Warning: Permanently added '[localhost]:6738' (ECDSA) to the list of known hosts. 2022/09/15 09:29:56 fuzzer started 2022/09/15 09:29:56 dialing manager at localhost:33849 syzkaller login: [ 42.597525] cgroup: Unknown subsys name 'net' [ 42.777167] cgroup: Unknown subsys name 'rlimit' 2022/09/15 09:30:11 syscalls: 2215 2022/09/15 09:30:11 code coverage: enabled 2022/09/15 09:30:11 comparison tracing: enabled 2022/09/15 09:30:11 extra coverage: enabled 2022/09/15 09:30:11 setuid sandbox: enabled 2022/09/15 09:30:11 namespace sandbox: enabled 2022/09/15 09:30:11 Android sandbox: enabled 2022/09/15 09:30:11 fault injection: enabled 2022/09/15 09:30:11 leak checking: enabled 2022/09/15 09:30:11 net packet injection: enabled 2022/09/15 09:30:11 net device setup: enabled 2022/09/15 09:30:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/15 09:30:11 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/15 09:30:11 USB emulation: enabled 2022/09/15 09:30:11 hci packet injection: enabled 2022/09/15 09:30:11 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220914) 2022/09/15 09:30:11 802.15.4 emulation: enabled 2022/09/15 09:30:11 fetching corpus: 50, signal 31632/33394 (executing program) 2022/09/15 09:30:11 fetching corpus: 100, signal 42084/45474 (executing program) 2022/09/15 09:30:11 fetching corpus: 150, signal 53873/58732 (executing program) 2022/09/15 09:30:11 fetching corpus: 200, signal 61510/67783 (executing program) 2022/09/15 09:30:11 fetching corpus: 250, signal 66754/74437 (executing program) 2022/09/15 09:30:11 fetching corpus: 300, signal 76865/85666 (executing program) 2022/09/15 09:30:11 fetching corpus: 350, signal 83831/93718 (executing program) 2022/09/15 09:30:12 fetching corpus: 400, signal 87737/98801 (executing program) 2022/09/15 09:30:12 fetching corpus: 450, signal 90919/103172 (executing program) 2022/09/15 09:30:12 fetching corpus: 500, signal 95459/108788 (executing program) 2022/09/15 09:30:12 fetching corpus: 550, signal 100561/114776 (executing program) 2022/09/15 09:30:12 fetching corpus: 600, signal 103469/118708 (executing program) 2022/09/15 09:30:12 fetching corpus: 650, signal 107464/123596 (executing program) 2022/09/15 09:30:12 fetching corpus: 700, signal 110020/127134 (executing program) 2022/09/15 09:30:12 fetching corpus: 750, signal 113028/130996 (executing program) 2022/09/15 09:30:12 fetching corpus: 800, signal 115560/134452 (executing program) 2022/09/15 09:30:13 fetching corpus: 850, signal 118657/138361 (executing program) 2022/09/15 09:30:13 fetching corpus: 900, signal 120973/141542 (executing program) 2022/09/15 09:30:13 fetching corpus: 950, signal 122738/144282 (executing program) 2022/09/15 09:30:13 fetching corpus: 1000, signal 126686/148860 (executing program) 2022/09/15 09:30:13 fetching corpus: 1050, signal 128468/151434 (executing program) 2022/09/15 09:30:13 fetching corpus: 1100, signal 130421/154134 (executing program) 2022/09/15 09:30:13 fetching corpus: 1150, signal 133993/158164 (executing program) 2022/09/15 09:30:13 fetching corpus: 1200, signal 135251/160319 (executing program) 2022/09/15 09:30:13 fetching corpus: 1250, signal 138120/163717 (executing program) 2022/09/15 09:30:14 fetching corpus: 1300, signal 140692/166885 (executing program) 2022/09/15 09:30:14 fetching corpus: 1350, signal 142002/168939 (executing program) 2022/09/15 09:30:14 fetching corpus: 1400, signal 144653/172095 (executing program) 2022/09/15 09:30:14 fetching corpus: 1450, signal 146291/174384 (executing program) 2022/09/15 09:30:14 fetching corpus: 1500, signal 148540/177100 (executing program) 2022/09/15 09:30:14 fetching corpus: 1550, signal 150922/179872 (executing program) 2022/09/15 09:30:14 fetching corpus: 1600, signal 152094/181653 (executing program) 2022/09/15 09:30:14 fetching corpus: 1650, signal 154332/184319 (executing program) 2022/09/15 09:30:15 fetching corpus: 1700, signal 155986/186444 (executing program) 2022/09/15 09:30:15 fetching corpus: 1750, signal 157265/188264 (executing program) 2022/09/15 09:30:15 fetching corpus: 1800, signal 158729/190259 (executing program) 2022/09/15 09:30:15 fetching corpus: 1850, signal 159737/191893 (executing program) 2022/09/15 09:30:15 fetching corpus: 1900, signal 161115/193737 (executing program) 2022/09/15 09:30:15 fetching corpus: 1950, signal 162345/195482 (executing program) 2022/09/15 09:30:15 fetching corpus: 2000, signal 164382/197759 (executing program) 2022/09/15 09:30:15 fetching corpus: 2050, signal 166329/199974 (executing program) 2022/09/15 09:30:15 fetching corpus: 2100, signal 167676/201721 (executing program) 2022/09/15 09:30:16 fetching corpus: 2150, signal 169324/203716 (executing program) 2022/09/15 09:30:16 fetching corpus: 2200, signal 170649/205515 (executing program) 2022/09/15 09:30:16 fetching corpus: 2250, signal 172076/207268 (executing program) 2022/09/15 09:30:16 fetching corpus: 2300, signal 173233/208848 (executing program) 2022/09/15 09:30:16 fetching corpus: 2350, signal 175056/210831 (executing program) 2022/09/15 09:30:16 fetching corpus: 2400, signal 176015/212263 (executing program) 2022/09/15 09:30:16 fetching corpus: 2450, signal 177146/213796 (executing program) 2022/09/15 09:30:16 fetching corpus: 2500, signal 178418/215411 (executing program) 2022/09/15 09:30:17 fetching corpus: 2550, signal 179896/217099 (executing program) 2022/09/15 09:30:17 fetching corpus: 2600, signal 180584/218292 (executing program) 2022/09/15 09:30:17 fetching corpus: 2650, signal 181559/219622 (executing program) 2022/09/15 09:30:17 fetching corpus: 2700, signal 182450/220916 (executing program) 2022/09/15 09:30:17 fetching corpus: 2750, signal 183247/222128 (executing program) 2022/09/15 09:30:17 fetching corpus: 2800, signal 183901/223224 (executing program) 2022/09/15 09:30:17 fetching corpus: 2850, signal 184995/224552 (executing program) 2022/09/15 09:30:17 fetching corpus: 2900, signal 185981/225777 (executing program) 2022/09/15 09:30:17 fetching corpus: 2950, signal 187032/227078 (executing program) 2022/09/15 09:30:18 fetching corpus: 3000, signal 188332/228515 (executing program) 2022/09/15 09:30:18 fetching corpus: 3050, signal 189069/229591 (executing program) 2022/09/15 09:30:18 fetching corpus: 3100, signal 189932/230709 (executing program) 2022/09/15 09:30:18 fetching corpus: 3150, signal 190811/231870 (executing program) 2022/09/15 09:30:18 fetching corpus: 3200, signal 191902/233131 (executing program) 2022/09/15 09:30:18 fetching corpus: 3250, signal 193739/234779 (executing program) 2022/09/15 09:30:18 fetching corpus: 3300, signal 195307/236239 (executing program) 2022/09/15 09:30:18 fetching corpus: 3350, signal 196602/237571 (executing program) 2022/09/15 09:30:19 fetching corpus: 3400, signal 197232/238541 (executing program) 2022/09/15 09:30:19 fetching corpus: 3450, signal 198048/239547 (executing program) 2022/09/15 09:30:19 fetching corpus: 3500, signal 199157/240745 (executing program) 2022/09/15 09:30:19 fetching corpus: 3550, signal 200027/241780 (executing program) 2022/09/15 09:30:19 fetching corpus: 3600, signal 201186/242950 (executing program) 2022/09/15 09:30:19 fetching corpus: 3650, signal 202445/244185 (executing program) 2022/09/15 09:30:19 fetching corpus: 3700, signal 202935/244985 (executing program) 2022/09/15 09:30:19 fetching corpus: 3750, signal 203949/246080 (executing program) 2022/09/15 09:30:20 fetching corpus: 3800, signal 204667/246989 (executing program) 2022/09/15 09:30:20 fetching corpus: 3850, signal 205146/247740 (executing program) 2022/09/15 09:30:20 fetching corpus: 3900, signal 205893/248646 (executing program) 2022/09/15 09:30:20 fetching corpus: 3950, signal 206709/249578 (executing program) 2022/09/15 09:30:20 fetching corpus: 4000, signal 207622/250549 (executing program) 2022/09/15 09:30:20 fetching corpus: 4050, signal 208591/251505 (executing program) 2022/09/15 09:30:20 fetching corpus: 4100, signal 209240/252304 (executing program) 2022/09/15 09:30:20 fetching corpus: 4150, signal 210419/253292 (executing program) 2022/09/15 09:30:20 fetching corpus: 4200, signal 210919/254042 (executing program) 2022/09/15 09:30:20 fetching corpus: 4250, signal 211454/254727 (executing program) 2022/09/15 09:30:21 fetching corpus: 4300, signal 212234/255504 (executing program) 2022/09/15 09:30:21 fetching corpus: 4350, signal 213066/256317 (executing program) 2022/09/15 09:30:21 fetching corpus: 4400, signal 213650/257012 (executing program) 2022/09/15 09:30:21 fetching corpus: 4450, signal 214327/257806 (executing program) 2022/09/15 09:30:21 fetching corpus: 4500, signal 215365/258727 (executing program) 2022/09/15 09:30:21 fetching corpus: 4550, signal 215889/259364 (executing program) 2022/09/15 09:30:21 fetching corpus: 4600, signal 216578/260120 (executing program) 2022/09/15 09:30:21 fetching corpus: 4650, signal 217025/260771 (executing program) 2022/09/15 09:30:21 fetching corpus: 4700, signal 217968/261651 (executing program) 2022/09/15 09:30:21 fetching corpus: 4750, signal 219348/262754 (executing program) 2022/09/15 09:30:22 fetching corpus: 4800, signal 220247/263498 (executing program) 2022/09/15 09:30:22 fetching corpus: 4850, signal 220933/264156 (executing program) 2022/09/15 09:30:22 fetching corpus: 4900, signal 221506/264770 (executing program) 2022/09/15 09:30:22 fetching corpus: 4950, signal 222106/265408 (executing program) 2022/09/15 09:30:22 fetching corpus: 5000, signal 223135/266167 (executing program) 2022/09/15 09:30:22 fetching corpus: 5050, signal 223954/266841 (executing program) 2022/09/15 09:30:23 fetching corpus: 5100, signal 225009/267609 (executing program) 2022/09/15 09:30:23 fetching corpus: 5150, signal 226013/268348 (executing program) 2022/09/15 09:30:23 fetching corpus: 5200, signal 226685/268944 (executing program) 2022/09/15 09:30:23 fetching corpus: 5250, signal 227005/269450 (executing program) 2022/09/15 09:30:23 fetching corpus: 5300, signal 227560/270021 (executing program) 2022/09/15 09:30:23 fetching corpus: 5350, signal 228049/270548 (executing program) 2022/09/15 09:30:24 fetching corpus: 5400, signal 228530/271059 (executing program) 2022/09/15 09:30:24 fetching corpus: 5450, signal 229260/271610 (executing program) 2022/09/15 09:30:24 fetching corpus: 5500, signal 229890/272166 (executing program) 2022/09/15 09:30:24 fetching corpus: 5550, signal 230480/272694 (executing program) 2022/09/15 09:30:24 fetching corpus: 5600, signal 230886/273148 (executing program) 2022/09/15 09:30:24 fetching corpus: 5650, signal 231403/273605 (executing program) 2022/09/15 09:30:24 fetching corpus: 5700, signal 231961/274023 (executing program) 2022/09/15 09:30:24 fetching corpus: 5750, signal 232617/274493 (executing program) 2022/09/15 09:30:25 fetching corpus: 5800, signal 233579/275068 (executing program) 2022/09/15 09:30:25 fetching corpus: 5850, signal 233967/275512 (executing program) 2022/09/15 09:30:25 fetching corpus: 5900, signal 234783/276004 (executing program) 2022/09/15 09:30:25 fetching corpus: 5950, signal 235309/276367 (executing program) 2022/09/15 09:30:25 fetching corpus: 6000, signal 236022/276776 (executing program) 2022/09/15 09:30:25 fetching corpus: 6050, signal 236487/277164 (executing program) 2022/09/15 09:30:25 fetching corpus: 6100, signal 237498/277643 (executing program) 2022/09/15 09:30:25 fetching corpus: 6150, signal 238331/278038 (executing program) 2022/09/15 09:30:26 fetching corpus: 6200, signal 239606/278601 (executing program) 2022/09/15 09:30:26 fetching corpus: 6250, signal 240123/278991 (executing program) 2022/09/15 09:30:26 fetching corpus: 6300, signal 240532/279360 (executing program) 2022/09/15 09:30:26 fetching corpus: 6350, signal 241158/279703 (executing program) 2022/09/15 09:30:26 fetching corpus: 6400, signal 242006/280067 (executing program) 2022/09/15 09:30:26 fetching corpus: 6450, signal 242481/280385 (executing program) 2022/09/15 09:30:26 fetching corpus: 6500, signal 243246/280738 (executing program) 2022/09/15 09:30:26 fetching corpus: 6550, signal 243878/281166 (executing program) 2022/09/15 09:30:26 fetching corpus: 6600, signal 244402/281430 (executing program) 2022/09/15 09:30:27 fetching corpus: 6650, signal 244760/281727 (executing program) 2022/09/15 09:30:27 fetching corpus: 6700, signal 245695/282064 (executing program) 2022/09/15 09:30:27 fetching corpus: 6750, signal 246126/282332 (executing program) 2022/09/15 09:30:27 fetching corpus: 6800, signal 246724/282494 (executing program) 2022/09/15 09:30:27 fetching corpus: 6850, signal 247267/282494 (executing program) 2022/09/15 09:30:27 fetching corpus: 6900, signal 248134/282505 (executing program) 2022/09/15 09:30:27 fetching corpus: 6950, signal 248584/282536 (executing program) 2022/09/15 09:30:28 fetching corpus: 7000, signal 248937/282539 (executing program) 2022/09/15 09:30:28 fetching corpus: 7050, signal 249557/282579 (executing program) 2022/09/15 09:30:28 fetching corpus: 7100, signal 250090/282582 (executing program) 2022/09/15 09:30:28 fetching corpus: 7150, signal 250661/282590 (executing program) 2022/09/15 09:30:28 fetching corpus: 7200, signal 251223/282590 (executing program) 2022/09/15 09:30:28 fetching corpus: 7250, signal 251899/282626 (executing program) 2022/09/15 09:30:28 fetching corpus: 7300, signal 252357/282635 (executing program) 2022/09/15 09:30:28 fetching corpus: 7350, signal 252748/282660 (executing program) 2022/09/15 09:30:29 fetching corpus: 7400, signal 253206/282664 (executing program) 2022/09/15 09:30:29 fetching corpus: 7450, signal 253599/282666 (executing program) 2022/09/15 09:30:29 fetching corpus: 7500, signal 254110/282689 (executing program) 2022/09/15 09:30:29 fetching corpus: 7550, signal 254385/282704 (executing program) 2022/09/15 09:30:29 fetching corpus: 7600, signal 254702/282713 (executing program) 2022/09/15 09:30:29 fetching corpus: 7650, signal 255227/282714 (executing program) 2022/09/15 09:30:29 fetching corpus: 7700, signal 255604/282728 (executing program) 2022/09/15 09:30:29 fetching corpus: 7750, signal 255826/282728 (executing program) 2022/09/15 09:30:29 fetching corpus: 7800, signal 256172/282728 (executing program) 2022/09/15 09:30:29 fetching corpus: 7850, signal 256539/282731 (executing program) 2022/09/15 09:30:30 fetching corpus: 7900, signal 256920/282736 (executing program) 2022/09/15 09:30:30 fetching corpus: 7950, signal 257512/282737 (executing program) 2022/09/15 09:30:30 fetching corpus: 8000, signal 258011/282749 (executing program) 2022/09/15 09:30:30 fetching corpus: 8050, signal 258333/282765 (executing program) 2022/09/15 09:30:30 fetching corpus: 8100, signal 258642/282798 (executing program) 2022/09/15 09:30:30 fetching corpus: 8150, signal 259056/282822 (executing program) 2022/09/15 09:30:30 fetching corpus: 8200, signal 259420/282832 (executing program) 2022/09/15 09:30:30 fetching corpus: 8250, signal 259867/282850 (executing program) 2022/09/15 09:30:30 fetching corpus: 8300, signal 260342/282863 (executing program) 2022/09/15 09:30:31 fetching corpus: 8350, signal 261400/282866 (executing program) 2022/09/15 09:30:31 fetching corpus: 8400, signal 261773/282867 (executing program) 2022/09/15 09:30:31 fetching corpus: 8450, signal 262086/282874 (executing program) 2022/09/15 09:30:31 fetching corpus: 8500, signal 262452/282878 (executing program) 2022/09/15 09:30:31 fetching corpus: 8550, signal 262865/282884 (executing program) 2022/09/15 09:30:31 fetching corpus: 8600, signal 263430/282902 (executing program) 2022/09/15 09:30:31 fetching corpus: 8650, signal 264026/282914 (executing program) 2022/09/15 09:30:31 fetching corpus: 8684, signal 264359/282914 (executing program) 2022/09/15 09:30:31 fetching corpus: 8684, signal 264359/282914 (executing program) 2022/09/15 09:30:34 starting 8 fuzzer processes 09:30:34 executing program 2: r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x9, 0x2000) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0xffffffffffff979a, 0x4}) fcntl$addseals(r1, 0x409, 0xa) ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000080)={0x1000, 0x7, 0x2, 0x6a10, 0xdb}) r2 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x40, 0x400060) sendfile(r2, r0, &(0x7f0000000100)=0x1, 0x1) r3 = eventfd(0xfe) fcntl$addseals(r3, 0x409, 0x8) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1, {0x7fffffff}}, './file0\x00'}) sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x74, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x23, 0xbe, "efefabac897d2dce706553d9067c6562013eb6c461fa6f67edcfe4af2a6fb7"}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x4}, @NL80211_ATTR_STA_WME={0x1c, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x5f}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x4}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x4}]}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}]}, 0x74}, 0x1, 0x0, 0x0, 0x4000004}, 0x4) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0) pwrite64(r3, &(0x7f00000002c0)="a0dca6e4d3f471113cf541d2bac81f2d4064b27426ada6795ec338723f8011b6e8fd3e123a036a319705b54beb7a9d6653b80c70bd447c4f7d402e0236aefdd659bf1e085f23304a2016ef3fe561fb8a042f1e2cfbbe54ee04df3b4216ca4158b5b0b26ef171f8e991c807eba453838a06de213dd20cbf68449700f751424c2b1df1f00f8d4bac", 0x87, 0x7fff) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000380)={{0x1, 0x1, 0x18, r0, @in_args={0x4}}, './file0\x00'}) readv(r5, &(0x7f00000004c0)=[{&(0x7f00000003c0)=""/230, 0xe6}], 0x1) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000500)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r2, 0x660c) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f0000000540)={{0x1, 0x1, 0x18, r0, {0x9}}, './file0\x00'}) r7 = socket$packet(0x11, 0x3, 0x300) r8 = fsmount(r6, 0x1, 0x2) sendfile(r7, r8, &(0x7f0000000580)=0xffff, 0x2) 09:30:34 executing program 0: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x1, 0x27, 0x1, 0x81, 0x0, 0x6, 0x80002, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x4, 0x1, @perf_config_ext={0x6, 0x4}, 0x204, 0xd2a1, 0x5, 0x2, 0x5, 0x4, 0x400, 0x0, 0x7, 0x0, 0x40}, 0x0, 0xf, r0, 0xa) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x200000c, 0x12, r1, 0xfff) r2 = openat$cgroup_pressure(r0, &(0x7f00000000c0)='memory.pressure\x00', 0x2, 0x0) pread64(r2, &(0x7f0000000100)=""/192, 0xc0, 0xffff) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder1\x00', 0x802, 0x0) pread64(r3, &(0x7f0000000200)=""/4096, 0x1000, 0xd1) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000012c0)=0x0) perf_event_open(&(0x7f0000001240)={0x1, 0x80, 0x0, 0x20, 0x0, 0x0, 0x0, 0x101, 0x100, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000001200), 0x1d}, 0x2109, 0x9, 0x0, 0x2, 0x3, 0x3, 0x8000, 0x0, 0x0, 0x0, 0x5}, r4, 0x8, 0xffffffffffffffff, 0x1) ioctl$RTC_WIE_OFF(r1, 0x7010) ioctl$KDMKTONE(r1, 0x4b30, 0x0) r5 = accept4$bt_l2cap(r1, &(0x7f0000001300)={0x1f, 0x0, @fixed}, &(0x7f0000001340)=0xe, 0xc0000) open_by_handle_at(r5, &(0x7f0000001380)=@GFS2_SMALL_FH_SIZE={0x10, 0x4, {0x0, 0x8, 0x5, 0x7b}}, 0x20000) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000013c0)={0x3f, 0x788d1ed4, 0x5, 0x7f, 0x10001}) sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000001500)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000014c0)={&(0x7f0000001440)={0x50, 0x1, 0x3, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFQA_VLAN={0x3c, 0x13, 0x0, 0x1, [@NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x1}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x88a8}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x8}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x2}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x2}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x88a8}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4080}, 0xfd9f874ba114dfcf) ioctl$KDDELIO(r1, 0x4b35, 0x6) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000001540)='\x00') ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r5, 0x8008f513, &(0x7f0000001580)) 09:30:34 executing program 7: fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x9) ioctl$FITHAW(r0, 0xc0045878) ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000080)=@v2={0x2, @aes256, 0x4, '\x00', @b}) r2 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x2800, 0x4, 0xc}, 0x18) r3 = openat(r2, &(0x7f0000000140)='./file0\x00', 0x501000, 0x8) mknodat(r2, &(0x7f0000000180)='./file0\x00', 0x8000, 0x0) r4 = openat(r3, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x2c) r5 = open$dir(&(0x7f0000000200)='./file0\x00', 0x400000, 0x21) fchmodat(r5, &(0x7f0000000240)='./file0\x00', 0x110) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f0000000280)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) getdents(r4, &(0x7f00000002c0)=""/174, 0xae) fcntl$lock(r1, 0x6, &(0x7f0000000380)={0x0, 0x1, 0x100, 0x1, 0xffffffffffffffff}) r7 = syz_open_dev$hiddev(&(0x7f00000003c0), 0x80000000, 0x2000) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000400)={{0x1, 0x1, 0x18, r7}, './file0\x00'}) name_to_handle_at(r8, &(0x7f0000000440)='.\x00', &(0x7f0000000480)=@isofs={0x14, 0x1, {0x2, 0x200, 0x3, 0xfffffffe, 0x5, 0x8}}, &(0x7f00000004c0), 0x1000) openat(r6, &(0x7f0000000500)='./file0\x00', 0x440, 0x191) fcntl$dupfd(r1, 0x406, r7) 09:30:34 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) ioctl$TIOCSIG(r0, 0x40045436, 0x1b) preadv(r0, &(0x7f0000002580)=[{&(0x7f0000000040)=""/227, 0xe3}, {&(0x7f0000000140)=""/1, 0x1}, {&(0x7f0000000180)=""/251, 0xfb}, {&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)}, {&(0x7f00000012c0)=""/108, 0x6c}, {&(0x7f0000001340)=""/4096, 0x1000}, {&(0x7f0000002340)=""/96, 0x60}, {&(0x7f00000023c0)=""/231, 0xe7}, {&(0x7f00000024c0)=""/191, 0xbf}], 0xa, 0x2, 0x0) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000002640)) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000002680)) ioctl$TIOCEXCL(r0, 0x540c) ioctl$TIOCMGET(r0, 0x5415, &(0x7f00000026c0)) ioctl$HIDIOCGUSAGE(0xffffffffffffffff, 0xc018480b, &(0x7f0000002700)={0x2, 0x1, 0x5, 0x4, 0x400, 0x10}) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000002740)) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000002780)) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000027c0)={0xfff, 0x594, 0x5}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000002800), 0x600, 0x0) r2 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000002840), 0x80000) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2) r3 = perf_event_open$cgroup(&(0x7f0000002880)={0x4, 0x80, 0x5, 0x8, 0x4, 0x2, 0x0, 0x959, 0x20, 0x9, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x5, 0x3, @perf_config_ext={0x0, 0x247}, 0x55805, 0x1, 0x3, 0x0, 0x7fff, 0x0, 0x100, 0x0, 0x8001, 0x0, 0xba}, r1, 0xb, r0, 0x0) syncfs(r3) ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000002900)) syz_open_dev$vcsu(&(0x7f0000002940), 0x101, 0x4a8d01) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x84fcf0a8597f6a95, 0xffffffffffffffff, 0xe3ab7000) 09:30:34 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x44040, 0x0) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000000040)) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000080)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x3, 0x5, 0x8000}) ioctl$FIONCLEX(r0, 0x5450) r1 = syz_open_pts(0xffffffffffffffff, 0xa080) ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000100)={0xa9, 0x1, 0x101}) r2 = perf_event_open$cgroup(&(0x7f0000000180)={0x3, 0x80, 0x1, 0x7, 0x9, 0xc7, 0x0, 0x0, 0x1002, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000140)}, 0x21d0, 0x1, 0x3, 0x9, 0x3f, 0x2, 0x2, 0x0, 0x1000, 0x0, 0xfffffffffffffffa}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x1) ioctl$BTRFS_IOC_BALANCE_CTL(r2, 0x40049421, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000200)={0x1}, 0x8) shutdown(0xffffffffffffffff, 0x1) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000240)={{0x1, 0x1, 0x18, r0, {0xffffffff}}, './file0\x00'}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000280)='+\'--\'(]*3:^\x84+\x00') ioctl$SNAPSHOT_FREE(r0, 0x3305) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x101000, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, &(0x7f0000000300)) r5 = openat$cgroup_netprio_ifpriomap(r3, &(0x7f0000000340), 0x2, 0x0) ioctl$EXT4_IOC_MIGRATE(r5, 0x6609) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x0) pread64(r6, &(0x7f00000003c0)=""/36, 0x24, 0x8) 09:30:34 executing program 5: sendmsg$NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x66}}}}, [@NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x7}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x401}}, './file0\x00'}) sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x88, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x40}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfffffff7}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x4}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xcd}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x4}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x54}, 0x11) r1 = getpgid(0x0) perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x3, 0x6, 0x4, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xbae000, 0x4, @perf_bp={&(0x7f00000002c0), 0xd}, 0x4040, 0xfae, 0x3, 0x1, 0x8001, 0x7f, 0xfff9, 0x0, 0x9, 0x0, 0xad2}, r1, 0xa, 0xffffffffffffffff, 0x1b) sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000005c0)={&(0x7f00000003c0)={0x1c8, 0x0, 0x200, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x6, 0x6c}}}}, [@NL80211_ATTR_IE={0xcd, 0x2a, [@tim={0x5, 0xb2, {0x80, 0x2, 0x1, "38dca87699d713e8693863efe93fd713b8f018bca780e391df33c264b599525ff5b357ed5a5301cf0c256334b4345c9938066828f752cad26301abd3b3a89ab0c39e49d72a58b3dc163f0362d15b5496b5cfb7eab01d2c72c1e314fde2a5c2780ec14e6b747f9e1e04b45df96a72351453e64bdae42d2b30383fbae090f2ef7fb2ad185cbff9cbaf9a42728af91ca425a12e13eaa77df2df90b36cc375fae253b5cbf445c4e30661b40956bba2ee0f"}}, @channel_switch={0x25, 0x3, {0x1, 0xae, 0x3}}, @cf={0x4, 0x6, {0xba, 0x7, 0x7, 0x7ff}}, @ssid={0x0, 0x6, @default_ap_ssid}]}, @NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_FILS_KEK={0x2a, 0xf2, "b596d3822d066060e2020a57b5ab3ef3642b39a9cd9edb54589214e4ad284639520268c6dca2"}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @random="969486d90694"}, @NL80211_ATTR_USE_MFP={0x8}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x80, 0x3, 0x6, 0x0, {0xfffffffeffffffff, 0x5, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1}, 0x800, 0xffffffff, 0x96}}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0xc, 0x1, 0x7, 0x0, {0x6, 0x80, 0x0, 0xe8, 0x0, 0x0, 0x0, 0x2}, 0x1, 0x80, 0x7}}, @NL80211_ATTR_IE={0x52, 0x2a, [@supported_rates, @link_id={0x65, 0x12, {@from_mac=@broadcast, @broadcast}}, @ht={0x2d, 0x1a, {0x4000, 0x2, 0x1, 0x0, {0x7, 0x6, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1}, 0x8, 0x7ff, 0x20}}, @gcr_ga={0xbd, 0x6, @broadcast}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}]}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x4004}, 0x1) recvmmsg$unix(r0, &(0x7f0000000a00)=[{{&(0x7f0000000680)=@abs, 0x6e, &(0x7f0000000900)=[{&(0x7f0000000700)=""/213, 0xd5}, {&(0x7f0000000800)=""/244, 0xf4}], 0x2, &(0x7f0000000940)=[@rights={{0x10}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}], 0x98}}], 0x1, 0x40, &(0x7f0000000a40)) fchownat(r0, &(0x7f0000000640)='./file0\x00', 0x0, r6, 0x100) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000ac0), r0) sendmsg$BATADV_CMD_GET_GATEWAYS(r5, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x24, r7, 0x200, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x801) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), r4) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000d40)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000c40)={0x84, r8, 0x300, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x3f, 0x2e}}}}, [@NL80211_ATTR_BSS_BASIC_RATES={0x1c, 0x24, [{0x4}, {0x18}, {0x6c}, {0x30}, {0x2, 0x1}, {0x2}, {0x16, 0x1}, {0x16}, {0x16, 0x1}, {0x16}, {0x7e, 0x1}, {0x30}, {0x30, 0x1}, {0xc, 0x1}, {0x3}, {0x18, 0x1}, {0x5, 0x1}, {0x6}, {0xb}, {0x12}, {0x48, 0x1}, {0xc}, {0x1b}, {0x16, 0x1}]}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x1}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x3}, @NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_MAX_RETRIES={0x5, 0x5, 0xf}, @NL80211_MESHCONF_PATH_REFRESH_TIME={0x8, 0x9, 0x8}, @NL80211_MESHCONF_AWAKE_WINDOW={0x6, 0x1b, 0x2}, @NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL={0x6, 0x12, 0x3}, @NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL={0x6, 0x12, 0xffff}]}]}, 0x84}}, 0x7cd0e82fe90c1b17) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000d80)={0x0, 0x0}) sched_getscheduler(r9) socketpair(0x3b, 0x3, 0xfffffc01, &(0x7f0000000e00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000000e40)={{0x1, 0x1, 0x18, r10, {0x2}}, './file0\x00'}) syz_io_uring_setup(0x7a88, &(0x7f0000000e80)={0x0, 0x770c, 0x0, 0x2, 0x379, 0x0, r2}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000f00), &(0x7f0000000f40)=0x0) syz_io_uring_submit(0x0, r11, &(0x7f0000000f80)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x1af4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x2}}, 0x1000) r12 = perf_event_open(&(0x7f0000001080)={0x3, 0x80, 0xfb, 0x7, 0x4, 0x3, 0x0, 0xfffffffffffffff8, 0x200, 0x5, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2a, 0x1, @perf_bp={&(0x7f0000001040)}, 0x3c690dace04004c0, 0x48, 0x80, 0x5, 0x7, 0x1, 0x20, 0x0, 0x2}, r1, 0x1, r2, 0x0) perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x1, 0x1, 0x6, 0xfc, 0x0, 0x5, 0x4200, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8001, 0x2, @perf_config_ext={0x8, 0x6}, 0x808, 0x2, 0x2809, 0x6, 0x3ff, 0x80, 0x5, 0x0, 0x0, 0x0, 0x100000000}, 0x0, 0x0, r12, 0x9) 09:30:34 executing program 3: lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='trusted.syz\x00', &(0x7f0000000080)=""/126, 0x7e) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000100)={0xc5, 0x29, 0x2, {0x87b4, [{{0x2, 0x0, 0x5}, 0x4, 0x81, 0x7, './file0'}, {{0x20, 0x3, 0x6}, 0x3, 0xc5, 0x7, './file0'}, {{0x1}, 0xfff, 0x1, 0x7, './file0'}, {{0x8, 0x3, 0x8}, 0x1, 0x8, 0x7, './file0'}, {{0xb0, 0x1, 0x6}, 0xa5, 0x6, 0x7, './file0'}, {{0x24, 0x0, 0x4}, 0x5, 0x14, 0x7, './file0'}]}}, 0xc5) r0 = open_tree(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x100) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, 0x0}, &(0x7f0000000480)=0xc) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = syz_open_dev$vcsn(&(0x7f00000004c0), 0x5, 0x529100) r6 = syz_mount_image$iso9660(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x9, 0x2, &(0x7f00000006c0)=[{&(0x7f0000000580)="0074f51760e6f5bc4f16c0e8ed8d626ddfcee90503df30d7f1d66f9f99651bf3d99b63b14dc9dd1b8da0a4d90cabf8ffe1df1eeec51aa62503b583fff351752c04", 0x41, 0x7}, {&(0x7f0000000600)="51f2118d1772fec94ee0369185d9696ec0161364ceac57cd455be5a02e74ff71b88b7abc525d67d38eb399432d24dd5f07ded58fb15e18591f8b3e4b44822d025d34e07262aa7f773060a80d9bc21db1e2b79c6191e968968b66abc705769d359d6061ff2005093b9edf2f00956bb8eaa3c812478f6bfcb88d87f8ad44bd07a772e7", 0x82, 0x620}], 0x40, &(0x7f0000000700)={[{@gid={'gid', 0x3d, r2}}, {@uid={'uid', 0x3d, r1}}, {@session={'session', 0x3d, 0xd}}, {@check_relaxed}, {@hide}, {@session={'session', 0x3d, 0x5}}, {@overriderock}, {@map_off}, {@map_normal}], [{@fsmagic={'fsmagic', 0x3d, 0x6}}, {@fsname={'fsname', 0x3d, 'trusted.syz\x00'}}]}) recvmsg$unix(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000800)=""/143, 0x8f}, {&(0x7f00000008c0)=""/24, 0x18}], 0x2, &(0x7f0000000940)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0}}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x70}, 0x2042) getresgid(&(0x7f0000000a00), &(0x7f0000000a40), &(0x7f0000000a80)=0x0) r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x2000000) recvmmsg$unix(r0, &(0x7f0000002e40)=[{{&(0x7f0000000ac0), 0x6e, &(0x7f0000000d80)=[{&(0x7f0000000b40)=""/125, 0x7d}, {&(0x7f0000000bc0)=""/57, 0x39}, {&(0x7f0000000c00)=""/92, 0x5c}, {&(0x7f0000000c80)=""/255, 0xff}], 0x4, &(0x7f0000000dc0)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000000e00), 0x6e, &(0x7f0000002280)=[{&(0x7f0000000e80)=""/197, 0xc5}, {&(0x7f0000000f80)=""/194, 0xc2}, {&(0x7f0000001080)=""/25, 0x19}, {&(0x7f00000010c0)=""/45, 0x2d}, {&(0x7f0000001100)=""/87, 0x57}, {&(0x7f0000001180)=""/222, 0xde}, {&(0x7f0000001280)=""/4096, 0x1000}], 0x7, &(0x7f0000002300)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}}, {{&(0x7f00000023c0), 0x6e, &(0x7f00000025c0)=[{&(0x7f0000002440)=""/179, 0xb3}, {&(0x7f0000002500)=""/28, 0x1c}, {&(0x7f0000002540)=""/76, 0x4c}], 0x3, &(0x7f0000002600)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x130}}, {{&(0x7f0000002740), 0x6e, &(0x7f00000028c0)=[{&(0x7f00000027c0)=""/228, 0xe4}], 0x1, &(0x7f0000002900)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{&(0x7f0000002940), 0x6e, &(0x7f0000002d40)=[{&(0x7f00000029c0)=""/15, 0xf}, {&(0x7f0000002a00)=""/225, 0xe1}, {&(0x7f0000002b00)=""/193, 0xc1}, {&(0x7f0000002c00)=""/247, 0xf7}, {&(0x7f0000002d00)=""/30, 0x1e}], 0x5, &(0x7f0000002dc0)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x58}}], 0x5, 0x1, &(0x7f0000002f80)={0x0, 0x3938700}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000002fc0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x9}}, './file0\x00'}) r13 = perf_event_open(&(0x7f0000003040)={0x2, 0x80, 0x56, 0xfe, 0x2, 0x24, 0x0, 0x76aa, 0x40004, 0xa, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xe50, 0x2, @perf_bp={&(0x7f0000003000)}, 0xb226ce92455e138, 0x59f5, 0x8, 0x9, 0xffffffffffff8000, 0x2, 0x2, 0x0, 0x4, 0x0, 0xda}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f00000030c0)={{0x1, 0x1, 0x18, r0, {r1, r2}}, './file0\x00'}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003100)={0x0, 0x0, 0x0}, &(0x7f0000003140)=0xc) r16 = getpgid(0xffffffffffffffff) newfstatat(0xffffffffffffff9c, &(0x7f0000003180)='./file0\x00', &(0x7f00000031c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2000) sendmmsg$unix(r0, &(0x7f00000033c0)=[{{&(0x7f0000000300)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000380)="3eaee148f6258744cfd12d2bdb8989a30f8654d1aa1571201c4b8e763780a15363da1467025ace70bb45f2f75ad5c55aeb10a11e5774819590efe56f70934cc425b576a91548db9588e2df42203a06ad535a6b1fd6ee24d9c473701f45e2b05a327c34926d6c0a4126ffb870ab", 0x6d}], 0x1, &(0x7f0000003240)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r1, r3}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r1, r2}}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, r0, r4, r0, r0, r0, r5, r6]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r7, 0xffffffffffffffff}}}, @rights={{0x20, 0x1, 0x1, [r0, r0, r0, r0]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r1, r8}}}, @rights={{0x30, 0x1, 0x1, [r0, r9, r10, r0, r0, r12, r13, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r14, r15}}}, @cred={{0x1c, 0x1, 0x2, {r16, r1, r17}}}], 0x160, 0x40001}}], 0x1, 0x12) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r11, 0x89f6, &(0x7f00000034c0)={'syztnl0\x00', &(0x7f0000003440)={'syztnl0\x00', 0x0, 0x2f, 0x20, 0x3f, 0x1, 0x60, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x700, 0x7, 0x7}}) [ 79.947653] audit: type=1400 audit(1663234234.449:6): avc: denied { execmem } for pid=284 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:30:34 executing program 6: write$P9_RAUTH(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x67, 0x1, {0x40, 0x4, 0x8}}, 0x14) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5}}, './file0\x00'}) write$P9_RUNLINKAT(r0, &(0x7f0000000080)={0x7, 0x4d, 0x2}, 0x7) r1 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r1, 0xf50f, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x8000, 0x140) write$P9_RSYMLINK(r0, &(0x7f0000000140)={0x14, 0x11, 0x1, {0x20, 0x3, 0x4}}, 0x14) write$P9_RSTAT(r0, &(0x7f0000000180)={0x42, 0x7d, 0x1, {0x0, 0x3b, 0x8, 0xf2d, {0x2, 0x4, 0x2}, 0x880000, 0x7, 0xffffffff, 0x9, 0x2, '{.', 0x3, '[^[', 0x2, '{:', 0x1, ','}}, 0x42) r2 = openat(r0, &(0x7f0000000200)='./file1\x00', 0x4, 0x130) r3 = dup2(r0, r1) quotactl(0x8, &(0x7f0000000240)='./file1\x00', 0xee01, &(0x7f0000000280)) mount$9p_unix(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)='./file1\x00', &(0x7f0000000340), 0x1, &(0x7f0000000380)={'trans=unix,', {[{@cachetag={'cachetag', 0x3d, ','}}, {@dfltuid={'dfltuid', 0x3d, 0xffffffffffffffff}}, {@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x4}}, {@cache_none}, {@aname={'aname', 0x3d, '{.'}}, {@version_u}, {@version_u}], [{@hash}, {@fowner_eq={'fowner', 0x3d, 0xee00}}, {@smackfshat={'smackfshat', 0x3d, '*B-({\'%@-^$/]'}}, {@obj_role={'obj_role', 0x3d, ','}}, {@func={'func', 0x3d, 'MODULE_CHECK'}}]}}) lsetxattr$trusted_overlay_upper(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), &(0x7f0000000500)={0x0, 0xfb, 0x1c, 0x3, 0xa2, "37f94574a089e177ce049cf3aa7fd91a", "4fa77f855a90e1"}, 0x1c, 0x2) r4 = syz_io_uring_complete(0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, &(0x7f0000000540)={{r4}, "ae67832669484e66c3d67012a0c9809d145cff3961b971a529e9af0deae481fcc8c7c3071c15f9f94042f36519cfcf67f6eadb0e7b4b8c46d39a13888e241f1b957fd5275ecd24a954f13e19620a885af2ba257b591ff01034ead41ee1816db23cb9ce8cb08173c3ca4d56a08fdaa4b352e44e0eb282397b6675dd15e48349b41f6a756bbe86ca6028a57ee92c8ee171b18e152ba53e27de5d7e2817d56fbe0f4ec899c4d3b5abdb1ebf46ef8969a030648041d4f35eb49b5cab0fe8642b0b774a460ff007ce571ca20680bced102cc21dec5fb7ce9bdbb557499c5f7f07294bf219e41e4828e35185ceedd812d24c688569ab923c2b189ee45e531d275fb28a11e5d52b31d7d8a167e42f3c4e5117e381071d8745120d9297fd59e9bd122029e38a2a1ec9c063541a795b6291ad60dcb2b6f1c195e5301040b00a63e7d3007d9520400397ea27a80a488d5dfac9863531732e747cdbb0a9d65b24ebffab6167994f925fc7107b6c2276a09969eb71b69e49894705159cf3e516460a825e4df0de8161aa341b4aa903ead622caa685398a148037f68e9645f317ab09ea585cc8b7cd7f5ab8b8f77d428375613954e3f52f75da0cbe3c998d9f1a2171b25b9906389cb2cab067db0d8886027af8b667c5dd63a5ded496c4fd854ccba947e5292f8f770dc76310f1d2bf7c04a59c3cd028e5f7731c7795d8e612c1a988b7c57bbdb5bf02650171d638b0f779f4eec060964713d025ddfb49f3311b26653a758a1a2961e190da31e8238ac4df414df50c669d83140b9697c4ff48c4f8347ccdb5b083313c4b5276ef7ffb836cb801de476fb2d4bd3053ac7343b5d0c8480fb895349cb59998bcca417380476ec4b47f4976c49988f41938b6a456d1838b7debe7397d6251a55cff0fdc35d97b60d952c644dbba90ddf6c1611d4316726547eac21ab9603cdf041b37eb3632300d1373b34e82dd49d87aa9c82b6817a157e3a60720aefe028a8e320063dbf6bab14b560febea87ab654deae24282659ce7fd426a873053ce63649ef7eca30435f8382856dbbea4a3b3058aef4e51e794d9155b4b1ff07ebc47d22270f6a558b133f258f5df3df693f5c3b60d32e4c0e0de1ffa38aadc5603d7f33418ecfab1d814756737a8068919af2cb6e73f6d26245e487640fe7f81a15d347ae84acd369d0a07c9363a192ec478776b14d3dd4fa19418b468585587ffee082b4eda27e40c169a269c163cb93ddfaac95dd871da302cd7d5a92c00eeb751b47c8dd01eb1341539dec799f06f24e68b8c0f4f8d3f3c6333dacf5b651bbd28c71d696c65d1746d2fcd20f38ee8d4b8bab4c50d465a1d2fb975db4c9d153c10e9f516eaa209b00b42555ca56a3845089f2a25e57921013d0f9946ed6c4c31df809793e52c5988668d837cf59bb08bc5f2fbe3eb034e0d205195f10ea93dff5c6bfc0832d2c748cd2ef9507b94ca8b7a846bb01011c7ca638e8b5f2e7cf0c1445c9fc395b8e63ad99487bf150e8135d76eb7329e38c65b1ffa9f97c72014507cc01d89a6bc71ccc19b199f26f6f39e18f20c60fb0c76be54d08286ebf91c94c6ea4da3c5cb57438f54784ab06b25acdcea521f7ff54e49478b2441c6771d4a181092ece79d511b7d21e43b46af15fa4ee9787cd69416e6b1e3ee8e4bcb2cbb765c7a0c0bd2f9f83e417a4a8130224b11d43b601e3c2d1a8326c402bca928809183fb284554b51fd2af02ec9fe6260a55499f9a6cbc26942ef72a8fda08bbdea207af065bbef582da8fd6de22a8fd2927a0e2b4d7fc9fbfcf51509e3556d88f90e129e61a1e335c219304e373ebf216790533287049741e2c733519ff7a975419ad84cf8b07cb7815b99d774ab527560e2e3fe146fb54ce381bff0ef069dde5997565a3d5a26ebf9448507a556bc3c75507b06bdb8d514be11ce6388fa4b23a713b63030654bdaab0adc662c4e28c11577cf8808785ab35638a8c2326066ffda011033e1a31cd63bfafc3cd484f90cd76cff8d2590ec2af64f462e2bbc851722ec8d2c34a0c3121ee7a1929a87a8fa532e1704dea5a738d10f2a9d39f093011533c231588034943b4aac2da3e76e6072b5be0d49a2084e1f7a8582eec8d9e78bed2d770b81ef03cce0dbfc37f492ca1692f16fe949bfb58b5b55f31433d6625f144094e1aa8700dee9d71432c1e2a904944a6372d753b6315976e5181892802006e1b1eca79fa7f6182d0db8337bf9ff443d36a48ad080988af008be496e606d6a5c2250e9f83bb5bbc98f5aaa0f5a2d7945951a623af8e1029395e23936a2033520fe23ea2d61e79da6d62cc592f2dbfdceb7314cd1e20383c0cf4deb5a3d06df63f8d386ec085caea4aa231a83b476b5743a177e08ced5d5e478aed5c9f0d8e94589e8fcbda834b7d9388d9ae676a643b28cdcfc1ca86f171010522c40e558f80853619419d03e1893d593fc5b50dfca55ca20bd74c91ced9eb88525cc0fe18be48c872eb3c0202dbe49ede0188ec61374ead05ce05a11fbd9b0a8eac04a3fde43b21d18d943a9a30ffe162668977fa2ca5288b47c3f433b3a02eed549ebc14456dec8ce2950e1218830d37a7937d4ca00988daf00e29768b11aae33e1562a6a34a2e293e2fe2995e8d2333e1c00ea6b9599921ad5e530dac5ace4b82308583017b736fda80d122150cad4a15aae325677a802cb2c10392aef46cdc64ae49da44ab777ae04534dad6b357aa050bb1ffadd885898d3cf8a1caf83a0c0e8ed5bcd1fb1843e5a02135aed89df5b124f4153eff332ce016bca031b6222d8be9d8a5c83e2e218d6b7b34b7d3c5e7afd566d287000dbbc477008d6eac6460aec2551effe476d4d93b0b4091a634d8e32937cd1090a2d7349ba0f764be9f673074b6b433fa99b936f0f31b39e644851e5137856e32257c451ba42c43039eea9277ddb41d422e2bd58b779ef68ddea4d35cc917f51a070c10c38cb66b47709bd51f52502311c1a6ca2ddd36364f91f40fdf7f91bda2deca2596e598f890d0619a06b253b007734292ba4df17fef87ec76137ac92a38a8e9ab3d956891668e367218ab52418545fa26312285638a78a49c03a28dadaff42482eacee3db6197ed910ce256c1d2e6250c4998b539bfa2da01b1666a1522a23cf374b04a6e0cfb3160d2574725203ed603ff8f970d93837c5db8a8b5913b53fc40ada3b741acb27b8a80435d1115397c7c4a41ebd810dd0c9cf52dad62a05b5761c6986a881b949077f1b8cb26af206db1b8e61e8aed974ece9bd9f1dd01ca5a84bde1641c3e08089474e1b70aa44b671a49fc2d699d43649f9f738310c04e0678665a508a7fe03b65d274875fbd8df24813c6689a0a267223c281899fd11690ac6c4c9ad140dd3ef9b3dd63cdde746c5e5f301597daf236ea1100dff9d893bb0586ee0091addddc8a3227c03716c48a7eb950aeeb9e9e35caf0644c5cca6036094fa8ae970e6db6bafea946d8dcd8325465832c70fe9579ae9fb29bb05bf393846056440f070b250b863467e589917cbcc496c6571b5711dc43f8bec1a54cf09706913e8b7a6fe72aa693ed6108b6344274887a6b9856b8863b7ff135979ec7b874eb0ce3121cec9b72b2ffa87be441f782fc4642251146b46c06f6cb5adc00836e5817d4ad1a2337a740a1300c2357c500f29938e226b8defa4669b8185f0fde1bd66bdacdfef126f5be72678794274184a7ecf7be57c3649c9f85180194c18ee90a2b263a7156e6da77b584388b4d809f88858016c6fb9030384b95f25bb987028c741936c485aec8c51e21270468477c25e48e7051b038544a1cda3f22d54e0a6fbcf55b3a74551d40885d1d702b63e686defd29027d96399066e9b7a6fec939fd7cbd415f2f8060f263a3249d864ed151d53497f38138854f5ea08d723cba522d272ce552c92987963944079f7322ba8cf5c9031e0beacd33409c562d391e105863db0386e7c4699241c31bbdab10512a25cb86ed1d9d01dcc8214bb7d7b5a8cc6b533e5671180cb32b170930dfff130666ab572977dbe05cd2dc8408630569b73345ea5db0392257587ff294db5a2006af7bb8da9be754a22113c3def5eed9ee2f088b4fcfb51d68c634386e467a74089518be8840f2bfcc54b64f93100a6203a5c4891e5a6f72e842efe15a75028430f5125c9a6425214bd6de702d7ccfa1cdb0636eabb782addca9da67316be915720ac61ccd5e36d6a6e05a73ae1c97b080581fdb67fb30739d5d455d23045dfa4f9556af784a41803feb3b36e0a30d3cd2e28211737eb45f4587756518f0f60b0018c6cb1b1dba8ed3f203a43da9c3ca68230336bad80a93140c1d7588819ea13dc962717c34877704429cb7af410b6796392cd7abf8a3d269c151b3c7749c4c6e2486aa4f32b510ca75d064f9c7e5915291e11b3e541d6ecdbeda93b84ad88de322cc9ca3e4ecb9138def1eb94d50452deac198a4750d99534b9cf704d678ea20315519d2043bbb1333201039f2b5d38cdc4332e1bfe73360fd60daa75910fdfb3c88ea41fd54b5dca15b4ef13990d9ef0ac3114ec059e394b25d73976f01778dc46fba3210532232f5aa6f29bf54f44099443873b438ad8b2b18e5c02fbc1f35016ee6d7f82c69be3350a017ab07e96f69cb1a352612079f6113409f272032216153d4c2acd3fe7c20c6983b67fb66c7f674013f703afb16301074cfa18f49a9664d06b451129afafdc3c37352bb9c1dfa0ac1a1fc947adaa7673a3dfe135d3ccbd12059e47ef331094fc4f082c6c9749b0ad97478ba4c4a0e7d70d71b8172871b95ff27282251af6a1407ccd65a30f1bf255284674d7ffad6a8accaca9e7b6af970afb54277ea62749654ceb97e4555746fac8bea10efe62a3d50ef3906bb3a37346ca9bda044053d81693dacc3c8304126e69b7a1fac0e5b93ef2a4b5996886bc39dad3615fc05a7753c698549efa79650be8ae72dbce8662e19b5a4345d895958cc7865730502427aacf6cb92c0c5fa8a8d40466a14acad14aa161a2f38df82c6667e5a475ddd7dd141bd6fc9ede384d0fe8b445ab0a85788f803247c6e708e12425f7647e1db70a3bf91665110a1c942b501e5c4b0f8405be6c8d14d0b3174aa820ce27dd46616de47dd4a3be53fbfdc459f0e44c37aa66e68b5e68ec6e23b6625f62e068d3f4eb2ba1a9be6ea968a5250d831bc365dccdf9d896b7898f95431a2860bdf52c2968e58eed53134b497d01ca75914e0acb4285ec86b06ec69dc1ebede40fbda65b78f3618d5cb594d1b5372c1c72b6d02dfd039b3163aa6ebfcdec9ca87333339fe7a4d3c7b9086814a036713bbd06848a29e7a12e1706920fcaf22c3c5a340ef0977670c6b77c039cc8b398c6098d402631c220506c88efc4de4cc8a95fc46b507fc05e4a6f31f43a2941527d83edc103bf068b0bee657b2523f020edf678ca553c6b1b85818bd08b5c685f69824d20cf45664ef4e86871110af19ad2e4e83e348e17292d0bbbc75fd8edfa81ee91c3579567e6ffd7d5c4693949ef2720dc0e4413eaacfb14c56bd573ca69630291dbe50c3815ca9e49051e39007a1ebccb734209053ef450795920415d29e1b86b9fa29d1cb5601326eff85b72900264d46e9fc7818e18f357a8873b59237998d45e9e22866529a475274e31b7a9be419dbd816e79c100e462c66114f623118062e0ae2ab4418daf6fb80f1f9b9aa8aa532dcdef66d339026c6dd90a83b0dd3b58a6b2c5a67a01226b1f86d3935f72ca49d1183cc5acec8"}) syz_io_uring_setup(0x1d8c, &(0x7f0000001540)={0x0, 0x483d, 0x4, 0x1, 0x18b, 0x0, r4}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000015c0), &(0x7f0000001600)) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000001640)={{0x1, 0x1, 0x18, r2, {0x0, 0xffffffffffffffff}}, './file1/file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f0000001680)={{0x1, 0x1, 0x18, r4, {0x0, 0xffffffffffffffff}}, './file1\x00'}) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x30, r2, 0x10000000) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f00000017c0)={&(0x7f0000001700)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001780)={&(0x7f0000001740)={0x1c, 0x1, 0x2, 0x201, 0x0, 0x0, {0xc, 0x0, 0x8}, [@CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8050}, 0x80) [ 81.177712] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.180856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.183165] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.190202] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.191931] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.193066] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.197637] Bluetooth: hci0: HCI_REQ-0x0c1a [ 81.287938] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.291226] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.292219] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.294655] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.296058] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.297126] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.305664] Bluetooth: hci1: HCI_REQ-0x0c1a [ 81.377659] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.379010] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.387355] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 81.390510] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.393158] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 81.398783] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.400093] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.401379] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.404764] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.406799] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 81.409999] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.411050] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.412479] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 81.412628] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.414240] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.414466] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.417553] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.418897] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.434228] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.434331] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.438293] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 81.439416] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.440437] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 81.441658] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 81.442677] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 81.443505] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.443985] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.445348] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 81.446346] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 81.447650] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 81.451628] Bluetooth: hci6: HCI_REQ-0x0c1a [ 81.452774] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.453972] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.456200] Bluetooth: hci3: HCI_REQ-0x0c1a [ 81.459152] Bluetooth: hci5: HCI_REQ-0x0c1a [ 81.461471] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.474914] Bluetooth: hci7: HCI_REQ-0x0c1a [ 81.494016] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.495337] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 81.496233] Bluetooth: hci4: HCI_REQ-0x0c1a [ 81.526646] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.549655] Bluetooth: hci2: HCI_REQ-0x0c1a [ 83.259681] Bluetooth: hci0: command 0x0409 tx timeout [ 83.323043] Bluetooth: hci1: command 0x0409 tx timeout [ 83.514616] Bluetooth: hci7: command 0x0409 tx timeout [ 83.515605] Bluetooth: hci5: command 0x0409 tx timeout [ 83.516118] Bluetooth: hci3: command 0x0409 tx timeout [ 83.516714] Bluetooth: hci6: command 0x0409 tx timeout [ 83.578633] Bluetooth: hci2: command 0x0409 tx timeout [ 83.578655] Bluetooth: hci4: command 0x0409 tx timeout [ 85.306640] Bluetooth: hci0: command 0x041b tx timeout [ 85.372052] Bluetooth: hci1: command 0x041b tx timeout [ 85.562647] Bluetooth: hci6: command 0x041b tx timeout [ 85.563395] Bluetooth: hci3: command 0x041b tx timeout [ 85.564006] Bluetooth: hci5: command 0x041b tx timeout [ 85.564615] Bluetooth: hci7: command 0x041b tx timeout [ 85.626632] Bluetooth: hci4: command 0x041b tx timeout [ 85.627304] Bluetooth: hci2: command 0x041b tx timeout [ 87.354599] Bluetooth: hci0: command 0x040f tx timeout [ 87.418589] Bluetooth: hci1: command 0x040f tx timeout [ 87.610769] Bluetooth: hci7: command 0x040f tx timeout [ 87.611595] Bluetooth: hci5: command 0x040f tx timeout [ 87.612172] Bluetooth: hci3: command 0x040f tx timeout [ 87.612871] Bluetooth: hci6: command 0x040f tx timeout [ 87.674687] Bluetooth: hci2: command 0x040f tx timeout [ 87.675365] Bluetooth: hci4: command 0x040f tx timeout [ 89.402667] Bluetooth: hci0: command 0x0419 tx timeout [ 89.467194] Bluetooth: hci1: command 0x0419 tx timeout [ 89.658671] Bluetooth: hci6: command 0x0419 tx timeout [ 89.659448] Bluetooth: hci3: command 0x0419 tx timeout [ 89.661103] Bluetooth: hci5: command 0x0419 tx timeout [ 89.661799] Bluetooth: hci7: command 0x0419 tx timeout [ 89.722703] Bluetooth: hci4: command 0x0419 tx timeout [ 89.723432] Bluetooth: hci2: command 0x0419 tx timeout [ 141.152947] syz-executor.2 (293) used greatest stack depth: 24568 bytes left [ 143.636215] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 143.638541] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 143.639732] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 143.642655] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 143.644582] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 143.645886] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 143.649941] Bluetooth: hci0: HCI_REQ-0x0c1a [ 143.906193] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 143.908888] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 143.914767] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 143.916293] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 143.917300] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 143.919391] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 143.920658] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 143.922358] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 143.923438] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 143.924735] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 143.924750] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 143.927044] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 143.929231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 143.931474] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 143.932397] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 143.933211] Bluetooth: hci1: HCI_REQ-0x0c1a [ 143.937389] Bluetooth: hci3: HCI_REQ-0x0c1a [ 143.958615] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 143.959176] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 143.963693] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 143.964125] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 143.968008] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 143.968043] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 143.975635] Bluetooth: hci2: HCI_REQ-0x0c1a [ 143.977072] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 143.978677] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 143.979411] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 143.982017] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 143.982928] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 143.984179] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 143.989242] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 143.990410] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 143.991229] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 143.996076] Bluetooth: hci4: HCI_REQ-0x0c1a [ 144.003632] Bluetooth: hci5: HCI_REQ-0x0c1a [ 144.030159] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 144.031959] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 144.033075] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 144.035502] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 144.037010] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 144.037904] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 144.048271] Bluetooth: hci6: HCI_REQ-0x0c1a [ 144.139547] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 144.149173] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 144.157642] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 144.169333] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 144.188782] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 144.198397] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 144.226621] Bluetooth: hci7: HCI_REQ-0x0c1a [ 145.659634] Bluetooth: hci0: command 0x0409 tx timeout [ 145.978638] Bluetooth: hci1: command 0x0409 tx timeout [ 145.979607] Bluetooth: hci3: command 0x0409 tx timeout [ 146.042621] Bluetooth: hci5: command 0x0409 tx timeout [ 146.042666] Bluetooth: hci2: command 0x0409 tx timeout [ 146.043321] Bluetooth: hci4: command 0x0409 tx timeout [ 146.106880] Bluetooth: hci6: command 0x0409 tx timeout [ 146.300348] Bluetooth: hci7: command 0x0409 tx timeout [ 147.707599] Bluetooth: hci0: command 0x041b tx timeout [ 148.027623] Bluetooth: hci3: command 0x041b tx timeout [ 148.028193] Bluetooth: hci1: command 0x041b tx timeout [ 148.090589] Bluetooth: hci4: command 0x041b tx timeout [ 148.091614] Bluetooth: hci2: command 0x041b tx timeout [ 148.092766] Bluetooth: hci5: command 0x041b tx timeout [ 148.154730] Bluetooth: hci6: command 0x041b tx timeout [ 148.346641] Bluetooth: hci7: command 0x041b tx timeout [ 149.754616] Bluetooth: hci0: command 0x040f tx timeout [ 150.074641] Bluetooth: hci1: command 0x040f tx timeout [ 150.075400] Bluetooth: hci3: command 0x040f tx timeout [ 150.138848] Bluetooth: hci5: command 0x040f tx timeout [ 150.139648] Bluetooth: hci2: command 0x040f tx timeout [ 150.140167] Bluetooth: hci4: command 0x040f tx timeout [ 150.202657] Bluetooth: hci6: command 0x040f tx timeout [ 150.394585] Bluetooth: hci7: command 0x040f tx timeout [ 151.802619] Bluetooth: hci0: command 0x0419 tx timeout [ 152.122666] Bluetooth: hci3: command 0x0419 tx timeout [ 152.123281] Bluetooth: hci1: command 0x0419 tx timeout [ 152.186622] Bluetooth: hci4: command 0x0419 tx timeout [ 152.187271] Bluetooth: hci2: command 0x0419 tx timeout [ 152.187829] Bluetooth: hci5: command 0x0419 tx timeout [ 152.250628] Bluetooth: hci6: command 0x0419 tx timeout [ 152.442703] Bluetooth: hci7: command 0x0419 tx timeout [ 205.960233] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 205.962144] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 205.963023] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 205.965101] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 205.966338] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 205.967197] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 205.972039] Bluetooth: hci0: HCI_REQ-0x0c1a [ 206.232444] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 206.236037] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 206.236926] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 206.241591] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 206.243595] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 206.244816] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 206.249054] Bluetooth: hci2: HCI_REQ-0x0c1a [ 206.310652] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 206.310774] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 206.315800] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 206.315912] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 206.321747] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 206.323903] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 206.327021] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 206.328703] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 206.331927] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 206.335776] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 206.337423] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 206.340367] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 206.344833] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 206.353228] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 206.357005] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 206.357624] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 206.359218] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 206.361241] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 206.362279] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 206.363758] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 206.367022] Bluetooth: hci6: HCI_REQ-0x0c1a [ 206.367970] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 206.368860] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 206.370631] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 206.377035] Bluetooth: hci7: HCI_REQ-0x0c1a [ 206.377954] Bluetooth: hci5: HCI_REQ-0x0c1a [ 206.390878] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 206.403809] Bluetooth: hci4: HCI_REQ-0x0c1a [ 207.994633] Bluetooth: hci0: command 0x0409 tx timeout [ 208.250715] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 208.314746] Bluetooth: hci2: command 0x0409 tx timeout [ 208.315267] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 208.378639] Bluetooth: hci6: command 0x0409 tx timeout [ 208.442669] Bluetooth: hci4: command 0x0409 tx timeout [ 208.443633] Bluetooth: hci5: command 0x0409 tx timeout [ 208.444234] Bluetooth: hci7: command 0x0409 tx timeout [ 210.042611] Bluetooth: hci0: command 0x041b tx timeout [ 210.362592] Bluetooth: hci2: command 0x041b tx timeout [ 210.427744] Bluetooth: hci6: command 0x041b tx timeout [ 210.491604] Bluetooth: hci7: command 0x041b tx timeout [ 210.492336] Bluetooth: hci5: command 0x041b tx timeout [ 210.494707] Bluetooth: hci4: command 0x041b tx timeout [ 211.417385] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 211.419848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 211.421634] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 211.430014] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 211.433711] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 211.438573] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 211.450639] Bluetooth: hci1: HCI_REQ-0x0c1a [ 211.964480] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 211.966260] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 211.967591] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 211.972370] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 211.978904] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 211.981745] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 211.991983] Bluetooth: hci3: HCI_REQ-0x0c1a [ 212.090631] Bluetooth: hci0: command 0x040f tx timeout [ 212.411613] Bluetooth: hci2: command 0x040f tx timeout [ 212.474619] Bluetooth: hci6: command 0x040f tx timeout [ 212.539611] Bluetooth: hci4: command 0x040f tx timeout [ 212.540284] Bluetooth: hci5: command 0x040f tx timeout [ 212.542654] Bluetooth: hci7: command 0x040f tx timeout [ 213.499606] Bluetooth: hci1: command 0x0409 tx timeout [ 214.011657] Bluetooth: hci3: command 0x0409 tx timeout [ 214.140254] Bluetooth: hci0: command 0x0419 tx timeout [ 214.458618] Bluetooth: hci2: command 0x0419 tx timeout [ 214.522686] Bluetooth: hci6: command 0x0419 tx timeout [ 214.586683] Bluetooth: hci7: command 0x0419 tx timeout [ 214.588699] Bluetooth: hci5: command 0x0419 tx timeout [ 214.589252] Bluetooth: hci4: command 0x0419 tx timeout [ 215.547637] Bluetooth: hci1: command 0x041b tx timeout [ 216.058709] Bluetooth: hci3: command 0x041b tx timeout [ 217.594590] Bluetooth: hci1: command 0x040f tx timeout [ 218.106635] Bluetooth: hci3: command 0x040f tx timeout [ 219.642628] Bluetooth: hci1: command 0x0419 tx timeout [ 220.154632] Bluetooth: hci3: command 0x0419 tx timeout [ 269.139094] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 269.148978] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 269.149915] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 269.153003] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 269.154181] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 269.155253] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 269.171607] Bluetooth: hci4: HCI_REQ-0x0c1a [ 270.586588] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 271.162627] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 271.226654] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 271.228130] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 271.228947] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 271.230604] Bluetooth: hci4: command 0x0409 tx timeout [ 272.519564] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 272.521862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 272.523001] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 272.525284] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 272.526441] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 272.527497] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 272.530958] Bluetooth: hci0: HCI_REQ-0x0c1a [ 273.274596] Bluetooth: hci4: command 0x041b tx timeout [ 273.617012] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 273.625796] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 273.627162] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 273.630848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 273.633832] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 273.637276] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 273.644794] Bluetooth: hci3: HCI_REQ-0x0c1a [ 273.794226] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 273.797091] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 273.808825] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 273.813242] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 273.814476] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 273.822961] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 273.836276] Bluetooth: hci5: HCI_REQ-0x0c1a [ 273.867347] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 273.935128] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 273.936946] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 273.949068] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 273.950310] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 273.959573] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 273.960433] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 273.964082] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 273.965391] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 273.966282] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 273.967724] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 273.968664] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 273.972024] Bluetooth: hci6: HCI_REQ-0x0c1a [ 273.972675] Bluetooth: hci7: HCI_REQ-0x0c1a [ 274.554629] Bluetooth: hci0: command 0x0409 tx timeout [ 275.002596] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 275.066602] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 275.322570] Bluetooth: hci4: command 0x040f tx timeout [ 275.706678] Bluetooth: hci3: command 0x0409 tx timeout [ 275.898576] Bluetooth: hci5: command 0x0409 tx timeout [ 276.026807] Bluetooth: hci6: command 0x0409 tx timeout [ 276.027478] Bluetooth: hci7: command 0x0409 tx timeout [ 276.602636] Bluetooth: hci0: command 0x041b tx timeout [ 277.370573] Bluetooth: hci4: command 0x0419 tx timeout [ 277.754588] Bluetooth: hci3: command 0x041b tx timeout [ 277.946589] Bluetooth: hci5: command 0x041b tx timeout [ 278.074617] Bluetooth: hci7: command 0x041b tx timeout [ 278.075200] Bluetooth: hci6: command 0x041b tx timeout [ 278.536649] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 278.537906] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 278.538872] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 278.542628] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 278.546743] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 278.551054] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 278.555228] Bluetooth: hci2: HCI_REQ-0x0c1a [ 278.650659] Bluetooth: hci0: command 0x040f tx timeout [ 279.802616] Bluetooth: hci3: command 0x040f tx timeout [ 279.994606] Bluetooth: hci5: command 0x040f tx timeout [ 280.122624] Bluetooth: hci6: command 0x040f tx timeout [ 280.123369] Bluetooth: hci7: command 0x040f tx timeout [ 280.186590] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 280.570579] Bluetooth: hci2: command 0x0409 tx timeout [ 280.698593] Bluetooth: hci0: command 0x0419 tx timeout [ 281.850600] Bluetooth: hci3: command 0x0419 tx timeout [ 282.042593] Bluetooth: hci5: command 0x0419 tx timeout [ 282.170602] Bluetooth: hci7: command 0x0419 tx timeout [ 282.171245] Bluetooth: hci6: command 0x0419 tx timeout [ 282.618612] Bluetooth: hci2: command 0x041b tx timeout [ 284.666603] Bluetooth: hci2: command 0x040f tx timeout [ 285.370605] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 286.714602] Bluetooth: hci2: command 0x0419 tx timeout [ 290.426688] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 293.548427] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 293.552325] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 293.553915] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 293.558084] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 293.559300] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 293.561553] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 293.571230] Bluetooth: hci1: HCI_REQ-0x0c1a [ 295.610634] Bluetooth: hci1: command 0x0409 tx timeout [ 297.658670] Bluetooth: hci1: command 0x041b tx timeout [ 299.706691] Bluetooth: hci1: command 0x040f tx timeout [ 301.754604] Bluetooth: hci1: command 0x0419 tx timeout [ 323.247222] audit: type=1400 audit(1663234477.749:7): avc: denied { open } for pid=12325 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:34:37 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x5, 0x3f, 0x3f, 0x1, 0x0, 0x6, 0x4050a, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000000040), 0xc}, 0x881, 0x0, 0x7ff, 0x0, 0xffff, 0xfffffffb, 0x2, 0x0, 0x10000, 0x0, 0x1}, 0x0, 0x7, r1, 0x8) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000000)=0xffffffffffffffff) [ 323.367595] audit: type=1400 audit(1663234477.869:8): avc: denied { kernel } for pid=12335 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 323.395506] ------------[ cut here ]------------ [ 323.395528] [ 323.395532] ====================================================== [ 323.395535] WARNING: possible circular locking dependency detected [ 323.395539] 6.0.0-rc5-next-20220914 #1 Not tainted [ 323.395546] ------------------------------------------------------ [ 323.395549] syz-executor.0/12338 is trying to acquire lock: [ 323.395556] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 323.395595] [ 323.395595] but task is already holding lock: [ 323.395598] ffff88800d93ec20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 323.395625] [ 323.395625] which lock already depends on the new lock. [ 323.395625] [ 323.395629] [ 323.395629] the existing dependency chain (in reverse order) is: [ 323.395632] [ 323.395632] -> #3 (&ctx->lock){....}-{2:2}: [ 323.395646] _raw_spin_lock+0x2a/0x40 [ 323.395664] __perf_event_task_sched_out+0x53b/0x18d0 [ 323.395676] __schedule+0xedd/0x2470 [ 323.395687] schedule+0xda/0x1b0 [ 323.395697] exit_to_user_mode_prepare+0x114/0x1a0 [ 323.395718] syscall_exit_to_user_mode+0x19/0x40 [ 323.395736] do_syscall_64+0x48/0x90 [ 323.395750] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 323.395768] [ 323.395768] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 323.395782] _raw_spin_lock_nested+0x30/0x40 [ 323.395797] raw_spin_rq_lock_nested+0x1e/0x30 [ 323.395810] task_fork_fair+0x63/0x4d0 [ 323.395827] sched_cgroup_fork+0x3d0/0x540 [ 323.395841] copy_process+0x4183/0x6e20 [ 323.395852] kernel_clone+0xe7/0x890 [ 323.395863] user_mode_thread+0xad/0xf0 [ 323.395874] rest_init+0x24/0x250 [ 323.395893] arch_call_rest_init+0xf/0x14 [ 323.395905] start_kernel+0x4c1/0x4e6 [ 323.395915] secondary_startup_64_no_verify+0xe0/0xeb [ 323.395929] [ 323.395929] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 323.395943] _raw_spin_lock_irqsave+0x39/0x60 [ 323.395958] try_to_wake_up+0xab/0x1920 [ 323.395971] up+0x75/0xb0 [ 323.395983] __up_console_sem+0x6e/0x80 [ 323.395999] console_unlock+0x46a/0x590 [ 323.396015] do_con_write+0xc05/0x1d50 [ 323.396027] con_write+0x21/0x40 [ 323.396036] n_tty_write+0x4d4/0xfe0 [ 323.396049] file_tty_write.constprop.0+0x49c/0x8f0 [ 323.396061] vfs_write+0x9c3/0xd90 [ 323.396079] ksys_write+0x127/0x250 [ 323.396096] do_syscall_64+0x3b/0x90 [ 323.396109] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 323.396126] [ 323.396126] -> #0 ((console_sem).lock){....}-{2:2}: [ 323.396140] __lock_acquire+0x2a02/0x5e70 [ 323.396157] lock_acquire+0x1a2/0x530 [ 323.396173] _raw_spin_lock_irqsave+0x39/0x60 [ 323.396188] down_trylock+0xe/0x70 [ 323.396200] __down_trylock_console_sem+0x3b/0xd0 [ 323.396217] vprintk_emit+0x16b/0x560 [ 323.396233] vprintk+0x84/0xa0 [ 323.396250] _printk+0xba/0xf1 [ 323.396268] report_bug.cold+0x72/0xab [ 323.396281] handle_bug+0x3c/0x70 [ 323.396294] exc_invalid_op+0x14/0x50 [ 323.396307] asm_exc_invalid_op+0x16/0x20 [ 323.396323] group_sched_out.part.0+0x2c7/0x460 [ 323.396334] ctx_sched_out+0x8f1/0xc10 [ 323.396344] __perf_event_task_sched_out+0x6d0/0x18d0 [ 323.396356] __schedule+0xedd/0x2470 [ 323.396365] schedule+0xda/0x1b0 [ 323.396375] exit_to_user_mode_prepare+0x114/0x1a0 [ 323.396394] syscall_exit_to_user_mode+0x19/0x40 [ 323.396411] do_syscall_64+0x48/0x90 [ 323.396424] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 323.396441] [ 323.396441] other info that might help us debug this: [ 323.396441] [ 323.396444] Chain exists of: [ 323.396444] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 323.396444] [ 323.396459] Possible unsafe locking scenario: [ 323.396459] [ 323.396462] CPU0 CPU1 [ 323.396464] ---- ---- [ 323.396466] lock(&ctx->lock); [ 323.396472] lock(&rq->__lock); [ 323.396479] lock(&ctx->lock); [ 323.396485] lock((console_sem).lock); [ 323.396490] [ 323.396490] *** DEADLOCK *** [ 323.396490] [ 323.396492] 2 locks held by syz-executor.0/12338: [ 323.396499] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 323.396525] #1: ffff88800d93ec20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 323.396553] [ 323.396553] stack backtrace: [ 323.396555] CPU: 0 PID: 12338 Comm: syz-executor.0 Not tainted 6.0.0-rc5-next-20220914 #1 [ 323.396568] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 323.396577] Call Trace: [ 323.396580] [ 323.396584] dump_stack_lvl+0x8b/0xb3 [ 323.396599] check_noncircular+0x263/0x2e0 [ 323.396616] ? format_decode+0x26c/0xb50 [ 323.396632] ? print_circular_bug+0x450/0x450 [ 323.396649] ? enable_ptr_key_workfn+0x20/0x20 [ 323.396664] ? format_decode+0x26c/0xb50 [ 323.396681] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 323.396699] __lock_acquire+0x2a02/0x5e70 [ 323.396723] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 323.396741] ? __mutex_add_waiter+0x120/0x120 [ 323.396761] lock_acquire+0x1a2/0x530 [ 323.396778] ? down_trylock+0xe/0x70 [ 323.396794] ? rcu_read_unlock+0x40/0x40 [ 323.396816] ? vprintk+0x84/0xa0 [ 323.396835] _raw_spin_lock_irqsave+0x39/0x60 [ 323.396851] ? down_trylock+0xe/0x70 [ 323.396864] down_trylock+0xe/0x70 [ 323.396878] ? vprintk+0x84/0xa0 [ 323.396895] __down_trylock_console_sem+0x3b/0xd0 [ 323.396913] vprintk_emit+0x16b/0x560 [ 323.396933] vprintk+0x84/0xa0 [ 323.396951] _printk+0xba/0xf1 [ 323.396969] ? record_print_text.cold+0x16/0x16 [ 323.396993] ? report_bug.cold+0x66/0xab [ 323.397008] ? group_sched_out.part.0+0x2c7/0x460 [ 323.397019] report_bug.cold+0x72/0xab [ 323.397035] handle_bug+0x3c/0x70 [ 323.397049] exc_invalid_op+0x14/0x50 [ 323.397064] asm_exc_invalid_op+0x16/0x20 [ 323.397081] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 323.397095] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 323.397106] RSP: 0018:ffff8880405e7c48 EFLAGS: 00010006 [ 323.397116] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 323.397123] RDX: ffff88803d77d040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 323.397131] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 323.397138] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800d93ec00 [ 323.397146] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 323.397158] ? group_sched_out.part.0+0x2c7/0x460 [ 323.397172] ? group_sched_out.part.0+0x2c7/0x460 [ 323.397193] ctx_sched_out+0x8f1/0xc10 [ 323.397206] __perf_event_task_sched_out+0x6d0/0x18d0 [ 323.397222] ? lock_is_held_type+0xd7/0x130 [ 323.397241] ? __perf_cgroup_move+0x160/0x160 [ 323.397253] ? set_next_entity+0x304/0x550 [ 323.397271] ? update_curr+0x267/0x740 [ 323.397291] ? lock_is_held_type+0xd7/0x130 [ 323.397310] __schedule+0xedd/0x2470 [ 323.397324] ? io_schedule_timeout+0x150/0x150 [ 323.397338] ? __x64_sys_futex_time32+0x480/0x480 [ 323.397353] schedule+0xda/0x1b0 [ 323.397364] exit_to_user_mode_prepare+0x114/0x1a0 [ 323.397386] syscall_exit_to_user_mode+0x19/0x40 [ 323.397404] do_syscall_64+0x48/0x90 [ 323.397419] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 323.397437] RIP: 0033:0x7f2987283b19 [ 323.397445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 323.397456] RSP: 002b:00007f29847f9218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 323.397467] RAX: 0000000000000001 RBX: 00007f2987396f68 RCX: 00007f2987283b19 [ 323.397474] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2987396f6c [ 323.397482] RBP: 00007f2987396f60 R08: 000000000000000e R09: 0000000000000000 [ 323.397489] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f2987396f6c [ 323.397496] R13: 00007fff90b49f9f R14: 00007f29847f9300 R15: 0000000000022000 [ 323.397511] [ 323.454993] WARNING: CPU: 0 PID: 12338 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 323.455705] Modules linked in: [ 323.455956] CPU: 0 PID: 12338 Comm: syz-executor.0 Not tainted 6.0.0-rc5-next-20220914 #1 [ 323.456563] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 323.457405] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 323.457820] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 323.459167] RSP: 0018:ffff8880405e7c48 EFLAGS: 00010006 [ 323.459573] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 323.460102] RDX: ffff88803d77d040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 323.460634] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 323.461166] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800d93ec00 [ 323.461703] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 323.462247] FS: 00007f29847f9700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 323.462847] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 323.463281] CR2: 00007f06a9c88710 CR3: 0000000041658000 CR4: 0000000000350ef0 [ 323.463807] Call Trace: [ 323.464005] [ 323.464188] ctx_sched_out+0x8f1/0xc10 [ 323.464489] __perf_event_task_sched_out+0x6d0/0x18d0 [ 323.464889] ? lock_is_held_type+0xd7/0x130 [ 323.465240] ? __perf_cgroup_move+0x160/0x160 [ 323.465581] ? set_next_entity+0x304/0x550 [ 323.465911] ? update_curr+0x267/0x740 [ 323.466225] ? lock_is_held_type+0xd7/0x130 [ 323.466561] __schedule+0xedd/0x2470 [ 323.466850] ? io_schedule_timeout+0x150/0x150 [ 323.467193] ? __x64_sys_futex_time32+0x480/0x480 [ 323.467568] schedule+0xda/0x1b0 [ 323.467830] exit_to_user_mode_prepare+0x114/0x1a0 [ 323.468208] syscall_exit_to_user_mode+0x19/0x40 [ 323.468574] do_syscall_64+0x48/0x90 [ 323.468867] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 323.469264] RIP: 0033:0x7f2987283b19 [ 323.469555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 323.470872] RSP: 002b:00007f29847f9218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 323.471431] RAX: 0000000000000001 RBX: 00007f2987396f68 RCX: 00007f2987283b19 [ 323.471958] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2987396f6c [ 323.472492] RBP: 00007f2987396f60 R08: 000000000000000e R09: 0000000000000000 [ 323.473017] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f2987396f6c [ 323.473553] R13: 00007fff90b49f9f R14: 00007f29847f9300 R15: 0000000000022000 [ 323.474093] [ 323.474276] irq event stamp: 722 [ 323.474524] hardirqs last enabled at (721): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 323.475224] hardirqs last disabled at (722): [] __schedule+0x1225/0x2470 [ 323.475824] softirqs last enabled at (412): [] __irq_exit_rcu+0x11b/0x180 [ 323.476455] softirqs last disabled at (297): [] __irq_exit_rcu+0x11b/0x180 [ 323.477091] ---[ end trace 0000000000000000 ]--- 09:34:38 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101842, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x6000, @fd_index=0x2, 0x6, 0x33, 0x0, 0x8, 0x1, {0x3}}, 0x7) r2 = open(&(0x7f0000000000)='./file0\x00', 0x6844c0, 0x14) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYRES16=r0, @ANYRESDEC, @ANYRES32=r2, @ANYRES16=r1, @ANYRES32, @ANYRESOCT, @ANYBLOB="2836bfe200eff2a11f46c8284359b93e735b0240e5f6cb0dbf083e3a14e2e5c26f79f5891e4696ffed2d1d98f77f432fbc3e5278b628e44290527af6baf1f4b65dd2c91d38e587f86524cd", @ANYRESDEC=r1, @ANYRESOCT=r2, @ANYRESDEC=r0], 0x220) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) truncate(&(0x7f0000000040)='./file1\x00', 0x8000) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r4, r4, 0x0, 0x8000) mount(&(0x7f0000000240)=ANY=[@ANYBLOB='/yev/md0\x00'], &(0x7f0000000300)='./file2\x00', &(0x7f0000000340)='reiserfs\x00', 0x401, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18}, './file1\x00'}) sendfile(r1, r0, &(0x7f0000000180)=0x6, 0x8) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x0, 0x646a, 0x0, 0x3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000004c0)=@IORING_OP_SPLICE={0x1e, 0xf183435c45c5c91d, 0x0, @fd_index=0x4, 0x1f, {0x0, r1}, 0x5, 0x0, 0x1}, 0x8) sendfile(0xffffffffffffffff, r1, 0x0, 0xfffffdef) chdir(&(0x7f00000001c0)='./file2\x00') r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000480)='/proc/sysvipc/msg\x00', 0x0, 0x0) syncfs(r5) [ 323.780919] loop0: detected capacity change from 0 to 40 [ 323.823889] syz-executor.0: attempt to access beyond end of device [ 323.823889] loop0: rw=0, sector=28, nr_sectors = 64 limit=40 [ 323.840964] syz-executor.0: attempt to access beyond end of device [ 323.840964] loop0: rw=0, sector=28, nr_sectors = 64 limit=40 09:34:38 executing program 0: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000002240)=""/4109, 0x100d}, {&(0x7f0000000000)=""/12, 0xc}], 0x2, 0x7, 0xfbd1) pidfd_open(0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000540)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) preadv(r0, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/16, 0x10}, {&(0x7f0000000300)=""/251, 0xfb}, {&(0x7f0000000240)=""/9, 0x9}, {&(0x7f0000000400)=""/139, 0x8b}], 0x4, 0x10000, 0x81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r1, &(0x7f0000000140)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}], 0xfffffdcd) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getdents64(r2, &(0x7f00000017c0)=""/200, 0xc8) pidfd_getfd(r2, 0xffffffffffffffff, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) bind$unix(r3, &(0x7f00000000c0)=@abs={0x1}, 0x6e) listen(r3, 0x0) shutdown(r3, 0x0) accept$unix(r3, 0x0, 0x0) signalfd4(r3, &(0x7f0000000500)={[0xe46]}, 0x8, 0x0) getdents(r2, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) 09:34:38 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000280), 0x101, 0x446000) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000000)={0xfffffffffffffffd}) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000240)) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0xde2cf6be1b83d824) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r2, 0x40049366, &(0x7f0000000080)=0x4) r3 = memfd_create(&(0x7f0000000180)='\x00', 0x0) ioctl$LOOP_SET_FD(r0, 0x4c00, r3) syz_open_procfs(0x0, &(0x7f0000000200)='oom_adj\x00') r4 = syz_open_procfs(0x0, &(0x7f0000000200)='oom_adj\x00') write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x589) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x20, 0x7, 0xb2, 0x5, 0x0, 0x75ce, 0x21588, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x80, 0x0, @perf_bp={&(0x7f00000002c0), 0x4}, 0x5904, 0x81, 0x2, 0x0, 0x5, 0x2, 0xff, 0x0, 0x5, 0x0, 0x1}, 0x0, 0xd, 0xffffffffffffffff, 0x2) accept4$packet(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x800) perf_event_open$cgroup(&(0x7f00000004c0)={0x4, 0x80, 0x5, 0x7, 0x14, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x1, @perf_bp={&(0x7f00000000c0), 0xeaa4986247ff09fd}, 0x41411, 0x3ff, 0x100, 0x2, 0x4, 0x3, 0xf7b, 0x0, 0x0, 0x0, 0x100000001}, 0xffffffffffffffff, 0x10000000000, 0xffffffffffffffff, 0x8) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) [ 324.065922] syz-executor.0 (12403): /proc/12399/oom_adj is deprecated, please use /proc/12399/oom_score_adj instead. 09:34:38 executing program 0: ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, r0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)="18419cc68448de3ae8f97ea6a46d823d4f19cecbf569a58b79851d91f3da031fecf4dfebf4ac3b13988a048b4e35761cb05a5d5b28e1ca6ceebae02cbbf7e894098749d5f99cb226f14f00b6034bfb02a7a5af409f531820bd319b9d7c3405022b550d32ad368fdbbddb8ed631d1dde9a4ed", 0xff10, r1) keyctl$get_keyring_id(0x0, r1, 0x2) add_key(&(0x7f00000004c0)='id_resolver\x00', &(0x7f0000000500)={'syz', 0x3}, &(0x7f0000000580)="64b16b5e1b1b8d8385408004d8072eb19e53865b26d8932da74cbfb47a17b3b48352f46dc746dc8bb3de49c3bcefb970aacb540f1980de10d0a2c138f21d06ccf5a1c577eee1d5b03bb2ab2eb58712d0a8e40f8f7e71f2fb9c8b8e53fbfe45", 0x5f, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000540)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000040)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000011200)=ANY=[]) chdir(&(0x7f00000000c0)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101342, 0x0) write$binfmt_aout(r2, &(0x7f0000000c40)=ANY=[], 0x820) keyctl$set_timeout(0xf, r0, 0x8000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300)}, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x59f7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = signalfd4(r3, &(0x7f0000000080)={[0x100000000]}, 0x8, 0x100800) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r5, 0x0) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(r4, &(0x7f0000000140)='./file1\x00', r5, r6, 0x1000) sendfile(r2, r3, 0x0, 0x7fffffff) [ 324.178501] loop0: detected capacity change from 0 to 256 [ 324.183786] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 324.371861] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 09:34:38 executing program 0: ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, r0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)="18419cc68448de3ae8f97ea6a46d823d4f19cecbf569a58b79851d91f3da031fecf4dfebf4ac3b13988a048b4e35761cb05a5d5b28e1ca6ceebae02cbbf7e894098749d5f99cb226f14f00b6034bfb02a7a5af409f531820bd319b9d7c3405022b550d32ad368fdbbddb8ed631d1dde9a4ed", 0xff10, r1) keyctl$get_keyring_id(0x0, r1, 0x2) add_key(&(0x7f00000004c0)='id_resolver\x00', &(0x7f0000000500)={'syz', 0x3}, &(0x7f0000000580)="64b16b5e1b1b8d8385408004d8072eb19e53865b26d8932da74cbfb47a17b3b48352f46dc746dc8bb3de49c3bcefb970aacb540f1980de10d0a2c138f21d06ccf5a1c577eee1d5b03bb2ab2eb58712d0a8e40f8f7e71f2fb9c8b8e53fbfe45", 0x5f, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000540)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000040)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000011200)=ANY=[]) chdir(&(0x7f00000000c0)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101342, 0x0) write$binfmt_aout(r2, &(0x7f0000000c40)=ANY=[], 0x820) keyctl$set_timeout(0xf, r0, 0x8000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300)}, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x59f7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = signalfd4(r3, &(0x7f0000000080)={[0x100000000]}, 0x8, 0x100800) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r5, 0x0) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(r4, &(0x7f0000000140)='./file1\x00', r5, r6, 0x1000) sendfile(r2, r3, 0x0, 0x7fffffff) [ 324.468867] loop0: detected capacity change from 0 to 256 [ 324.477223] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 324.693763] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 09:34:40 executing program 0: r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f80000044a5cd3283beb859d0000a2ca271ad2da12fa7bc29c216fdb33543d8397246d66ea7e3e97eeb035fa37dbb09cd82dce5d8e7d46f5a25dba5172eb1240e9678b", @ANYRES16=r0, @ANYBLOB="000129bd7000fddbdf250c000000080006000104000008000500050000001c00028006000e004e220000080005004000000008000600010000002c0003800800010002000000080005006401010006000400000800000800030004000000060007004e23000008000600000400000800060006000000380003800500080006000000060007004e21000014000600ff0100000000000000000000000000010800010001000000060007000007000008000600070000003400028008000600ff7f000005000d00000000000800060007000000060002004e20000005000d000100000005000d00000000000800040005000000"], 0xf8}}, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000400)={0x148, r0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x6c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vlan0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x3f}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x40}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1ff}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffd}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x4a}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1000}, @IPVS_CMD_ATTR_DEST={0x6c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8001}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x40}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x6}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xa0}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x1}, 0x20004000) setsockopt$sock_timeval(r1, 0x1, 0x44, &(0x7f0000000200)={0x77359400}, 0x10) 09:34:40 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) fstatfs(r0, &(0x7f00000001c0)=""/52) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x23}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000180), 0x4) r3 = dup2(r2, r2) r4 = memfd_secret(0x80000) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6, @multicast}, 0x10) setsockopt$inet_udp_encap(r3, 0x11, 0x64, &(0x7f0000000040)=0x3, 0x4) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r5}, './file0\x00'}) r6 = dup(r1) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0x103}, 0x6) write$bt_hci(r6, &(0x7f0000000100)=ANY=[@ANYBLOB="d2"], 0x6) [ 330.551729] loop3: detected capacity change from 0 to 6 [ 330.553142] ======================================================= [ 330.553142] WARNING: The mand mount option has been deprecated and [ 330.553142] and is ignored by this kernel. Remove the mand [ 330.553142] option from the mount to silence this warning. [ 330.553142] ======================================================= [ 330.581478] loop3: detected capacity change from 0 to 6 VM DIAGNOSIS: 09:34:38 Registers: info registers vcpu 0 RAX=000000000000007b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b24f1 RDI=ffffffff87641b60 RBP=ffffffff87641b20 RSP=ffff8880405e7698 R8 =0000000000000001 R9 =000000000000000a R10=000000000000007b R11=0000000000000001 R12=000000000000007b R13=ffffffff87641b20 R14=0000000000000010 R15=ffffffff822b24e0 RIP=ffffffff822b2549 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f29847f9700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f06a9c88710 CR3=0000000041658000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f298736a7c0 00007f298736a7c8 YMM02=0000000000000000 0000000000000000 00007f298736a7e0 00007f298736a7c0 YMM03=0000000000000000 0000000000000000 00007f298736a7c8 00007f298736a7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000120011 RCX=0000000000120012 RDX=ffff88800f3ce870 RSI=ffffea00003cf380 RDI=0000000048800000 RBP=ffffea00003cf380 RSP=ffff888032557838 R8 =0000000000000001 R9 =0000000080120011 R10=ffffea00003cf380 R11=0000000000000001 R12=0000000000000000 R13=ffff888007c4f780 R14=ffff88800f3ce870 R15=ffff88800f3ce870 RIP=ffffffff81782b97 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f96261691f0 CR3=000000000de9c000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f YMM01=0000000000000000 0000000000000000 6f732e616d7a6c62 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 00352e6f732e616d 7a6c62696c2f756e YMM03=0000000000000000 0000000000000000 672d78756e696c2d 34365f3638782f62 YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000