Warning: Permanently added '[localhost]:6698' (ECDSA) to the list of known hosts.
2022/09/22 10:50:15 fuzzer started
2022/09/22 10:50:15 dialing manager at localhost:40289
syzkaller login: [   44.116652] cgroup: Unknown subsys name 'net'
[   44.238567] cgroup: Unknown subsys name 'rlimit'
2022/09/22 10:50:30 syscalls: 2215
2022/09/22 10:50:30 code coverage: enabled
2022/09/22 10:50:30 comparison tracing: enabled
2022/09/22 10:50:30 extra coverage: enabled
2022/09/22 10:50:30 setuid sandbox: enabled
2022/09/22 10:50:30 namespace sandbox: enabled
2022/09/22 10:50:30 Android sandbox: enabled
2022/09/22 10:50:30 fault injection: enabled
2022/09/22 10:50:30 leak checking: enabled
2022/09/22 10:50:30 net packet injection: enabled
2022/09/22 10:50:30 net device setup: enabled
2022/09/22 10:50:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/22 10:50:30 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/22 10:50:30 USB emulation: enabled
2022/09/22 10:50:30 hci packet injection: enabled
2022/09/22 10:50:30 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220921                                          )
2022/09/22 10:50:30 802.15.4 emulation: enabled
2022/09/22 10:50:30 fetching corpus: 50, signal 29704/31452 (executing program)
2022/09/22 10:50:30 fetching corpus: 100, signal 39263/42612 (executing program)
2022/09/22 10:50:30 fetching corpus: 150, signal 47629/52419 (executing program)
2022/09/22 10:50:30 fetching corpus: 200, signal 52649/58836 (executing program)
2022/09/22 10:50:30 fetching corpus: 250, signal 57109/64672 (executing program)
2022/09/22 10:50:31 fetching corpus: 300, signal 62853/71666 (executing program)
2022/09/22 10:50:31 fetching corpus: 350, signal 68047/77984 (executing program)
2022/09/22 10:50:31 fetching corpus: 400, signal 71975/83081 (executing program)
2022/09/22 10:50:31 fetching corpus: 450, signal 76717/88855 (executing program)
2022/09/22 10:50:31 fetching corpus: 500, signal 80641/93797 (executing program)
2022/09/22 10:50:31 fetching corpus: 550, signal 84577/98705 (executing program)
2022/09/22 10:50:31 fetching corpus: 600, signal 87057/102237 (executing program)
2022/09/22 10:50:31 fetching corpus: 650, signal 90232/106273 (executing program)
2022/09/22 10:50:32 fetching corpus: 700, signal 93757/110614 (executing program)
2022/09/22 10:50:32 fetching corpus: 750, signal 96070/113871 (executing program)
2022/09/22 10:50:32 fetching corpus: 800, signal 100316/118796 (executing program)
2022/09/22 10:50:32 fetching corpus: 850, signal 104487/123560 (executing program)
2022/09/22 10:50:32 fetching corpus: 900, signal 106798/126711 (executing program)
2022/09/22 10:50:32 fetching corpus: 950, signal 109576/130180 (executing program)
2022/09/22 10:50:32 fetching corpus: 1000, signal 112997/134117 (executing program)
2022/09/22 10:50:33 fetching corpus: 1050, signal 114276/136216 (executing program)
2022/09/22 10:50:33 fetching corpus: 1100, signal 115633/138368 (executing program)
2022/09/22 10:50:33 fetching corpus: 1150, signal 117719/141103 (executing program)
2022/09/22 10:50:33 fetching corpus: 1200, signal 118979/143179 (executing program)
2022/09/22 10:50:33 fetching corpus: 1250, signal 122041/146577 (executing program)
2022/09/22 10:50:33 fetching corpus: 1300, signal 124685/149614 (executing program)
2022/09/22 10:50:33 fetching corpus: 1350, signal 126521/152011 (executing program)
2022/09/22 10:50:33 fetching corpus: 1400, signal 127977/154092 (executing program)
2022/09/22 10:50:34 fetching corpus: 1450, signal 130071/156638 (executing program)
2022/09/22 10:50:34 fetching corpus: 1500, signal 131870/158915 (executing program)
2022/09/22 10:50:34 fetching corpus: 1550, signal 133595/161072 (executing program)
2022/09/22 10:50:34 fetching corpus: 1600, signal 135573/163389 (executing program)
2022/09/22 10:50:34 fetching corpus: 1650, signal 137193/165516 (executing program)
2022/09/22 10:50:34 fetching corpus: 1700, signal 137976/166911 (executing program)
2022/09/22 10:50:34 fetching corpus: 1750, signal 140065/169260 (executing program)
2022/09/22 10:50:34 fetching corpus: 1800, signal 141114/170831 (executing program)
2022/09/22 10:50:34 fetching corpus: 1850, signal 142617/172754 (executing program)
2022/09/22 10:50:35 fetching corpus: 1900, signal 144616/174992 (executing program)
2022/09/22 10:50:35 fetching corpus: 1950, signal 145596/176501 (executing program)
2022/09/22 10:50:35 fetching corpus: 2000, signal 146560/177950 (executing program)
2022/09/22 10:50:35 fetching corpus: 2050, signal 147626/179491 (executing program)
2022/09/22 10:50:35 fetching corpus: 2100, signal 148563/180932 (executing program)
2022/09/22 10:50:35 fetching corpus: 2150, signal 150042/182699 (executing program)
2022/09/22 10:50:35 fetching corpus: 2200, signal 151309/184242 (executing program)
2022/09/22 10:50:35 fetching corpus: 2250, signal 153006/186067 (executing program)
2022/09/22 10:50:35 fetching corpus: 2300, signal 153654/187203 (executing program)
2022/09/22 10:50:36 fetching corpus: 2350, signal 155194/188825 (executing program)
2022/09/22 10:50:36 fetching corpus: 2400, signal 156129/190105 (executing program)
2022/09/22 10:50:36 fetching corpus: 2450, signal 157645/191848 (executing program)
2022/09/22 10:50:36 fetching corpus: 2500, signal 159262/193536 (executing program)
2022/09/22 10:50:36 fetching corpus: 2550, signal 160325/194857 (executing program)
2022/09/22 10:50:36 fetching corpus: 2600, signal 161425/196175 (executing program)
2022/09/22 10:50:36 fetching corpus: 2650, signal 162883/197630 (executing program)
2022/09/22 10:50:37 fetching corpus: 2700, signal 163751/198811 (executing program)
2022/09/22 10:50:37 fetching corpus: 2750, signal 164786/200044 (executing program)
2022/09/22 10:50:37 fetching corpus: 2800, signal 165335/200928 (executing program)
2022/09/22 10:50:37 fetching corpus: 2850, signal 167148/202501 (executing program)
2022/09/22 10:50:37 fetching corpus: 2900, signal 168629/203905 (executing program)
2022/09/22 10:50:37 fetching corpus: 2950, signal 169378/204885 (executing program)
2022/09/22 10:50:37 fetching corpus: 3000, signal 170535/205985 (executing program)
2022/09/22 10:50:37 fetching corpus: 3050, signal 171461/207000 (executing program)
2022/09/22 10:50:37 fetching corpus: 3100, signal 172444/208090 (executing program)
2022/09/22 10:50:38 fetching corpus: 3150, signal 173747/209292 (executing program)
2022/09/22 10:50:38 fetching corpus: 3200, signal 174955/210399 (executing program)
2022/09/22 10:50:38 fetching corpus: 3250, signal 175740/211334 (executing program)
2022/09/22 10:50:38 fetching corpus: 3300, signal 177080/212468 (executing program)
2022/09/22 10:50:38 fetching corpus: 3350, signal 177876/213365 (executing program)
2022/09/22 10:50:38 fetching corpus: 3400, signal 178716/214260 (executing program)
2022/09/22 10:50:38 fetching corpus: 3450, signal 179264/214997 (executing program)
2022/09/22 10:50:38 fetching corpus: 3500, signal 179734/215718 (executing program)
2022/09/22 10:50:39 fetching corpus: 3550, signal 180900/216679 (executing program)
2022/09/22 10:50:39 fetching corpus: 3600, signal 182045/217627 (executing program)
2022/09/22 10:50:39 fetching corpus: 3650, signal 182920/218446 (executing program)
2022/09/22 10:50:39 fetching corpus: 3700, signal 183639/219225 (executing program)
2022/09/22 10:50:39 fetching corpus: 3750, signal 184436/220023 (executing program)
2022/09/22 10:50:39 fetching corpus: 3800, signal 185052/220724 (executing program)
2022/09/22 10:50:39 fetching corpus: 3850, signal 185725/221409 (executing program)
2022/09/22 10:50:39 fetching corpus: 3900, signal 187137/222329 (executing program)
2022/09/22 10:50:40 fetching corpus: 3950, signal 188284/223180 (executing program)
2022/09/22 10:50:40 fetching corpus: 4000, signal 188998/223813 (executing program)
2022/09/22 10:50:40 fetching corpus: 4050, signal 189855/224549 (executing program)
2022/09/22 10:50:40 fetching corpus: 4100, signal 190387/225157 (executing program)
2022/09/22 10:50:40 fetching corpus: 4150, signal 190994/225762 (executing program)
2022/09/22 10:50:40 fetching corpus: 4200, signal 191671/226372 (executing program)
2022/09/22 10:50:40 fetching corpus: 4250, signal 192259/226926 (executing program)
2022/09/22 10:50:40 fetching corpus: 4300, signal 192869/227483 (executing program)
2022/09/22 10:50:40 fetching corpus: 4350, signal 194095/228205 (executing program)
2022/09/22 10:50:41 fetching corpus: 4400, signal 194789/228831 (executing program)
2022/09/22 10:50:41 fetching corpus: 4450, signal 195604/229418 (executing program)
2022/09/22 10:50:41 fetching corpus: 4500, signal 196345/229944 (executing program)
2022/09/22 10:50:41 fetching corpus: 4550, signal 197191/230550 (executing program)
2022/09/22 10:50:41 fetching corpus: 4600, signal 197886/231052 (executing program)
2022/09/22 10:50:41 fetching corpus: 4650, signal 198503/231519 (executing program)
2022/09/22 10:50:41 fetching corpus: 4700, signal 199138/232008 (executing program)
2022/09/22 10:50:41 fetching corpus: 4750, signal 199567/232443 (executing program)
2022/09/22 10:50:41 fetching corpus: 4800, signal 200330/232930 (executing program)
2022/09/22 10:50:42 fetching corpus: 4850, signal 200757/233323 (executing program)
2022/09/22 10:50:42 fetching corpus: 4900, signal 201182/233734 (executing program)
2022/09/22 10:50:42 fetching corpus: 4950, signal 202039/234194 (executing program)
2022/09/22 10:50:42 fetching corpus: 5000, signal 202649/234609 (executing program)
2022/09/22 10:50:42 fetching corpus: 5050, signal 203139/234959 (executing program)
2022/09/22 10:50:42 fetching corpus: 5100, signal 203887/235433 (executing program)
2022/09/22 10:50:42 fetching corpus: 5150, signal 204607/235803 (executing program)
2022/09/22 10:50:42 fetching corpus: 5200, signal 205340/236178 (executing program)
2022/09/22 10:50:43 fetching corpus: 5250, signal 205764/236521 (executing program)
2022/09/22 10:50:43 fetching corpus: 5300, signal 206181/236856 (executing program)
2022/09/22 10:50:43 fetching corpus: 5350, signal 206536/237191 (executing program)
2022/09/22 10:50:43 fetching corpus: 5400, signal 206942/237515 (executing program)
2022/09/22 10:50:43 fetching corpus: 5450, signal 207704/237860 (executing program)
2022/09/22 10:50:43 fetching corpus: 5500, signal 208209/238179 (executing program)
2022/09/22 10:50:43 fetching corpus: 5550, signal 208650/238475 (executing program)
2022/09/22 10:50:43 fetching corpus: 5600, signal 209380/238882 (executing program)
2022/09/22 10:50:44 fetching corpus: 5650, signal 210186/239217 (executing program)
2022/09/22 10:50:44 fetching corpus: 5700, signal 210994/239527 (executing program)
2022/09/22 10:50:44 fetching corpus: 5750, signal 211548/239780 (executing program)
2022/09/22 10:50:44 fetching corpus: 5800, signal 211842/239840 (executing program)
2022/09/22 10:50:44 fetching corpus: 5850, signal 212439/239842 (executing program)
2022/09/22 10:50:44 fetching corpus: 5900, signal 212978/239842 (executing program)
2022/09/22 10:50:44 fetching corpus: 5950, signal 213879/239856 (executing program)
2022/09/22 10:50:44 fetching corpus: 6000, signal 214237/239856 (executing program)
2022/09/22 10:50:44 fetching corpus: 6050, signal 214918/239987 (executing program)
2022/09/22 10:50:45 fetching corpus: 6100, signal 215319/239987 (executing program)
2022/09/22 10:50:45 fetching corpus: 6150, signal 215780/239987 (executing program)
2022/09/22 10:50:45 fetching corpus: 6200, signal 216147/240000 (executing program)
2022/09/22 10:50:45 fetching corpus: 6250, signal 216581/240078 (executing program)
2022/09/22 10:50:45 fetching corpus: 6300, signal 217177/240127 (executing program)
2022/09/22 10:50:45 fetching corpus: 6316, signal 217241/240127 (executing program)
2022/09/22 10:50:45 fetching corpus: 6316, signal 217241/240127 (executing program)
2022/09/22 10:50:48 starting 8 fuzzer processes
10:50:48 executing program 0:
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000000)={0x0, 0x1c, 0x800, 0x0, 0xe, "9968b7010b1251d5"})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000000)
r0 = open_tree(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x80000)
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000080)={0x9, 0x2, 0x6, 0x3, 0x9, "804f93c2d5c26fbd8748adda6af355cad1ad40"})
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0xb2200, 0x0)
ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f0000000100))
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r0, 0x80286722, &(0x7f0000000240)={&(0x7f0000000140)=""/214, 0xd6, 0x968, 0xa6})
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000280)=0x9)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f00000002c0))
ioctl$TIOCSPGRP(r2, 0x5410, &(0x7f0000000300))
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x64, 0x0, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3ef0267b}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x20}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x80000000}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x59}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x64}}, 0x4004840)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x6, 0x10, r2, 0x0)
splice(r0, &(0x7f0000000480)=0x8001, r0, &(0x7f00000004c0)=0x8, 0x8, 0x1)
ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f0000000500)={0x8f18, 0x40, 0x6, 0x200, 0x9, 0xff})
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000540), 0x92880, 0x0)
sendfile(r0, r2, 0x0, 0x2)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000580)=0x8)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r0, 0x941c, 0x0)
ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, &(0x7f00000005c0))

10:50:48 executing program 2:
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x2f)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x4f)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0xfffffffffffff638)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x3)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x200)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x800)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0xa)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x1f)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x1)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x3011)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x100000000)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x2e07)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x4)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x3)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x6)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0xffff)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x661e8000000)

10:50:48 executing program 1:
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000000)={<r0=>0x0, 0x3, 0xffffffff})
ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f0000000400)="aa3a6823d13521ddd70285fea29577b4c7743dfca19fb3a52661e70314d44964a039fb6cd9e726c5526ae4ed83e238c894991f92a9a904b6c9686b8080778a967ba484739743a2d95e2e447e9c3ca33af34ba20618b190be6a0a02ac89dc6b91b96b1ef6e4d3ae96be564c1d37eab250baea8181e36d88ea7dacc7cfd67793a480f3817e1d14bf78aac0492767ee2c289cd3808273d5f685d18dabbf39caddb15be6dc2cff114b1392d3d3aa7fdd9c14a5fecaa02ec6a1e3b28c84464908e4920263080b66c3a13a08e0e9473fd23c0ffe6c7982c34fff95d7ba793c1c4bfcb9fa38ca7139c55d2654998deaec2169f1b7fc10262d02cd712c76eb7bb0460677")
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000540)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000500)="70d681396fbfc85155f965916a647c2a8f00943c444c8540c1d9ac6dcc546090b12d7cb55057", 0x26}, 0x68)
ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f00000005c0))
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0xfffffffffffffffa)
ioctl$INCFS_IOC_FILL_BLOCKS(r1, 0x80106720, &(0x7f0000000700)={0x1, &(0x7f00000006c0)=[{0x2, 0xb1, &(0x7f0000000600)="0740159d6c0382c0767464a29a2453ac019ba638a56775b921ac51035e8bff195e870fc8c135b2389a2760d86b00a2e4580130bb6ab16c6ce79787fd7e7a4694c6bcf601c9dd7d5f53d69b6c89018a474ad477a4add448623eeb52075ea796e2a61d93c5dbbaf20d2c282ec8b31bbaa1691fb3c19b7bb9eb02344f4d02f69b5fbf682e0f57678938251ad4b3d002ccb38d197f4b8a095c4ba77c6bf633c75b975d2c8b33d91a621e0f96e06074e2d4a9ab", 0x1}]})
r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
ioctl$BTRFS_IOC_DEV_INFO(r2, 0xd000941e, &(0x7f0000000740)={r0, "bb224e93020148d012e8aacea5671dba"})
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r2, 0x6628)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000002180)={<r3=>r0, 0x6, 0x7, 0x1})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000002580)={r3, 0x5, 0xfffffffffffff800})
r4 = fcntl$dupfd(r1, 0x406, r2)
ioctl$EXT4_IOC_SWAP_BOOT(r4, 0x6611)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000029c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000002a80)={&(0x7f0000002980), 0xc, &(0x7f0000002a40)={&(0x7f0000002a00)={0x24, r5, 0x300, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x48091}, 0x8000)
r6 = accept$inet(r2, &(0x7f0000002ac0), &(0x7f0000002b00)=0x10)
ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000002b40)={0x0, 0x5, 0x4, 0x0, 0x0, [{{r4}, 0x1}, {{r6}, 0x8}, {{}, 0x1}, {{r2}, 0xd3a}]})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r4, 0xc0189378, &(0x7f0000002c00)={{0x1, 0x1, 0x18, r2, {<r7=>r6}}, './file0\x00'})
io_uring_register$IORING_REGISTER_FILES(r7, 0x2, &(0x7f0000002c40)=[r1], 0x1)
openat(r2, &(0x7f0000002c80)='./file0\x00', 0x80, 0x0)

10:50:48 executing program 3:
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000000)=0x100000000)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
r1 = syz_open_pts(r0, 0x141040)
fcntl$setflags(r1, 0x2, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$AUTOFS_IOC_READY(r2, 0x9360, 0x4)
bind$unix(r0, &(0x7f0000000080)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100), 0x4)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r1, 0x40049366, &(0x7f0000000140)=0x4)
r3 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x1a001, 0x101)
ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f00000001c0)={0x0, 0x200})
r4 = accept4$unix(r3, &(0x7f0000000200), &(0x7f0000000280)=0x6e, 0x80800)
bind$unix(r4, &(0x7f00000002c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000340))
r5 = openat$incfs(r3, &(0x7f0000000540)='.log\x00', 0x20702, 0x124)
r6 = signalfd4(r2, &(0x7f0000000580)={[0xff]}, 0x8, 0x800)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r5, 0xc0189375, &(0x7f00000005c0)={{0x1, 0x1, 0x18, r6}, './file0\x00'})
lsetxattr$security_capability(&(0x7f0000000600)='./file0/file0\x00', &(0x7f0000000640), &(0x7f0000000680)=@v1={0x1000000, [{0x1, 0xff}]}, 0xc, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f00000006c0)={0x0, r1, 0x6, 0x1000, 0xffffffff93b0a7a0, 0x7})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000700))

10:50:48 executing program 4:
ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x6)
flistxattr(0xffffffffffffffff, &(0x7f0000000000)=""/61, 0x3d)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x1}}, './file0\x00'})
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000080))
r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000100)={0xe3f9, 0x2, 0x3f, 0x8001, 0x1, "6622ba864f5ff2c1"})
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000140)={0x200, 0x401, 0x2, 0x0, 0x0, [{{r0}, 0x16}, {{r1}, 0x9}]})
r2 = openat$cgroup_ro(r0, &(0x7f00000001c0)='memory.swap.events\x00', 0x0, 0x0)
ioctl$GIO_CMAP(r2, 0x4b70, &(0x7f0000000200))
ioctl$TIOCSRS485(r0, 0x542f, &(0x7f0000000240)={0x7, 0xaa7, 0x8000})
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x400, 0x0)
r4 = openat(r0, &(0x7f00000002c0)='./file0\x00', 0x90000, 0x49)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r5=>r3, @out_args}, './file0/file0\x00'})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r4, 0x40182103, &(0x7f0000000340)={0x0, 0x1, r5, 0x7})
r6 = accept$unix(r3, &(0x7f0000000380), &(0x7f0000000400)=0x6e)
pwritev(r6, &(0x7f0000000700)=[{&(0x7f0000000440)="29697e9e6b0493dd2333b7e8dd35db407f93fa2fbfae140f6162e53b3414d585eef88e47b6a0beb240d0d4b08ac2346814070855e4dc425d98dec96c18995e0af2a8ca0b1baf2ac5fd4b2f1b16a5e6aea87f7b", 0x53}, {&(0x7f00000004c0)="8ced4ad123b6569136eb0e282e18516d2063a20ffdd2ec7dfb7acb", 0x1b}, {&(0x7f0000000500)="272d6514723ab491f7b4cd39aae1c7fad9d3d995529f1886d63fe8471b1cd5ab332e9a63c68ad5c262cc7f222efe6cd0c842576b481780264c2f5b12eacc4c24f2ac5840948f0c09386f649715162c9714ea0b43aaeefa80902de0330aea92ca6ccb5296a8c5fb62d2ed00c83f5c7837ba2737cb59214ceedf7d182758465ff78d0037a7b100f3eb3c652675998347ed5829a6b21f6fed35dee6b3cfd37d495f8a50825d7148aaae487264eaed935003e8de123475bfd0e260031edf9dea7bd4c53273569fed5c585afc147c41c54bfdbabcd1ed381e111afdae9834788d235deca2edf5932e7733355ae3381dae50c02088d908452f607c6d0798c6", 0xfc}, {&(0x7f0000000600)="1cb3870e026f62e201fd72bb25dfc621047f2141939053b5c22efddd15ebe91cafcd337ab65402b9fcab55e39e063c773cceedb5eac2b84b4f31c492b6cbe9b975bfa7841a5bf457341e91662b540cd10f285c4e5e5cd2219a9e0245a5108cce6eb1f66132c39f421aed716b7a44fe530bf28718c58ec7e0a6b7efa17bb0ed3eecf033d7bfaeb73fbabf23412ebbdb9bccb46613fbf81a2cb1d4c0b00ee64aae7302adafde72333b3f1b62e74885a3962e77c736a5525abf9b19d66d689e8ee88546dfb2c5acfdd0f0c40e33e17a730305ab8b", 0xd3}], 0x4, 0x0, 0x8)
creat(&(0x7f0000000740)='./file0/file0\x00', 0x0)
ioctl$GIO_CMAP(r2, 0x4b70, &(0x7f0000000780))
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000007c0)={{0x1, 0x1, 0x18, <r7=>r3, {0xffffffff}}, './file0/file0\x00'})
ioctl$EXT4_IOC_SWAP_BOOT(r7, 0x6611)

10:50:48 executing program 5:
io_uring_register$IORING_UNREGISTER_EVENTFD(0xffffffffffffffff, 0x5, 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x39c, 0x8000)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x1}}, './file0\x00'})
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000080)=[r0, 0xffffffffffffffff, 0xffffffffffffffff, r1], 0x4)
clock_gettime(0x0, &(0x7f0000000100)={<r2=>0x0, <r3=>0x0})
utimensat(r1, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x0, 0xea60}, {r2, r3/1000+60000}}, 0x0)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000200), 0x2, 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendfile(r4, r1, &(0x7f0000000240)=0xfffffffffffffff8, 0x8000)
r5 = openat(r1, &(0x7f0000000280)='./file0\x00', 0xa000, 0x1b9)
io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f00000002c0)=[r5, r0, r1], 0x3)
r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x200, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r6, 0xc0189375, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r7=>r5}, './file0\x00'})
io_uring_register$IORING_UNREGISTER_FILES(r7, 0x3, 0x0, 0x0)
write$binfmt_aout(r7, &(0x7f0000000380)={{0x29fc334f0426c863, 0x20, 0x5, 0x371, 0x183, 0x1, 0x13b, 0x7}, "484d1676697c6bbbd4b27dda68b329a3c0d1198b197034a068df707c8d9c905a3b3c806e497a879795be6842483a3214e35165b756d85fbc6ec6a69ec38bfe69076d324feae91292c5d2d5a13624aaaaf75540de1ea66caeb30e432f45997818399306ca43684da7b5ccf4ce1cad9cfda402c51037482dd8eeb4d8b8a35ae6ff5849c1a79d66192d214ebfa577ad5b84142ca11b4dedd4b3865a9a3542f204b1cc8074f2c8708c3d6fc87bcb1d5746627a9a69f7f7f77f8e3a28d455989b07a5a7a64d3eaf71ad64be1a33bd97bca33c5bb412f93f22de49301fe7677adabef5"}, 0x100)
readv(r1, &(0x7f0000004700)=[{&(0x7f0000000480)=""/159, 0x9f}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000001540)=""/157, 0x9d}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000002600)=""/165, 0xa5}, {&(0x7f00000026c0)=""/4096, 0x1000}, {&(0x7f00000036c0)=""/23, 0x17}, {&(0x7f0000003700)=""/4096, 0x1000}], 0x8)
execve(&(0x7f0000004780)='./file0\x00', &(0x7f0000004980)=[&(0x7f00000047c0)='-%#^.,!)}(^\x00', &(0x7f0000004800)='$@\x8c\x00', &(0x7f0000004840)='-\x00', &(0x7f0000004880)='})\'\x00', &(0x7f00000048c0)='/dev/vcs\x00', &(0x7f0000004900)='{**\\-@}\xb6\x00', &(0x7f0000004940)='!#&\xc3]\x00'], &(0x7f0000004a00)=[&(0x7f00000049c0)='trusted.overlay.opaque\x00'])
r8 = accept4$packet(r1, &(0x7f0000004a40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000004a80)=0x14, 0x80000)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000004ac0)=[r8, r4], 0x2)
io_uring_enter(r7, 0x715b, 0x3d4b, 0x0, &(0x7f0000004b00), 0x8)

10:50:48 executing program 6:
readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/23, 0x17)
renameat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00')
fchmodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
bind$unix(r0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
mknodat(r0, &(0x7f0000000200)='./file0\x00', 0x0, 0x401)
lsetxattr$trusted_overlay_nlink(&(0x7f0000000240)='./file0/file0\x00', &(0x7f0000000280), &(0x7f00000002c0)={'U-', 0x48e}, 0x16, 0x3)
syz_mount_image$iso9660(&(0x7f0000000300), &(0x7f0000000340)='./file0/file0/file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{&(0x7f0000000380)="aa4e210d8f24928f5c78bc5e4c0cec2353e89bc60ccadd32637b226e48737d7fecf681fe52ad0f2286f966698b3046a89934df7c43e556e6de1fd4c4ebd966bd0ba390", 0x43, 0xd8fc}], 0x3310006, &(0x7f0000000440)={[{@mode={'mode', 0x3d, 0x101}}], [{@dont_appraise}, {@permit_directio}, {@smackfshat={'smackfshat', 0x3d, 'U-'}}]})
inotify_add_watch(r0, &(0x7f00000004c0)='./file0/file0/file0\x00', 0x4)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000640)={0x0, <r1=>0x0}, &(0x7f0000000680)=0xc)
r2 = geteuid()
syz_mount_image$vfat(&(0x7f0000000500), &(0x7f0000000540)='./file0/file0/file0\x00', 0xfff, 0x1, &(0x7f0000000600)=[{&(0x7f0000000580)="829d04d9f7a0a1ade905a1518a47b054eca78123ec2a3db31f951d91345efea80beb43c181fa3601bb2fcc9c50a6980737137a33a25515e3b4cf1d1c1f1dd9656c6f87a94800e5c216418730c869538b579029fb70f1a5f7773799fe76a0cf5e594029f3f0d38c8799cbfa6df186acce0411ceea4d6250208baa", 0x7a, 0x4}], 0x224800, &(0x7f00000006c0)={[{@fat=@allow_utime={'allow_utime', 0x3d, 0x1f}}, {@iocharset={'iocharset', 0x3d, 'euc-jp'}}, {@shortname_lower}, {@shortname_mixed}, {@utf8}, {@fat=@sys_immutable}, {@fat=@umask={'umask', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'cp864'}}, {@shortname_winnt}, {@rodir}], [{@appraise_type}, {@euid_lt={'euid<', r1}}, {@uid_eq={'uid', 0x3d, r2}}, {@permit_directio}, {@euid_gt={'euid>', 0xee01}}]})
r3 = creat(&(0x7f0000000800)='./file0\x00', 0x60)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000840)={{0x1, 0x1, 0x18, <r4=>r0, {0x1f}}, './file0\x00'})
r5 = accept(r0, 0x0, &(0x7f0000000880))
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f00000008c0)={{0x1, 0x1, 0x18, <r6=>r5}, './file0/file0/file0\x00'})
syz_mount_image$iso9660(&(0x7f0000000900), &(0x7f0000000940)='./file1\x00', 0x1ff, 0x1, &(0x7f0000000a80)=[{&(0x7f0000000980)="3d4337cf8549c5d20e2acfe83c0a6339d81226c068fd9905ab8e1470dbf1b0fbc7d6c81e4bcd75b75fb298a292d41078ebe39153e8bcb4e7fdd88e51f6b540f841230b4a0f9f47fd6d4b1a4076ab72f632deb2041169e632a9cbc7fca2adc0e55aa5ef4560ac46509c0acdf2ba4b863f69c8cf1d30656ab709b482a5fe84bc02b1deaf5257d84237e4f2cd9c68cf2a3957557b4d009c8028a500aed9e01bfd82124230866c0fd6fbc318d26b8133986a4fd4591b281f1de395d7fcda254a7f02d2f7694b7dbf8552d46e28256295cae578ca27b677", 0xd5, 0x2}], 0x0, &(0x7f0000000ac0)={[{@nocompress}, {@iocharset={'iocharset', 0x3d, 'cp865'}}], [{@pcr={'pcr', 0x3d, 0x17}}, {@obj_type={'obj_type', 0x3d, 'rodir'}}, {@uid_gt={'uid>', r2}}]})
sendmsg$IPCTNL_MSG_EXP_NEW(r6, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x54, 0x0, 0x2, 0x701, 0x0, 0x0, {0x2, 0x0, 0x5}, [@CTA_EXPECT_MASK={0x38, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x40c0005}, 0x10)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000c80)='/proc/vmstat\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOVER(r7, 0x80049363, &(0x7f0000000cc0))

[   76.561900] audit: type=1400 audit(1663843848.168:6): avc:  denied  { execmem } for  pid=288 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
10:50:48 executing program 7:
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)
prctl$PR_GET_TIMERSLACK(0x1e)

[   77.846678] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   77.857801] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   77.859020] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.866063] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   77.867029] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.875924] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.891979] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   77.895168] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.900283] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   77.903090] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.912886] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   77.917842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.924614] Bluetooth: hci1: HCI_REQ-0x0c1a
[   77.927644] Bluetooth: hci0: HCI_REQ-0x0c1a
[   77.951381] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   77.952942] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   77.954633] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   77.956203] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   77.957460] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   77.958810] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   77.959768] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   77.963654] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   77.964974] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   77.967580] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   77.968682] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   77.970237] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   77.971214] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   77.983843] Bluetooth: hci2: HCI_REQ-0x0c1a
[   77.984784] Bluetooth: hci3: HCI_REQ-0x0c1a
[   77.985678] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   77.989940] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   77.999603] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   78.000895] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   78.002274] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   78.003471] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   78.011927] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   78.012953] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   78.014134] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   78.015977] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   78.017208] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   78.022151] Bluetooth: hci5: HCI_REQ-0x0c1a
[   78.038071] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   78.052538] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   78.056685] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   78.059324] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   78.064148] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   78.067149] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   78.070983] Bluetooth: hci4: HCI_REQ-0x0c1a
[   78.088008] Bluetooth: hci7: HCI_REQ-0x0c1a
[   79.990301] Bluetooth: hci6: Opcode 0x c03 failed: -110
[   79.991397] Bluetooth: hci0: command 0x0409 tx timeout
[   79.992172] Bluetooth: hci1: command 0x0409 tx timeout
[   80.052871] Bluetooth: hci5: command 0x0409 tx timeout
[   80.053406] Bluetooth: hci2: command 0x0409 tx timeout
[   80.053926] Bluetooth: hci3: command 0x0409 tx timeout
[   80.116820] Bluetooth: hci7: command 0x0409 tx timeout
[   80.117539] Bluetooth: hci4: command 0x0409 tx timeout
[   82.036983] Bluetooth: hci1: command 0x041b tx timeout
[   82.037806] Bluetooth: hci0: command 0x041b tx timeout
[   82.100916] Bluetooth: hci3: command 0x041b tx timeout
[   82.101760] Bluetooth: hci2: command 0x041b tx timeout
[   82.102488] Bluetooth: hci5: command 0x041b tx timeout
[   82.164976] Bluetooth: hci4: command 0x041b tx timeout
[   82.165759] Bluetooth: hci7: command 0x041b tx timeout
[   83.000464] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   83.002783] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   83.004895] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   83.009131] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   83.013875] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   83.016607] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   83.027744] Bluetooth: hci6: HCI_REQ-0x0c1a
[   84.084847] Bluetooth: hci0: command 0x040f tx timeout
[   84.085663] Bluetooth: hci1: command 0x040f tx timeout
[   84.148874] Bluetooth: hci5: command 0x040f tx timeout
[   84.149646] Bluetooth: hci2: command 0x040f tx timeout
[   84.150439] Bluetooth: hci3: command 0x040f tx timeout
[   84.212837] Bluetooth: hci7: command 0x040f tx timeout
[   84.213621] Bluetooth: hci4: command 0x040f tx timeout
[   85.044903] Bluetooth: hci6: command 0x0409 tx timeout
[   86.132754] Bluetooth: hci1: command 0x0419 tx timeout
[   86.133194] Bluetooth: hci0: command 0x0419 tx timeout
[   86.197589] Bluetooth: hci3: command 0x0419 tx timeout
[   86.198034] Bluetooth: hci2: command 0x0419 tx timeout
[   86.198399] Bluetooth: hci5: command 0x0419 tx timeout
[   86.261746] Bluetooth: hci4: command 0x0419 tx timeout
[   86.262151] Bluetooth: hci7: command 0x0419 tx timeout
[   87.092811] Bluetooth: hci6: command 0x041b tx timeout
[   89.140890] Bluetooth: hci6: command 0x040f tx timeout
[   91.188790] Bluetooth: hci6: command 0x0419 tx timeout
[  129.787554] loop6: detected capacity change from 0 to 216
[  129.815206] loop6: detected capacity change from 0 to 7
[  129.864964] loop6: detected capacity change from 0 to 216
10:51:41 executing program 6:
r0 = getpid()
r1 = getpid()
kcmp(r0, r1, 0x5, 0xffffffffffffffff, 0xffffffffffffffff)
clone3(&(0x7f0000000180)={0x89820400, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x1e}, &(0x7f0000000900)=""/4096, 0x1000, &(0x7f0000000100)=""/44, &(0x7f0000000140)=[r1, r0, r1, r0, r1, r0, r0, r1, r1, 0xffffffffffffffff], 0xa}, 0x58)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000200)=<r2=>0x0)
syz_open_procfs(r2, &(0x7f0000000240)='net/vlan/vlan1\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000008c0)='smaps_rollup\x00')

10:51:41 executing program 7:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x4200, 0x0)
close_range(0xffffffffffffffff, r0, 0x2)
r1 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ffff00f0ff056000ffffff09a0000bc0000de0000f000111200113400115600117800119f0ffff0f00"/96, 0x60, 0x1e0}, {&(0x7f0000010200)="f8ffff00f0ff056000ffffff09a0000bc0000de0000f000111200113400115600117800119f0ffff0f00"/64, 0x40, 0x400}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000ace670325132510000e670325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000ace670325132510000e670325107000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000ace670325132510000e670325108002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000ace670325132510000e67032511a0064000000", 0x120, 0x600}, {&(0x7f0000010500)="2e202020202020202020201000ace670325132510000e67032510300000000002e2e2020202020202020201000ace670325132510000e670325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000ace670325132510000e670325104001a040000", 0x80, 0x1000}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x1200}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0x1800}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x3e00}], 0x0, &(0x7f0000010d00)=ANY=[@ANYBLOB="92"])
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000000))
r3 = mq_open(&(0x7f0000000000)='@\x00', 0xc1, 0xb2, &(0x7f0000000040)={0xa554, 0x7, 0x8001, 0x8})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000002600)={0x0, ""/256, 0x0, 0x0, <r4=>0x0})
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r3, 0x5000943f, &(0x7f0000000500)={{}, r4, 0x12, @unused=[0x1, 0x1, 0x1, 0x6], @subvolid=0x80000000})
ioctl$BTRFS_IOC_RM_DEV_V2(r1, 0x5000943a, &(0x7f00000002c0)={{r1}, r4, 0x0, @unused=[0x5, 0x800, 0x1f, 0x934], @devid})
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, 0x3)

[  130.010335] loop7: detected capacity change from 0 to 128
[  130.021375] FAT-fs (loop7): Unrecognized mount option "�" or missing value
[  130.055266] loop7: detected capacity change from 0 to 128
[  130.056453] FAT-fs (loop7): Unrecognized mount option "�" or missing value
10:51:41 executing program 7:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

10:51:41 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0xfa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000040)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '#\x00\b', 0xc, 0x11, 0x0, @empty, @local, {[], {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0)

[  130.242180] audit: type=1400 audit(1663843901.849:7): avc:  denied  { open } for  pid=3869 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  130.243882] audit: type=1400 audit(1663843901.849:8): avc:  denied  { kernel } for  pid=3869 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
10:51:41 executing program 7:
r0 = getpid()
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x12a600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, r0, 0x1, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
close_range(r1, r2, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_io_uring_setup(0x0, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00')
pread64(r4, &(0x7f0000000040)=""/170, 0xaa, 0x0)
syz_io_uring_setup(0x37c2, &(0x7f0000000140)={0x0, 0x1240, 0x8, 0x2, 0xc1, 0x0, r4}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000200))
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x10010, r3, 0x10000000)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000000140)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, {{}, 0x0, @in6=@mcast2}}, 0xe8)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)

10:51:41 executing program 1:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000000)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @typed={0xc, 0x3a, 0x0, 0x0, @u64}]}, 0x2c}], 0x1}, 0x0)
r2 = mq_open(&(0x7f0000000000)=']&\x00', 0x40, 0x42, &(0x7f0000000040)={0x1000, 0x32, 0x5, 0x5})
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000000))
r4 = accept4$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local}, &(0x7f00000002c0)=0x1c, 0x0)
sendmsg$netlink(r1, &(0x7f0000000340)={&(0x7f0000000140)=@kern={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)=[{&(0x7f00000014c0)={0x132c, 0x2f, 0x400, 0x70bd2a, 0x25dfdbff, "", [@typed={0x8, 0x56, 0x0, 0x0, @ipv4=@private=0xa010102}, @typed={0x8, 0x36, 0x0, 0x0, @u32=0x3}, @generic="3ca001195ceaa535ef1ea95c4adabc4187c2041854b5462760189003ec533244fd4b00ceb9d13184843a85ebfc293b64a7c0385d163a662d165c07fce0859925829b46f22324fe2ac159087b0870dc7cd38ec13e1d00ff81c9558f2969319490f0bcaaafd8dfef44241c58d7df9c932a56975a1c7b46d12e07089c2f57437944a96ccc2d32c94214e46b0cf4fe6ca521b86e81b0c55735537b0a1f9eb24ec344321e52de81541ab76722824e49c147cc24d3b5d50b4cc8bbbad68c9efec72183705f", @generic="e2d6d124f036641631e35053367713d5e2cab27d7a8238ef193382f047553bc2327f426b0db3e49bd787a8ac5156e1d1994b46569517151fe67485fef947311161943846542751201ffa7de8c7b18bf8663437d5a755f45cac0548ae7031e36a432be2c65847433b7ceaf31aa42c3936388523070487b1a8f2445d5b4ceb3907320a2fe33ec2026ea5372645", @nested={0x101c, 0x77, 0x0, 0x1, [@typed={0x4, 0x8c}, @typed={0x14, 0xb, 0x0, 0x0, @ipv6=@empty}, @generic="a61bbb1d115c41a8287df82614d3c833564c2da67373fc5aaeaf7e6b4532cf47e1ff0bc949ef959d2ce5c126cb36f0e32337d82975a409a557ccfcc7f348fa5061269d5482f2206deae526351d2467e75249b0b931d73dd7391a97d17544ed2e8f738a35ae885a6936a01f8f86a09bc2d8da174568f25095ee9547e81046c858192646d9a8c04efcc0072cad6a4db61ac5c5d283ca09d4dbfd7e4661468b913f46db141e2bad7fc1bf826c5c9954657db4ce6374dc590522e98c4cb5cb5aff74f84fcbe9e49fa74b6ac097f0b0b8d959ead5dcd47d177b4a082547da0de6b0394322a66873c7477534097b036d72eb7e55aff6f7701bde44351b99d076132bcb6d8fc147ff3ad76e9a54e701ec132eee06cf571fc4d1959fbf63e4263d71dac514dce652290fb9ee7ed3aea82c9f3a4a5052db879cd7b1d3bb2de443f021c51a4d55cb691a314eb87e36bc41eb10a1d12ffdb9c8aa194d3de931b7543d25c0963e95c3f4639ea36a0a035dacb6e051e22cfb19acee1c090a2f8dd5730a90bf3974269d5b7887452f1643afff5032c817a1da6e13fe7b7523080cd0e76741da55198de755f3292ce268df54178536c1f65578bf657261249397a14d1fda14d69e6dce02e56424ae40e41c0b8e20d90de30fd0d7749635f5891c030cdd4745cfee78d04a62d3765fac5b69b97f20620e015a631c24513b79d36e9a3eb3d815c8dfdb02b43fa5e04cc1af79467c96cf5b6f06ea7ab561a46710a5d2d90b08f19adf97f814b57a10bdcea6f16d13097c33dd33ba130c9885e7d8c44c5102ea4eaa1085063b3461c8b816266444dfdfb7a201a94f57ba40b911d16efa9e95e9ee1947edeb1bca25ecc275bbe158cc27055917e36b3b37685ff9511a896ea3de862832e137c4629b83ba36eff1b4a1a9fb74e3704d501300812d9dfc130aa3484a83293d3f2ff0061fe960092e41ed0ccf282c9fc946182c300165fd00b1ca5c7365506ae0ae6dedcccb5a33b730d3bf75d6ae7884136bd8b5b99dd62c041bd4e931270a56a97f35e432b59049b1762afe6095b34b54146ca7515d2aa2ca000ab2a155dd6f8148d1d0fc3855dbf7d7073e937dae3e769198aa03364dfb2e12d6954353bfd2d35f5409efd1d13cc389c3e14b85b473cc91cdf65bc5f4eecb7bf9bab677ffda2287d3e0fa1be24050bf75d6cd00bf7cfdac50400dee31c034baf20b820f916b9757f51727ac2556fc8ba918dc1f17440adf9cba8c81d99f07953e01cb6df3cabe6546214e7825c8329a4219d07984bcbe613a4c577563d434a4c26f16c1383cb66b454e3aabd4b954f5b4e91cb327f607da0a535cd291c1827e13cd6667c262beaab7cf9b0c695bac67abad55914c838c9c8af7d6fae8082a3b647faf4bd515e08bf31ee5d0e0852c544d9d00d202786aa8fbab083ac1613118b804547a229ba0473d988aba3d7fb95037cba9f7cd9cd4f3aaf56393d9a2fad1ecdedc004bb123dbb547ebe752598a4febe4795324964669954a920cd5dd190bcf93d0c355fed6a0082ca2b62eae6decde07bb10da1cfe73c24cb369b620f428d43db6a80373bba38d9d01bc67783ccb894d7a89f90c20f9fb5c28cc7eff61047d43f774182bf985f05988337347b2111271dfff2807d657ea2efa13c476cb1de9ed29567fc0f1202af2637edaa7b3145c6470bf1190f6f6245720a8a6724f3ee4cd31099e42c12cc7cdc918b4e98eaa846ce44ad3fd992609b021b696d7fe8bedd3df36c811e62820452dc6eb9daad437d96220982629e00d20bbe1e3ea29749fd1c73e11316870c7e50b1269024e3de7e131f34369b3cd783ffe87baee4915c39c1c13d77b0ac2c07650964b0976ba47c28c55855e1dfc916ee4c11456745f381c0c83a9ce167c4ec70023568654440a3029840ea91342475a89cd58f9ae779f805d997f5c65cf44bf840944aef8fb6767ba65e67a04544e90d34fb8958a1361cda13a5bcd6b7502eb2df909428925e6c8c8ace8e5bdc67c4b1e7c213ec3accbc9e8ded94b8eaa38e549dd53143540f3b7eee9d27d6d416038e1953e0e62a61fdf74022aa9e7eb0d4c0346fea2fef856c1ed494da9225ee7534fa2b7bc7fccab4fdad8149263e0485828477fc87240a4be4d64f38772207577bb909b20416c434d9b9b5c4e916e2f47cb8f9a37e0dd5dbb84ee35190c73c324b79dd4ec81620a4e48f35502136a9c144b68e36656f5c3192e6897641895b99671399f7545db3af70d616b65ea101a763fc54740abc2fc39ef0efb137612275702c284879f0c495eaa4c1faff150dbd214c74c1249e64348772a3554500fc5a8535eac3f7fe5d9446705160a56ba9b3a7825a842e475f8da20c5d0a23700c095f702d6224e59b9b78c1eabbe85c5f31e014d2b8e2ba1b387d9c3fbd8bf51f7ec4efffe473d0a7eaa5ff15d8d21fade62f4480d7bdaecf39a686e0e4ba2e2473519824560a77b3c4e350675472f12b76f86c2ea6acd923e8b4f03dfeae94d0e436bedbd4ae65b2ece14cc25e4a79d13d8f595384e359dd0b40cad2b5344b5c54ff07202e976c5ab8fc42231f646d3408c3c6b86629605cfef981bf1ef281d1bbecae23fe2f144c9a24ff6797d8c38dae65d5dd649497cb49d17a5879445f830d55822b070b44a93c377014064833df7326a6bc4d3c487ed7a51eeb6d37c6a90da5aceb596280d835f5c4fa640171086163e9e6823fac7a76699ed643307e72980fc8d7c1da11d92045eca93e71e85c8c0b84d882a675889e23b9ac8be01cd1f7deb5a47da06ca211120591f60a703117cf592adf743a571380f466c62e2708bb2b1adde988e3bb994d5c33b7ac1a4cd752e22c4cf858e4405fa1deb320eab5dd6eca801ad16985b276a284e6e9522325820bf02f38bda131cb8e64a922608d5f46e33a49af4557d45b63756123e5202c895ef1400e2cc8699d812cc53542d26902ff327062f4254aac7acad54d0717544054aaab22296021607427eec9d01af9577f87e18b58cc94f3874f419027540fc65f35a904e120617b2ac1a4cd74661afd03e574536cfd5366ea7f0ca3e197edc423d340c8ceb26b1c8f3b3bed5d0a7f74fde14adfe34beb5c704524f44215e684643cd27df9e56811259dd0af945ddca823dd42737b0b7342e5b4aba0fdc9f3344386c91c04913993b56ae6f706dab64daa2d22ddc1de9d93e2551c21c7eaa04d75aefc30e8716da5aa565727b8139c577054513283e45d023a6db70f702c95e2418362c4fca2034ea65010dc08c0e80581e0740fe0984730e15746c8d056aca3c7bae7e87e8f0e5b3c583f8f586881b4ada4fbc7c1e1abb9f4d5afb650c9dad52195df5986dcda3ada79797a1dfb4e132c395910e516517e32c262689b0daa42ab047b3b68641d6fc64c739cfc7c4306e67ddd055f9a2cb3ae4a2611f18d39d1b56a1ed4b05be6d515f9719e759d749be821f2550558e76a8427140f6b0b7045426285d29b2d1d65b4f99984774f7b68af6b482727362cd8252be6147f1784736471199ae242b0822e42ec6249fb7f901facf959e44a96fe8e296c57ff683ea0342c5ccf5848383c6a25958aa45fea691537891e0a08b74a4ee8d84f84342f2120030ac6bb221806bec64dd3d177fb5b96bf23df670db408e09c6a910d109041306154ae56f4293b97a7757dc18b71c771b143dba407dc5a9ee3f449dc3fbb73e0faad54ac02315d98a8069a7c3e28a5554c7748ef39437ccfb152cb9d437d5a035b7206b216d1dfe2dbe4c2e5ea548d8cf4a3c0833cbf70d5376068bd19059208367bf9cdc937ade0638f78f46a90291435cd1309faf8619ffb4678b5d9edd94693442bc536b95b8262e0e42a6462ffdd23edeeaf3020a4a4f689b0d87715daae4870295788a15799d9e96a8a9a048868d8d4769845a99b013ae6cdfa37cf93636065b80c5f571639ca06c9626edd2c917f0c400b3394b8819f19d7a09ad44ea5f7b583036229ece82f887c9d50ec530e727675d23e650dbb5a674badc4ac3ee25fcb2860a0a17963c793616bc36e3a7e534f168cf4980b90b3d93d5871c8e7767de23c4d01bd76b0f60bbc6d78873bc8322d2148f9047bbb5fa786b712207a28c80163eae287f9dcd08d5b9c8558ff3a775b529ef947b3273994b519829e2c4874dd124f9187ebd904b6c8d14edda347040e4ddb79832c838019e032cf3fb1bef38f53efd435c2db1975646403ed1a129fa4293216b4ec2df4db7bf1c4b71df4486f4642cc9ff6e12893863d2b8e0c487b5dcfc3743c4f91cfebeaf7b47bb9f287bd84d28f1acf9472d96c6b7ed3a7b555c57b00f3b9db3d4dd971c4e2b42f8f1751a77d28a959b21b2391272c0383b9ee1edcb9204a4f08ce43f78421c440d4181d68c892b0934097bca1371d54cbebeba9bf63079f2f92d02f82c9aa739266cb22975eb5210231264e7d8d42daee2eff9bec35045c0c5f89359fe08c99b73ec308e84350ffb331f92388fea26db7294c977871aeeb688637619a7c3cc699509f25b256b824ef6a9ca766409b4a0fdd8c50812a2bec16dfdd5e82f89cb2be9de458aa401cc71bc49a2a861e6b74850e363c6e8d335105743de512a7e15df0658496563013e697c802b7b16646423402a808f273024d752e5181409f32bd8632c4652b98fb221ca31148d04587dd8fefcf9ab78fcae0bacaeafb9f4659581a4b09818aa1ca5f3c4e2e31f3d627d281537cf600d79dcd4e504bdbfc183cf6a1cc2a1766655a77e418f228ce9198aa3d29b89ea5be623dc1de3765b6d906b0c83c4193b60eca2dd8f9999991f1a6c70511631b2ddaf37db2a14afdff08618180d5e4729f4e6ee1343be7f5d2e0ccefa839b548eb16b85ebb0da934c14daae15006f475081913185f301998dd6dda6734fc9fa5a2b6fec3b59333ca0fd81982b08dbfb8ad92e7a29d0ceb89bbfb8fc88af0cb1591935498827b7c10d1983ed59d5d0f9a2741152d2de60199819800d09877c0e7355f87c70dd16cc7d13404629aa8efca5883fafe1689e51a629f7ce6049a310240951c17a5accd018baf85499c837f138a9bc59dbbc4304f6f9333636aa9ef32b39166a67d3119aa23b89d35d6d9b2b348cd7794ae66e3c2192796394f1d19e9daeaa1aa19b404ed10730d42acb4d74d6124c931c244b7a3c135acbe762df1cca4a9c8a56b16c31b5e74a5d6562c630a8856745d2fcdc4ec151b1be53b6ef4c12bcf98adfa027fdf79f4a50db3b0472e017dd74baf52ca4a7beea276dd3bb0a3e80fb842ab2f6fac6277d17cde001f270467e7f0f4ebe1b15742b2f7a1b0199bfda1eee3f216327b6a489537075e09a358f29307da8b9f050f8405e60ee9e4781bc63c7db365579c05be6e9a31279d734dfd8467319a88c3187c8e1440270960f4746011cde3d87812ff422b83f8e2eb526d6c37ec3fc7531fe7141a47c2cfdda0bdecdb01e9a952e740e123c8ff304572c7780e6e8ff8cb107a0ac1387ed2a5265b0aecc30ff834515bd52c7c03723582d60cce5d3afce532a8409d326c5f9ecd3c15840cad3046ea1a9dc6f97faf7c7e6ef904e38958b6f176573729d32273e21613b2ad6ba9c0f45211bdb155766b2686377cc6fc3b3e7102aee2276c5efcdc73ab9929e6b88123829f6aa32edf76b2a22d813c44b8f19e194ee68e411b4d0207d59aa24fe9d0c9c8d433dd9622b8ea5c83231fea1c155c37383d70bc96e4ba11515e1573b06052ba7565fcf36eec812ede9bbddcfe24f9e025a386c0dd403a3cb14a0a656"]}, @nested={0x4, 0x25}, @generic="0033dd9452b885b47b5269dbf980cb6a6c2880e1d248750543754db1d4ce78c0b9927600e2ddf02f31c52ac6ba5abd49e456b37127dc2af21a3745859525f109cda18cbfd273e441e68a7f3fa2f83bd3111ebdd18545633d7fcae17d6c99d314981fe72a7e31b7a66dcf64f35266b15916decd22afd18e8d236209937237970c31622fb6414f1c936656ad7be57c9ef7525557d5ec462c70f8519cb0f5041c42c72dc64f2eac9eb2d67e3965577913a16aa2a5cdb6a40355a061df16a647", @typed={0xc, 0x7e, 0x0, 0x0, @u64=0x7ff}, @generic="c930009ccf529a8da248c390e4809e610a2b799898c45c08e7501f7a6348cf6711915f1c89802ed9ea2b7a87e8415cdcfc2ae820689f75025472168271762a6234d6e00b823d3d13f022a24fcd69ddaa77446d79aad7f8ca8ce22ecb8478acb2332c4c0b1fa26d8be4cab7836617f0b287cc5010f94b9858af907ef88a6dfe4f8ed69334462f65b9203e1240e78e9f84b284e3d8cfc6de465003f6154113e0c3ec89c83fd6a12f5eaa1c8b8e67201b3635eeec7d1f09621250153fd0196bff63fb1b", @nested={0x10, 0x56, 0x0, 0x1, [@typed={0xc, 0x49, 0x0, 0x0, @u64=0x2}]}]}, 0x132c}], 0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="14000000000000000100000000f0ffff", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00'], 0x18, 0x20000000}, 0x10004891)
r5 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
sendfile(r5, r6, &(0x7f0000000380)=0x7fff, 0x5)
ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f0000000000))
ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f0000000200)=ANY=[@ANYBLOB="040000000000000065080000000000000300000000000000", @ANYRES32=r5, @ANYBLOB="000000000700008100eeffffffffffffff00000000000000000000007404cb370633bf8c4aadbbed1e4755a1282c356f604d99", @ANYRES32=r0, @ANYBLOB="000000000100"/28, @ANYRES32=r6, @ANYBLOB="000000000500"/28])

10:51:41 executing program 6:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x6a85, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x802}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000040)=""/170, 0xaa, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x2)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x5, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_io_uring_setup(0x0, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x48)
fcntl$dupfd(r3, 0x0, r4)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7, 0x50, r4, 0x8000000)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff}, 0x84800)
splice(r1, &(0x7f0000000000)=0x7, r5, &(0x7f0000000300)=0x9, 0x30c, 0x8)
write(r4, &(0x7f0000000080)="01", 0x41030)
syz_io_uring_setup(0x227d, &(0x7f0000000140)={0x0, 0x1240, 0x8, 0x3, 0xc1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000200))
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x10010, r2, 0x10000000)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x43, &(0x7f0000000140)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x4e24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, {{}, 0x0, @in6=@mcast2}}, 0xe8)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0)

[  130.343168] audit: type=1400 audit(1663843901.949:9): avc:  denied  { tracepoint } for  pid=3874 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  130.367924] ------------[ cut here ]------------
[  130.367945] 
[  130.367948] ======================================================
[  130.367952] WARNING: possible circular locking dependency detected
[  130.367956] 6.0.0-rc6-next-20220921 #1 Not tainted
[  130.367963] ------------------------------------------------------
[  130.367966] syz-executor.7/3876 is trying to acquire lock:
[  130.367973] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  130.368012] 
[  130.368012] but task is already holding lock:
[  130.368015] ffff88800e97c820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  130.368044] 
[  130.368044] which lock already depends on the new lock.
[  130.368044] 
[  130.368047] 
[  130.368047] the existing dependency chain (in reverse order) is:
[  130.368051] 
[  130.368051] -> #3 (&ctx->lock){....}-{2:2}:
[  130.368065]        _raw_spin_lock+0x2a/0x40
[  130.368085]        __perf_event_task_sched_out+0x53b/0x18d0
[  130.368098]        __schedule+0xedd/0x2470
[  130.368112]        schedule+0xda/0x1b0
[  130.368125]        exit_to_user_mode_prepare+0x114/0x1a0
[  130.368138]        syscall_exit_to_user_mode+0x19/0x40
[  130.368150]        do_syscall_64+0x48/0x90
[  130.368168]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  130.368179] 
[  130.368179] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  130.368194]        _raw_spin_lock_nested+0x30/0x40
[  130.368214]        raw_spin_rq_lock_nested+0x1e/0x30
[  130.368228]        task_fork_fair+0x63/0x4d0
[  130.368246]        sched_cgroup_fork+0x3d0/0x540
[  130.368261]        copy_process+0x4183/0x6e20
[  130.368272]        kernel_clone+0xe7/0x890
[  130.368282]        user_mode_thread+0xad/0xf0
[  130.368293]        rest_init+0x24/0x250
[  130.368304]        arch_call_rest_init+0xf/0x14
[  130.368321]        start_kernel+0x4c1/0x4e6
[  130.368336]        secondary_startup_64_no_verify+0xe0/0xeb
[  130.368350] 
[  130.368350] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  130.368365]        _raw_spin_lock_irqsave+0x39/0x60
[  130.368385]        try_to_wake_up+0xab/0x1930
[  130.368399]        up+0x75/0xb0
[  130.368413]        __up_console_sem+0x6e/0x80
[  130.368430]        console_unlock+0x46a/0x590
[  130.368448]        do_con_write+0xc05/0x1d50
[  130.368460]        con_write+0x21/0x40
[  130.368471]        n_tty_write+0x4d4/0xfe0
[  130.368485]        file_tty_write.constprop.0+0x49c/0x8f0
[  130.368498]        vfs_write+0x9c3/0xd90
[  130.368518]        ksys_write+0x127/0x250
[  130.368537]        do_syscall_64+0x3b/0x90
[  130.368554]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  130.368566] 
[  130.368566] -> #0 ((console_sem).lock){....}-{2:2}:
[  130.368581]        __lock_acquire+0x2a02/0x5e70
[  130.368600]        lock_acquire+0x1a2/0x530
[  130.368617]        _raw_spin_lock_irqsave+0x39/0x60
[  130.368637]        down_trylock+0xe/0x70
[  130.368652]        __down_trylock_console_sem+0x3b/0xd0
[  130.368669]        vprintk_emit+0x16b/0x560
[  130.368687]        vprintk+0x84/0xa0
[  130.368708]        _printk+0xba/0xf1
[  130.368719]        report_bug.cold+0x72/0xab
[  130.368736]        handle_bug+0x3c/0x70
[  130.368753]        exc_invalid_op+0x14/0x50
[  130.368771]        asm_exc_invalid_op+0x16/0x20
[  130.368782]        group_sched_out.part.0+0x2c7/0x460
[  130.368793]        ctx_sched_out+0x8f1/0xc10
[  130.368804]        __perf_event_task_sched_out+0x6d0/0x18d0
[  130.368817]        __schedule+0xedd/0x2470
[  130.368830]        schedule+0xda/0x1b0
[  130.368844]        exit_to_user_mode_prepare+0x114/0x1a0
[  130.368854]        syscall_exit_to_user_mode+0x19/0x40
[  130.368866]        do_syscall_64+0x48/0x90
[  130.368884]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  130.368896] 
[  130.368896] other info that might help us debug this:
[  130.368896] 
[  130.368898] Chain exists of:
[  130.368898]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  130.368898] 
[  130.368914]  Possible unsafe locking scenario:
[  130.368914] 
[  130.368917]        CPU0                    CPU1
[  130.368919]        ----                    ----
[  130.368921]   lock(&ctx->lock);
[  130.368927]                                lock(&rq->__lock);
[  130.368934]                                lock(&ctx->lock);
[  130.368941]   lock((console_sem).lock);
[  130.368947] 
[  130.368947]  *** DEADLOCK ***
[  130.368947] 
[  130.368949] 2 locks held by syz-executor.7/3876:
[  130.368956]  #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  130.368986]  #1: ffff88800e97c820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  130.369016] 
[  130.369016] stack backtrace:
[  130.369019] CPU: 0 PID: 3876 Comm: syz-executor.7 Not tainted 6.0.0-rc6-next-20220921 #1
[  130.369031] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  130.369040] Call Trace:
[  130.369043]  <TASK>
[  130.369048]  dump_stack_lvl+0x8b/0xb3
[  130.369067]  check_noncircular+0x263/0x2e0
[  130.369085]  ? format_decode+0x26c/0xb50
[  130.369102]  ? print_circular_bug+0x450/0x450
[  130.369121]  ? enable_ptr_key_workfn+0x20/0x20
[  130.369136]  ? __lockdep_reset_lock+0x180/0x180
[  130.369155]  ? format_decode+0x26c/0xb50
[  130.369172]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  130.369191]  __lock_acquire+0x2a02/0x5e70
[  130.369215]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  130.369239]  lock_acquire+0x1a2/0x530
[  130.369257]  ? down_trylock+0xe/0x70
[  130.369275]  ? lock_release+0x750/0x750
[  130.369295]  ? find_held_lock+0x2c/0x110
[  130.369313]  ? vprintk+0x84/0xa0
[  130.369339]  _raw_spin_lock_irqsave+0x39/0x60
[  130.369359]  ? down_trylock+0xe/0x70
[  130.369375]  down_trylock+0xe/0x70
[  130.369392]  ? vprintk+0x84/0xa0
[  130.369410]  __down_trylock_console_sem+0x3b/0xd0
[  130.369429]  vprintk_emit+0x16b/0x560
[  130.369450]  vprintk+0x84/0xa0
[  130.369469]  _printk+0xba/0xf1
[  130.369481]  ? record_print_text.cold+0x16/0x16
[  130.369494]  ? hrtimer_try_to_cancel+0x163/0x2c0
[  130.369509]  ? lock_downgrade+0x6d0/0x6d0
[  130.369528]  ? report_bug.cold+0x66/0xab
[  130.369546]  ? group_sched_out.part.0+0x2c7/0x460
[  130.369558]  report_bug.cold+0x72/0xab
[  130.369578]  handle_bug+0x3c/0x70
[  130.369596]  exc_invalid_op+0x14/0x50
[  130.369615]  asm_exc_invalid_op+0x16/0x20
[  130.369627] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  130.369641] Code: 5e 41 5f e9 9b b9 ef ff e8 96 b9 ef ff 65 8b 1d 2b 12 ac 7e 31 ff 89 de e8 36 b6 ef ff 85 db 0f 84 8a 00 00 00 e8 79 b9 ef ff <0f> 0b e9 a5 fe ff ff e8 6d b9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  130.369653] RSP: 0018:ffff88803f7cfc48 EFLAGS: 00010006
[  130.369663] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  130.369671] RDX: ffff88803c991ac0 RSI: ffffffff815663a7 RDI: 0000000000000005
[  130.369679] RBP: ffff8880086685c8 R08: 0000000000000005 R09: 0000000000000001
[  130.369687] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800e97c800
[  130.369694] R13: ffff88806ce3d140 R14: ffffffff8547c8e0 R15: 0000000000000002
[  130.369706]  ? group_sched_out.part.0+0x2c7/0x460
[  130.369720]  ? group_sched_out.part.0+0x2c7/0x460
[  130.369733]  ctx_sched_out+0x8f1/0xc10
[  130.369747]  __perf_event_task_sched_out+0x6d0/0x18d0
[  130.369763]  ? lock_is_held_type+0xd7/0x130
[  130.369776]  ? __perf_cgroup_move+0x160/0x160
[  130.369789]  ? set_next_entity+0x304/0x550
[  130.369808]  ? update_curr+0x267/0x740
[  130.369828]  ? lock_is_held_type+0xd7/0x130
[  130.369842]  __schedule+0xedd/0x2470
[  130.369859]  ? io_schedule_timeout+0x150/0x150
[  130.369876]  ? __x64_sys_futex_time32+0x480/0x480
[  130.369890]  schedule+0xda/0x1b0
[  130.369905]  exit_to_user_mode_prepare+0x114/0x1a0
[  130.369917]  syscall_exit_to_user_mode+0x19/0x40
[  130.369930]  do_syscall_64+0x48/0x90
[  130.369949]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  130.369961] RIP: 0033:0x7f2f8a095b19
[  130.369970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  130.369981] RSP: 002b:00007f2f8760b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  130.369993] RAX: 0000000000000001 RBX: 00007f2f8a1a8f68 RCX: 00007f2f8a095b19
[  130.370001] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2f8a1a8f6c
[  130.370009] RBP: 00007f2f8a1a8f60 R08: 000000000000000e R09: 0000000000000000
[  130.370016] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f2f8a1a8f6c
[  130.370024] R13: 00007ffc96a3d6af R14: 00007f2f8760b300 R15: 0000000000022000
[  130.370037]  </TASK>
[  130.430207] WARNING: CPU: 0 PID: 3876 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  130.430921] Modules linked in:
[  130.431177] CPU: 0 PID: 3876 Comm: syz-executor.7 Not tainted 6.0.0-rc6-next-20220921 #1
[  130.431791] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  130.432648] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  130.433065] Code: 5e 41 5f e9 9b b9 ef ff e8 96 b9 ef ff 65 8b 1d 2b 12 ac 7e 31 ff 89 de e8 36 b6 ef ff 85 db 0f 84 8a 00 00 00 e8 79 b9 ef ff <0f> 0b e9 a5 fe ff ff e8 6d b9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  130.434442] RSP: 0018:ffff88803f7cfc48 EFLAGS: 00010006
[  130.434848] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  130.435396] RDX: ffff88803c991ac0 RSI: ffffffff815663a7 RDI: 0000000000000005
[  130.435945] RBP: ffff8880086685c8 R08: 0000000000000005 R09: 0000000000000001
[  130.436490] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800e97c800
[  130.437031] R13: ffff88806ce3d140 R14: ffffffff8547c8e0 R15: 0000000000000002
[  130.437583] FS:  00007f2f8760b700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  130.438196] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  130.438639] CR2: 0000001b2e223000 CR3: 000000003efca000 CR4: 0000000000350ef0
[  130.439190] Call Trace:
[  130.439394]  <TASK>
[  130.439574]  ctx_sched_out+0x8f1/0xc10
[  130.439882]  __perf_event_task_sched_out+0x6d0/0x18d0
[  130.440281]  ? lock_is_held_type+0xd7/0x130
[  130.440616]  ? __perf_cgroup_move+0x160/0x160
[  130.440973]  ? set_next_entity+0x304/0x550
[  130.441308]  ? update_curr+0x267/0x740
[  130.441629]  ? lock_is_held_type+0xd7/0x130
[  130.441970]  __schedule+0xedd/0x2470
[  130.442268]  ? io_schedule_timeout+0x150/0x150
[  130.442629]  ? __x64_sys_futex_time32+0x480/0x480
[  130.443006]  schedule+0xda/0x1b0
[  130.443283]  exit_to_user_mode_prepare+0x114/0x1a0
[  130.443665]  syscall_exit_to_user_mode+0x19/0x40
[  130.444039]  do_syscall_64+0x48/0x90
[  130.444336]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  130.444731] RIP: 0033:0x7f2f8a095b19
[  130.445021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  130.446405] RSP: 002b:00007f2f8760b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  130.446979] RAX: 0000000000000001 RBX: 00007f2f8a1a8f68 RCX: 00007f2f8a095b19
[  130.447520] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2f8a1a8f6c
[  130.448060] RBP: 00007f2f8a1a8f60 R08: 000000000000000e R09: 0000000000000000
[  130.448596] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f2f8a1a8f6c
[  130.449143] R13: 00007ffc96a3d6af R14: 00007f2f8760b300 R15: 0000000000022000
[  130.449700]  </TASK>
[  130.449885] irq event stamp: 864
[  130.450145] hardirqs last  enabled at (863): [<ffffffff8133f9d9>] exit_to_user_mode_prepare+0x109/0x1a0
[  130.450851] hardirqs last disabled at (864): [<ffffffff84259305>] __schedule+0x1225/0x2470
[  130.451472] softirqs last  enabled at (322): [<ffffffff811709ab>] __irq_exit_rcu+0x11b/0x180
[  130.452118] softirqs last disabled at (143): [<ffffffff811709ab>] __irq_exit_rcu+0x11b/0x180
[  130.452773] ---[ end trace 0000000000000000 ]---
10:51:42 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)=ANY=[@ANYBLOB="000000ee00000000310000cf6d5c6c7f020ab921c0097b205b2b5a7e953d3faf9a7547097d3dc5f28876105ee6777cd8987ebe67b0bc1fba2c2fd7f935cd5eb4e978d436e8fd3af66e9d50bbe3d2bcad87a80b630484faebee14da390f4734b505d7b483c73df73fa729bf4096d18a00d651af97b28c1dfb36dea4a2e49a8b6114c852b255cdccc3ea46837ea61d5eb1ac94144c68064b9ae8", @ANYRES32=<r1=>r0, @ANYRES32=<r2=>r0, @ANYBLOB='\x00\x00\x00\x00./file0\x00'])
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1)
r3 = open_tree(r2, &(0x7f00000000c0)='./file0\x00', 0x9000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)

[  130.706544] netlink: 'syz-executor.1': attribute type 58 has an invalid length.

VM DIAGNOSIS:
10:51:42  Registers:
info registers vcpu 0
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822b1c91 RDI=ffffffff87645ba0 RBP=ffffffff87645b60 RSP=ffff88803f7cf698
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000030 R11=0000000000000001
R12=0000000000000030 R13=ffffffff87645b60 R14=0000000000000010 R15=ffffffff822b1c80
RIP=ffffffff822b1ce9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f2f8760b700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2e223000 CR3=000000003efca000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007f2f8a17c7c0 00007f2f8a17c7c8
YMM02=0000000000000000 0000000000000000 00007f2f8a17c7e0 00007f2f8a17c7c0
YMM03=0000000000000000 0000000000000000 00007f2f8a17c7c8 00007f2f8a17c7c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000003d96 RBX=ffff88806ce3eee0 RCX=ffffc900009dc000 RDX=0000000000040000
RSI=ffffffff813bce37 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88803f91f6c8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=ffffed100d9c7ddd R13=0000000000000001 R14=ffff88806ce3eee8 R15=dffffc0000000000
RIP=ffffffff813bce39 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f39d3606700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f39d61a4018 CR3=000000003e692000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007f39d61777c0 00007f39d61777c8
YMM02=0000000000000000 0000000000000000 00007f39d61777e0 00007f39d61777c0
YMM03=0000000000000000 0000000000000000 00007f39d61777c8 00007f39d61777c0
YMM04=0000000000000000 0000000000000000 ffffffffffffff00 ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000