 4300, signal 183719/250607 (executing program) 2022/10/03 08:34:04 fetching corpus: 4350, signal 184259/251591 (executing program) 2022/10/03 08:34:04 fetching corpus: 4400, signal 185268/252776 (executing program) 2022/10/03 08:34:04 fetching corpus: 4450, signal 185991/253806 (executing program) 2022/10/03 08:34:04 fetching corpus: 4500, signal 186386/254720 (executing program) 2022/10/03 08:34:04 fetching corpus: 4550, signal 187912/256028 (executing program) 2022/10/03 08:34:04 fetching corpus: 4600, signal 188834/257108 (executing program) 2022/10/03 08:34:04 fetching corpus: 4650, signal 189480/258089 (executing program) 2022/10/03 08:34:05 fetching corpus: 4700, signal 190189/259057 (executing program) 2022/10/03 08:34:05 fetching corpus: 4750, signal 190980/260071 (executing program) 2022/10/03 08:34:05 fetching corpus: 4800, signal 191581/261028 (executing program) 2022/10/03 08:34:05 fetching corpus: 4850, signal 192636/262117 (executing program) 2022/10/03 08:34:05 fetching corpus: 4900, signal 193167/262978 (executing program) 2022/10/03 08:34:06 fetching corpus: 4950, signal 194030/264043 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/264992 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/265729 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/266449 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/267125 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/267823 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/268528 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/269254 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/269980 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/270665 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/271362 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/272047 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/272759 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/273421 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/274129 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/274822 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/275549 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/276286 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/276989 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/277681 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/278342 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/279062 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/279761 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/280487 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/281195 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/281918 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/282628 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/283324 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/284030 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/284768 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/285477 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/286185 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/286897 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/287580 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/288314 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/289045 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/289761 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/290478 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/291203 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/291869 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/292601 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/293270 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/293963 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/294630 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/295310 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/296044 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/296732 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/297455 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/298106 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/298599 (executing program) 2022/10/03 08:34:06 fetching corpus: 4998, signal 194783/298599 (executing program) 2022/10/03 08:34:09 starting 8 fuzzer processes 08:34:09 executing program 0: io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_EVENTFD(0xffffffffffffffff, 0x5, 0x0, 0x0) r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r0}}, './file0\x00'}) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x880, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x841, 0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000100)=[r0, r3, r4, r2, r5, r2, r6, r2, r2], 0x9) pwritev(r4, &(0x7f0000000140), 0x0, 0x9, 0x6) close_range(r1, r5, 0x68b8716874000f57) r7 = signalfd(r1, &(0x7f0000000180)={[0xfffffffffffffffc]}, 0x8) ioctl$VT_GETSTATE(r7, 0x5603, &(0x7f00000001c0)={0x3f}) r8 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000200), 0x48f00, 0x0) ioctl$RNDADDENTROPY(r8, 0x40085203, &(0x7f0000000240)={0x6, 0xed, "d0eb3c0d237cb684b4c5522fed7c940fc7c78045fa2ac15cb4fb53dbf4baf9ab215494287f1cb827a0533b117b4a32ffad2fee6c76358fad45f4d5a950c633e168bf5806413ad0b31bac446206b63de24287644b845f9002173247ace96f0af72a9570b8e8d787b75459f8a0ead77ee16b4399da551a29b90829f64df6c81e0c8d222817f4a5034608975bea85ac554c0760b67a6e8742b546a1d30f5e9a612a20971f51679d2e534164fa1653aada7d141f20db5483e94e8dead1c08534544bab51d7648fa462e2d3a0a35fdbb8a72fc377a4da115c71cd45fe01cbeafd18e2874b68fa95310791596fbe907c"}) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r2, 0xf505, 0x0) r9 = fcntl$dupfd(r7, 0x406, 0xffffffffffffffff) ftruncate(r9, 0x9) r10 = creat(&(0x7f0000000340)='./file0\x00', 0x85) io_uring_register$IORING_REGISTER_FILES(r10, 0x2, &(0x7f0000001fc0)=[r3, 0xffffffffffffffff, r0, r9, r0], 0x5) 08:34:09 executing program 1: ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000000)={{0x1, 0x81}, 0x1, 0xffffec0e, 0x80, {0x74, 0x1}, 0x3f, 0x9}) fremovexattr(0xffffffffffffffff, &(0x7f0000000080)=@random={'osx.', ']-)^^\x00'}) removexattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@random={'os2.', '(+%\\\\-%{+.+-\x00'}) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, &(0x7f0000000140)={{0xe5, 0x5}, 0x100, './file0\x00'}) readv(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000280)=""/123, 0x7b}, {&(0x7f0000000300)=""/123, 0x7b}, {&(0x7f0000000380)=""/218, 0xda}], 0x3) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f00000004c0)="10fd60e5e77ce4ffc6488d7f307d5974413ab20c6f2037eaa7941a467b089193d8e20578de29b1a88b9dfb22ec0c67a0d3b1e4594140a5671083f845f8954f6d9e75bb85600ad1e75ff246edd1328c73d42ddb1ef1b2c3d50d4e96a87a177af8495a49ffeb6a4ea4abbb139ad7cedce9a45cd4e0d2f024271fc82d12e7fb5bb10a48743300343986c76fddd07b998dc6dd336088bbe1f55925d5070b8374") ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000580)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'}) r1 = open_tree(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x800) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000600)={{0x1, 0x1, 0x18, r0, {r0}}, './file0\x00'}) setxattr$security_evm(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680), &(0x7f00000006c0)=@sha1={0x1, "aced129d0438a796c6f10ac78d7f48fa8b75b716"}, 0x15, 0x1) ioctl$RTC_WIE_OFF(r0, 0x7010) ioctl$int_in(r2, 0x5421, &(0x7f0000000700)=0x8) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000740)={{0x1, 0x1, 0x18, r2, {0xee01, 0xee01}}, './file0\x00'}) ioctl$BTRFS_IOC_LOGICAL_INO(r4, 0xc0389424, &(0x7f0000000800)={0x8, 0x48, '\x00', 0x1, &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) setxattr(&(0x7f0000000840)='./file0\x00', &(0x7f0000000880)=@known='system.advise\x00', &(0x7f00000008c0)='\x00', 0x1, 0x3) r5 = syz_open_dev$vcsu(&(0x7f0000000900), 0x6, 0x42000) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r5, 0xc018937d, &(0x7f0000000940)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) fcntl$getflags(r3, 0x408) ioctl$RTC_VL_READ(r4, 0x80047013, &(0x7f0000000980)) ioctl$TIOCGDEV(r2, 0x80045432, &(0x7f00000009c0)) 08:34:09 executing program 2: shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x4000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000000)=""/177) r0 = shmget(0x3, 0x11000, 0x800, &(0x7f0000fef000/0x11000)=nil) shmat(r0, &(0x7f0000ffa000/0x4000)=nil, 0x5000) r1 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000fee000/0x3000)=nil) r2 = shmget$private(0x0, 0x2000, 0x1000, &(0x7f0000ff8000/0x2000)=nil) shmat(r2, &(0x7f0000ffd000/0x2000)=nil, 0x4000) shmat(0xffffffffffffffff, &(0x7f0000ff0000/0x1000)=nil, 0x5000) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x7000) shmat(r1, &(0x7f0000ff4000/0x1000)=nil, 0x2000) r3 = shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ff9000/0x3000)=nil) shmat(r3, &(0x7f0000ff5000/0x3000)=nil, 0x1000) r4 = shmget$private(0x0, 0x2000, 0x80, &(0x7f0000ff0000/0x2000)=nil) shmat(r4, &(0x7f0000ffd000/0x3000)=nil, 0x6000) r5 = shmget(0x3, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil) shmat(r5, &(0x7f0000fef000/0xe000)=nil, 0x6825cc7070fc4fae) shmat(r4, &(0x7f0000ffb000/0x2000)=nil, 0x1000) shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x0) munmap(&(0x7f0000ff2000/0x4000)=nil, 0x4000) shmctl$IPC_RMID(r5, 0x0) [ 67.752792] audit: type=1400 audit(1664786049.681:6): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:34:09 executing program 3: fgetxattr(0xffffffffffffffff, &(0x7f0000000000)=@known='trusted.overlay.redirect\x00', &(0x7f0000000040)=""/245, 0xf5) ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000140)={0x0, 0xffffffff7fffffff, [0x1, 0x7ff, 0x8, 0xe1c100000000, 0xff, 0x391]}) ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000180)=0x1) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'}) ioctl$BTRFS_IOC_SCRUB_CANCEL(r0, 0x941c, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000200), 0x4, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000240)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000280)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @in_args={0x2}}, './file1\x00'}) r3 = syz_io_uring_complete(0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r3) r4 = pidfd_getfd(0xffffffffffffffff, r3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r4) fremovexattr(r0, &(0x7f0000000340)=@random={'security.', '/dev/vcsa#\x00'}) r5 = perf_event_open(&(0x7f0000000380)={0x6, 0x80, 0x40, 0x9, 0x1, 0x7a, 0x0, 0x4, 0x24284, 0x4, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5, 0x4, @perf_config_ext={0x6, 0x4}, 0x1, 0x0, 0xdd48, 0x8, 0x2, 0x5, 0x773, 0x0, 0x1, 0x0, 0x7}, 0xffffffffffffffff, 0xd, r2, 0x9) r6 = syz_open_procfs(0x0, &(0x7f0000000400)='net/rpc\x00') dup2(r5, r6) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='net/ptype\x00') r7 = accept$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000004c0)=0x14) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r5, 0x5000943f, &(0x7f0000000580)={{r7}, 0x0, 0x0, @inherit={0x50, &(0x7f0000000500)={0x0, 0x1, 0x1, 0x7, {0x28, 0x7bdf, 0x9, 0x0, 0x81}, [0xfa23]}}, @devid}) recvmsg$unix(r1, &(0x7f0000004a00)={&(0x7f0000001580), 0x6e, &(0x7f0000004900)=[{&(0x7f0000001600)=""/135, 0x87}, {&(0x7f00000016c0)=""/4096, 0x1000}, {&(0x7f00000026c0)=""/49, 0x31}, {&(0x7f0000002700)=""/113, 0x71}, {&(0x7f0000002780)=""/241, 0xf1}, {&(0x7f0000002880)=""/90, 0x5a}, {&(0x7f0000002900)=""/4096, 0x1000}, {&(0x7f0000003900)=""/4096, 0x1000}], 0x8, &(0x7f0000004980)=[@cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x80}, 0x2102) 08:34:09 executing program 4: clock_gettime(0x2, &(0x7f0000000000)) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000040)=""/153, 0x99, 0x0, 0x0) clock_getres(0x5, &(0x7f0000000100)) r0 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x10000000) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x402, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r0, &(0x7f0000000700)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)={&(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e22, @multicast1}, 0x4, 0x2, 0x2, 0x3}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000200)="c9b3bb5c1bbe12385c580ac1d0796ee18828f2598b0d5c0361fafea44b6358ba6c9f1cda65b519cd1c7468ad4ae6ccadd92ec0787a88a090b2b403dff4a25c4d18c54e8bd7ffebeb122822088e97e9025e60c183ba908789d97204ca86830df9157ccf0fd4ce5be11bdfcc90745cbc694379e28e7a0c0824d3812bddaa02170bb955a4748e09b64ac22f2125f6bfab4ff03e6760ea98aeba256ccaf8bbde2c2dd754fef8905834ceed63325c7e22e3bab3a168aba13ff18b46b123023a9036b65bc6c078aa9dafcfbd771937441449d2808d", 0xd2}, {&(0x7f0000000300)="b788876d9a60fabb37c43725747ad18387c6c8aac9ed454196240ef4e2fa0ec722a9fe8d77f9e6d6b97685bedc8fd47bd90db39420c318e1bdc215f2e4e53aa08e5bba447ce9f002662e99a8fad3be0c8a355892f976210d2172ca2f33776cceb15f5cce34b4f3ab0ce25cc237f18f8a0f210f33c088d68761480052a7e51a44dee6d0ed50aa4a4727eced6a8efde7d4186dedd293f633a22e91b347fb", 0x9d}, {&(0x7f00000003c0)="c7d70570115209d80afb219e0afc0e9df15d07afc80ce0a8d1aaac6780dea0a7d0d0741e601b68dc02415365b6d0ea469e4589789a0eab4ea1ed861f85fa1b59a8c8fce547d123eb0d2f8b7db810ae01789864eac7cf3d8ddb3b1c1f0e83e0ebd5d049f2bfb04d31aaffc832ac5244f8675b5ea978d8430fa747da48b8880683e325ba2bd03485f90a5310ad356cda62bd214f18ecc908ee41f16e385705feac7e389c892ed0e1f5c6ba25c720443f834e158cdc8deabce0cb13b0fd0d4aef4e166f8a5d21cda180c92c301e47f8c684790b3d2b345a", 0xd6}], 0x3, &(0x7f0000000500)=[{0x60, 0x10c, 0x0, "b02d60b269c33311b30e0301d856164229f7127bc4b60874155ce888f5301ccee8d0374296fbe8fd5263d6dc4df094f479d8be9cf0a5b8d54f5e8376963e810fbbb2a80182041fc272b50bb59f92"}, {0x50, 0x107, 0x4, "8b7bce281efb7d64942f5c9b0203ee95cfeab589e3dcb1d84680a776730460468abb099c6be516a4793fa4e6f472c48211eaa21f937913e4a60c"}, {0x38, 0x10f, 0x0, "80cb737194223cd41e2e47b1195fb7b2131e5d2db3a7ddc406b215e10e19544968"}, {0xc0, 0x115, 0x1000, "9b5c4df614a26615f53f983bb2c43be2f60bd683263d88a5f4a403382478decd7615de1a544a670f37a5d721131956bfe82d7798b5251b311708be25ffa71fb5fd9e9a266e7446426f2bd825f59949a49033115abf12e714e1f250b16ee91bf5122a88afc85ff2456308c51730cad0a58eac4d63282dcb6aa9d2027a0d41ee0d86b84eb5d043892f62ca04716958cf4f938663a833478bb1d1ebb3702eb00e0ea3e8bcfab1f1b007c2c00fe2fd7b866b"}], 0x1a8}, 0x0, 0x4, 0x0, {0x0, r2}}, 0x0) r3 = openat(r1, &(0x7f0000000740)='./file0\x00', 0x8000, 0x1) io_getevents(0x0, 0x8, 0x4, &(0x7f0000000780)=[{}, {}, {}, {}], &(0x7f0000000800)) sendfile(r1, r1, &(0x7f0000000840), 0x1ff) getsockopt$bt_sco_SCO_CONNINFO(r1, 0x11, 0x2, &(0x7f0000000880)=""/106, &(0x7f0000000900)=0x6a) syz_io_uring_setup(0x1c3b, &(0x7f0000000940)={0x0, 0x2a5a, 0x4, 0x3, 0x30c, 0x0, r1}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000009c0)=0x0, &(0x7f0000000a00)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000a40)=0xff, &(0x7f0000000a80)=0x1) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000ac0)={{0x1, 0x1, 0x18, r3, @out_args}, './file0\x00'}) ftruncate(r5, 0x1) r6 = syz_io_uring_complete(r4) getsockopt$bt_BT_SNDMTU(r6, 0x112, 0xc, &(0x7f0000001080)=0x6, &(0x7f00000010c0)=0x2) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r7, 0x8983, &(0x7f0000001100)={0x2, 'erspan0\x00', {0x7}, 0x7}) ioctl$LOOP_CHANGE_FD(r6, 0x4c06, r7) 08:34:09 executing program 5: ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000000)={'ip6gre0\x00', @local}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000040)={0x0, 0x100000001, 0x58a}) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000440), 0x82000, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000480)) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000500)=0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f0000000540)={{r0}, r1, 0x0, @unused=[0x8, 0x8, 0x400000000, 0x5], @subvolid=0x56}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000001540)={'erspan0\x00'}) r2 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000001580), 0x2, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x4004f506, &(0x7f00000015c0)=0x1) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000001600)) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000001640)={{0x1, 0x1, 0x18, r2, {r2}}, './file0\x00'}) ioctl$sock_SIOCOUTQ(r4, 0x5411, &(0x7f0000001680)) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000016c0)='net/ptype\x00') ioctl$AUTOFS_DEV_IOCTL_READY(r5, 0xc0189376, &(0x7f0000001700)={{0x1, 0x1, 0x18, r3, {0xfffffffa}}, './file0\x00'}) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001740), 0x100, 0x0) ioctl$EXT4_IOC_GETSTATE(r6, 0x40046629, &(0x7f0000001780)) r7 = syz_open_dev$evdev(&(0x7f00000017c0), 0x2, 0x100) syncfs(r7) r8 = creat(&(0x7f0000001800)='./file0\x00', 0xd2) fchmod(r8, 0x8) 08:34:09 executing program 6: r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x2, 0x80080) ioctl$sock_proto_private(r0, 0x89ec, &(0x7f0000000040)="f81d22c7b2f6a4c2cab77a7fd2531b20f22dbf820cee03805832557fd3cc74cc947f43c94a7f3109") r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8600, 0x0) recvmmsg(r0, &(0x7f0000000f00)=[{{&(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000140)=""/246, 0xf6}, {&(0x7f0000000240)=""/26, 0x1a}, {&(0x7f0000000280)=""/61, 0x3d}, {&(0x7f00000002c0)=""/76, 0x4c}, {&(0x7f0000000340)=""/130, 0x82}, {&(0x7f0000000400)=""/65, 0x41}, {&(0x7f0000000480)=""/91, 0x5b}, {&(0x7f0000000500)=""/11, 0xb}], 0x8, &(0x7f00000005c0)=""/87, 0x57}, 0x2}, {{&(0x7f0000000640)=@un=@abs, 0x80, &(0x7f0000000a40)=[{&(0x7f00000006c0)=""/228, 0xe4}, {&(0x7f00000007c0)=""/239, 0xef}, {&(0x7f00000008c0)=""/123, 0x7b}, {&(0x7f0000000940)=""/227, 0xe3}], 0x4, &(0x7f0000000a80)=""/148, 0x94}, 0x401}, {{&(0x7f0000000b40)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, &(0x7f0000000bc0), 0x0, &(0x7f0000000c00)=""/95, 0x5f}}, {{&(0x7f0000000c80)=@hci, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000d00)=""/250, 0xfa}], 0x1, &(0x7f0000000e40)=""/176, 0xb0}, 0xd2}], 0x4, 0x10001, &(0x7f0000001000)={0x0, 0x3938700}) sendmsg$NL80211_CMD_FLUSH_PMKSA(r2, &(0x7f0000001100)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x800f01}, 0xc, &(0x7f00000010c0)={&(0x7f0000001080)={0x14, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008800}, 0x408c880) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000001140)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000001240)={'ip6tnl0\x00', &(0x7f00000011c0)={'ip6_vti0\x00', 0x0, 0x4, 0x7, 0x7f, 0x3, 0x2, @private0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x8, 0x700, 0x385f}}) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r3, &(0x7f0000001380)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001340)={&(0x7f0000001280)={0xbc, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4000010}, 0x90) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000001400), r2) sendmsg$FOU_CMD_GET(r3, &(0x7f00000014c0)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x28, r5, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r6 = openat$incfs(r0, &(0x7f00000015c0)='.log\x00', 0x800, 0x20) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r6, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x20, 0x0, 0x8, 0x70bd2a, 0x25dfdbfb, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000091}, 0x2) sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f0000001800)={&(0x7f0000001700)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000017c0)={&(0x7f0000001740)={0x44, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x18, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000004}, 0x4004) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r2, &(0x7f0000001940)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x40208000}, 0xc, &(0x7f0000001900)={&(0x7f0000001880)={0x4c, 0x0, 0x8, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x8, 0xc}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x44}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4e}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x66}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x6, 0x14}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x59}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8800}, 0x4000040) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000019c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_INTERFACE(r6, &(0x7f0000001a80)={&(0x7f0000001980)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001a40)={&(0x7f0000001a00)={0x1c, 0x0, 0x200, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x40000) clock_gettime(0x0, &(0x7f0000001ac0)) futex(&(0x7f0000001b00)=0x1, 0x9, 0x2, &(0x7f0000001b40)={0x0, 0x3938700}, &(0x7f0000001b80)=0x1, 0x1) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001c00), r0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001d00)={&(0x7f0000001bc0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001cc0)={&(0x7f0000001c80)={0x20, r8, 0x2, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4080}, 0x40) 08:34:09 executing program 7: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000), 0x1, 0x1}, 0x4) fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=@md5={0x1, "4befaaaf34e5592330aee668baa4c12a"}, 0x11, 0x2) io_uring_enter(0xffffffffffffffff, 0x3dd0, 0xee2e, 0x2, &(0x7f0000000100)={[0x10001]}, 0x8) finit_module(0xffffffffffffffff, &(0x7f0000000140)='Z-\\+*\x00', 0x1) r0 = mq_open(&(0x7f0000000180)='\x00', 0x800, 0xa2, &(0x7f00000001c0)={0x8, 0x4, 0x6, 0x9}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000200)) fcntl$getflags(r0, 0x3) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000240)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_ADD(r1, 0x4c80, r2) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r1, 0xc0189374, &(0x7f0000000280)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'}) write$P9_RUNLINKAT(r3, &(0x7f00000002c0)={0x7, 0x4d, 0x2}, 0x7) fallocate(r3, 0x50, 0xd44, 0x101) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0, {0x10001}}, './file0\x00'}) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0xc) preadv2(r1, &(0x7f0000001800)=[{&(0x7f0000000340)=""/165, 0xa5}, {&(0x7f0000000400)=""/156, 0x9c}, {&(0x7f00000004c0)=""/219, 0xdb}, {&(0x7f00000005c0)=""/62, 0x3e}, {&(0x7f0000000600)=""/31, 0x1f}, {&(0x7f0000000640)=""/113, 0x71}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/41, 0x29}, {&(0x7f0000001700)=""/220, 0xdc}], 0x9, 0x9, 0x8, 0x5) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f00000018c0)) statfs(&(0x7f0000001ac0)='./file0\x00', &(0x7f0000001b00)=""/66) ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40046629, &(0x7f0000001b80)) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000001c00)={{0x1, 0x1, 0x18, r1, {r1}}, './file0\x00'}) [ 69.141916] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 69.144114] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.145994] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 69.147282] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 69.149993] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 69.151871] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 69.153119] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.157724] Bluetooth: hci1: HCI_REQ-0x0c1a [ 69.210739] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.212296] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 69.216027] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 69.218816] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 69.221033] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 69.222934] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 69.224456] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.225963] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 69.227296] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 69.228778] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 69.230102] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 69.231774] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 69.240857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 69.242043] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.244124] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 69.245530] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 69.246696] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 69.255301] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 69.258542] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.267795] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 69.267910] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 69.269532] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 69.271984] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 69.275838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.275867] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 69.277065] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 69.278037] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.280356] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 69.287381] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.289971] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.291340] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 69.293554] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 69.295121] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 69.300127] Bluetooth: hci7: HCI_REQ-0x0c1a [ 69.304607] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 69.306282] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 69.310137] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 69.316370] Bluetooth: hci0: HCI_REQ-0x0c1a [ 69.317643] Bluetooth: hci2: HCI_REQ-0x0c1a [ 69.325278] Bluetooth: hci4: HCI_REQ-0x0c1a [ 69.327514] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 69.328791] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 69.333362] Bluetooth: hci6: HCI_REQ-0x0c1a [ 69.334793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.337412] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 69.339922] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 69.345368] Bluetooth: hci3: HCI_REQ-0x0c1a [ 69.345983] Bluetooth: hci5: HCI_REQ-0x0c1a [ 71.220023] Bluetooth: hci1: command 0x0409 tx timeout [ 71.347807] Bluetooth: hci0: command 0x0409 tx timeout [ 71.347893] Bluetooth: hci2: command 0x0409 tx timeout [ 71.348541] Bluetooth: hci4: command 0x0409 tx timeout [ 71.349992] Bluetooth: hci7: command 0x0409 tx timeout [ 71.410749] Bluetooth: hci6: command 0x0409 tx timeout [ 71.411733] Bluetooth: hci5: command 0x0409 tx timeout [ 71.411951] Bluetooth: hci3: command 0x0409 tx timeout [ 73.267735] Bluetooth: hci1: command 0x041b tx timeout [ 73.394850] Bluetooth: hci7: command 0x041b tx timeout [ 73.395727] Bluetooth: hci4: command 0x041b tx timeout [ 73.395755] Bluetooth: hci2: command 0x041b tx timeout [ 73.396514] Bluetooth: hci0: command 0x041b tx timeout [ 73.458766] Bluetooth: hci3: command 0x041b tx timeout [ 73.459845] Bluetooth: hci5: command 0x041b tx timeout [ 73.459864] Bluetooth: hci6: command 0x041b tx timeout [ 75.314694] Bluetooth: hci1: command 0x040f tx timeout [ 75.442725] Bluetooth: hci0: command 0x040f tx timeout [ 75.443714] Bluetooth: hci2: command 0x040f tx timeout [ 75.443744] Bluetooth: hci7: command 0x040f tx timeout [ 75.444139] Bluetooth: hci4: command 0x040f tx timeout [ 75.506689] Bluetooth: hci6: command 0x040f tx timeout [ 75.506710] Bluetooth: hci5: command 0x040f tx timeout [ 75.507103] Bluetooth: hci3: command 0x040f tx timeout [ 77.362878] Bluetooth: hci1: command 0x0419 tx timeout [ 77.490676] Bluetooth: hci7: command 0x0419 tx timeout [ 77.490728] Bluetooth: hci2: command 0x0419 tx timeout [ 77.491155] Bluetooth: hci4: command 0x0419 tx timeout [ 77.491875] Bluetooth: hci0: command 0x0419 tx timeout [ 77.554694] Bluetooth: hci5: command 0x0419 tx timeout [ 77.554805] Bluetooth: hci3: command 0x0419 tx timeout [ 77.555131] Bluetooth: hci6: command 0x0419 tx timeout 08:35:01 executing program 7: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000080)={{0x7, 0x9}, {0x8, 0x400}, 0x9}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r1, r2, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f00000003c0)=ANY=[@ANYBLOB="1700e5ffcfb4eb00"]}) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3) [ 119.497985] audit: type=1400 audit(1664786101.427:7): avc: denied { open } for pid=3813 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.499399] audit: type=1400 audit(1664786101.427:8): avc: denied { kernel } for pid=3813 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.514210] ------------[ cut here ]------------ [ 119.514235] [ 119.514239] ====================================================== [ 119.514243] WARNING: possible circular locking dependency detected [ 119.514247] 6.0.0-rc7-next-20220930 #1 Not tainted [ 119.514254] ------------------------------------------------------ [ 119.514257] syz-executor.7/3816 is trying to acquire lock: [ 119.514264] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 119.514304] [ 119.514304] but task is already holding lock: [ 119.514307] ffff88804028f820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 119.514335] [ 119.514335] which lock already depends on the new lock. [ 119.514335] [ 119.514338] [ 119.514338] the existing dependency chain (in reverse order) is: [ 119.514341] [ 119.514341] -> #3 (&ctx->lock){....}-{2:2}: [ 119.514355] _raw_spin_lock+0x2a/0x40 [ 119.514366] __perf_event_task_sched_out+0x53b/0x18d0 [ 119.514378] __schedule+0xedd/0x2470 [ 119.514392] schedule+0xda/0x1b0 [ 119.514405] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.514418] syscall_exit_to_user_mode+0x19/0x40 [ 119.514432] do_syscall_64+0x48/0x90 [ 119.514449] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.514462] [ 119.514462] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 119.514475] _raw_spin_lock_nested+0x30/0x40 [ 119.514486] raw_spin_rq_lock_nested+0x1e/0x30 [ 119.514499] task_fork_fair+0x63/0x4d0 [ 119.514516] sched_cgroup_fork+0x3d0/0x540 [ 119.514530] copy_process+0x4183/0x6e20 [ 119.514541] kernel_clone+0xe7/0x890 [ 119.514551] user_mode_thread+0xad/0xf0 [ 119.514561] rest_init+0x24/0x250 [ 119.514572] arch_call_rest_init+0xf/0x14 [ 119.514590] start_kernel+0x4c6/0x4eb [ 119.514608] secondary_startup_64_no_verify+0xe0/0xeb [ 119.514622] [ 119.514622] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 119.514636] _raw_spin_lock_irqsave+0x39/0x60 [ 119.514646] try_to_wake_up+0xab/0x1930 [ 119.514659] up+0x75/0xb0 [ 119.514673] __up_console_sem+0x6e/0x80 [ 119.514689] console_unlock+0x46a/0x590 [ 119.514705] vt_ioctl+0x2822/0x2ca0 [ 119.514717] tty_ioctl+0x785/0x16b0 [ 119.514728] __x64_sys_ioctl+0x19a/0x210 [ 119.514742] do_syscall_64+0x3b/0x90 [ 119.514759] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.514771] [ 119.514771] -> #0 ((console_sem).lock){....}-{2:2}: [ 119.514785] __lock_acquire+0x2a02/0x5e70 [ 119.514802] lock_acquire+0x1a2/0x530 [ 119.514817] _raw_spin_lock_irqsave+0x39/0x60 [ 119.514828] down_trylock+0xe/0x70 [ 119.514842] __down_trylock_console_sem+0x3b/0xd0 [ 119.514858] vprintk_emit+0x16b/0x560 [ 119.514874] vprintk+0x84/0xa0 [ 119.514890] _printk+0xba/0xf1 [ 119.514901] report_bug.cold+0x72/0xab [ 119.514917] handle_bug+0x3c/0x70 [ 119.514933] exc_invalid_op+0x14/0x50 [ 119.514950] asm_exc_invalid_op+0x16/0x20 [ 119.514962] group_sched_out.part.0+0x2c7/0x460 [ 119.514980] ctx_sched_out+0x8f1/0xc10 [ 119.514996] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.515007] __schedule+0xedd/0x2470 [ 119.515020] schedule+0xda/0x1b0 [ 119.515033] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.515044] syscall_exit_to_user_mode+0x19/0x40 [ 119.515056] do_syscall_64+0x48/0x90 [ 119.515072] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.515085] [ 119.515085] other info that might help us debug this: [ 119.515085] [ 119.515087] Chain exists of: [ 119.515087] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 119.515087] [ 119.515102] Possible unsafe locking scenario: [ 119.515102] [ 119.515105] CPU0 CPU1 [ 119.515107] ---- ---- [ 119.515110] lock(&ctx->lock); [ 119.515115] lock(&rq->__lock); [ 119.515122] lock(&ctx->lock); [ 119.515128] lock((console_sem).lock); [ 119.515133] [ 119.515133] *** DEADLOCK *** [ 119.515133] [ 119.515135] 2 locks held by syz-executor.7/3816: [ 119.515142] #0: ffff88806ce37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 119.515171] #1: ffff88804028f820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 119.515197] [ 119.515197] stack backtrace: [ 119.515200] CPU: 0 PID: 3816 Comm: syz-executor.7 Not tainted 6.0.0-rc7-next-20220930 #1 [ 119.515212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.515221] Call Trace: [ 119.515224] [ 119.515228] dump_stack_lvl+0x8b/0xb3 [ 119.515246] check_noncircular+0x263/0x2e0 [ 119.515262] ? format_decode+0x26c/0xb50 [ 119.515279] ? print_circular_bug+0x450/0x450 [ 119.515295] ? simple_strtoul+0x30/0x30 [ 119.515311] ? format_decode+0x26c/0xb50 [ 119.515328] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 119.515346] __lock_acquire+0x2a02/0x5e70 [ 119.515367] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 119.515389] lock_acquire+0x1a2/0x530 [ 119.515406] ? down_trylock+0xe/0x70 [ 119.515422] ? lock_release+0x750/0x750 [ 119.515443] ? vprintk+0x84/0xa0 [ 119.515460] _raw_spin_lock_irqsave+0x39/0x60 [ 119.515471] ? down_trylock+0xe/0x70 [ 119.515487] down_trylock+0xe/0x70 [ 119.515503] ? vprintk+0x84/0xa0 [ 119.515519] __down_trylock_console_sem+0x3b/0xd0 [ 119.515537] vprintk_emit+0x16b/0x560 [ 119.515555] vprintk+0x84/0xa0 [ 119.515572] _printk+0xba/0xf1 [ 119.515583] ? record_print_text.cold+0x16/0x16 [ 119.515599] ? report_bug.cold+0x66/0xab [ 119.515617] ? group_sched_out.part.0+0x2c7/0x460 [ 119.515635] report_bug.cold+0x72/0xab [ 119.515653] handle_bug+0x3c/0x70 [ 119.515671] exc_invalid_op+0x14/0x50 [ 119.515688] asm_exc_invalid_op+0x16/0x20 [ 119.515701] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 119.515721] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 119.515733] RSP: 0018:ffff888015e4fc48 EFLAGS: 00010006 [ 119.515742] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.515750] RDX: ffff888018549ac0 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 119.515757] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 119.515765] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88804028f800 [ 119.515772] R13: ffff88806ce3d2c0 R14: ffffffff8547d160 R15: 0000000000000002 [ 119.515783] ? group_sched_out.part.0+0x2c7/0x460 [ 119.515803] ? group_sched_out.part.0+0x2c7/0x460 [ 119.515823] ctx_sched_out+0x8f1/0xc10 [ 119.515842] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.515856] ? lock_is_held_type+0xd7/0x130 [ 119.515869] ? __perf_cgroup_move+0x160/0x160 [ 119.515880] ? set_next_entity+0x304/0x550 [ 119.515898] ? update_curr+0x267/0x740 [ 119.515916] ? lock_is_held_type+0xd7/0x130 [ 119.515930] __schedule+0xedd/0x2470 [ 119.515947] ? io_schedule_timeout+0x150/0x150 [ 119.515963] ? __x64_sys_futex_time32+0x480/0x480 [ 119.515978] schedule+0xda/0x1b0 [ 119.515992] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.516005] syscall_exit_to_user_mode+0x19/0x40 [ 119.516018] do_syscall_64+0x48/0x90 [ 119.516036] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.516049] RIP: 0033:0x7f7cc834db19 [ 119.516057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.516067] RSP: 002b:00007f7cc58c3218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.516078] RAX: 0000000000000001 RBX: 00007f7cc8460f68 RCX: 00007f7cc834db19 [ 119.516086] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7cc8460f6c [ 119.516093] RBP: 00007f7cc8460f60 R08: 000000000000000e R09: 0000000000000000 [ 119.516100] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f7cc8460f6c [ 119.516107] R13: 00007ffd460e289f R14: 00007f7cc58c3300 R15: 0000000000022000 [ 119.516120] [ 119.571954] WARNING: CPU: 0 PID: 3816 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 119.572635] Modules linked in: [ 119.572883] CPU: 0 PID: 3816 Comm: syz-executor.7 Not tainted 6.0.0-rc7-next-20220930 #1 [ 119.573473] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.574311] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 119.574723] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 119.576060] RSP: 0018:ffff888015e4fc48 EFLAGS: 00010006 [ 119.576465] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.576997] RDX: ffff888018549ac0 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 119.577523] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 119.578068] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88804028f800 [ 119.578593] R13: ffff88806ce3d2c0 R14: ffffffff8547d160 R15: 0000000000000002 [ 119.579126] FS: 00007f7cc58c3700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 119.579726] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.580158] CR2: 00007ffd26402f10 CR3: 000000000fe84000 CR4: 0000000000350ef0 [ 119.580695] Call Trace: [ 119.580891] [ 119.581061] ctx_sched_out+0x8f1/0xc10 [ 119.581361] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.581756] ? lock_is_held_type+0xd7/0x130 [ 119.582094] ? __perf_cgroup_move+0x160/0x160 [ 119.582441] ? set_next_entity+0x304/0x550 [ 119.582767] ? update_curr+0x267/0x740 [ 119.583065] ? lock_is_held_type+0xd7/0x130 [ 119.583390] __schedule+0xedd/0x2470 [ 119.583673] ? io_schedule_timeout+0x150/0x150 [ 119.584029] ? __x64_sys_futex_time32+0x480/0x480 [ 119.584391] schedule+0xda/0x1b0 [ 119.584655] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.585018] syscall_exit_to_user_mode+0x19/0x40 [ 119.585374] do_syscall_64+0x48/0x90 [ 119.585664] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.586069] RIP: 0033:0x7f7cc834db19 [ 119.586348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.587697] RSP: 002b:00007f7cc58c3218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.588252] RAX: 0000000000000001 RBX: 00007f7cc8460f68 RCX: 00007f7cc834db19 [ 119.588782] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7cc8460f6c [ 119.589312] RBP: 00007f7cc8460f60 R08: 000000000000000e R09: 0000000000000000 [ 119.589855] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f7cc8460f6c [ 119.590392] R13: 00007ffd460e289f R14: 00007f7cc58c3300 R15: 0000000000022000 [ 119.590927] [ 119.591108] irq event stamp: 536 [ 119.591358] hardirqs last enabled at (535): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 119.592052] hardirqs last disabled at (536): [] __schedule+0x1225/0x2470 [ 119.592673] softirqs last enabled at (360): [] __irq_exit_rcu+0x11b/0x180 [ 119.593304] softirqs last disabled at (355): [] __irq_exit_rcu+0x11b/0x180 [ 119.593944] ---[ end trace 0000000000000000 ]--- 08:35:01 executing program 7: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000080)={{0x7, 0x9}, {0x8, 0x400}, 0x9}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r1, r2, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f00000003c0)=ANY=[@ANYBLOB="1700e5ffcfb4eb00"]}) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3) 08:35:01 executing program 7: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000000)) r0 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x7}}, './file0\x00'}) sendmsg$GTP_CMD_DELPDP(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r0, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r0, 0x2, 0x70bd2b, 0x25dfdbfb, {}, [@GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDFONTOP_GET(r3, 0x4b72, &(0x7f0000000940)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) 08:35:02 executing program 7: mknod(&(0x7f0000008d80)='./file0\x00', 0x20, 0x22) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000100), 0x20a0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=unix,privport,cache=none,fscache,access=client,posixacl,access=', @ANYRESDEC=r0, @ANYBLOB="2c6163636573733d757365722c6c6f6f73652c756e616d653d2d5c3a25402e28265d5e2c63616368653d6e6f6e652c736d61636b6673726f6f743d2d5e5d2c7375626a5f757365723d2526292c6d6561737572652c0074f23ea01117e4592373121e22db68ffee3b5b5f519f3e0233b5cc47fd7df05736178cbb40787e3e1027a9609f7c6e752cc84498f4fb1dc2d79d91f0797105372deeb06fdae0d392212b585ead4107d351596843eb41e01a1e178d819af354a09c6ba25044eb913511b23269d792958f73864e2a1e8b78eda46789f1f29b7898973091f5efec7c7962b4cf088f746832427c5cff47e2197601101dc020f8377a45e7b721489359d708cb34996358dac898f6e084a2d73aa69f57ab5c98d5a47a8a3f3825deec888710c7efe916c5546fd1730832c01c66b665241dfcb7306cec69c45c459d5715afa118888f749ea9c09849da8a6e2d04db09f7fdb7a3ed26e24b125d4a8eec291389c1cde2775379dc58fcb200361795ba6d247ab6e6aff5060f7d"]) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) bind$unix(r1, &(0x7f00000008c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e) connect$unix(r1, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e22}, 0x6e) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00') openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r2, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000640)=0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r4, 0x0) mount$9p_unix(&(0x7f0000000340)='./file0/../file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000600), 0x28002, &(0x7f0000000680)={'trans=unix,', {[{@privport}, {@dfltuid={'dfltuid', 0x3d, r0}}, {}, {@cache_none}, {@dfltuid={'dfltuid', 0x3d, r2}}, {@msize={'msize', 0x3d, 0x9}}, {@msize={'msize', 0x3d, 0xea}}, {@access_any}, {@afid={'afid', 0x3d, 0x4}}], [{@fowner_lt={'fowner<', r3}}, {@subj_type={'subj_type', 0x3d, '9p\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x1}}, {@uid_gt={'uid>', r4}}, {@euid_lt={'euid<', r0}}, {@func={'func', 0x3d, 'MODULE_CHECK'}}, {@measure}, {@dont_hash}]}}) newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./file0/../file0\x00', &(0x7f00000002c0), 0x0) VM DIAGNOSIS: 08:35:01 Registers: info registers vcpu 0 RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823bb0f1 RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff888015e4f690 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000074 R11=0000000000000001 R12=0000000000000074 R13=ffffffff8765a960 R14=0000000000000010 R15=ffffffff823bb0e0 RIP=ffffffff823bb149 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7cc58c3700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffd26402f10 CR3=000000000fe84000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f7cc84347c0 00007f7cc84347c8 YMM02=0000000000000000 0000000000000000 00007f7cc84347e0 00007f7cc84347c0 YMM03=0000000000000000 0000000000000000 00007f7cc84347c8 00007f7cc84347c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=0000000000000001 RSI=ffffffff840e47d1 RDI=ffff888008da8e48 RBP=ffff888008c15850 RSP=ffff88801896f6d8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffff888008da8e00 R13=00007f67154ff000 R14=ffff88801896f7f8 R15=dffffc0000000000 RIP=ffffffff840e4846 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6715524028 CR3=00000000186de000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f YMM01=0000000000000000 0000000000000000 6f732e616d7a6c62 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 00352e6f732e616d 7a6c62696c2f756e YMM03=0000000000000000 0000000000000000 672d78756e696c2d 34365f3638782f62 YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000