Warning: Permanently added '[localhost]:41133' (ECDSA) to the list of known hosts. 2022/09/16 11:09:12 fuzzer started 2022/09/16 11:09:13 dialing manager at localhost:36051 syzkaller login: [ 41.858632] cgroup: Unknown subsys name 'net' [ 41.977230] cgroup: Unknown subsys name 'rlimit' 2022/09/16 11:09:29 syscalls: 2215 2022/09/16 11:09:29 code coverage: enabled 2022/09/16 11:09:29 comparison tracing: enabled 2022/09/16 11:09:29 extra coverage: enabled 2022/09/16 11:09:29 setuid sandbox: enabled 2022/09/16 11:09:29 namespace sandbox: enabled 2022/09/16 11:09:29 Android sandbox: enabled 2022/09/16 11:09:29 fault injection: enabled 2022/09/16 11:09:29 leak checking: enabled 2022/09/16 11:09:29 net packet injection: enabled 2022/09/16 11:09:29 net device setup: enabled 2022/09/16 11:09:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/16 11:09:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/16 11:09:29 USB emulation: enabled 2022/09/16 11:09:29 hci packet injection: enabled 2022/09/16 11:09:29 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220916) 2022/09/16 11:09:29 802.15.4 emulation: enabled 2022/09/16 11:09:29 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/16 11:09:29 fetching corpus: 50, signal 31592/34466 (executing program) 2022/09/16 11:09:29 fetching corpus: 100, signal 48334/51775 (executing program) 2022/09/16 11:09:29 fetching corpus: 150, signal 55900/59952 (executing program) 2022/09/16 11:09:29 fetching corpus: 200, signal 63122/67586 (executing program) 2022/09/16 11:09:30 fetching corpus: 250, signal 69043/73852 (executing program) 2022/09/16 11:09:30 fetching corpus: 300, signal 74917/79847 (executing program) 2022/09/16 11:09:30 fetching corpus: 350, signal 77739/82982 (executing program) 2022/09/16 11:09:30 fetching corpus: 400, signal 81619/86963 (executing program) 2022/09/16 11:09:30 fetching corpus: 450, signal 85238/90555 (executing program) 2022/09/16 11:09:30 fetching corpus: 499, signal 90130/95062 (executing program) 2022/09/16 11:09:31 fetching corpus: 549, signal 94993/99418 (executing program) 2022/09/16 11:09:31 fetching corpus: 599, signal 98355/102424 (executing program) 2022/09/16 11:09:31 fetching corpus: 649, signal 100707/104456 (executing program) 2022/09/16 11:09:31 fetching corpus: 699, signal 103175/106535 (executing program) 2022/09/16 11:09:31 fetching corpus: 749, signal 105754/108637 (executing program) 2022/09/16 11:09:32 fetching corpus: 799, signal 108799/110981 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/112260 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/112377 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/112470 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/112574 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/112673 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/112772 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/112853 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/112956 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/113043 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/113143 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/113243 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/113364 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/113439 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/113534 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/113633 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/113732 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/113827 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/113918 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/114003 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/114095 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/114220 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/114327 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/114416 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/114497 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/114589 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/114664 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/114769 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/114865 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/114955 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115057 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115166 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115271 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115378 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115464 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115562 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115649 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115736 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115834 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115934 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115987 (executing program) 2022/09/16 11:09:32 fetching corpus: 845, signal 110518/115987 (executing program) 2022/09/16 11:09:34 starting 8 fuzzer processes 11:09:34 executing program 0: keyctl$negate(0xd, 0x0, 0x0, 0x0) 11:09:34 executing program 1: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000140), &(0x7f0000000180)='/sbin/dhclient\x00', 0xf, 0x0) 11:09:34 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f00000014c0)={0x18, 0x43, 0x1, 0x0, 0x0, "", [@nested={0x8, 0x0, 0x0, 0x1, [@typed={0x4, 0x1, 0x0, 0x0, @binary}]}]}, 0x18}], 0x1}, 0x0) 11:09:34 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x22, &(0x7f0000000040)=ANY=[], 0x0) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000040)=0x1f, 0x4) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 63.102516] audit: type=1400 audit(1663326574.883:6): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:09:34 executing program 4: r0 = syz_io_uring_setup(0x7969, &(0x7f00000012c0)={0x0, 0xfc32, 0x0, 0x3, 0x109}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000240)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_RECVMSG={0xa, 0x5, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=@nfc, 0x80, &(0x7f0000000300)=[{&(0x7f00000001c0)=""/177, 0xc0}, {&(0x7f0000000280)=""/84, 0x54}, {&(0x7f0000000040)=""/30, 0x1e}], 0x3, &(0x7f0000000400)=""/165, 0xa5}, 0x0, 0x40, 0x1, {0x1}}, 0x10002) syz_io_uring_setup(0x190c, &(0x7f0000001200)={0x0, 0x748f, 0x8, 0x0, 0x252, 0x0, r0}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000001180), &(0x7f0000001280)) perf_event_open(0x0, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001ec0)=ANY=[], 0x12b) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001340)=""/1, 0x1}, {&(0x7f0000001380)=""/49, 0x31}, {&(0x7f00000013c0)=""/145, 0x91}, {&(0x7f0000001480)=""/162, 0xa2}], 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000004c0)) 11:09:34 executing program 5: mknod(&(0x7f0000008d80)='./file0\x00', 0x1000, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40800, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ppoll(&(0x7f0000000740)=[{r0}, {r1}], 0x2, &(0x7f0000000780)={0x0, 0x3938700}, 0x0, 0x0) 11:09:34 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev, 0x7f}, 0x1c) connect$inet6(r0, &(0x7f00000018c0)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}, 0x1c) 11:09:34 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x1c, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) sendfile(r1, r2, 0x0, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) [ 64.373664] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.375613] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.378426] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.382064] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.383831] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.385633] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.390982] Bluetooth: hci0: HCI_REQ-0x0c1a [ 64.448907] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.450624] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 64.458108] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 64.462463] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.463564] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 64.464989] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 64.469183] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 64.471045] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 64.473015] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 64.474131] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 64.475204] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.476240] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 64.482244] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 64.483424] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 64.484575] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 64.485563] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 64.497052] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.498204] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 64.499333] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 64.500407] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 64.501758] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 64.502798] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 64.505010] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 64.506490] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 64.510147] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 64.512066] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 64.513494] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 64.514976] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.516509] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 64.520586] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 64.529892] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 64.532152] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 64.532314] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 64.534671] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 64.538171] Bluetooth: hci3: HCI_REQ-0x0c1a [ 64.538827] Bluetooth: hci2: HCI_REQ-0x0c1a [ 64.543966] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 64.545352] Bluetooth: hci1: HCI_REQ-0x0c1a [ 64.545495] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 64.548080] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 64.557680] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 64.559659] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 64.562021] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 64.562276] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 64.568830] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 64.572344] Bluetooth: hci6: HCI_REQ-0x0c1a [ 64.573671] Bluetooth: hci5: HCI_REQ-0x0c1a [ 64.577625] Bluetooth: hci7: HCI_REQ-0x0c1a [ 64.582925] Bluetooth: hci4: HCI_REQ-0x0c1a [ 66.463140] Bluetooth: hci0: command 0x0409 tx timeout [ 66.589793] Bluetooth: hci5: command 0x0409 tx timeout [ 66.590821] Bluetooth: hci6: command 0x0409 tx timeout [ 66.591009] Bluetooth: hci2: command 0x0409 tx timeout [ 66.591609] Bluetooth: hci7: command 0x0409 tx timeout [ 66.592304] Bluetooth: hci3: command 0x0409 tx timeout [ 66.592943] Bluetooth: hci1: command 0x0409 tx timeout [ 66.654756] Bluetooth: hci4: command 0x0409 tx timeout [ 68.509800] Bluetooth: hci0: command 0x041b tx timeout [ 68.638006] Bluetooth: hci3: command 0x041b tx timeout [ 68.638673] Bluetooth: hci2: command 0x041b tx timeout [ 68.638874] Bluetooth: hci1: command 0x041b tx timeout [ 68.639292] Bluetooth: hci6: command 0x041b tx timeout [ 68.640412] Bluetooth: hci7: command 0x041b tx timeout [ 68.642765] Bluetooth: hci5: command 0x041b tx timeout [ 68.702783] Bluetooth: hci4: command 0x041b tx timeout [ 70.558808] Bluetooth: hci0: command 0x040f tx timeout [ 70.685983] Bluetooth: hci5: command 0x040f tx timeout [ 70.686781] Bluetooth: hci1: command 0x040f tx timeout [ 70.686810] Bluetooth: hci2: command 0x040f tx timeout [ 70.686824] Bluetooth: hci3: command 0x040f tx timeout [ 70.691610] Bluetooth: hci7: command 0x040f tx timeout [ 70.692583] Bluetooth: hci6: command 0x040f tx timeout [ 70.749870] Bluetooth: hci4: command 0x040f tx timeout [ 72.605860] Bluetooth: hci0: command 0x0419 tx timeout [ 72.733755] Bluetooth: hci3: command 0x0419 tx timeout [ 72.733793] Bluetooth: hci6: command 0x0419 tx timeout [ 72.734193] Bluetooth: hci2: command 0x0419 tx timeout [ 72.734677] Bluetooth: hci7: command 0x0419 tx timeout [ 72.737558] Bluetooth: hci5: command 0x0419 tx timeout [ 72.738184] Bluetooth: hci1: command 0x0419 tx timeout [ 72.797764] Bluetooth: hci4: command 0x0419 tx timeout [ 118.761416] SELinux: Context /sbin/dhclient is not valid (left unmapped). [ 118.765165] audit: type=1400 audit(1663326630.544:7): avc: denied { associate } for pid=3716 comm="syz-executor.1" name="sr0" dev="devtmpfs" ino=116 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=filesystem permissive=1 srawcon="/sbin/dhclient" 11:10:30 executing program 1: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000140), &(0x7f0000000180)='/sbin/dhclient\x00', 0xf, 0x0) 11:10:30 executing program 1: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000140), &(0x7f0000000180)='/sbin/dhclient\x00', 0xf, 0x0) 11:10:30 executing program 1: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000140), &(0x7f0000000180)='/sbin/dhclient\x00', 0xf, 0x0) 11:10:31 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000500)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}, {0x0, 0x0, 0x9}], 0x0, 0x0) chdir(0x0) mount$cgroup(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300), 0x86091, &(0x7f00000007c0)=ANY=[@ANYBLOB="636c11d04d478eab95046472656e2c616c6c2c6e6f7072656669782c72656c656173655f6167656e743d2e2f66696c65312c6e6f7072656669782c616c6c2c66736d616769633d3078303030303030303030303030303130312c7569643e", @ANYRESDEC=0x0, @ANYBLOB="2c61756469742c6d61736b3d5e5be1ea336e491c524d652bec0a3bf017f0597ee593d6f9f83d519609312daaf06e280ff293c15770bbe997047461f07485829824346bf13ce96305b1a992a25e319da471b47e6f2090256c1595177a901781175eb4941f1d299255353ecce1c76d3e1cb134c11f60a8d4b95120616164d501b1bde9aeb858a692fe0b464c40f77e7f6d9e7e13124d7951377daebf6987d7dd0c6e813b57849e8f841e04cfef8596029a2ff8bbd36ebc98b5551df8333b1060c69a9062f2b98fad226f4491f5b0a1327f528959738d5ab816c7ddd58ce811370ec98335f007d3963957e653139ff97f586a08b73b"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='pagemap\x00') pread64(r0, &(0x7f0000000180)=""/16, 0x10, 0x8) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x10, 0x8) mknodat$loop(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x4, 0x1) openat(r0, &(0x7f0000000180)='./file1\x00', 0x101080, 0x100) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x10, 0x8) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000600)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000580)="8a145cdc040d0a4ac50c37bace22fc092b248ee0e334529d007e2c451fd12932d86b78630671286a05ead28b26813d5711b3d991f9a23498d1608d23073efef183d1651ce1f1a134ab578c49191061", 0x4f, r0}, 0x68) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) dup3(r1, 0xffffffffffffffff, 0x80000) [ 119.465847] loop1: detected capacity change from 0 to 40 [ 119.478203] audit: type=1400 audit(1663326631.259:8): avc: denied { open } for pid=3760 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.480253] audit: type=1400 audit(1663326631.259:9): avc: denied { kernel } for pid=3760 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.498629] ------------[ cut here ]------------ [ 119.498647] [ 119.498650] ====================================================== [ 119.498653] WARNING: possible circular locking dependency detected [ 119.498658] 6.0.0-rc5-next-20220916 #1 Not tainted [ 119.498664] ------------------------------------------------------ [ 119.498667] syz-executor.1/3762 is trying to acquire lock: [ 119.498673] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 119.498714] [ 119.498714] but task is already holding lock: [ 119.498717] ffff88800facc820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 119.498744] [ 119.498744] which lock already depends on the new lock. [ 119.498744] [ 119.498748] [ 119.498748] the existing dependency chain (in reverse order) is: [ 119.498751] [ 119.498751] -> #3 (&ctx->lock){....}-{2:2}: [ 119.498765] _raw_spin_lock+0x2a/0x40 [ 119.498782] __perf_event_task_sched_out+0x53b/0x18d0 [ 119.498794] __schedule+0xedd/0x2470 [ 119.498805] schedule+0xda/0x1b0 [ 119.498815] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.498834] syscall_exit_to_user_mode+0x19/0x40 [ 119.498852] do_syscall_64+0x48/0x90 [ 119.498866] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.498883] [ 119.498883] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 119.498897] _raw_spin_lock_nested+0x30/0x40 [ 119.498911] raw_spin_rq_lock_nested+0x1e/0x30 [ 119.498925] task_fork_fair+0x63/0x4d0 [ 119.498941] sched_cgroup_fork+0x3d0/0x540 [ 119.498955] copy_process+0x4183/0x6e20 [ 119.498965] kernel_clone+0xe7/0x890 [ 119.498974] user_mode_thread+0xad/0xf0 [ 119.498984] rest_init+0x24/0x250 [ 119.499000] arch_call_rest_init+0xf/0x14 [ 119.499013] start_kernel+0x4c1/0x4e6 [ 119.499023] secondary_startup_64_no_verify+0xe0/0xeb [ 119.499037] [ 119.499037] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 119.499050] _raw_spin_lock_irqsave+0x39/0x60 [ 119.499065] try_to_wake_up+0xab/0x1920 [ 119.499078] up+0x75/0xb0 [ 119.499089] __up_console_sem+0x6e/0x80 [ 119.499105] console_unlock+0x46a/0x590 [ 119.499120] vt_ioctl+0x2822/0x2ca0 [ 119.499133] tty_ioctl+0x7c4/0x1700 [ 119.499145] __x64_sys_ioctl+0x19a/0x210 [ 119.499160] do_syscall_64+0x3b/0x90 [ 119.499173] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.499190] [ 119.499190] -> #0 ((console_sem).lock){....}-{2:2}: [ 119.499203] __lock_acquire+0x2a02/0x5e70 [ 119.499220] lock_acquire+0x1a2/0x530 [ 119.499235] _raw_spin_lock_irqsave+0x39/0x60 [ 119.499250] down_trylock+0xe/0x70 [ 119.499261] __down_trylock_console_sem+0x3b/0xd0 [ 119.499277] vprintk_emit+0x16b/0x560 [ 119.499293] vprintk+0x84/0xa0 [ 119.499308] _printk+0xba/0xf1 [ 119.499326] report_bug.cold+0x72/0xab [ 119.499338] handle_bug+0x3c/0x70 [ 119.499351] exc_invalid_op+0x14/0x50 [ 119.499364] asm_exc_invalid_op+0x16/0x20 [ 119.499380] group_sched_out.part.0+0x2c7/0x460 [ 119.499391] ctx_sched_out+0x8f1/0xc10 [ 119.499400] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.499412] __schedule+0xedd/0x2470 [ 119.499422] schedule+0xda/0x1b0 [ 119.499432] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.499450] syscall_exit_to_user_mode+0x19/0x40 [ 119.499467] do_syscall_64+0x48/0x90 [ 119.499480] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.499497] [ 119.499497] other info that might help us debug this: [ 119.499497] [ 119.499499] Chain exists of: [ 119.499499] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 119.499499] [ 119.499514] Possible unsafe locking scenario: [ 119.499514] [ 119.499516] CPU0 CPU1 [ 119.499519] ---- ---- [ 119.499521] lock(&ctx->lock); [ 119.499527] lock(&rq->__lock); [ 119.499533] lock(&ctx->lock); [ 119.499539] lock((console_sem).lock); [ 119.499545] [ 119.499545] *** DEADLOCK *** [ 119.499545] [ 119.499547] 2 locks held by syz-executor.1/3762: [ 119.499554] #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 119.499579] #1: ffff88800facc820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 119.499606] [ 119.499606] stack backtrace: [ 119.499609] CPU: 1 PID: 3762 Comm: syz-executor.1 Not tainted 6.0.0-rc5-next-20220916 #1 [ 119.499622] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.499630] Call Trace: [ 119.499633] [ 119.499637] dump_stack_lvl+0x8b/0xb3 [ 119.499652] check_noncircular+0x263/0x2e0 [ 119.499668] ? format_decode+0x26c/0xb50 [ 119.499683] ? print_circular_bug+0x450/0x450 [ 119.499700] ? enable_ptr_key_workfn+0x20/0x20 [ 119.499715] ? format_decode+0x26c/0xb50 [ 119.499730] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 119.499748] __lock_acquire+0x2a02/0x5e70 [ 119.499769] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 119.499791] lock_acquire+0x1a2/0x530 [ 119.499807] ? down_trylock+0xe/0x70 [ 119.499821] ? rcu_read_unlock+0x40/0x40 [ 119.499841] ? vprintk+0x84/0xa0 [ 119.499859] _raw_spin_lock_irqsave+0x39/0x60 [ 119.499874] ? down_trylock+0xe/0x70 [ 119.499887] down_trylock+0xe/0x70 [ 119.499900] ? vprintk+0x84/0xa0 [ 119.499917] __down_trylock_console_sem+0x3b/0xd0 [ 119.499933] vprintk_emit+0x16b/0x560 [ 119.499952] vprintk+0x84/0xa0 [ 119.499969] _printk+0xba/0xf1 [ 119.499986] ? record_print_text.cold+0x16/0x16 [ 119.500008] ? report_bug.cold+0x66/0xab [ 119.500023] ? group_sched_out.part.0+0x2c7/0x460 [ 119.500034] report_bug.cold+0x72/0xab [ 119.500049] handle_bug+0x3c/0x70 [ 119.500063] exc_invalid_op+0x14/0x50 [ 119.500077] asm_exc_invalid_op+0x16/0x20 [ 119.500095] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 119.500108] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 119.500119] RSP: 0018:ffff88803fa3fc48 EFLAGS: 00010006 [ 119.500128] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.500136] RDX: ffff88803dd01ac0 RSI: ffffffff81566027 RDI: 0000000000000005 [ 119.500143] RBP: ffff88803e6c8000 R08: 0000000000000005 R09: 0000000000000001 [ 119.500151] R10: 0000000000000000 R11: ffffffff865ac05b R12: ffff88800facc800 [ 119.500159] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 119.500170] ? group_sched_out.part.0+0x2c7/0x460 [ 119.500183] ? group_sched_out.part.0+0x2c7/0x460 [ 119.500195] ctx_sched_out+0x8f1/0xc10 [ 119.500208] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.500223] ? lock_is_held_type+0xd7/0x130 [ 119.500241] ? __perf_cgroup_move+0x160/0x160 [ 119.500253] ? set_next_entity+0x304/0x550 [ 119.500270] ? update_curr+0x267/0x740 [ 119.500288] ? lock_is_held_type+0xd7/0x130 [ 119.500307] __schedule+0xedd/0x2470 [ 119.500320] ? io_schedule_timeout+0x150/0x150 [ 119.500333] ? rcu_read_lock_sched_held+0x3e/0x80 [ 119.500353] schedule+0xda/0x1b0 [ 119.500365] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.500384] syscall_exit_to_user_mode+0x19/0x40 [ 119.500402] do_syscall_64+0x48/0x90 [ 119.500416] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.500434] RIP: 0033:0x7f77e405ab19 [ 119.500442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.500453] RSP: 002b:00007f77e15d0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.500464] RAX: 0000000000000001 RBX: 00007f77e416df68 RCX: 00007f77e405ab19 [ 119.500472] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f77e416df6c [ 119.500479] RBP: 00007f77e416df60 R08: 000000000000000e R09: 0000000000000000 [ 119.500486] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f77e416df6c [ 119.500493] R13: 00007ffd478b891f R14: 00007f77e15d0300 R15: 0000000000022000 [ 119.500506] [ 119.557069] WARNING: CPU: 1 PID: 3762 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 119.557763] Modules linked in: [ 119.558009] CPU: 1 PID: 3762 Comm: syz-executor.1 Not tainted 6.0.0-rc5-next-20220916 #1 [ 119.558611] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.559465] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 119.559879] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 119.561241] RSP: 0018:ffff88803fa3fc48 EFLAGS: 00010006 [ 119.561641] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.562175] RDX: ffff88803dd01ac0 RSI: ffffffff81566027 RDI: 0000000000000005 [ 119.562730] RBP: ffff88803e6c8000 R08: 0000000000000005 R09: 0000000000000001 [ 119.563274] R10: 0000000000000000 R11: ffffffff865ac05b R12: ffff88800facc800 [ 119.563807] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 119.564345] FS: 00007f77e15d0700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 119.564946] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.565389] CR2: 00007fd6d4598028 CR3: 000000003f7a2000 CR4: 0000000000350ee0 [ 119.565928] Call Trace: [ 119.566126] [ 119.566301] ctx_sched_out+0x8f1/0xc10 [ 119.566599] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.567003] ? lock_is_held_type+0xd7/0x130 [ 119.567344] ? __perf_cgroup_move+0x160/0x160 [ 119.567686] ? set_next_entity+0x304/0x550 [ 119.568015] ? update_curr+0x267/0x740 [ 119.568324] ? lock_is_held_type+0xd7/0x130 [ 119.568662] __schedule+0xedd/0x2470 [ 119.568956] ? io_schedule_timeout+0x150/0x150 [ 119.569312] ? rcu_read_lock_sched_held+0x3e/0x80 [ 119.569688] schedule+0xda/0x1b0 [ 119.569958] exit_to_user_mode_prepare+0x114/0x1a0 [ 119.570339] syscall_exit_to_user_mode+0x19/0x40 [ 119.570713] do_syscall_64+0x48/0x90 [ 119.571003] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.571410] RIP: 0033:0x7f77e405ab19 [ 119.571692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.573046] RSP: 002b:00007f77e15d0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.573619] RAX: 0000000000000001 RBX: 00007f77e416df68 RCX: 00007f77e405ab19 [ 119.574158] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f77e416df6c [ 119.574708] RBP: 00007f77e416df60 R08: 000000000000000e R09: 0000000000000000 [ 119.575248] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f77e416df6c [ 119.575775] R13: 00007ffd478b891f R14: 00007f77e15d0300 R15: 0000000000022000 [ 119.576307] [ 119.576489] irq event stamp: 1482 [ 119.576750] hardirqs last enabled at (1481): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 119.577458] hardirqs last disabled at (1482): [] __schedule+0x1225/0x2470 [ 119.578079] softirqs last enabled at (1284): [] __irq_exit_rcu+0x11b/0x180 [ 119.578736] softirqs last disabled at (1275): [] __irq_exit_rcu+0x11b/0x180 [ 119.579379] ---[ end trace 0000000000000000 ]--- 11:10:31 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000500)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}, {0x0, 0x0, 0x9}], 0x0, 0x0) chdir(0x0) mount$cgroup(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300), 0x86091, &(0x7f00000007c0)=ANY=[@ANYBLOB="636c11d04d478eab95046472656e2c616c6c2c6e6f7072656669782c72656c656173655f6167656e743d2e2f66696c65312c6e6f7072656669782c616c6c2c66736d616769633d3078303030303030303030303030303130312c7569643e", @ANYRESDEC=0x0, @ANYBLOB="2c61756469742c6d61736b3d5e5be1ea336e491c524d652bec0a3bf017f0597ee593d6f9f83d519609312daaf06e280ff293c15770bbe997047461f07485829824346bf13ce96305b1a992a25e319da471b47e6f2090256c1595177a901781175eb4941f1d299255353ecce1c76d3e1cb134c11f60a8d4b95120616164d501b1bde9aeb858a692fe0b464c40f77e7f6d9e7e13124d7951377daebf6987d7dd0c6e813b57849e8f841e04cfef8596029a2ff8bbd36ebc98b5551df8333b1060c69a9062f2b98fad226f4491f5b0a1327f528959738d5ab816c7ddd58ce811370ec98335f007d3963957e653139ff97f586a08b73b"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='pagemap\x00') pread64(r0, &(0x7f0000000180)=""/16, 0x10, 0x8) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x10, 0x8) mknodat$loop(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x4, 0x1) openat(r0, &(0x7f0000000180)='./file1\x00', 0x101080, 0x100) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x10, 0x8) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000600)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000580)="8a145cdc040d0a4ac50c37bace22fc092b248ee0e334529d007e2c451fd12932d86b78630671286a05ead28b26813d5711b3d991f9a23498d1608d23073efef183d1651ce1f1a134ab578c49191061", 0x4f, r0}, 0x68) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) dup3(r1, 0xffffffffffffffff, 0x80000) [ 120.042938] loop1: detected capacity change from 0 to 40 [ 120.134716] hrtimer: interrupt took 18345 ns 11:10:32 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000500)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}, {0x0, 0x0, 0x9}], 0x0, 0x0) chdir(0x0) mount$cgroup(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300), 0x86091, &(0x7f00000007c0)=ANY=[@ANYBLOB="636c11d04d478eab95046472656e2c616c6c2c6e6f7072656669782c72656c656173655f6167656e743d2e2f66696c65312c6e6f7072656669782c616c6c2c66736d616769633d3078303030303030303030303030303130312c7569643e", @ANYRESDEC=0x0, @ANYBLOB="2c61756469742c6d61736b3d5e5be1ea336e491c524d652bec0a3bf017f0597ee593d6f9f83d519609312daaf06e280ff293c15770bbe997047461f07485829824346bf13ce96305b1a992a25e319da471b47e6f2090256c1595177a901781175eb4941f1d299255353ecce1c76d3e1cb134c11f60a8d4b95120616164d501b1bde9aeb858a692fe0b464c40f77e7f6d9e7e13124d7951377daebf6987d7dd0c6e813b57849e8f841e04cfef8596029a2ff8bbd36ebc98b5551df8333b1060c69a9062f2b98fad226f4491f5b0a1327f528959738d5ab816c7ddd58ce811370ec98335f007d3963957e653139ff97f586a08b73b"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='pagemap\x00') pread64(r0, &(0x7f0000000180)=""/16, 0x10, 0x8) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x10, 0x8) mknodat$loop(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x4, 0x1) openat(r0, &(0x7f0000000180)='./file1\x00', 0x101080, 0x100) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x10, 0x8) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000600)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000580)="8a145cdc040d0a4ac50c37bace22fc092b248ee0e334529d007e2c451fd12932d86b78630671286a05ead28b26813d5711b3d991f9a23498d1608d23073efef183d1651ce1f1a134ab578c49191061", 0x4f, r0}, 0x68) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) dup3(r1, 0xffffffffffffffff, 0x80000) [ 121.026453] loop1: detected capacity change from 0 to 40 11:10:33 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev, 0x7f}, 0x1c) connect$inet6(r0, &(0x7f00000018c0)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}, 0x1c) 11:10:33 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000500)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}, {0x0, 0x0, 0x9}], 0x0, 0x0) chdir(0x0) mount$cgroup(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300), 0x86091, &(0x7f00000007c0)=ANY=[@ANYBLOB="636c11d04d478eab95046472656e2c616c6c2c6e6f7072656669782c72656c656173655f6167656e743d2e2f66696c65312c6e6f7072656669782c616c6c2c66736d616769633d3078303030303030303030303030303130312c7569643e", @ANYRESDEC=0x0, @ANYBLOB="2c61756469742c6d61736b3d5e5be1ea336e491c524d652bec0a3bf017f0597ee593d6f9f83d519609312daaf06e280ff293c15770bbe997047461f07485829824346bf13ce96305b1a992a25e319da471b47e6f2090256c1595177a901781175eb4941f1d299255353ecce1c76d3e1cb134c11f60a8d4b95120616164d501b1bde9aeb858a692fe0b464c40f77e7f6d9e7e13124d7951377daebf6987d7dd0c6e813b57849e8f841e04cfef8596029a2ff8bbd36ebc98b5551df8333b1060c69a9062f2b98fad226f4491f5b0a1327f528959738d5ab816c7ddd58ce811370ec98335f007d3963957e653139ff97f586a08b73b"]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='pagemap\x00') pread64(r0, &(0x7f0000000180)=""/16, 0x10, 0x8) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x10, 0x8) mknodat$loop(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x4, 0x1) openat(r0, &(0x7f0000000180)='./file1\x00', 0x101080, 0x100) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x10, 0x8) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000600)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000580)="8a145cdc040d0a4ac50c37bace22fc092b248ee0e334529d007e2c451fd12932d86b78630671286a05ead28b26813d5711b3d991f9a23498d1608d23073efef183d1651ce1f1a134ab578c49191061", 0x4f, r0}, 0x68) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) dup3(r1, 0xffffffffffffffff, 0x80000) [ 121.472127] loop1: detected capacity change from 0 to 40 [ 127.709803] Bluetooth: hci2: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 11:10:31 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffff88800e28a280 RCX=ffffffff817c86bd RDX=ffffed100191ed05 RSI=0000000000000004 RDI=ffff88800c8f6824 RBP=ffff88800c8f6610 RSP=ffff88803f9bfa78 R8 =0000000000000001 R9 =ffff88800c8f6827 R10=ffffed100191ed04 R11=0000000000000001 R12=0000000000000001 R13=ffff88800e28a2fc R14=ffff88800e28a290 R15=0000000000000001 RIP=ffffffff817c86ce RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa39bd9f260 CR3=000000001dde6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f YMM01=0000000000000000 0000000000000000 2e6f747079726362 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 00312e312e6f732e 6f74707972636269 YMM03=0000000000000000 0000000000000000 6c2f756e672d7875 6e696c2d34365f36 YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b3251 RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff88803fa3f698 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000038 R11=0000000000000001 R12=0000000000000038 R13=ffffffff87641b60 R14=0000000000000010 R15=ffffffff822b3240 RIP=ffffffff822b32a9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f77e15d0700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd6d4598028 CR3=000000003f7a2000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000