Warning: Permanently added '[localhost]:41699' (ECDSA) to the list of known hosts. 2022/10/03 08:57:38 fuzzer started 2022/10/03 08:57:39 dialing manager at localhost:35095 syzkaller login: [ 45.646280] cgroup: Unknown subsys name 'net' [ 45.737796] cgroup: Unknown subsys name 'rlimit' 2022/10/03 08:57:54 syscalls: 2215 2022/10/03 08:57:54 code coverage: enabled 2022/10/03 08:57:54 comparison tracing: enabled 2022/10/03 08:57:54 extra coverage: enabled 2022/10/03 08:57:54 setuid sandbox: enabled 2022/10/03 08:57:54 namespace sandbox: enabled 2022/10/03 08:57:54 Android sandbox: enabled 2022/10/03 08:57:54 fault injection: enabled 2022/10/03 08:57:54 leak checking: enabled 2022/10/03 08:57:54 net packet injection: enabled 2022/10/03 08:57:54 net device setup: enabled 2022/10/03 08:57:54 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/03 08:57:54 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/03 08:57:54 USB emulation: enabled 2022/10/03 08:57:54 hci packet injection: enabled 2022/10/03 08:57:54 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930) 2022/10/03 08:57:54 802.15.4 emulation: enabled 2022/10/03 08:57:54 fetching corpus: 50, signal 30398/32187 (executing program) 2022/10/03 08:57:54 fetching corpus: 100, signal 37407/40853 (executing program) 2022/10/03 08:57:54 fetching corpus: 150, signal 47958/52949 (executing program) 2022/10/03 08:57:55 fetching corpus: 200, signal 56053/62548 (executing program) 2022/10/03 08:57:55 fetching corpus: 250, signal 64092/71949 (executing program) 2022/10/03 08:57:55 fetching corpus: 300, signal 70988/80131 (executing program) 2022/10/03 08:57:55 fetching corpus: 350, signal 74389/84913 (executing program) 2022/10/03 08:57:55 fetching corpus: 400, signal 78469/90293 (executing program) 2022/10/03 08:57:55 fetching corpus: 450, signal 80810/93946 (executing program) 2022/10/03 08:57:55 fetching corpus: 500, signal 84275/98608 (executing program) 2022/10/03 08:57:55 fetching corpus: 550, signal 87599/103145 (executing program) 2022/10/03 08:57:56 fetching corpus: 600, signal 90601/107262 (executing program) 2022/10/03 08:57:56 fetching corpus: 650, signal 93982/111736 (executing program) 2022/10/03 08:57:56 fetching corpus: 700, signal 95521/114479 (executing program) 2022/10/03 08:57:56 fetching corpus: 750, signal 97204/117391 (executing program) 2022/10/03 08:57:56 fetching corpus: 800, signal 99985/121265 (executing program) 2022/10/03 08:57:56 fetching corpus: 850, signal 102360/124672 (executing program) 2022/10/03 08:57:56 fetching corpus: 900, signal 105259/128587 (executing program) 2022/10/03 08:57:56 fetching corpus: 950, signal 107075/131493 (executing program) 2022/10/03 08:57:57 fetching corpus: 1000, signal 108639/134140 (executing program) 2022/10/03 08:57:57 fetching corpus: 1050, signal 111690/137987 (executing program) 2022/10/03 08:57:57 fetching corpus: 1100, signal 112862/140301 (executing program) 2022/10/03 08:57:57 fetching corpus: 1150, signal 114201/142665 (executing program) 2022/10/03 08:57:57 fetching corpus: 1200, signal 115718/145164 (executing program) 2022/10/03 08:57:57 fetching corpus: 1250, signal 117848/148183 (executing program) 2022/10/03 08:57:57 fetching corpus: 1300, signal 119910/151103 (executing program) 2022/10/03 08:57:57 fetching corpus: 1350, signal 120756/153012 (executing program) 2022/10/03 08:57:57 fetching corpus: 1400, signal 121712/154987 (executing program) 2022/10/03 08:57:58 fetching corpus: 1450, signal 123764/157803 (executing program) 2022/10/03 08:57:58 fetching corpus: 1500, signal 124781/159800 (executing program) 2022/10/03 08:57:58 fetching corpus: 1550, signal 125968/161907 (executing program) 2022/10/03 08:57:58 fetching corpus: 1600, signal 127065/163950 (executing program) 2022/10/03 08:57:58 fetching corpus: 1650, signal 129648/167051 (executing program) 2022/10/03 08:57:58 fetching corpus: 1700, signal 131985/169980 (executing program) 2022/10/03 08:57:58 fetching corpus: 1750, signal 134467/173075 (executing program) 2022/10/03 08:57:58 fetching corpus: 1800, signal 136820/175995 (executing program) 2022/10/03 08:57:59 fetching corpus: 1850, signal 137502/177582 (executing program) 2022/10/03 08:57:59 fetching corpus: 1900, signal 138359/179318 (executing program) 2022/10/03 08:57:59 fetching corpus: 1950, signal 139422/181148 (executing program) 2022/10/03 08:57:59 fetching corpus: 2000, signal 140830/183216 (executing program) 2022/10/03 08:57:59 fetching corpus: 2050, signal 142399/185412 (executing program) 2022/10/03 08:57:59 fetching corpus: 2100, signal 142976/186856 (executing program) 2022/10/03 08:57:59 fetching corpus: 2150, signal 143775/188452 (executing program) 2022/10/03 08:57:59 fetching corpus: 2200, signal 145535/190696 (executing program) 2022/10/03 08:57:59 fetching corpus: 2250, signal 146317/192268 (executing program) 2022/10/03 08:58:00 fetching corpus: 2300, signal 147002/193774 (executing program) 2022/10/03 08:58:00 fetching corpus: 2350, signal 147893/195450 (executing program) 2022/10/03 08:58:00 fetching corpus: 2400, signal 149020/197218 (executing program) 2022/10/03 08:58:00 fetching corpus: 2450, signal 150815/199408 (executing program) 2022/10/03 08:58:00 fetching corpus: 2500, signal 151866/201114 (executing program) 2022/10/03 08:58:00 fetching corpus: 2550, signal 153279/203003 (executing program) 2022/10/03 08:58:00 fetching corpus: 2600, signal 154030/204478 (executing program) 2022/10/03 08:58:00 fetching corpus: 2650, signal 154934/206004 (executing program) 2022/10/03 08:58:00 fetching corpus: 2700, signal 155654/207381 (executing program) 2022/10/03 08:58:00 fetching corpus: 2750, signal 156264/208771 (executing program) 2022/10/03 08:58:01 fetching corpus: 2800, signal 157004/210247 (executing program) 2022/10/03 08:58:01 fetching corpus: 2850, signal 158364/212068 (executing program) 2022/10/03 08:58:01 fetching corpus: 2900, signal 159927/213964 (executing program) 2022/10/03 08:58:01 fetching corpus: 2950, signal 161735/215995 (executing program) 2022/10/03 08:58:01 fetching corpus: 3000, signal 162752/217512 (executing program) 2022/10/03 08:58:01 fetching corpus: 3050, signal 163399/218858 (executing program) 2022/10/03 08:58:02 fetching corpus: 3100, signal 165033/220723 (executing program) 2022/10/03 08:58:02 fetching corpus: 3150, signal 165404/221814 (executing program) 2022/10/03 08:58:02 fetching corpus: 3200, signal 166493/223319 (executing program) 2022/10/03 08:58:02 fetching corpus: 3250, signal 166868/224462 (executing program) 2022/10/03 08:58:02 fetching corpus: 3300, signal 167652/225837 (executing program) 2022/10/03 08:58:02 fetching corpus: 3350, signal 168321/227170 (executing program) 2022/10/03 08:58:02 fetching corpus: 3400, signal 169002/228393 (executing program) 2022/10/03 08:58:02 fetching corpus: 3450, signal 169742/229746 (executing program) 2022/10/03 08:58:02 fetching corpus: 3500, signal 170404/230970 (executing program) 2022/10/03 08:58:02 fetching corpus: 3550, signal 171428/232339 (executing program) 2022/10/03 08:58:03 fetching corpus: 3600, signal 172272/233621 (executing program) 2022/10/03 08:58:03 fetching corpus: 3650, signal 173067/234874 (executing program) 2022/10/03 08:58:03 fetching corpus: 3700, signal 174248/236320 (executing program) 2022/10/03 08:58:03 fetching corpus: 3750, signal 174958/237549 (executing program) 2022/10/03 08:58:03 fetching corpus: 3800, signal 176103/238949 (executing program) 2022/10/03 08:58:03 fetching corpus: 3850, signal 177137/240294 (executing program) 2022/10/03 08:58:03 fetching corpus: 3900, signal 177788/241450 (executing program) 2022/10/03 08:58:04 fetching corpus: 3950, signal 178817/242740 (executing program) 2022/10/03 08:58:04 fetching corpus: 4000, signal 179639/243946 (executing program) 2022/10/03 08:58:04 fetching corpus: 4050, signal 180039/244964 (executing program) 2022/10/03 08:58:04 fetching corpus: 4100, signal 181788/246529 (executing program) 2022/10/03 08:58:04 fetching corpus: 4150, signal 182615/247704 (executing program) 2022/10/03 08:58:04 fetching corpus: 4200, signal 183292/248767 (executing program) 2022/10/03 08:58:04 fetching corpus: 4250, signal 184027/249851 (executing program) 2022/10/03 08:58:04 fetching corpus: 4300, signal 184875/250968 (executing program) 2022/10/03 08:58:04 fetching corpus: 4350, signal 185594/252087 (executing program) 2022/10/03 08:58:05 fetching corpus: 4400, signal 186700/253323 (executing program) 2022/10/03 08:58:05 fetching corpus: 4450, signal 187257/254311 (executing program) 2022/10/03 08:58:05 fetching corpus: 4500, signal 188128/255479 (executing program) 2022/10/03 08:58:05 fetching corpus: 4550, signal 189007/256540 (executing program) 2022/10/03 08:58:05 fetching corpus: 4600, signal 189558/257533 (executing program) 2022/10/03 08:58:05 fetching corpus: 4650, signal 190223/258525 (executing program) 2022/10/03 08:58:05 fetching corpus: 4700, signal 191168/259613 (executing program) 2022/10/03 08:58:05 fetching corpus: 4750, signal 191892/260586 (executing program) 2022/10/03 08:58:06 fetching corpus: 4800, signal 192267/261444 (executing program) 2022/10/03 08:58:06 fetching corpus: 4850, signal 193002/262423 (executing program) 2022/10/03 08:58:06 fetching corpus: 4900, signal 193696/263370 (executing program) 2022/10/03 08:58:06 fetching corpus: 4950, signal 194322/264314 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/265186 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/265879 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/266615 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/267324 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/268011 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/268705 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/269406 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/270122 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/270848 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/271550 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/272255 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/272936 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/273621 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/274322 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/275058 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/275747 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/276454 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/277145 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/277816 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/278542 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/279238 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/279971 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/280693 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/281399 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/282068 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/282797 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/283519 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/284230 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/284937 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/285629 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/286335 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/287004 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/287723 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/288453 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/289130 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/289823 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/290517 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/291230 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/291921 (executing program) 2022/10/03 08:58:06 fetching corpus: 4998, signal 194783/292594 (executing program) 2022/10/03 08:58:07 fetching corpus: 4998, signal 194783/293305 (executing program) 2022/10/03 08:58:07 fetching corpus: 4998, signal 194783/294030 (executing program) 2022/10/03 08:58:07 fetching corpus: 4998, signal 194783/294689 (executing program) 2022/10/03 08:58:07 fetching corpus: 4998, signal 194783/295385 (executing program) 2022/10/03 08:58:07 fetching corpus: 4998, signal 194783/296092 (executing program) 2022/10/03 08:58:07 fetching corpus: 4998, signal 194783/296766 (executing program) 2022/10/03 08:58:07 fetching corpus: 4998, signal 194783/297457 (executing program) 2022/10/03 08:58:07 fetching corpus: 4998, signal 194783/298175 (executing program) 2022/10/03 08:58:07 fetching corpus: 4998, signal 194783/298806 (executing program) 2022/10/03 08:58:07 fetching corpus: 4998, signal 194783/298806 (executing program) 2022/10/03 08:58:09 starting 8 fuzzer processes 08:58:09 executing program 0: sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x7c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x74}, @void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x5}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "d15808f6e2c9f33348caacc409168c5c314df84cc67c3991"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}]]}, 0x7c}, 0x1, 0x0, 0x0, 0x4008010}, 0x40) r0 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x74, r0, 0x8, 0x70bd25, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0xbf}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @remote}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_SECRET={0x8, 0x4, [0xa7]}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x4000840) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x11c, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}]}, 0x11c}, 0x1, 0x0, 0x0, 0x20000080}, 0x20044051) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x28, r1, 0x0, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x15}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x40010) r2 = signalfd(0xffffffffffffffff, &(0x7f0000000600)={[0x7]}, 0x8) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x90001000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x3c, r3, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x4001) ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000000780)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) ioctl$RTC_RD_TIME(r4, 0x80247009, &(0x7f00000007c0)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r4) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000002b80), 0xa0482, 0x0) sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000002cc0)={&(0x7f0000002bc0)={0x10, 0x0, 0x0, 0x9}, 0xc, &(0x7f0000002c80)={&(0x7f0000002c00)={0x54, 0x0, 0x118, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7fff}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x62eb}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x200080c1}, 0x4001) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000002d00)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002d80), r5) sendmsg$NL80211_CMD_DEL_TX_TS(r6, &(0x7f0000002e40)={&(0x7f0000002d40)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000002e00)={&(0x7f0000002dc0)={0x30, r7, 0x1018, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0xe}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x400c4}, 0x44800) ioctl$AUTOFS_DEV_IOCTL_FAIL(r6, 0xc0189377, &(0x7f0000002e80)={{0x1, 0x1, 0x18, r6, {0x9, 0x8}}, './file0/file0\x00'}) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000002f00), r4) sendmsg$BATADV_CMD_SET_MESH(r8, &(0x7f0000003000)={&(0x7f0000002ec0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002fc0)={&(0x7f0000002f40)={0x58, r9, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfffffffb}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfffffffe}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xa2d}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x18000}, 0x24008011) 08:58:09 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x20, 0x2, &(0x7f0000000280)=[{&(0x7f0000000080)="b9a6b48f7a1be5a15ef0f304b8643a2490691ae225d3698906ee4e58b14a52bbee7b52db807e74006411bea64faedd32ba35a0668aa05dc8de708efcb91b40c06aea821beb9e638d15dacb13c1cc7b6228f4cb3e7a7b651c6287671788511bf841988bf60ed0ed0480270bfd06d0f32b2bb08280a0123e777bd20bffd3c58562f0a6991b3f271dfd01599b44ed3ddffed943ac991a5ba66e06ccb8906c1e56815b451e7ca88b2598157b00d40c31db5c82374b252b6f32601fd2143d891ad632d092c4cc9a8695e678ce6e3502580e1cc1d22aa51a9d75eb", 0xd8, 0x61f}, {&(0x7f0000000180)="36e53006529cb3a64424d1bf0f7930098956a17300f364465ce330e8f7ceaaf4a3525b6e26fb298bdb9a5d2e347fe1842155eb234616568d2791a388973d5e333d14866e9e66c919ba22b5d11813cb05da383f3b22f2d55159ddb539134c4c41d34ea175bcdd8ec46e9c38279f9ed21be2391006c1b60f212c768c6f74e54ff8e324d3e75dff1d9a5237072ded038cd1b5ad220a053df240b700eeae6d4264f1559936b385c93275f921b52bc02e3e134975f322cf8d38a6ed40fcb8e4bfe250370dec7aa71f975f8b6e238652884f5eb0476e51a71a6730739e6e664c2c25bd7d731f393c20449661603defbff0", 0xee, 0x100000001}], 0x10000, &(0x7f00000002c0)={[{@uni_xlateno}, {@utf8}], [{@subj_user={'subj_user', 0x3d, ':#{-.*'}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@obj_type={'obj_type', 0x3d, '&'}}, {@smackfsroot={'smackfsroot', 0x3d, '\xc8)('}}]}) ioctl$BTRFS_IOC_SPACE_INFO(r0, 0xc0109414, &(0x7f0000000340)={0x28b, 0x3ff, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) recvfrom(0xffffffffffffffff, &(0x7f0000004080)=""/115, 0x73, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000004100)='./file0\x00', 0x200, 0x40) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000004140)=0x6) fcntl$getown(r1, 0x9) mount_setattr(0xffffffffffffff9c, &(0x7f0000004180)='./file0\x00', 0xa00, &(0x7f00000041c0)={0x100088, 0x8, 0xe0000, {r1}}, 0x20) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000004200)={r1, 0xf72a459, 0x4, 0x2}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f0000004240)={{0x1, 0x1, 0x18, r1, {0xb79}}, './file0/file0\x00'}) ioctl$FS_IOC_GETFLAGS(r3, 0x80086601, &(0x7f0000004280)) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f00000042c0)) dup(0xffffffffffffffff) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000004300)=0x3) r4 = openat(r0, &(0x7f0000004340)='./file0/file0\x00', 0x208000, 0x108) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r2, 0x50009417, &(0x7f0000004380)={{r3}, 0x0, 0xa, @unused=[0x10000, 0x1000, 0x9, 0x5], @subvolid=0x6}) ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000005380)={{0x1, 0x1, 0x18, r3, {0x7ff}}, './file0\x00'}) ioctl$AUTOFS_IOC_SETTIMEOUT(r5, 0x80049367, &(0x7f00000053c0)=0x101) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r4, 0x89f8, &(0x7f0000005480)={'ip6_vti0\x00', &(0x7f0000005400)={'sit0\x00', 0x0, 0x2f, 0xff, 0x0, 0x9, 0xd, @rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @local}, 0x40, 0x10, 0x8000, 0x6}}) setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f00000054c0)={@remote, r6}, 0x14) ioctl$HIDIOCINITREPORT(r4, 0x4805, 0x0) 08:58:09 executing program 2: ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x80000000) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f0000000040)="5987be5f3d1059f189cfbdce6bf0916f957189ef40865bf812b7e0aa43a3d5701572c492a114bee0f5c648f2cccbd0912e0eeb0bbf09361e07a34c0a08439bda1137c79fd93d483edf8170cde8146a03826e4ed3d249c9510a73b83c7a954785e86772e77eeb158e22ce9766b457290ce77750322028fc6b0d3504e7993afee1406fa9ab59eeb27a98fcc95d0084a18458b475665a74921f59732730a7addcdcf5526d5268b32bd32c0349ff2afb6aeddd08a16eb55226c514e58294071a54816e767b930c3937bfd2c50b53d9be60ad72fcabb663d4bddfa539aab4c68c809551fd8e46acc710b911d550f58a1bbdb3a9c66773fd1137cc8cba7e15d2217a98") ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x10, r2, 0x10000000) fcntl$addseals(r0, 0x409, 0x5) fsetxattr(0xffffffffffffffff, &(0x7f0000000180)=@random={'os2.', '\\\x00'}, &(0x7f00000001c0)='-/#%)$\x00', 0x7, 0x0) sendmsg$inet(r2, &(0x7f0000000540)={&(0x7f0000000200)={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000240)="03ac77fd6375998d01d60f0971289f7c157abd228b927c600cc05d5c33b2cdd54f7490277c70b29a2d5e05a4ed895d36", 0x30}, {&(0x7f0000000280)="205747edf16c2829a59220a5c663de1d8c7a3a3765d322a397da32266f5c20b2d9beec527e1fd9839c451aab8b942c16a9429f63ca7a6afd66b8b0d920925947740e", 0x42}, {&(0x7f0000000300)="7b899c7882322e96247cb9dd50fd7f20882e12a0784f9dc3ccf53c3e762073f862e5588cd6", 0x25}, {&(0x7f0000000340)="e6754da7425a53dee56180e1172af51931", 0x11}], 0x4, &(0x7f00000003c0)=[@ip_retopts={{0x38, 0x0, 0x7, {[@ra={0x94, 0x4}, @generic={0x89, 0xb, "d385f2e9ad637eb056"}, @timestamp_addr={0x44, 0x14, 0x6d, 0x1, 0xe, [{@broadcast, 0xffff4a75}, {@local, 0x1}]}, @ra={0x94, 0x4}, @end]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @empty}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_ttl={{0x14, 0x0, 0x2, 0x9}}, @ip_retopts={{0xbc, 0x0, 0x7, {[@ssrr={0x89, 0xf, 0x8, [@rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x12}, @broadcast]}, @ra={0x94, 0x4}, @ssrr={0x89, 0x7, 0x9e, [@rand_addr=0x64010102]}, @timestamp_prespec={0x44, 0x1c, 0xdb, 0x3, 0xd, [{@local, 0x1430}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x401}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x200}]}, @timestamp_addr={0x44, 0x3c, 0x52, 0x1, 0x8, [{@broadcast, 0x1}, {@private=0xa010101, 0x5}, {@multicast1, 0x1ff}, {@private=0xa010102, 0xff}, {@multicast2, 0x5}, {@multicast1, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}]}, @generic={0x94, 0xb, "4686dffa9aa779ff0d"}, @ssrr={0x89, 0x7, 0x7, [@private=0xa010100]}, @cipso={0x86, 0x26, 0x0, [{0x0, 0x12, "1429d1007a531fdd0d9c31a19e14f571"}, {0x2, 0xa, "3c0987e9543bea84"}, {0x0, 0x4, '#}'}]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x80000000}}], 0x160}, 0x4048000) r3 = accept(r0, &(0x7f0000000580)=@can, &(0x7f0000000600)=0x80) r4 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000640), 0x2, 0x0) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000680)={0xfff, 0x5, 0x3, 0x0, 0x0, [{{r3}, 0xfff}, {{r4}, 0x7ff}, {{r1}, 0x9}]}) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r2, 0xf50f, 0x0) fsetxattr$security_capability(r0, &(0x7f0000000700), &(0x7f0000000740)=@v3={0x3000000, [{0xfffff800, 0xb308}, {0x2, 0x5}]}, 0x18, 0x1) listen(r3, 0x1) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000780)=0x5, 0x4) linkat(r0, &(0x7f00000007c0)='./file0\x00', r1, &(0x7f0000000800)='./file0\x00', 0x1000) socketpair(0x29, 0x6, 0xb, &(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x3030}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x58, 0x0, 0x0, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x69}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x5}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000092}, 0x8000) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f00000009c0), 0x4200, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(r7, 0xc0189377, &(0x7f0000000a00)={{0x1, 0x1, 0x18, r6, {0x9, 0x80000000}}, './file0\x00'}) 08:58:09 executing program 3: r0 = add_key(&(0x7f0000000180)='.dead\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000200)="b2439ee7b0f5a832816f36ee7fcfa3b72688d96dbd3f11ffa5652c174f7333f63c47f7590c4cdf2cbc26b2c2cb2a4da8be6a1b90add28cf29613dde18cb7b35caa456f12a69574b17fba9a256fc8e81858842fc9ee464e7c18716b7625b6709179ba40ab920e552d36eaf9d2d8a8a0302cbe4859c25252ce3e592e163c309d1b375931a74a92b06f8f0032ddb1ac9e210bab4baa7d0d398c6e1fe318be6537eea4a0d732de", 0xa5, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="2ac491cfb426f8e39df7461b816bcbb7797fbf8cceff5bbcdcedaff17791170984df8b9c0f19a66587cde686db0e3adeed44ac5cb3f15d58107ad9d25eeac2658300db15e19020f40bd7a1b619d2df99097bfcf3a948694df61b1c4a51f5e54bd4cec6664b224ebb8d46002718736a9ed0591778d41f351179c1ae65ff605b116d054ce1dba6a8b0f0a4438de2a67518ddbcccddcc402072c21a2595e4004a10d41ce463def47f9799695a886761f43a4144c8ab5e6ec87fdef5a69204119905ac107eb1309ff1045fe5be4f48153cdd5d851b13e6456264fbf8", 0xda, r0) r2 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, r0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000340)='.dead\x00', &(0x7f0000000380)=@keyring={'key_or_keyring:', r1}) r3 = add_key$fscrypt_v1(&(0x7f00000003c0), &(0x7f0000000400)={'fscrypt:', @desc4}, &(0x7f0000000440)={0x0, "44243f33ab2152bf42f9620b9f1f0b58556c942d6cd7be3454290254b29f9922a84771090de17aaa7b13c62f711f9190b93853635f6e6c496acd720f873afbc0", 0x38}, 0x48, 0xfffffffffffffffb) r4 = add_key$keyring(&(0x7f0000000580), &(0x7f00000005c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) r5 = add_key(&(0x7f00000004c0)='cifs.idmap\x00', &(0x7f0000000500)={'syz', 0x3}, &(0x7f0000000540)="b123442a", 0x4, r4) r6 = add_key$keyring(&(0x7f0000000600), &(0x7f0000000640)={'syz', 0x1}, 0x0, 0x0, r2) r7 = add_key$keyring(&(0x7f0000000740), &(0x7f0000000780)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r8 = request_key(&(0x7f0000000680)='pkcs7_test\x00', &(0x7f00000006c0)={'syz', 0x0}, &(0x7f0000000700)='\x00', r7) r9 = add_key(&(0x7f00000007c0)='rxrpc\x00', &(0x7f0000000800)={'syz', 0x3}, &(0x7f0000000840)="8b4c7dfd9ac28743e97ff2c8baadf9d08c3e2872d9c9c58d0acb4efde5fd1698ed7a08e64ba938619c354e1a9d42f6571226eef13126b8b8ec26d11b7c96091bbe48697e73351ca1ef55201551b2366b3c1cc828b8d9799e8f", 0x59, r8) r10 = add_key$keyring(&(0x7f00000008c0), &(0x7f0000000900)={'syz', 0x1}, 0x0, 0x0, r5) keyctl$KEYCTL_MOVE(0x1e, r9, r6, r10, 0x1) r11 = add_key(&(0x7f00000009c0)='encrypted\x00', &(0x7f0000000a00)={'syz', 0x0}, &(0x7f0000000a40)="cdf03fdadc0a1630d0aa04a243ddb08beee721eb9e46884854e6a23439b7269e399d73348a51ad49c2f1a621a455492aa38f2b769dc218856065b638e560127892c56adfbb836254e31b044038cce535a0a93213", 0x54, r9) add_key$keyring(&(0x7f0000000940), &(0x7f0000000980)={'syz', 0x1}, 0x0, 0x0, r11) keyctl$unlink(0x9, r10, r3) r12 = add_key$keyring(&(0x7f0000000b80), &(0x7f0000000bc0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) add_key$fscrypt_provisioning(&(0x7f0000000ac0), &(0x7f0000000b00)={'syz', 0x1}, &(0x7f0000000b40)={0x1, 0x0, @c}, 0x29, r12) fstat(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) keyctl$chown(0x4, r0, 0xee01, r13) [ 76.005592] audit: type=1400 audit(1664787489.722:6): avc: denied { execmem } for pid=295 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:58:09 executing program 4: r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x286280, 0x0) ioctl$CDROMRESUME(r0, 0x5302) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) ioctl$CDROM_SET_OPTIONS(r1, 0x5320, 0x3) ioctl$CDROMSUBCHNL(r1, 0x530b, &(0x7f0000000080)={0x2, 0x4c, 0x4, 0xf, 0xd3, 0x3e, @msf={0xd4, 0x1, 0x9}, @lba=0x2}) ioctl$CDROM_LOCKDOOR(r1, 0x5329, 0x0) ioctl$DVD_AUTH(r0, 0x5390, &(0x7f00000000c0)=@lsasf={0x8, 0x1}) r2 = syz_io_uring_setup(0x216a, &(0x7f0000000100)={0x0, 0x25bc, 0x0, 0x3, 0x169, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000180), &(0x7f00000001c0)=0x0) r4 = accept4$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10, 0x80800) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000280)=[r0, 0xffffffffffffffff, r4, r0, r0, r0, r0], 0x7) r5 = eventfd2(0x0, 0x81000) ioctl$BTRFS_IOC_START_SYNC(r5, 0x80089418, &(0x7f00000002c0)) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000300), 0x480, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000340)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) fsetxattr$trusted_overlay_upper(r6, &(0x7f0000000380), &(0x7f00000003c0)={0x0, 0xfb, 0xb4, 0x0, 0xc4, "e201f5f5ab9c190b8de92de5cf3b077f", "aca6b61a1921f89e4a470202b50f65292c7dcd3651418d6127acf5a1174fd8f483c74bfb62d4e3517a7b088ea610371a9865b7a5585bb7b96d5d8494fba05db714f9044057407f00ac40848ce75e6afee5d4a1b4fbf1f76cbd1765f2aa57aec2683ca3f1125693e09b48a1bd2bae67de92ac075411464f3715e7eba0929f2dcf55b810332f4a48c79a28942d49e180364bb6d46ff2fce72f14fb4eb5dbf266"}, 0xb4, 0x3) finit_module(r5, &(0x7f0000000480)='/dev/cdrom\x00', 0x3) ioctl$CDROMSEEK(r1, 0x5316, &(0x7f00000004c0)={0x11, 0x3f, 0x4, 0xe0, 0x1, 0x2}) syz_io_uring_setup(0x2847, &(0x7f0000000500)={0x0, 0xcb96, 0x20, 0x3, 0x2db, 0x0, r2}, &(0x7f0000ff6000/0x9000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000580)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r7, r3, &(0x7f0000000640)=@IORING_OP_OPENAT={0x12, 0x5, 0x0, r1, 0x0, &(0x7f0000000600)='./file0\x00', 0x6, 0x4000, 0x12345}, 0x7) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0) 08:58:09 executing program 5: sendmsg$NL80211_CMD_TDLS_OPER(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x200, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x4088) r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xc07caf0c3b55ecec}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x34, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x20000) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000240)) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r0, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4820091}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x120, 0x0, 0x400, 0x70bd29, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0xdc}, {0x6, 0x11, 0x101}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x3}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8}, {0x6, 0x11, 0x800}}]}, 0x120}, 0x1, 0x0, 0x0, 0x840}, 0x4) ioctl$KDGETMODE(r0, 0x4b3b, &(0x7f00000004c0)) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000500)=0x3, 0x4) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000540)={0x5d}, 0x4) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000580), 0x109040, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f00000005c0)={0x4, 0xfffffffe, 0xfffffffd, 0x82ed, 0x9, "bae12569cf1ab9afa133eeabc42d401b25e2c1"}) sendmsg$SOCK_DESTROY(r0, &(0x7f0000000c00)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000640)={0x558, 0x15, 0x20, 0x70bd25, 0x25dfdbfb, {0x26, 0x8}, [@INET_DIAG_REQ_BYTECODE={0x25, 0x1, "9decb8e47c507e14811fef88a64b5e3fbd33f99bc3ee6d80f176ecd3dc2cc1954a"}, @INET_DIAG_REQ_BYTECODE={0xd6, 0x1, "be2c0e35f5aa60a1b3592942d3c19b0ee4e156d4923ed8f747881c6de2838892a5700ac305b6f6e5b9429932c42a33cd01c3fb24b5b8fb7e0da988560aafa6bef1b1b601098530ce9144fc638399b209e5874ac29b30d1673e73567a3eee1735d04e43424b6c30151fd316c2daeb3590e4dc6ed2afb9fd4aee137075c8e53b53227175ae178440b3ddfec814a444ceb3c8c9630ba4b16ec9dd913ca49fa80cd640f041f2003cc601bcd4e57e0063eca114b449a8eae1d9f8558ed3bde64c0d4603045261d33b6c9c56aba7e65fe3af80ed9d"}, @INET_DIAG_REQ_BYTECODE={0xb7, 0x1, "76d653c406d4e0f5366353eefb119777a2bbc3bcf8d50ed95b02e93c0db2bdaca2a15752537cdf8a925432d5b8ff09892db80fca6ffbd3d9c2abfa56f4150fd30627e540caf384a42fd63cae9fa9f37dcdadc159265aac4781afdec5b4937b8ec30c702c3111495dc3a0b88b9a7493923f07fa163ac35fc46e715943ed131000bb7ce314a98b573dfc4dad157cd73b18ac748f47f72446c3c02dc50083406b3a9b520f58677c5c1cb00d25e17bb1392a38b6c2"}, @INET_DIAG_REQ_BYTECODE={0x103, 0x1, "767be71c6909d423ccc9263e21f785c183792dfd5513e45fdaf1f3933d9d4597b232b6a3317ebe5fd9a48f9a774d4d6510622d30e2f7a1e587767ce3a52a11d0dca58979221cdd32e93f742410e705b4428bcd763b5d4c1da22b53617a5352db7e274d1ba63c6d4c7c3f7e9d1e3fddf414b18a6ffc5e82d9e3bc7d34150402193bb14ed8c4a254864363a0c7e36746ce82071f52de0a6f70804a32dd8dd4c391fc992959e207141ab966a6d677d8c1c8a09e676c00f2bb4bf7050cf0207eca4f398c8b67c63529dc0e0b05c1f8951df17ca74fee4eb5c45ae5beb6d5449a3c1f53213f5454cf83a0c8e271ca7fb7eb34caf1cab77926247c3485d4829b495d"}, @INET_DIAG_REQ_BYTECODE={0x7b, 0x1, "2f47d3c10ccd30ab4b97a7b577846d4c389a181f2f4cbff12bdc0d0c45145ecfbc5257b6552fe2ab736d94daf47d22d3479d92759c7e7bd0083129d4e312e72e2ce5b455fc3f611ff94c82458abc0db9d6f9dbfafde4b8f3c3afcf174e2f7fe4043bde5947cafb6e5094431d712889e1a7f84131fb3fe2"}, @INET_DIAG_REQ_BYTECODE={0xc1, 0x1, "9b6b48f4b310aca0a2c9425b08066b9d848a4560f8ff2e29c383766354e38d475e3fa0918045c4445006be830b27e4ea953af15aa9d0de755f7be45134c3b2ddab1929ad955ca3495988d0aa111f820f448b714f63e1ebd87a0195d158c8ebd39c64fe22bcec3f2589aa5ae9c9125c02c1e847d29c31612209cb77c6389b1290a65e3307ea31ec61b6e5ccf90dfd9737cc4f2c096e4fced747908f70b90900f964987e4df317fc34d8d8172f282aba22c2eb99e769c6e7fd4c54286e33"}, @INET_DIAG_REQ_BYTECODE={0x92, 0x1, "0de3f0a2ce03fbd7edb83f4fb55fc32158659b77d601cb0814f9c2fd2da725178ef9c5a4203c06b078853348454b8592c86316cf4dda0799b4e74675d4155a07a007d2e5c196b62fd72564f56bed7e62eada3b87288448f3532ce4abf516a6a62392e13fa24ed36b7b18976e5bbd999dedae227117a6cb5a105f894e31053b775ea6250f5c137dbac24548753c4d"}, @INET_DIAG_REQ_BYTECODE={0x1c, 0x1, "207e6f8dd2c34cd0d1e8092dc5d6a7458b9f5d68dba0dbd0"}, @INET_DIAG_REQ_BYTECODE={0x96, 0x1, "3c367103177e1d7ac5ac855ca3f05bec559707f980a4388fd93979fca751ee53e137f852d6649749478a239f938555e57c5ad4983f26ac6136b050e8b34e42a7d9d5b20a1d72534e7b4bfa7617ba1d8732a958c8cb0b14a2fd8d2592f1e4b38a187576519e4535cc63712b4fd6f2682c26a84406ad17a0bbae3a819af35db1a619f5f1e02d318d8591785ca31b42e4201a6b"}]}, 0x558}, 0x1, 0x0, 0x0, 0x4811}, 0x40010) shutdown(r0, 0x1) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x0) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f0000000d00)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x2c, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x7f}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xe}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48000}, 0x4000050) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d80), r0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f0000000e80)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000e40)={&(0x7f0000000dc0)={0x64, r2, 0x20, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x5e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x53}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x1e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x36}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x888}, 0x4040000) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f00), r1) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000001040)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001000)={&(0x7f0000000f40)={0x8c, r3, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_REG_RULES={0x70, 0x22, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x2}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x2}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x9}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x8}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xfffffff7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x3}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xd3}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x800}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x6}]}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x28801}, 0x0) r4 = openat(r0, &(0x7f0000001080)='./file0\x00', 0x42, 0x42) sendmsg$AUDIT_TTY_GET(r4, &(0x7f0000001180)={&(0x7f00000010c0), 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x10, 0x3f8, 0x800, 0x70bd29, 0x25dfdbfc, "", ["", "", "", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x80}, 0x4001) 08:58:09 executing program 7: ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) sendmsg$unix(r1, &(0x7f00000004c0)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000100)="4d7697d394b4128d5d6bc466bbd2b3c13cdfd0910fe597f9044276a234d7eeee26ed73b01579c30da6defd6379dec0cb795f6e4e306e8118d8e325d2d92693f8801605b5a10e64481a4976c9792fe2b00018aec630c3f232b916e82a813ecc1018a4957cbcc7b8188cb6a44576cdcced7d7a7542165d7c1c2c49688b4dbb0566928180e9700ae3683cbaeaeee0240b2dbd116331fe806529e35a45f795", 0x9d}, {&(0x7f00000001c0)="aa4bbe5070d59cd309f4f5973d9d294d977238ede60fe99eb12bf89988194e8f30ca1cc95d0333e8cfc76deb2d4504e92962274b967b16baa98c1b8a468689f7ff7c1c12cdb797a7f6ab048b883c3ed493e6ebe6a17242848d3d4730cd52942a00f02b64780f16de89dcc40e3171aedf684a196bed85b832347e8cf11d85db0ef395f80c74e8f50c47074c04c0b1cffe0d51a98a4c2704d2756b9c889fa11be5b19ff51309cdba87213cc6f25ee99439073104d6bdd46f65acd7b71200c33b86965ad0ff4d2a81f46dc411cfb2f3", 0xce}, {&(0x7f00000002c0)="7895b10b2dd32f6c9b42048ef2252889861662e6af5bc891a34da42e9623e19ef0e11f3863a00cc3925802f88bba95aec5c4068131209895e927a6f4a72648dd7b32fc7c6294aa506dbda4283798c435460a5ac9c16b1dda2d03a83aeb8b6f36280efdda28d9de2aa74bac28e0b02cb30c9bdfebb027b78518e7e324b37a200d74e504e0d5092b521d79ba7e48ff053c98d42761a862e004a17a1f85f3a33e4d938e68d4571f41b85cb06034b0ac68e33d582cdbe5275ffc15817f7223150981", 0xc0}, {&(0x7f0000000380)="48de0cc784e7ef438a6531280b1d5d56fd77c4b1244c9716a27779a94911b07a9dfb040de21a241b2ebb87e1b09f05998bd062ccd1713e72e5b484786666ece0e4e5248636e36746a7a1e292ec3429aa2bcf3b7a0e69febbe34fbd9f88f7d547d067c734acb67627cbc18ea4f7a3a6832d9cabba56395bd231da3bbaad5c8bf4ca7463daae7e13a8e4c1b83eec72f7eec4347b2061f5b23471f525163faa8821b845dd986743b950643f521df1b7127e07bd91159914952cd1330e6e3e173e995f51d90b12ca0f7c6a8d82256bccc555da7da9122047b5b757a89597787586bb364a47130cfd3a0339d382d3096a", 0xee}], 0x4, 0x0, 0x0, 0x800}, 0x4000) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f0000000500)={{0x1, 0x1, 0x18, r1, {0x7}}, './file0\x00'}) setns(r1, 0x10000000) r3 = gettid() getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000006c0)={{{@in=@initdev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6=@loopback}}, &(0x7f00000007c0)=0xe8) recvmsg$unix(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/126, 0x7e}, {&(0x7f0000000880)=""/93, 0x5d}, {&(0x7f0000000900)=""/101, 0x65}, {&(0x7f0000000980)=""/32, 0x20}], 0x4, &(0x7f0000000a00)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x88}, 0x40012023) r9 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000b00), 0x10100, 0x0) r10 = syz_open_pts(r1, 0x208040) sendmsg$unix(r1, &(0x7f0000000c40)={&(0x7f0000000540)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000000680)=[{&(0x7f00000005c0)="da8eeaa628558cdd9bf02cca0af21f4302974b5d625bf8c0c2780d5f7361c8daf16c8d83e827f776a0efe396be75d22fa1b0e5aaf29d5cfe346f3f7e0bde158aefe97072a9d4115ffb96d5fc7963589d0158920d4c5c956c61d2157e5cd81f4c68d09ebf4ec69b50c078b78123031b9764e7bca3f94126971eae9c560c6ed1140e6e3cb4e8e7e68820f00ed2d64ae2a7ca55a7f1168eb88bc8bc33031ec0ca80e96ff43970042490d55fa09dc941b86e27f97fde", 0xb4}], 0x1, &(0x7f0000000b40)=[@rights={{0x10}}, @cred={{0x1c, 0x1, 0x2, {r3, r4}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r5, 0xee01}}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [r9]}}, @rights={{0x20, 0x1, 0x1, [r2, r10, r0, r1]}}], 0xc8, 0x8010}, 0x40890) r11 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r11, 0x81f8943c, &(0x7f0000000c80)) syncfs(r9) accept$unix(r1, &(0x7f0000000e80), &(0x7f0000000f00)=0x6e) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000f40)={{0x1, 0x1, 0x18, r8, {0x6}}, './file0\x00'}) setsockopt$bt_l2cap_L2CAP_LM(r6, 0x6, 0x3, &(0x7f0000000f80)=0x42, 0x4) setsockopt$bt_l2cap_L2CAP_LM(r7, 0x6, 0x3, &(0x7f0000000fc0), 0x4) sendfile(r8, r0, 0x0, 0x8001) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000001040), &(0x7f0000001080)=0x4) 08:58:09 executing program 6: r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000000)={0x6, 0x8}) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000040)={0x0, 0x0, 0x884}) r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x4e041, 0x0) write(r1, &(0x7f00000000c0)="2c8f61f78d37dca30afd4604984ff1b1d2b37553e26eef8d1ce04e13684890c22e1119bb703b0634038d378012d3b0132c47535b25138c6fed73b1cda87cc1fbb088e3b6f6558d59d85d1e09170dc8dd5beab5d5259861ec4c6ff9f05d430e31955bb047c46fd1f1598efa3fb2569813e490e685bbab8b", 0x77) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000004, 0x1010, r0, 0x0) io_uring_enter(r0, 0x1586, 0xa9d7, 0x3, &(0x7f0000000140)={[0x8000]}, 0x8) r3 = syz_io_uring_setup(0x12fa, &(0x7f0000000180)={0x0, 0x32a3, 0x8, 0x3, 0x19, 0x0, r0}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000240)=0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r3, 0x40309410, &(0x7f0000000280)={0x3, 0x1, 0x2, 0x1ff, 0x10da3096a32c08d2, [0x1, 0x480, 0x81, 0x6]}) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x4, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, {0x5230}, 0x0, {0x0, r5}}, 0x217a) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000300), 0x300, 0x0) dup3(r6, r3, 0x0) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000340), 0x2, 0x0) waitid(0x1, 0x0, &(0x7f00000003c0), 0x2, &(0x7f0000000440)) r7 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000500), 0x200, 0x0) ioctl$CDROM_LAST_WRITTEN(r7, 0x5395, &(0x7f0000000540)) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000580)) [ 77.324735] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.328615] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.330542] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.333797] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.336645] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.338438] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.343438] Bluetooth: hci0: HCI_REQ-0x0c1a [ 77.375242] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.377301] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.379524] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.382229] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.383956] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.387547] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.389155] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.392445] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 77.394390] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.395913] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.398884] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.405863] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.415521] Bluetooth: hci2: HCI_REQ-0x0c1a [ 77.419540] Bluetooth: hci1: HCI_REQ-0x0c1a [ 77.466028] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 77.468137] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 77.469754] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 77.475502] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.477117] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 77.478555] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 77.483708] Bluetooth: hci6: HCI_REQ-0x0c1a [ 77.539049] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.541784] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.544850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.546497] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.548266] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 77.551578] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.553063] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.554611] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 77.558045] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 77.560183] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 77.561325] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.562898] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 77.567912] Bluetooth: hci5: HCI_REQ-0x0c1a [ 77.582175] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.593593] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.594884] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 77.597593] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 77.598831] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.600198] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.605671] Bluetooth: hci7: HCI_REQ-0x0c1a [ 77.612511] Bluetooth: hci3: HCI_REQ-0x0c1a [ 79.437155] Bluetooth: hci0: command 0x0409 tx timeout [ 79.487927] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 79.489101] Bluetooth: hci2: command 0x0409 tx timeout [ 79.489743] Bluetooth: hci1: command 0x0409 tx timeout [ 79.539408] Bluetooth: hci6: command 0x0409 tx timeout [ 79.603449] Bluetooth: hci5: command 0x0409 tx timeout [ 79.667474] Bluetooth: hci3: command 0x0409 tx timeout [ 79.668158] Bluetooth: hci7: command 0x0409 tx timeout [ 81.459469] Bluetooth: hci0: command 0x041b tx timeout [ 81.524008] Bluetooth: hci1: command 0x041b tx timeout [ 81.524870] Bluetooth: hci2: command 0x041b tx timeout [ 81.587426] Bluetooth: hci6: command 0x041b tx timeout [ 81.651547] Bluetooth: hci5: command 0x041b tx timeout [ 81.715514] Bluetooth: hci7: command 0x041b tx timeout [ 81.716291] Bluetooth: hci3: command 0x041b tx timeout [ 82.553087] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 82.555280] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 82.557041] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 82.562304] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 82.566593] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 82.567968] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 82.575165] Bluetooth: hci4: HCI_REQ-0x0c1a [ 83.507398] Bluetooth: hci0: command 0x040f tx timeout [ 83.571851] Bluetooth: hci2: command 0x040f tx timeout [ 83.572383] Bluetooth: hci1: command 0x040f tx timeout [ 83.635492] Bluetooth: hci6: command 0x040f tx timeout [ 83.699378] Bluetooth: hci5: command 0x040f tx timeout [ 83.763407] Bluetooth: hci3: command 0x040f tx timeout [ 83.763838] Bluetooth: hci7: command 0x040f tx timeout [ 84.595415] Bluetooth: hci4: command 0x0409 tx timeout [ 85.555399] Bluetooth: hci0: command 0x0419 tx timeout [ 85.619507] Bluetooth: hci1: command 0x0419 tx timeout [ 85.620662] Bluetooth: hci2: command 0x0419 tx timeout [ 85.683514] Bluetooth: hci6: command 0x0419 tx timeout [ 85.747475] Bluetooth: hci5: command 0x0419 tx timeout [ 85.812330] Bluetooth: hci7: command 0x0419 tx timeout [ 85.813404] Bluetooth: hci3: command 0x0419 tx timeout [ 86.643466] Bluetooth: hci4: command 0x041b tx timeout [ 88.691381] Bluetooth: hci4: command 0x040f tx timeout [ 90.739507] Bluetooth: hci4: command 0x0419 tx timeout 08:59:08 executing program 7: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x7f, 0x7f, 0x4, 0x3e, 0x0, 0x7ff, 0x28, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x401, 0x0, @perf_config_ext={0x2cd, 0xfffffffffffffffa}, 0x43002, 0x64b2, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x80000001}, 0x0, 0xf, r2, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r3) r4 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r4, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r4, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) [ 135.116540] audit: type=1400 audit(1664787548.833:7): avc: denied { open } for pid=3751 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 135.118632] audit: type=1400 audit(1664787548.833:8): avc: denied { write } for pid=3750 comm="syz-executor.6" name="task" dev="proc" ino=13728 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1 [ 135.120853] audit: type=1400 audit(1664787548.833:9): avc: denied { kernel } for pid=3751 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 135.126983] audit: type=1400 audit(1664787548.833:10): avc: denied { add_name } for pid=3750 comm="syz-executor.6" name="3753" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1 [ 135.134227] audit: type=1400 audit(1664787548.841:11): avc: denied { create } for pid=3750 comm="syz-executor.6" name="3753" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:kernel_t:s0 tclass=file permissive=1 [ 135.142876] ------------[ cut here ]------------ [ 135.142896] [ 135.142899] ====================================================== [ 135.142902] WARNING: possible circular locking dependency detected [ 135.142906] 6.0.0-rc7-next-20220930 #1 Not tainted [ 135.142912] ------------------------------------------------------ [ 135.142915] syz-executor.7/3754 is trying to acquire lock: [ 135.142922] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 135.142962] [ 135.142962] but task is already holding lock: [ 135.142965] ffff88800ece5820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 135.142991] [ 135.142991] which lock already depends on the new lock. [ 135.142991] [ 135.142994] [ 135.142994] the existing dependency chain (in reverse order) is: [ 135.142998] [ 135.142998] -> #3 (&ctx->lock){....}-{2:2}: [ 135.143011] _raw_spin_lock+0x2a/0x40 [ 135.143023] __perf_event_task_sched_out+0x53b/0x18d0 [ 135.143034] __schedule+0xedd/0x2470 [ 135.143048] preempt_schedule_common+0x45/0xc0 [ 135.143062] __cond_resched+0x17/0x30 [ 135.143076] __mutex_lock+0xa3/0x14d0 [ 135.143091] __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.143102] do_syscall_64+0x3b/0x90 [ 135.143120] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.143133] [ 135.143133] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 135.143146] _raw_spin_lock_nested+0x30/0x40 [ 135.143157] raw_spin_rq_lock_nested+0x1e/0x30 [ 135.143170] task_fork_fair+0x63/0x4d0 [ 135.143187] sched_cgroup_fork+0x3d0/0x540 [ 135.143201] copy_process+0x4183/0x6e20 [ 135.143212] kernel_clone+0xe7/0x890 [ 135.143221] user_mode_thread+0xad/0xf0 [ 135.143231] rest_init+0x24/0x250 [ 135.143243] arch_call_rest_init+0xf/0x14 [ 135.143261] start_kernel+0x4c6/0x4eb [ 135.143276] secondary_startup_64_no_verify+0xe0/0xeb [ 135.143290] [ 135.143290] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 135.143304] _raw_spin_lock_irqsave+0x39/0x60 [ 135.143314] try_to_wake_up+0xab/0x1930 [ 135.143330] up+0x75/0xb0 [ 135.143344] __up_console_sem+0x6e/0x80 [ 135.143360] console_unlock+0x46a/0x590 [ 135.143375] vt_ioctl+0x2822/0x2ca0 [ 135.143388] tty_ioctl+0x785/0x16b0 [ 135.143398] __x64_sys_ioctl+0x19a/0x210 [ 135.143412] do_syscall_64+0x3b/0x90 [ 135.143428] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.143457] [ 135.143457] -> #0 ((console_sem).lock){....}-{2:2}: [ 135.143470] __lock_acquire+0x2a02/0x5e70 [ 135.143487] lock_acquire+0x1a2/0x530 [ 135.143503] _raw_spin_lock_irqsave+0x39/0x60 [ 135.143514] down_trylock+0xe/0x70 [ 135.143528] __down_trylock_console_sem+0x3b/0xd0 [ 135.143544] vprintk_emit+0x16b/0x560 [ 135.143560] vprintk+0x84/0xa0 [ 135.143575] _printk+0xba/0xf1 [ 135.143587] report_bug.cold+0x72/0xab [ 135.143603] handle_bug+0x3c/0x70 [ 135.143619] exc_invalid_op+0x14/0x50 [ 135.143635] asm_exc_invalid_op+0x16/0x20 [ 135.143647] group_sched_out.part.0+0x2c7/0x460 [ 135.143665] ctx_sched_out+0x8f1/0xc10 [ 135.143682] __perf_event_task_sched_out+0x6d0/0x18d0 [ 135.143692] __schedule+0xedd/0x2470 [ 135.143706] preempt_schedule_common+0x45/0xc0 [ 135.143721] __cond_resched+0x17/0x30 [ 135.143734] __mutex_lock+0xa3/0x14d0 [ 135.143749] __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.143760] do_syscall_64+0x3b/0x90 [ 135.143776] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.143789] [ 135.143789] other info that might help us debug this: [ 135.143789] [ 135.143791] Chain exists of: [ 135.143791] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 135.143791] [ 135.143806] Possible unsafe locking scenario: [ 135.143806] [ 135.143808] CPU0 CPU1 [ 135.143811] ---- ---- [ 135.143813] lock(&ctx->lock); [ 135.143819] lock(&rq->__lock); [ 135.143825] lock(&ctx->lock); [ 135.143831] lock((console_sem).lock); [ 135.143837] [ 135.143837] *** DEADLOCK *** [ 135.143837] [ 135.143839] 2 locks held by syz-executor.7/3754: [ 135.143846] #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 135.143875] #1: ffff88800ece5820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 135.143901] [ 135.143901] stack backtrace: [ 135.143904] CPU: 1 PID: 3754 Comm: syz-executor.7 Not tainted 6.0.0-rc7-next-20220930 #1 [ 135.143916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 135.143924] Call Trace: [ 135.143927] [ 135.143931] dump_stack_lvl+0x8b/0xb3 [ 135.143949] check_noncircular+0x263/0x2e0 [ 135.143965] ? format_decode+0x26c/0xb50 [ 135.143982] ? print_circular_bug+0x450/0x450 [ 135.143998] ? simple_strtoul+0x30/0x30 [ 135.144014] ? lock_release+0x547/0x750 [ 135.144030] ? format_decode+0x26c/0xb50 [ 135.144047] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 135.144064] __lock_acquire+0x2a02/0x5e70 [ 135.144086] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 135.144108] lock_acquire+0x1a2/0x530 [ 135.144124] ? down_trylock+0xe/0x70 [ 135.144141] ? lock_release+0x750/0x750 [ 135.144161] ? vprintk+0x84/0xa0 [ 135.144179] _raw_spin_lock_irqsave+0x39/0x60 [ 135.144190] ? down_trylock+0xe/0x70 [ 135.144206] down_trylock+0xe/0x70 [ 135.144222] ? vprintk+0x84/0xa0 [ 135.144238] __down_trylock_console_sem+0x3b/0xd0 [ 135.144255] vprintk_emit+0x16b/0x560 [ 135.144274] vprintk+0x84/0xa0 [ 135.144291] _printk+0xba/0xf1 [ 135.144302] ? record_print_text.cold+0x16/0x16 [ 135.144318] ? report_bug.cold+0x66/0xab [ 135.144335] ? group_sched_out.part.0+0x2c7/0x460 [ 135.144354] report_bug.cold+0x72/0xab [ 135.144372] handle_bug+0x3c/0x70 [ 135.144389] exc_invalid_op+0x14/0x50 [ 135.144407] asm_exc_invalid_op+0x16/0x20 [ 135.144420] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 135.144440] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 135.144451] RSP: 0018:ffff8880188f7978 EFLAGS: 00010006 [ 135.144460] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 135.144468] RDX: ffff88800f753580 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 135.144475] RBP: ffff8880189c8000 R08: 0000000000000005 R09: 0000000000000001 [ 135.144483] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800ece5800 [ 135.144491] R13: ffff88806cf3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 135.144501] ? group_sched_out.part.0+0x2c7/0x460 [ 135.144521] ? group_sched_out.part.0+0x2c7/0x460 [ 135.144541] ctx_sched_out+0x8f1/0xc10 [ 135.144560] __perf_event_task_sched_out+0x6d0/0x18d0 [ 135.144574] ? lock_is_held_type+0xd7/0x130 [ 135.144587] ? __perf_cgroup_move+0x160/0x160 [ 135.144598] ? set_next_entity+0x304/0x550 [ 135.144615] ? update_curr+0x267/0x740 [ 135.144634] ? lock_is_held_type+0xd7/0x130 [ 135.144647] __schedule+0xedd/0x2470 [ 135.144664] ? io_schedule_timeout+0x150/0x150 [ 135.144679] ? find_held_lock+0x2c/0x110 [ 135.144695] ? lock_is_held_type+0xd7/0x130 [ 135.144708] ? __cond_resched+0x17/0x30 [ 135.144723] preempt_schedule_common+0x45/0xc0 [ 135.144740] __cond_resched+0x17/0x30 [ 135.144754] __mutex_lock+0xa3/0x14d0 [ 135.144771] ? lock_is_held_type+0xd7/0x130 [ 135.144783] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.144796] ? mutex_lock_io_nested+0x1310/0x1310 [ 135.144813] ? lock_release+0x3b2/0x750 [ 135.144830] ? __up_read+0x192/0x730 [ 135.144845] ? up_write+0x520/0x520 [ 135.144859] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 135.144873] __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.144888] ? __up_read+0x192/0x730 [ 135.144901] ? perf_compat_ioctl+0x130/0x130 [ 135.144913] ? up_write+0x520/0x520 [ 135.144931] ? syscall_enter_from_user_mode+0x1d/0x50 [ 135.144944] ? syscall_enter_from_user_mode+0x1d/0x50 [ 135.144960] do_syscall_64+0x3b/0x90 [ 135.144977] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.144990] RIP: 0033:0x7ff37a5e5b19 [ 135.144998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 135.145009] RSP: 002b:00007ff377b5b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 135.145020] RAX: ffffffffffffffda RBX: 00007ff37a6f8f60 RCX: 00007ff37a5e5b19 [ 135.145028] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000080 [ 135.145035] RBP: 00007ff37a63ff6d R08: 0000000000000000 R09: 0000000000000000 [ 135.145042] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 135.145049] R13: 00007fff27cdf1df R14: 00007ff377b5b300 R15: 0000000000022000 [ 135.145061] [ 135.204909] WARNING: CPU: 1 PID: 3754 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 135.205538] Modules linked in: [ 135.205765] CPU: 1 PID: 3754 Comm: syz-executor.7 Not tainted 6.0.0-rc7-next-20220930 #1 [ 135.206306] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 135.207052] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 135.207428] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 135.208641] RSP: 0018:ffff8880188f7978 EFLAGS: 00010006 [ 135.209005] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 135.209487] RDX: ffff88800f753580 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 135.209965] RBP: ffff8880189c8000 R08: 0000000000000005 R09: 0000000000000001 [ 135.210440] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800ece5800 [ 135.210921] R13: ffff88806cf3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 135.211400] FS: 00007ff377b5b700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 135.211956] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.212353] CR2: 00005644ff0760e0 CR3: 00000000201c0000 CR4: 0000000000350ee0 [ 135.212837] Call Trace: [ 135.213018] [ 135.213179] ctx_sched_out+0x8f1/0xc10 [ 135.213458] __perf_event_task_sched_out+0x6d0/0x18d0 [ 135.213809] ? lock_is_held_type+0xd7/0x130 [ 135.214112] ? __perf_cgroup_move+0x160/0x160 [ 135.214421] ? set_next_entity+0x304/0x550 [ 135.214719] ? update_curr+0x267/0x740 [ 135.214996] ? lock_is_held_type+0xd7/0x130 [ 135.215299] __schedule+0xedd/0x2470 [ 135.215582] ? io_schedule_timeout+0x150/0x150 [ 135.215899] ? find_held_lock+0x2c/0x110 [ 135.216188] ? lock_is_held_type+0xd7/0x130 [ 135.216484] ? __cond_resched+0x17/0x30 [ 135.216765] preempt_schedule_common+0x45/0xc0 [ 135.217086] __cond_resched+0x17/0x30 [ 135.217355] __mutex_lock+0xa3/0x14d0 [ 135.217623] ? lock_is_held_type+0xd7/0x130 [ 135.217918] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.218273] ? mutex_lock_io_nested+0x1310/0x1310 [ 135.218611] ? lock_release+0x3b2/0x750 [ 135.218895] ? __up_read+0x192/0x730 [ 135.219159] ? up_write+0x520/0x520 [ 135.219420] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 135.219779] __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.220122] ? __up_read+0x192/0x730 [ 135.220384] ? perf_compat_ioctl+0x130/0x130 [ 135.220689] ? up_write+0x520/0x520 [ 135.220954] ? syscall_enter_from_user_mode+0x1d/0x50 [ 135.221307] ? syscall_enter_from_user_mode+0x1d/0x50 [ 135.221662] do_syscall_64+0x3b/0x90 [ 135.221931] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.222285] RIP: 0033:0x7ff37a5e5b19 [ 135.222542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 135.223760] RSP: 002b:00007ff377b5b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 135.224268] RAX: ffffffffffffffda RBX: 00007ff37a6f8f60 RCX: 00007ff37a5e5b19 [ 135.224748] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000080 [ 135.225226] RBP: 00007ff37a63ff6d R08: 0000000000000000 R09: 0000000000000000 [ 135.225707] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 135.226186] R13: 00007fff27cdf1df R14: 00007ff377b5b300 R15: 0000000000022000 [ 135.226669] [ 135.226835] irq event stamp: 920 [ 135.227063] hardirqs last enabled at (919): [] _raw_spin_unlock_irqrestore+0x28/0x60 [ 135.227702] hardirqs last disabled at (920): [] __schedule+0x1225/0x2470 [ 135.228264] softirqs last enabled at (662): [] __irq_exit_rcu+0x11b/0x180 [ 135.228836] softirqs last disabled at (653): [] __irq_exit_rcu+0x11b/0x180 [ 135.229407] ---[ end trace 0000000000000000 ]--- 08:59:09 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="00000000000000005e4d57d9cf66696c"]) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r1, 0xa015000) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = io_uring_setup(0x454c, &(0x7f0000000240)={0x0, 0xffffffff, 0x4, 0x3}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x11, 0x0, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="05ff232ef592436bf2d97aa1", 0xe}, {&(0x7f0000000100)="9f", 0x1}, {&(0x7f00000002c0)='^', 0x1}], 0x3, 0x0, 0x0, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, &(0x7f00000001c0)) sendfile(r3, r0, 0x0, 0xfffffdef) [ 135.377665] loop6: detected capacity change from 0 to 40 08:59:09 executing program 7: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x7f, 0x7f, 0x4, 0x3e, 0x0, 0x7ff, 0x28, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x401, 0x0, @perf_config_ext={0x2cd, 0xfffffffffffffffa}, 0x43002, 0x64b2, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x80000001}, 0x0, 0xf, r2, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r3) r4 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r4, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r4, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) [ 135.485092] syz-executor.6: attempt to access beyond end of device [ 135.485092] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 135.486077] Buffer I/O error on dev loop6, logical block 10, lost async page write 08:59:09 executing program 7: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x7f, 0x7f, 0x4, 0x3e, 0x0, 0x7ff, 0x28, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x401, 0x0, @perf_config_ext={0x2cd, 0xfffffffffffffffa}, 0x43002, 0x64b2, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x80000001}, 0x0, 0xf, r2, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r3) r4 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r4, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r4, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) 08:59:09 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="00000000000000005e4d57d9cf66696c"]) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r1, 0xa015000) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = io_uring_setup(0x454c, &(0x7f0000000240)={0x0, 0xffffffff, 0x4, 0x3}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x11, 0x0, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="05ff232ef592436bf2d97aa1", 0xe}, {&(0x7f0000000100)="9f", 0x1}, {&(0x7f00000002c0)='^', 0x1}], 0x3, 0x0, 0x0, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, &(0x7f00000001c0)) sendfile(r3, r0, 0x0, 0xfffffdef) [ 135.571499] loop6: detected capacity change from 0 to 40 08:59:09 executing program 7: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x7f, 0x7f, 0x4, 0x3e, 0x0, 0x7ff, 0x28, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x401, 0x0, @perf_config_ext={0x2cd, 0xfffffffffffffffa}, 0x43002, 0x64b2, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x80000001}, 0x0, 0xf, r2, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r3) r4 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r4, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r4, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) [ 135.682420] syz-executor.6: attempt to access beyond end of device [ 135.682420] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 135.683324] Buffer I/O error on dev loop6, logical block 10, lost async page write 08:59:09 executing program 7: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x7f, 0x7f, 0x4, 0x3e, 0x0, 0x7ff, 0x28, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x401, 0x0, @perf_config_ext={0x2cd, 0xfffffffffffffffa}, 0x43002, 0x64b2, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x80000001}, 0x0, 0xf, r2, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r3) r4 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r4, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r4, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) 08:59:09 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="00000000000000005e4d57d9cf66696c"]) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r1, 0xa015000) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = io_uring_setup(0x454c, &(0x7f0000000240)={0x0, 0xffffffff, 0x4, 0x3}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x11, 0x0, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="05ff232ef592436bf2d97aa1", 0xe}, {&(0x7f0000000100)="9f", 0x1}, {&(0x7f00000002c0)='^', 0x1}], 0x3, 0x0, 0x0, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, &(0x7f00000001c0)) sendfile(r3, r0, 0x0, 0xfffffdef) [ 135.800595] loop6: detected capacity change from 0 to 40 [ 135.877433] syz-executor.6: attempt to access beyond end of device [ 135.877433] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 135.878622] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 140.531443] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 140.595364] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 140.659377] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 140.660290] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 140.723744] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 142.719617] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 142.720825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 142.722645] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 142.724585] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 142.726120] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 142.727798] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 142.730564] Bluetooth: hci0: HCI_REQ-0x0c1a [ 142.903763] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 142.905010] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 142.906839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 142.909465] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 142.911487] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 142.912903] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 142.916252] Bluetooth: hci2: HCI_REQ-0x0c1a [ 144.755403] Bluetooth: hci0: command 0x0409 tx timeout [ 144.819432] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 144.947368] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 144.948384] Bluetooth: hci2: command 0x0409 tx timeout [ 145.012384] Bluetooth: hci6: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 08:59:09 Registers: info registers vcpu 0 RAX=0000000080000001 RBX=0000000000000002 RCX=0000000080000001 RDX=ffff888015fdd040 RSI=ffffffff8168e38f RDI=0000000000000005 RBP=ffff888015fdd040 RSP=ffff88803f4e7580 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffff888008524a30 R13=0000000000000000 R14=0000000000000002 R15=000000000000012e RIP=ffffffff81460c3d RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fa1319c7700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5306ec4620 CR3=000000003020e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 00524f5252450040 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=000000000000000d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823bb0f1 RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff8880188f73c0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=000000000000000d R13=ffffffff8765a960 R14=0000000000000010 R15=ffffffff823bb0e0 RIP=ffffffff823bb149 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff377b5b700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005644ff0760e0 CR3=00000000201c0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000