Warning: Permanently added '[localhost]:8567' (ECDSA) to the list of known hosts.
2022/10/05 12:13:57 fuzzer started
2022/10/05 12:13:57 dialing manager at localhost:37193
syzkaller login: [   35.412003] cgroup: Unknown subsys name 'net'
[   35.524227] cgroup: Unknown subsys name 'rlimit'
2022/10/05 12:14:11 syscalls: 2215
2022/10/05 12:14:11 code coverage: enabled
2022/10/05 12:14:11 comparison tracing: enabled
2022/10/05 12:14:11 extra coverage: enabled
2022/10/05 12:14:11 setuid sandbox: enabled
2022/10/05 12:14:11 namespace sandbox: enabled
2022/10/05 12:14:11 Android sandbox: enabled
2022/10/05 12:14:11 fault injection: enabled
2022/10/05 12:14:11 leak checking: enabled
2022/10/05 12:14:11 net packet injection: enabled
2022/10/05 12:14:11 net device setup: enabled
2022/10/05 12:14:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/10/05 12:14:11 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/10/05 12:14:11 USB emulation: enabled
2022/10/05 12:14:11 hci packet injection: enabled
2022/10/05 12:14:11 wifi device emulation: failed to parse kernel version (6.0.0-next-20221005                                              )
2022/10/05 12:14:11 802.15.4 emulation: enabled
2022/10/05 12:14:11 fetching corpus: 0, signal 0/2000 (executing program)
2022/10/05 12:14:11 fetching corpus: 49, signal 20286/23845 (executing program)
2022/10/05 12:14:11 fetching corpus: 99, signal 40041/44748 (executing program)
2022/10/05 12:14:11 fetching corpus: 149, signal 49603/55440 (executing program)
2022/10/05 12:14:11 fetching corpus: 199, signal 56430/63345 (executing program)
2022/10/05 12:14:11 fetching corpus: 249, signal 61083/69096 (executing program)
2022/10/05 12:14:11 fetching corpus: 299, signal 64333/73451 (executing program)
2022/10/05 12:14:11 fetching corpus: 349, signal 69507/79515 (executing program)
2022/10/05 12:14:11 fetching corpus: 399, signal 71848/82907 (executing program)
2022/10/05 12:14:12 fetching corpus: 449, signal 76557/88330 (executing program)
2022/10/05 12:14:12 fetching corpus: 499, signal 79571/92204 (executing program)
2022/10/05 12:14:12 fetching corpus: 549, signal 81430/94970 (executing program)
2022/10/05 12:14:12 fetching corpus: 599, signal 84810/99025 (executing program)
2022/10/05 12:14:12 fetching corpus: 649, signal 86755/101791 (executing program)
2022/10/05 12:14:12 fetching corpus: 699, signal 89407/105119 (executing program)
2022/10/05 12:14:12 fetching corpus: 749, signal 90953/107478 (executing program)
2022/10/05 12:14:12 fetching corpus: 799, signal 93458/110504 (executing program)
2022/10/05 12:14:13 fetching corpus: 849, signal 95983/113553 (executing program)
2022/10/05 12:14:13 fetching corpus: 899, signal 97421/115693 (executing program)
2022/10/05 12:14:13 fetching corpus: 949, signal 101634/120065 (executing program)
2022/10/05 12:14:13 fetching corpus: 999, signal 104171/122966 (executing program)
2022/10/05 12:14:13 fetching corpus: 1049, signal 105960/125231 (executing program)
2022/10/05 12:14:13 fetching corpus: 1099, signal 107422/127246 (executing program)
2022/10/05 12:14:13 fetching corpus: 1149, signal 109505/129664 (executing program)
2022/10/05 12:14:13 fetching corpus: 1199, signal 111131/131733 (executing program)
2022/10/05 12:14:14 fetching corpus: 1249, signal 112377/133441 (executing program)
2022/10/05 12:14:14 fetching corpus: 1299, signal 113832/135314 (executing program)
2022/10/05 12:14:14 fetching corpus: 1349, signal 116348/137905 (executing program)
2022/10/05 12:14:14 fetching corpus: 1399, signal 117782/139666 (executing program)
2022/10/05 12:14:14 fetching corpus: 1449, signal 118654/140983 (executing program)
2022/10/05 12:14:14 fetching corpus: 1499, signal 120362/142875 (executing program)
2022/10/05 12:14:14 fetching corpus: 1549, signal 121249/144167 (executing program)
2022/10/05 12:14:14 fetching corpus: 1599, signal 123203/146149 (executing program)
2022/10/05 12:14:14 fetching corpus: 1649, signal 125606/148452 (executing program)
2022/10/05 12:14:15 fetching corpus: 1699, signal 127256/150120 (executing program)
2022/10/05 12:14:15 fetching corpus: 1749, signal 128372/151435 (executing program)
2022/10/05 12:14:15 fetching corpus: 1799, signal 129099/152516 (executing program)
2022/10/05 12:14:15 fetching corpus: 1849, signal 131435/154546 (executing program)
2022/10/05 12:14:15 fetching corpus: 1899, signal 133253/156202 (executing program)
2022/10/05 12:14:15 fetching corpus: 1949, signal 134258/157408 (executing program)
2022/10/05 12:14:15 fetching corpus: 1999, signal 135278/158536 (executing program)
2022/10/05 12:14:15 fetching corpus: 2049, signal 136489/159767 (executing program)
2022/10/05 12:14:15 fetching corpus: 2099, signal 137055/160620 (executing program)
2022/10/05 12:14:16 fetching corpus: 2149, signal 138405/161871 (executing program)
2022/10/05 12:14:16 fetching corpus: 2199, signal 139331/162849 (executing program)
2022/10/05 12:14:16 fetching corpus: 2249, signal 140192/163798 (executing program)
2022/10/05 12:14:16 fetching corpus: 2299, signal 142283/165376 (executing program)
2022/10/05 12:14:16 fetching corpus: 2349, signal 143636/166513 (executing program)
2022/10/05 12:14:16 fetching corpus: 2399, signal 145341/167773 (executing program)
2022/10/05 12:14:16 fetching corpus: 2449, signal 146219/168684 (executing program)
2022/10/05 12:14:16 fetching corpus: 2499, signal 147426/169674 (executing program)
2022/10/05 12:14:16 fetching corpus: 2549, signal 148423/170527 (executing program)
2022/10/05 12:14:17 fetching corpus: 2599, signal 149239/171308 (executing program)
2022/10/05 12:14:17 fetching corpus: 2649, signal 150004/172050 (executing program)
2022/10/05 12:14:17 fetching corpus: 2699, signal 150774/172721 (executing program)
2022/10/05 12:14:17 fetching corpus: 2749, signal 151823/173527 (executing program)
2022/10/05 12:14:17 fetching corpus: 2799, signal 152731/174300 (executing program)
2022/10/05 12:14:17 fetching corpus: 2849, signal 154196/175252 (executing program)
2022/10/05 12:14:17 fetching corpus: 2899, signal 155526/176092 (executing program)
2022/10/05 12:14:17 fetching corpus: 2949, signal 156421/176789 (executing program)
2022/10/05 12:14:17 fetching corpus: 2999, signal 158313/177832 (executing program)
2022/10/05 12:14:18 fetching corpus: 3049, signal 159523/178557 (executing program)
2022/10/05 12:14:18 fetching corpus: 3099, signal 160170/179071 (executing program)
2022/10/05 12:14:18 fetching corpus: 3149, signal 160842/179590 (executing program)
2022/10/05 12:14:18 fetching corpus: 3199, signal 161716/180138 (executing program)
2022/10/05 12:14:18 fetching corpus: 3249, signal 162834/180729 (executing program)
2022/10/05 12:14:18 fetching corpus: 3299, signal 163900/181326 (executing program)
2022/10/05 12:14:18 fetching corpus: 3349, signal 164481/181736 (executing program)
2022/10/05 12:14:18 fetching corpus: 3399, signal 165496/182279 (executing program)
2022/10/05 12:14:18 fetching corpus: 3449, signal 166806/182862 (executing program)
2022/10/05 12:14:19 fetching corpus: 3499, signal 167627/183329 (executing program)
2022/10/05 12:14:19 fetching corpus: 3549, signal 168402/183747 (executing program)
2022/10/05 12:14:19 fetching corpus: 3599, signal 168958/184084 (executing program)
2022/10/05 12:14:19 fetching corpus: 3649, signal 169448/184355 (executing program)
2022/10/05 12:14:19 fetching corpus: 3699, signal 170073/184695 (executing program)
2022/10/05 12:14:19 fetching corpus: 3749, signal 170911/185026 (executing program)
2022/10/05 12:14:19 fetching corpus: 3799, signal 171408/185339 (executing program)
2022/10/05 12:14:19 fetching corpus: 3849, signal 172049/185660 (executing program)
2022/10/05 12:14:19 fetching corpus: 3899, signal 172638/185954 (executing program)
2022/10/05 12:14:19 fetching corpus: 3949, signal 173765/186310 (executing program)
2022/10/05 12:14:19 fetching corpus: 3999, signal 174470/186548 (executing program)
2022/10/05 12:14:20 fetching corpus: 4049, signal 175550/186813 (executing program)
2022/10/05 12:14:20 fetching corpus: 4099, signal 176375/187021 (executing program)
2022/10/05 12:14:20 fetching corpus: 4149, signal 177880/187284 (executing program)
2022/10/05 12:14:20 fetching corpus: 4199, signal 178512/187450 (executing program)
2022/10/05 12:14:20 fetching corpus: 4249, signal 179515/187658 (executing program)
2022/10/05 12:14:20 fetching corpus: 4299, signal 180224/187794 (executing program)
2022/10/05 12:14:20 fetching corpus: 4349, signal 181021/187922 (executing program)
2022/10/05 12:14:20 fetching corpus: 4399, signal 181951/188034 (executing program)
2022/10/05 12:14:21 fetching corpus: 4449, signal 182418/188135 (executing program)
2022/10/05 12:14:21 fetching corpus: 4499, signal 183068/188217 (executing program)
2022/10/05 12:14:21 fetching corpus: 4549, signal 183968/188319 (executing program)
2022/10/05 12:14:21 fetching corpus: 4553, signal 184231/188361 (executing program)
2022/10/05 12:14:21 fetching corpus: 4553, signal 184231/188378 (executing program)
2022/10/05 12:14:21 fetching corpus: 4553, signal 184231/188378 (executing program)
2022/10/05 12:14:24 starting 8 fuzzer processes
12:14:24 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)={0x18, 0x68, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}]}, 0x18}], 0x1}, 0x0)

12:14:24 executing program 1:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x2200)

12:14:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r0, &(0x7f0000000200)='E', 0x140000)

12:14:24 executing program 3:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x48)
vmsplice(r1, &(0x7f0000000700)=[{&(0x7f0000000540)="ff", 0x1}], 0x1, 0x0)

12:14:24 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
sigaltstack(&(0x7f0000ffc000/0x1000)=nil, 0x0)

12:14:24 executing program 5:
mkdir(&(0x7f00000001c0)='./file1\x00', 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000002080)='./file1\x00', 0x101)

12:14:24 executing program 6:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x0, @private}, {0x2, 0x0, @broadcast}, {0x2, 0x0, @remote}, 0x84, 0x0, 0x0, 0x0, 0x4, &(0x7f00000001c0)='ipvlan0\x00'})

[   61.946404] audit: type=1400 audit(1664972064.428:6): avc:  denied  { execmem } for  pid=284 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:14:24 executing program 7:
syz_genetlink_get_family_id$tipc2(0xfffffffffffffffc, 0xffffffffffffffff)

[   63.354947] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.366734] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.368615] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   63.370184] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   63.372541] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.374769] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.381554] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.383011] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   63.384517] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   63.385854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.387299] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.389062] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.390212] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   63.393897] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   63.397007] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   63.398643] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.400226] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.402013] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.403301] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   63.405086] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   63.407290] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   63.408607] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   63.410732] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   63.412084] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   63.413291] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   63.414665] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   63.415857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.417005] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.419235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.421125] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   63.422629] Bluetooth: hci4: HCI_REQ-0x0c1a
[   63.423280] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   63.424818] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   63.426034] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   63.432013] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   63.433466] Bluetooth: hci1: HCI_REQ-0x0c1a
[   63.434611] Bluetooth: hci3: HCI_REQ-0x0c1a
[   63.435751] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   63.439833] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   63.442113] Bluetooth: hci0: HCI_REQ-0x0c1a
[   63.447612] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   63.449495] Bluetooth: hci6: HCI_REQ-0x0c1a
[   63.451165] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   63.452615] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   63.454181] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   63.455631] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   63.466594] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   63.471104] Bluetooth: hci2: HCI_REQ-0x0c1a
[   63.492096] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   63.493711] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   63.495425] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   63.496889] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   63.498357] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   63.501698] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   63.506859] Bluetooth: hci7: HCI_REQ-0x0c1a
[   63.509166] Bluetooth: hci5: HCI_REQ-0x0c1a
[   65.451771] Bluetooth: hci1: command 0x0409 tx timeout
[   65.516523] Bluetooth: hci2: command 0x0409 tx timeout
[   65.517296] Bluetooth: hci0: command 0x0409 tx timeout
[   65.518297] Bluetooth: hci3: command 0x0409 tx timeout
[   65.518865] Bluetooth: hci6: command 0x0409 tx timeout
[   65.519441] Bluetooth: hci4: command 0x0409 tx timeout
[   65.579436] Bluetooth: hci5: command 0x0409 tx timeout
[   65.580033] Bluetooth: hci7: command 0x0409 tx timeout
[   67.500544] Bluetooth: hci1: command 0x041b tx timeout
[   67.563555] Bluetooth: hci4: command 0x041b tx timeout
[   67.564252] Bluetooth: hci6: command 0x041b tx timeout
[   67.565008] Bluetooth: hci3: command 0x041b tx timeout
[   67.565772] Bluetooth: hci0: command 0x041b tx timeout
[   67.566812] Bluetooth: hci2: command 0x041b tx timeout
[   67.627469] Bluetooth: hci7: command 0x041b tx timeout
[   67.628299] Bluetooth: hci5: command 0x041b tx timeout
[   69.547525] Bluetooth: hci1: command 0x040f tx timeout
[   69.611489] Bluetooth: hci2: command 0x040f tx timeout
[   69.612083] Bluetooth: hci0: command 0x040f tx timeout
[   69.612634] Bluetooth: hci3: command 0x040f tx timeout
[   69.613154] Bluetooth: hci6: command 0x040f tx timeout
[   69.613703] Bluetooth: hci4: command 0x040f tx timeout
[   69.675450] Bluetooth: hci5: command 0x040f tx timeout
[   69.675971] Bluetooth: hci7: command 0x040f tx timeout
[   71.595375] Bluetooth: hci1: command 0x0419 tx timeout
[   71.659417] Bluetooth: hci4: command 0x0419 tx timeout
[   71.659886] Bluetooth: hci6: command 0x0419 tx timeout
[   71.660282] Bluetooth: hci3: command 0x0419 tx timeout
[   71.661103] Bluetooth: hci0: command 0x0419 tx timeout
[   71.661504] Bluetooth: hci2: command 0x0419 tx timeout
[   71.723431] Bluetooth: hci7: command 0x0419 tx timeout
[   71.723910] Bluetooth: hci5: command 0x0419 tx timeout
12:15:16 executing program 6:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x0, @private}, {0x2, 0x0, @broadcast}, {0x2, 0x0, @remote}, 0x84, 0x0, 0x0, 0x0, 0x4, &(0x7f00000001c0)='ipvlan0\x00'})

12:15:17 executing program 6:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x0, @private}, {0x2, 0x0, @broadcast}, {0x2, 0x0, @remote}, 0x84, 0x0, 0x0, 0x0, 0x4, &(0x7f00000001c0)='ipvlan0\x00'})

12:15:17 executing program 6:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x0, @private}, {0x2, 0x0, @broadcast}, {0x2, 0x0, @remote}, 0x84, 0x0, 0x0, 0x0, 0x4, &(0x7f00000001c0)='ipvlan0\x00'})

12:15:17 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0xbf1cadf27cf12961)
setresuid(0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v3, 0x18, 0x0)
write(r0, &(0x7f0000000080)="01", 0x1)

12:15:17 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0xbf1cadf27cf12961)
setresuid(0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v3, 0x18, 0x0)
write(r0, &(0x7f0000000080)="01", 0x1)

12:15:17 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0xbf1cadf27cf12961)
setresuid(0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v3, 0x18, 0x0)
write(r0, &(0x7f0000000080)="01", 0x1)

12:15:17 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0xbf1cadf27cf12961)
setresuid(0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v3, 0x18, 0x0)
write(r0, &(0x7f0000000080)="01", 0x1)

12:15:17 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0xbf1cadf27cf12961)
setresuid(0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v3, 0x18, 0x0)
write(r0, &(0x7f0000000080)="01", 0x1)

12:15:20 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_buf(r0, 0x0, 0x23, 0x0, 0x0)

12:15:20 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0xbf1cadf27cf12961)
setresuid(0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v3, 0x18, 0x0)
write(r0, &(0x7f0000000080)="01", 0x1)

12:15:20 executing program 6:
syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x2, &(0x7f0000000280)=[{&(0x7f00000000c0)='4', 0x1}, {&(0x7f0000000100)="c2", 0x1, 0x38a9}], 0x0, 0x0)

12:15:20 executing program 5:
mkdir(&(0x7f00000001c0)='./file1\x00', 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000002080)='./file1\x00', 0x101)

12:15:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r0, &(0x7f0000000200)='E', 0x140000)

12:15:20 executing program 3:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x48)
vmsplice(r1, &(0x7f0000000700)=[{&(0x7f0000000540)="ff", 0x1}], 0x1, 0x0)

12:15:20 executing program 7:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x48)
vmsplice(r1, &(0x7f0000000700)=[{&(0x7f0000000540)="ff", 0x1}], 0x1, 0x0)

12:15:20 executing program 1:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x2200)

[  117.579345] loop6: detected capacity change from 0 to 56
[  117.603680] loop6: detected capacity change from 0 to 56
12:15:20 executing program 3:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x48)
vmsplice(r1, &(0x7f0000000700)=[{&(0x7f0000000540)="ff", 0x1}], 0x1, 0x0)

12:15:20 executing program 5:
mkdir(&(0x7f00000001c0)='./file1\x00', 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000002080)='./file1\x00', 0x101)

12:15:20 executing program 7:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x48)
vmsplice(r1, &(0x7f0000000700)=[{&(0x7f0000000540)="ff", 0x1}], 0x1, 0x0)

12:15:20 executing program 0:
r0 = fsopen(&(0x7f00000001c0)='vfat\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000002c0)='vfat\x00', &(0x7f0000000300)='##{\x00', 0x0)

12:15:20 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0xbf1cadf27cf12961)
setresuid(0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v3, 0x18, 0x0)
write(r0, &(0x7f0000000080)="01", 0x1)

12:15:20 executing program 1:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x2200)

12:15:20 executing program 6:
syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x2, &(0x7f0000000280)=[{&(0x7f00000000c0)='4', 0x1}, {&(0x7f0000000100)="c2", 0x1, 0x38a9}], 0x0, 0x0)

12:15:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r0, &(0x7f0000000200)='E', 0x140000)

12:15:20 executing program 5:
mkdir(&(0x7f00000001c0)='./file1\x00', 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000002080)='./file1\x00', 0x101)

12:15:20 executing program 3:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x48)
vmsplice(r1, &(0x7f0000000700)=[{&(0x7f0000000540)="ff", 0x1}], 0x1, 0x0)

12:15:20 executing program 7:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x48)
vmsplice(r1, &(0x7f0000000700)=[{&(0x7f0000000540)="ff", 0x1}], 0x1, 0x0)

[  117.760026] loop6: detected capacity change from 0 to 56
12:15:20 executing program 6:
syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x2, &(0x7f0000000280)=[{&(0x7f00000000c0)='4', 0x1}, {&(0x7f0000000100)="c2", 0x1, 0x38a9}], 0x0, 0x0)

12:15:20 executing program 1:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x2200)

12:15:20 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f00000000c0)=0x8, 0x4)

12:15:20 executing program 7:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x4008845)

12:15:20 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfd, 0x100000}, 0xc)

[  117.888596] loop6: detected capacity change from 0 to 56
12:15:20 executing program 3:
r0 = io_uring_setup(0x454c, &(0x7f0000000240))
r1 = getpid()
pidfd_open(r1, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

12:15:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r0, &(0x7f0000000200)='E', 0x140000)

12:15:20 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000001980)=[{{&(0x7f0000000000)={0x2, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x4008884)
dup2(r0, r1)

12:15:20 executing program 0:
semctl$SETVAL(0x0, 0x0, 0x10, &(0x7f0000000000))
semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000040)=""/116)

12:15:20 executing program 7:
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000140)={'erspan0\x00', @ifru_map}})
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f00000001c0))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(r0, &(0x7f0000000040)='./file1\x00', 0x321000, 0xd4)
set_mempolicy(0x5, &(0x7f0000000000)=0x9, 0x5)
write(r0, &(0x7f0000000080)="01", 0x41030)
set_mempolicy(0x3, &(0x7f00000000c0)=0x8, 0xff66)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@delsa={0x34, 0x11, 0xdefd1cbfe06e82e7, 0x0, 0x0, {@in6=@private1}, [@mark={0xc}]}, 0x34}}, 0x0)
recvmsg(r1, &(0x7f00000005c0)={&(0x7f0000000240)=@l2tp6, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)=""/131, 0x83}, {&(0x7f0000000380)=""/113, 0x71}, {&(0x7f0000000400)=""/86, 0x56}], 0x3, &(0x7f00000004c0)=""/234, 0xea}, 0x0)
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
openat(r2, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)

12:15:20 executing program 1:
write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='/usr/sbin/cups-browsed\x00', 0x17)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080))

12:15:20 executing program 6:
syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x2, &(0x7f0000000280)=[{&(0x7f00000000c0)='4', 0x1}, {&(0x7f0000000100)="c2", 0x1, 0x38a9}], 0x0, 0x0)

12:15:20 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}})

[  117.994060] loop6: detected capacity change from 0 to 56
12:15:20 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='proc\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0/file0\x00')

12:15:20 executing program 3:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000900), 0x0, 0x0)
ioctl$PTP_PIN_SETFUNC(r0, 0x40603d07, &(0x7f0000000940))

12:15:20 executing program 0:
semctl$SETVAL(0x0, 0x0, 0x10, &(0x7f0000000000))
semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000040)=""/116)

12:15:20 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000001980)=[{{&(0x7f0000000000)={0x2, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x4008884)
dup2(r0, r1)

12:15:20 executing program 1:
write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='/usr/sbin/cups-browsed\x00', 0x17)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080))

12:15:20 executing program 7:
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000140)={'erspan0\x00', @ifru_map}})
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f00000001c0))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(r0, &(0x7f0000000040)='./file1\x00', 0x321000, 0xd4)
set_mempolicy(0x5, &(0x7f0000000000)=0x9, 0x5)
write(r0, &(0x7f0000000080)="01", 0x41030)
set_mempolicy(0x3, &(0x7f00000000c0)=0x8, 0xff66)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@delsa={0x34, 0x11, 0xdefd1cbfe06e82e7, 0x0, 0x0, {@in6=@private1}, [@mark={0xc}]}, 0x34}}, 0x0)
recvmsg(r1, &(0x7f00000005c0)={&(0x7f0000000240)=@l2tp6, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)=""/131, 0x83}, {&(0x7f0000000380)=""/113, 0x71}, {&(0x7f0000000400)=""/86, 0x56}], 0x3, &(0x7f00000004c0)=""/234, 0xea}, 0x0)
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
openat(r2, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)

12:15:20 executing program 3:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000900), 0x0, 0x0)
ioctl$PTP_PIN_SETFUNC(r0, 0x40603d07, &(0x7f0000000940))

12:15:20 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='proc\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0/file0\x00')

12:15:20 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000001980)=[{{&(0x7f0000000000)={0x2, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x4008884)
dup2(r0, r1)

12:15:20 executing program 0:
semctl$SETVAL(0x0, 0x0, 0x10, &(0x7f0000000000))
semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000040)=""/116)

12:15:20 executing program 1:
write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='/usr/sbin/cups-browsed\x00', 0x17)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080))

12:15:20 executing program 3:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000900), 0x0, 0x0)
ioctl$PTP_PIN_SETFUNC(r0, 0x40603d07, &(0x7f0000000940))

12:15:20 executing program 6:
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000140)={'erspan0\x00', @ifru_map}})
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f00000001c0))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(r0, &(0x7f0000000040)='./file1\x00', 0x321000, 0xd4)
set_mempolicy(0x5, &(0x7f0000000000)=0x9, 0x5)
write(r0, &(0x7f0000000080)="01", 0x41030)
set_mempolicy(0x3, &(0x7f00000000c0)=0x8, 0xff66)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@delsa={0x34, 0x11, 0xdefd1cbfe06e82e7, 0x0, 0x0, {@in6=@private1}, [@mark={0xc}]}, 0x34}}, 0x0)
recvmsg(r1, &(0x7f00000005c0)={&(0x7f0000000240)=@l2tp6, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)=""/131, 0x83}, {&(0x7f0000000380)=""/113, 0x71}, {&(0x7f0000000400)=""/86, 0x56}], 0x3, &(0x7f00000004c0)=""/234, 0xea}, 0x0)
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
openat(r2, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)

12:15:20 executing program 7:
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000140)={'erspan0\x00', @ifru_map}})
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f00000001c0))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(r0, &(0x7f0000000040)='./file1\x00', 0x321000, 0xd4)
set_mempolicy(0x5, &(0x7f0000000000)=0x9, 0x5)
write(r0, &(0x7f0000000080)="01", 0x41030)
set_mempolicy(0x3, &(0x7f00000000c0)=0x8, 0xff66)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@delsa={0x34, 0x11, 0xdefd1cbfe06e82e7, 0x0, 0x0, {@in6=@private1}, [@mark={0xc}]}, 0x34}}, 0x0)
recvmsg(r1, &(0x7f00000005c0)={&(0x7f0000000240)=@l2tp6, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)=""/131, 0x83}, {&(0x7f0000000380)=""/113, 0x71}, {&(0x7f0000000400)=""/86, 0x56}], 0x3, &(0x7f00000004c0)=""/234, 0xea}, 0x0)
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
openat(r2, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)

12:15:20 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000001980)=[{{&(0x7f0000000000)={0x2, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x4008884)
dup2(r0, r1)

12:15:20 executing program 0:
semctl$SETVAL(0x0, 0x0, 0x10, &(0x7f0000000000))
semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000040)=""/116)

12:15:20 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000001980)=[{{&(0x7f0000000000)={0x2, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x4008884)
dup2(r0, r1)

12:15:20 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='proc\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0/file0\x00')

12:15:20 executing program 1:
write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='/usr/sbin/cups-browsed\x00', 0x17)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080))

12:15:20 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000001980)=[{{&(0x7f0000000000)={0x2, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x4008884)
dup2(r0, r1)

12:15:20 executing program 3:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000900), 0x0, 0x0)
ioctl$PTP_PIN_SETFUNC(r0, 0x40603d07, &(0x7f0000000940))

12:15:20 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000001980)=[{{&(0x7f0000000000)={0x2, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x4008884)
dup2(r0, r1)

12:15:20 executing program 6:
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000140)={'erspan0\x00', @ifru_map}})
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f00000001c0))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(r0, &(0x7f0000000040)='./file1\x00', 0x321000, 0xd4)
set_mempolicy(0x5, &(0x7f0000000000)=0x9, 0x5)
write(r0, &(0x7f0000000080)="01", 0x41030)
set_mempolicy(0x3, &(0x7f00000000c0)=0x8, 0xff66)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@delsa={0x34, 0x11, 0xdefd1cbfe06e82e7, 0x0, 0x0, {@in6=@private1}, [@mark={0xc}]}, 0x34}}, 0x0)
recvmsg(r1, &(0x7f00000005c0)={&(0x7f0000000240)=@l2tp6, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)=""/131, 0x83}, {&(0x7f0000000380)=""/113, 0x71}, {&(0x7f0000000400)=""/86, 0x56}], 0x3, &(0x7f00000004c0)=""/234, 0xea}, 0x0)
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
openat(r2, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)

12:15:20 executing program 0:
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3000005, 0x32, 0xffffffffffffffff, 0x0)
request_key(&(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0)

12:15:20 executing program 7:
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000140)={'erspan0\x00', @ifru_map}})
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f00000001c0))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(r0, &(0x7f0000000040)='./file1\x00', 0x321000, 0xd4)
set_mempolicy(0x5, &(0x7f0000000000)=0x9, 0x5)
write(r0, &(0x7f0000000080)="01", 0x41030)
set_mempolicy(0x3, &(0x7f00000000c0)=0x8, 0xff66)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@delsa={0x34, 0x11, 0xdefd1cbfe06e82e7, 0x0, 0x0, {@in6=@private1}, [@mark={0xc}]}, 0x34}}, 0x0)
recvmsg(r1, &(0x7f00000005c0)={&(0x7f0000000240)=@l2tp6, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)=""/131, 0x83}, {&(0x7f0000000380)=""/113, 0x71}, {&(0x7f0000000400)=""/86, 0x56}], 0x3, &(0x7f00000004c0)=""/234, 0xea}, 0x0)
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
openat(r2, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)

12:15:20 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='proc\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0/file0\x00')

12:15:21 executing program 0:
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3000005, 0x32, 0xffffffffffffffff, 0x0)
request_key(&(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0)

12:15:21 executing program 6:
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000140)={'erspan0\x00', @ifru_map}})
ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f00000001c0))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(r0, &(0x7f0000000040)='./file1\x00', 0x321000, 0xd4)
set_mempolicy(0x5, &(0x7f0000000000)=0x9, 0x5)
write(r0, &(0x7f0000000080)="01", 0x41030)
set_mempolicy(0x3, &(0x7f00000000c0)=0x8, 0xff66)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@delsa={0x34, 0x11, 0xdefd1cbfe06e82e7, 0x0, 0x0, {@in6=@private1}, [@mark={0xc}]}, 0x34}}, 0x0)
recvmsg(r1, &(0x7f00000005c0)={&(0x7f0000000240)=@l2tp6, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)=""/131, 0x83}, {&(0x7f0000000380)=""/113, 0x71}, {&(0x7f0000000400)=""/86, 0x56}], 0x3, &(0x7f00000004c0)=""/234, 0xea}, 0x0)
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
openat(r2, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)

12:15:21 executing program 3:
syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x1, &(0x7f0000000640)=[{0x0, 0x0, 0x9a0a}], 0x0, 0x0)
execveat(0xffffffffffffffff, &(0x7f0000000800)='./file0\x00', 0x0, 0x0, 0x0)
openat2(0xffffffffffffffff, 0x0, &(0x7f000000a780)={0x0, 0x188}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f000000a840)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg(r0, &(0x7f000000ae80)={&(0x7f000000a880)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f000000ae00)=[{0x0}, {0x0}], 0x2}, 0x0)

12:15:21 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwrite64(r2, &(0x7f0000000840)='2', 0x1, 0x0)
r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
pwrite64(r3, &(0x7f0000000140)="c0", 0x1, 0x75d6)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r1, 0xfffffffe})

[  118.617923] loop3: detected capacity change from 0 to 154
12:15:21 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r1, 0x10, 0x0, 0x2)
lseek(r0, 0x0, 0x4)

[  118.625758] process 'syz-executor.3' launched '/dev/fd/-1/./file0' with NULL argv: empty string added
12:15:21 executing program 0:
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3000005, 0x32, 0xffffffffffffffff, 0x0)
request_key(&(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0)

[  118.633054] loop3: detected capacity change from 0 to 154
12:15:21 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{}, {0x6, 0x52}]})
socket$inet_udp(0x2, 0x2, 0x0)

12:15:21 executing program 2:
r0 = syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x17, 0x1422})

[  118.699665] audit: type=1326 audit(1664972121.181:7): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4107 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f214ad30b19 code=0x0
12:15:21 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwrite64(r2, &(0x7f0000000840)='2', 0x1, 0x0)
r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
pwrite64(r3, &(0x7f0000000140)="c0", 0x1, 0x75d6)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r1, 0xfffffffe})

12:15:21 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r1, 0x10, 0x0, 0x2)
lseek(r0, 0x0, 0x4)

12:15:21 executing program 2:
r0 = syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x17, 0x1422})

12:15:21 executing program 0:
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3000005, 0x32, 0xffffffffffffffff, 0x0)
request_key(&(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0)

12:15:21 executing program 5:
io_setup(0x5, &(0x7f0000000140))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x49, &(0x7f0000000200)={0x77359400}, 0x10)

[  118.791265] audit: type=1400 audit(1664972121.273:8): avc:  denied  { open } for  pid=4119 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  118.792947] audit: type=1400 audit(1664972121.273:9): avc:  denied  { kernel } for  pid=4119 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  118.804326] ------------[ cut here ]------------
[  118.804347] 
[  118.804350] ======================================================
[  118.804353] WARNING: possible circular locking dependency detected
[  118.804357] 6.0.0-next-20221005 #1 Not tainted
[  118.804363] ------------------------------------------------------
[  118.804367] syz-executor.5/4120 is trying to acquire lock:
[  118.804373] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  118.804414] 
[  118.804414] but task is already holding lock:
[  118.804416] ffff88800e928820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  118.804444] 
[  118.804444] which lock already depends on the new lock.
[  118.804444] 
[  118.804446] 
[  118.804446] the existing dependency chain (in reverse order) is:
[  118.804450] 
[  118.804450] -> #3 (&ctx->lock){....}-{2:2}:
[  118.804463]        _raw_spin_lock+0x2a/0x40
[  118.804476]        __perf_event_task_sched_out+0x53b/0x18d0
[  118.804487]        __schedule+0xedd/0x2470
[  118.804501]        schedule+0xda/0x1b0
[  118.804515]        exit_to_user_mode_prepare+0x114/0x1a0
[  118.804529]        syscall_exit_to_user_mode+0x19/0x40
[  118.804542]        do_syscall_64+0x48/0x90
[  118.804552]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.804566] 
[  118.804566] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  118.804579]        _raw_spin_lock_nested+0x30/0x40
[  118.804590]        raw_spin_rq_lock_nested+0x1e/0x30
[  118.804604]        task_fork_fair+0x63/0x4d0
[  118.804621]        sched_cgroup_fork+0x3d0/0x540
[  118.804635]        copy_process+0x4183/0x6e20
[  118.804647]        kernel_clone+0xe7/0x890
[  118.804656]        user_mode_thread+0xad/0xf0
[  118.804667]        rest_init+0x24/0x250
[  118.804679]        arch_call_rest_init+0xf/0x14
[  118.804700]        start_kernel+0x4c6/0x4eb
[  118.804717]        secondary_startup_64_no_verify+0xe0/0xeb
[  118.804731] 
[  118.804731] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  118.804745]        _raw_spin_lock_irqsave+0x39/0x60
[  118.804756]        try_to_wake_up+0xab/0x1930
[  118.804769]        up+0x75/0xb0
[  118.804784]        __up_console_sem+0x6e/0x80
[  118.804801]        console_unlock+0x46a/0x590
[  118.804817]        vprintk_emit+0x1bd/0x560
[  118.804833]        vprintk+0x84/0xa0
[  118.804849]        _printk+0xba/0xf1
[  118.804861]        regdb_fw_cb.cold+0x6c/0xa7
[  118.804879]        request_firmware_work_func+0x12e/0x240
[  118.804899]        process_one_work+0xa17/0x16a0
[  118.804917]        worker_thread+0x637/0x1260
[  118.804933]        kthread+0x2ed/0x3a0
[  118.804948]        ret_from_fork+0x22/0x30
[  118.804960] 
[  118.804960] -> #0 ((console_sem).lock){....}-{2:2}:
[  118.804973]        __lock_acquire+0x2a02/0x5e70
[  118.804990]        lock_acquire+0x1a2/0x530
[  118.805006]        _raw_spin_lock_irqsave+0x39/0x60
[  118.805017]        down_trylock+0xe/0x70
[  118.805033]        __down_trylock_console_sem+0x3b/0xd0
[  118.805049]        vprintk_emit+0x16b/0x560
[  118.805065]        vprintk+0x84/0xa0
[  118.805081]        _printk+0xba/0xf1
[  118.805092]        report_bug.cold+0x72/0xab
[  118.805109]        handle_bug+0x3c/0x70
[  118.805118]        exc_invalid_op+0x14/0x50
[  118.805127]        asm_exc_invalid_op+0x16/0x20
[  118.805140]        group_sched_out.part.0+0x2c7/0x460
[  118.805158]        ctx_sched_out+0x8f1/0xc10
[  118.805175]        __perf_event_task_sched_out+0x6d0/0x18d0
[  118.805186]        __schedule+0xedd/0x2470
[  118.805200]        schedule+0xda/0x1b0
[  118.805214]        exit_to_user_mode_prepare+0x114/0x1a0
[  118.805224]        syscall_exit_to_user_mode+0x19/0x40
[  118.805238]        do_syscall_64+0x48/0x90
[  118.805247]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.805260] 
[  118.805260] other info that might help us debug this:
[  118.805260] 
[  118.805263] Chain exists of:
[  118.805263]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  118.805263] 
[  118.805277]  Possible unsafe locking scenario:
[  118.805277] 
[  118.805280]        CPU0                    CPU1
[  118.805282]        ----                    ----
[  118.805284]   lock(&ctx->lock);
[  118.805290]                                lock(&rq->__lock);
[  118.805296]                                lock(&ctx->lock);
[  118.805302]   lock((console_sem).lock);
[  118.805308] 
[  118.805308]  *** DEADLOCK ***
[  118.805308] 
[  118.805310] 2 locks held by syz-executor.5/4120:
[  118.805317]  #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  118.805350]  #1: ffff88800e928820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  118.805376] 
[  118.805376] stack backtrace:
[  118.805379] CPU: 1 PID: 4120 Comm: syz-executor.5 Not tainted 6.0.0-next-20221005 #1
[  118.805392] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  118.805399] Call Trace:
[  118.805402]  <TASK>
[  118.805406]  dump_stack_lvl+0x8b/0xb3
[  118.805426]  check_noncircular+0x263/0x2e0
[  118.805443]  ? format_decode+0x26c/0xb50
[  118.805461]  ? print_circular_bug+0x450/0x450
[  118.805478]  ? simple_strtoul+0x30/0x30
[  118.805495]  ? perf_trace_lock+0x308/0x560
[  118.805509]  ? format_decode+0x26c/0xb50
[  118.805528]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  118.805547]  __lock_acquire+0x2a02/0x5e70
[  118.805570]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  118.805595]  lock_acquire+0x1a2/0x530
[  118.805612]  ? down_trylock+0xe/0x70
[  118.805631]  ? lock_release+0x750/0x750
[  118.805653]  ? vprintk+0x84/0xa0
[  118.805672]  _raw_spin_lock_irqsave+0x39/0x60
[  118.805684]  ? down_trylock+0xe/0x70
[  118.805701]  down_trylock+0xe/0x70
[  118.805718]  ? vprintk+0x84/0xa0
[  118.805736]  __down_trylock_console_sem+0x3b/0xd0
[  118.805754]  vprintk_emit+0x16b/0x560
[  118.805773]  vprintk+0x84/0xa0
[  118.805791]  _printk+0xba/0xf1
[  118.805804]  ? record_print_text.cold+0x16/0x16
[  118.805822]  ? report_bug.cold+0x66/0xab
[  118.805841]  ? group_sched_out.part.0+0x2c7/0x460
[  118.805860]  report_bug.cold+0x72/0xab
[  118.805881]  handle_bug+0x3c/0x70
[  118.805891]  exc_invalid_op+0x14/0x50
[  118.805902]  asm_exc_invalid_op+0x16/0x20
[  118.805916] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  118.805937] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 2b 08 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  118.805949] RSP: 0018:ffff88803fac7c48 EFLAGS: 00010006
[  118.805958] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  118.805965] RDX: ffff888017765040 RSI: ffffffff81566da7 RDI: 0000000000000005
[  118.805973] RBP: ffff88803fb98000 R08: 0000000000000005 R09: 0000000000000001
[  118.805981] R10: 0000000000000000 R11: ffffffff865b605b R12: ffff88800e928800
[  118.805988] R13: ffff88806cf3d2c0 R14: ffffffff8547d040 R15: 0000000000000002
[  118.806000]  ? group_sched_out.part.0+0x2c7/0x460
[  118.806021]  ? group_sched_out.part.0+0x2c7/0x460
[  118.806041]  ctx_sched_out+0x8f1/0xc10
[  118.806061]  __perf_event_task_sched_out+0x6d0/0x18d0
[  118.806076]  ? lock_is_held_type+0xd7/0x130
[  118.806091]  ? __perf_cgroup_move+0x160/0x160
[  118.806102]  ? set_next_entity+0x304/0x550
[  118.806120]  ? update_curr+0x267/0x740
[  118.806139]  ? lock_is_held_type+0xd7/0x130
[  118.806154]  __schedule+0xedd/0x2470
[  118.806173]  ? io_schedule_timeout+0x150/0x150
[  118.806190]  ? __x64_sys_futex_time32+0x480/0x480
[  118.806206]  schedule+0xda/0x1b0
[  118.806222]  exit_to_user_mode_prepare+0x114/0x1a0
[  118.806234]  syscall_exit_to_user_mode+0x19/0x40
[  118.806248]  do_syscall_64+0x48/0x90
[  118.806259]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.806273] RIP: 0033:0x7fcb3a5b8b19
[  118.806281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  118.806292] RSP: 002b:00007fcb37b2e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  118.806302] RAX: 0000000000000001 RBX: 00007fcb3a6cbf68 RCX: 00007fcb3a5b8b19
[  118.806310] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fcb3a6cbf6c
[  118.806317] RBP: 00007fcb3a6cbf60 R08: 000000000000000e R09: 0000000000000000
[  118.806324] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fcb3a6cbf6c
[  118.806331] R13: 00007fff302d363f R14: 00007fcb37b2e300 R15: 0000000000022000
[  118.806346]  </TASK>
[  118.864751] WARNING: CPU: 1 PID: 4120 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  118.865334] Modules linked in:
[  118.865541] CPU: 1 PID: 4120 Comm: syz-executor.5 Not tainted 6.0.0-next-20221005 #1
[  118.866013] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  118.866513] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  118.866854] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 2b 08 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  118.867930] RSP: 0018:ffff88803fac7c48 EFLAGS: 00010006
[  118.868260] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  118.868694] RDX: ffff888017765040 RSI: ffffffff81566da7 RDI: 0000000000000005
[  118.869120] RBP: ffff88803fb98000 R08: 0000000000000005 R09: 0000000000000001
[  118.869543] R10: 0000000000000000 R11: ffffffff865b605b R12: ffff88800e928800
[  118.869967] R13: ffff88806cf3d2c0 R14: ffffffff8547d040 R15: 0000000000000002
[  118.870397] FS:  00007fcb37b2e700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  118.870878] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  118.871228] CR2: 0000555556baac58 CR3: 000000000ff2e000 CR4: 0000000000350ee0
[  118.871665] Call Trace:
[  118.871827]  <TASK>
[  118.871972]  ctx_sched_out+0x8f1/0xc10
[  118.872235]  __perf_event_task_sched_out+0x6d0/0x18d0
[  118.872560]  ? lock_is_held_type+0xd7/0x130
[  118.872834]  ? __perf_cgroup_move+0x160/0x160
[  118.873115]  ? set_next_entity+0x304/0x550
[  118.873386]  ? update_curr+0x267/0x740
[  118.873637]  ? lock_is_held_type+0xd7/0x130
[  118.873908]  __schedule+0xedd/0x2470
[  118.874151]  ? io_schedule_timeout+0x150/0x150
[  118.874450]  ? __x64_sys_futex_time32+0x480/0x480
[  118.874751]  schedule+0xda/0x1b0
[  118.874971]  exit_to_user_mode_prepare+0x114/0x1a0
[  118.875274]  syscall_exit_to_user_mode+0x19/0x40
[  118.875570]  do_syscall_64+0x48/0x90
[  118.875804]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.876129] RIP: 0033:0x7fcb3a5b8b19
[  118.876365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  118.877443] RSP: 002b:00007fcb37b2e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  118.877896] RAX: 0000000000000001 RBX: 00007fcb3a6cbf68 RCX: 00007fcb3a5b8b19
[  118.878319] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fcb3a6cbf6c
[  118.878748] RBP: 00007fcb3a6cbf60 R08: 000000000000000e R09: 0000000000000000
[  118.879183] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fcb3a6cbf6c
[  118.879612] R13: 00007fff302d363f R14: 00007fcb37b2e300 R15: 0000000000022000
[  118.880045]  </TASK>
[  118.880207] irq event stamp: 992
[  118.880413] hardirqs last  enabled at (991): [<ffffffff8133f829>] exit_to_user_mode_prepare+0x109/0x1a0
[  118.880970] hardirqs last disabled at (992): [<ffffffff84260bc5>] __schedule+0x1225/0x2470
[  118.881472] softirqs last  enabled at (784): [<ffffffff81170a0b>] __irq_exit_rcu+0x11b/0x180
[  118.881980] softirqs last disabled at (779): [<ffffffff81170a0b>] __irq_exit_rcu+0x11b/0x180
[  118.882486] ---[ end trace 0000000000000000 ]---
12:15:21 executing program 7:
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000840)={{}, {0x77359400}}, 0x0)

12:15:21 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwrite64(r2, &(0x7f0000000840)='2', 0x1, 0x0)
r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
pwrite64(r3, &(0x7f0000000140)="c0", 0x1, 0x75d6)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r1, 0xfffffffe})

12:15:21 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r1, 0x10, 0x0, 0x2)
lseek(r0, 0x0, 0x4)

12:15:21 executing program 2:
r0 = syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x17, 0x1422})

12:15:21 executing program 2:
r0 = syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x17, 0x1422})

12:15:21 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r1, 0x10, 0x0, 0x2)
lseek(r0, 0x0, 0x4)

12:15:21 executing program 7:
request_key(&(0x7f0000000100)='.request_key_auth\x00', 0x0, 0x0, 0x0)

12:15:21 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwrite64(r2, &(0x7f0000000840)='2', 0x1, 0x0)
r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
pwrite64(r3, &(0x7f0000000140)="c0", 0x1, 0x75d6)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r1, 0xfffffffe})

12:15:21 executing program 5:
io_setup(0x5, &(0x7f0000000140))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x49, &(0x7f0000000200)={0x77359400}, 0x10)

[  119.529851] audit: type=1326 audit(1664972122.011:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4107 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f214ad30b19 code=0x0

VM DIAGNOSIS:
12:15:21  Registers:
info registers vcpu 0
RAX=ffffea00003db500 RBX=ffff88800f6d41b0 RCX=ffff888007c4f780 RDX=ffff88808f6d41b0
RSI=0000000000000004 RDI=0000000000000001 RBP=0000000000000000 RSP=ffff8880184cfc70
R8 =ffff88800f6d41b0 R9 =0000000000000000 R10=ffffed1000f89d20 R11=0000000000000001
R12=dffffc0000000000 R13=ffff8880184cfcb0 R14=0000000000000000 R15=ffff888008d7c510
RIP=ffffffff81788fe3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f36448b18c0 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fdcce0f7cd8 CR3=000000000eee2000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=7269762f736563697665642f7379732f XMM03=6f6c622f6c6175747269762f73656369
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000555fa33af2c00000555fa339c4b0
XMM06=000000000000000000000004ffffffff XMM07=00000000000000000000000000000000
XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000
XMM10=00000000200000000000000020000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff823bda0c RDI=ffffffff8765c9a0 RBP=ffffffff8765c960 RSP=ffff88803fac7698
R8 =0000000000000001 R9 =ffff88803fac7623 R10=ffffed1007f58ec4 R11=0000000000000001
R12=0000000000000041 R13=ffffffff8765c960 R14=ffffffff8765c9b0 R15=ffffffff8765cc10
RIP=ffffffff823bda61 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fcb37b2e700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555556baac58 CR3=000000000ff2e000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fcb3a69f7c000007fcb3a69f7c8
XMM02=00007fcb3a69f7e000007fcb3a69f7c0 XMM03=00007fcb3a69f7c800007fcb3a69f7c0
XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000