Warning: Permanently added '[localhost]:42375' (ECDSA) to the list of known hosts. 2022/09/23 12:29:45 fuzzer started 2022/09/23 12:29:46 dialing manager at localhost:38881 syzkaller login: [ 40.805917] cgroup: Unknown subsys name 'net' [ 40.932387] cgroup: Unknown subsys name 'rlimit' 2022/09/23 12:30:00 syscalls: 2215 2022/09/23 12:30:00 code coverage: enabled 2022/09/23 12:30:00 comparison tracing: enabled 2022/09/23 12:30:00 extra coverage: enabled 2022/09/23 12:30:00 setuid sandbox: enabled 2022/09/23 12:30:00 namespace sandbox: enabled 2022/09/23 12:30:00 Android sandbox: enabled 2022/09/23 12:30:00 fault injection: enabled 2022/09/23 12:30:00 leak checking: enabled 2022/09/23 12:30:00 net packet injection: enabled 2022/09/23 12:30:00 net device setup: enabled 2022/09/23 12:30:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/23 12:30:00 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/23 12:30:00 USB emulation: enabled 2022/09/23 12:30:00 hci packet injection: enabled 2022/09/23 12:30:00 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220923) 2022/09/23 12:30:00 802.15.4 emulation: enabled 2022/09/23 12:30:00 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/23 12:30:00 fetching corpus: 50, signal 28388/31735 (executing program) 2022/09/23 12:30:00 fetching corpus: 100, signal 45352/49745 (executing program) 2022/09/23 12:30:00 fetching corpus: 150, signal 53506/59010 (executing program) 2022/09/23 12:30:00 fetching corpus: 200, signal 58515/65064 (executing program) 2022/09/23 12:30:01 fetching corpus: 250, signal 62056/69627 (executing program) 2022/09/23 12:30:01 fetching corpus: 300, signal 66100/74555 (executing program) 2022/09/23 12:30:01 fetching corpus: 350, signal 71394/80565 (executing program) 2022/09/23 12:30:01 fetching corpus: 400, signal 76965/86681 (executing program) 2022/09/23 12:30:01 fetching corpus: 450, signal 80695/91099 (executing program) 2022/09/23 12:30:01 fetching corpus: 500, signal 83988/95022 (executing program) 2022/09/23 12:30:01 fetching corpus: 550, signal 87089/98689 (executing program) 2022/09/23 12:30:01 fetching corpus: 600, signal 89157/101426 (executing program) 2022/09/23 12:30:02 fetching corpus: 650, signal 92475/105151 (executing program) 2022/09/23 12:30:02 fetching corpus: 700, signal 95999/108990 (executing program) 2022/09/23 12:30:02 fetching corpus: 750, signal 99436/112564 (executing program) 2022/09/23 12:30:02 fetching corpus: 800, signal 101850/115371 (executing program) 2022/09/23 12:30:02 fetching corpus: 850, signal 104831/118468 (executing program) 2022/09/23 12:30:02 fetching corpus: 900, signal 106772/120696 (executing program) 2022/09/23 12:30:02 fetching corpus: 950, signal 108506/122780 (executing program) 2022/09/23 12:30:03 fetching corpus: 1000, signal 110027/124674 (executing program) 2022/09/23 12:30:03 fetching corpus: 1050, signal 112072/126924 (executing program) 2022/09/23 12:30:03 fetching corpus: 1100, signal 113820/128838 (executing program) 2022/09/23 12:30:03 fetching corpus: 1150, signal 116138/131137 (executing program) 2022/09/23 12:30:03 fetching corpus: 1200, signal 117419/132661 (executing program) 2022/09/23 12:30:03 fetching corpus: 1250, signal 119592/134718 (executing program) 2022/09/23 12:30:03 fetching corpus: 1300, signal 121020/136399 (executing program) 2022/09/23 12:30:03 fetching corpus: 1350, signal 122147/137727 (executing program) 2022/09/23 12:30:04 fetching corpus: 1400, signal 124342/139730 (executing program) 2022/09/23 12:30:04 fetching corpus: 1450, signal 125603/141078 (executing program) 2022/09/23 12:30:04 fetching corpus: 1500, signal 127402/142747 (executing program) 2022/09/23 12:30:04 fetching corpus: 1550, signal 128876/144193 (executing program) 2022/09/23 12:30:04 fetching corpus: 1600, signal 130887/145901 (executing program) 2022/09/23 12:30:04 fetching corpus: 1650, signal 132070/147028 (executing program) 2022/09/23 12:30:04 fetching corpus: 1700, signal 133297/148197 (executing program) 2022/09/23 12:30:05 fetching corpus: 1750, signal 134608/149369 (executing program) 2022/09/23 12:30:05 fetching corpus: 1800, signal 136206/150638 (executing program) 2022/09/23 12:30:05 fetching corpus: 1850, signal 137552/151849 (executing program) 2022/09/23 12:30:05 fetching corpus: 1900, signal 138909/152948 (executing program) 2022/09/23 12:30:05 fetching corpus: 1950, signal 140207/153963 (executing program) 2022/09/23 12:30:05 fetching corpus: 2000, signal 142401/155425 (executing program) 2022/09/23 12:30:05 fetching corpus: 2050, signal 143568/156335 (executing program) 2022/09/23 12:30:06 fetching corpus: 2100, signal 144334/157035 (executing program) 2022/09/23 12:30:06 fetching corpus: 2150, signal 145224/157760 (executing program) 2022/09/23 12:30:06 fetching corpus: 2200, signal 146584/158729 (executing program) 2022/09/23 12:30:06 fetching corpus: 2250, signal 147431/159388 (executing program) 2022/09/23 12:30:06 fetching corpus: 2300, signal 148184/159985 (executing program) 2022/09/23 12:30:06 fetching corpus: 2350, signal 149603/160850 (executing program) 2022/09/23 12:30:06 fetching corpus: 2400, signal 150346/161406 (executing program) 2022/09/23 12:30:06 fetching corpus: 2450, signal 150931/161897 (executing program) 2022/09/23 12:30:06 fetching corpus: 2500, signal 151602/162366 (executing program) 2022/09/23 12:30:07 fetching corpus: 2550, signal 152419/162896 (executing program) 2022/09/23 12:30:07 fetching corpus: 2600, signal 153333/163476 (executing program) 2022/09/23 12:30:07 fetching corpus: 2650, signal 154254/164023 (executing program) 2022/09/23 12:30:07 fetching corpus: 2700, signal 154934/164454 (executing program) 2022/09/23 12:30:07 fetching corpus: 2750, signal 156073/165004 (executing program) 2022/09/23 12:30:07 fetching corpus: 2800, signal 157245/165550 (executing program) 2022/09/23 12:30:07 fetching corpus: 2850, signal 158523/166128 (executing program) 2022/09/23 12:30:07 fetching corpus: 2900, signal 159796/166653 (executing program) 2022/09/23 12:30:07 fetching corpus: 2950, signal 160433/166962 (executing program) 2022/09/23 12:30:08 fetching corpus: 3000, signal 161390/167337 (executing program) 2022/09/23 12:30:08 fetching corpus: 3050, signal 162175/167651 (executing program) 2022/09/23 12:30:08 fetching corpus: 3100, signal 163025/168026 (executing program) 2022/09/23 12:30:08 fetching corpus: 3150, signal 163493/168226 (executing program) 2022/09/23 12:30:08 fetching corpus: 3200, signal 164205/168448 (executing program) 2022/09/23 12:30:08 fetching corpus: 3250, signal 164780/168638 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/168819 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/168860 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/168901 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/168958 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169019 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169074 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169130 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169195 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169258 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169313 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169366 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169433 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169483 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169536 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169581 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169630 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169668 (executing program) 2022/09/23 12:30:08 fetching corpus: 3285, signal 165198/169668 (executing program) 2022/09/23 12:30:11 starting 8 fuzzer processes 12:30:11 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) 12:30:11 executing program 1: shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000080)=""/163) [ 65.784874] audit: type=1400 audit(1663936211.268:6): avc: denied { execmem } for pid=285 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:30:11 executing program 2: r0 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x2, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0) 12:30:11 executing program 3: setresuid(0x0, 0xee00, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040)=0x0, &(0x7f0000000080)) setresuid(r0, 0x0, 0x0) setresuid(0xee00, 0x0, 0x0) 12:30:11 executing program 4: syz_mount_image$nfs(&(0x7f0000000040), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={[{'noacl'}]}) 12:30:11 executing program 5: clone3(&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f00000009c0)=""/102391, 0xfffffffffffffeb7, 0x0, 0x0}, 0x63) 12:30:11 executing program 6: futex(&(0x7f0000000000), 0x5, 0x0, 0x0, &(0x7f00000001c0), 0x2000000) 12:30:11 executing program 7: syz_mount_image$ext4(&(0x7f0000000cc0)='ext4\x00', &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, &(0x7f0000001d40), 0x0, &(0x7f0000001f40)={[{@nouid32}], [{@seclabel}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]}) [ 67.094799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.096698] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.098243] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.099593] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.102722] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.104917] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.106526] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.111319] Bluetooth: hci0: HCI_REQ-0x0c1a [ 67.161909] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.163888] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.165590] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.169510] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.172204] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 67.173704] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 67.179985] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.185604] Bluetooth: hci4: HCI_REQ-0x0c1a [ 67.186979] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.189969] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.195762] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.197872] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.200555] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.201956] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.203588] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.204669] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.208976] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 67.213590] Bluetooth: hci1: HCI_REQ-0x0c1a [ 67.218885] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 67.221137] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 67.222940] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 67.226187] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 67.228188] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 67.229441] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.229554] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.231900] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 67.232332] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 67.234403] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.234728] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.238718] Bluetooth: hci5: HCI_REQ-0x0c1a [ 67.242358] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 67.244247] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 67.257976] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 67.260348] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 67.261720] Bluetooth: hci6: HCI_REQ-0x0c1a [ 67.272313] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 67.276657] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.280049] Bluetooth: hci7: HCI_REQ-0x0c1a [ 67.287342] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.312259] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.332763] Bluetooth: hci3: HCI_REQ-0x0c1a [ 69.167064] Bluetooth: hci0: command 0x0409 tx timeout [ 69.168217] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 69.230174] Bluetooth: hci4: command 0x0409 tx timeout [ 69.231147] Bluetooth: hci1: command 0x0409 tx timeout [ 69.294339] Bluetooth: hci5: command 0x0409 tx timeout [ 69.295362] Bluetooth: hci7: command 0x0409 tx timeout [ 69.295473] Bluetooth: hci6: command 0x0409 tx timeout [ 69.358664] Bluetooth: hci3: command 0x0409 tx timeout [ 71.214092] Bluetooth: hci0: command 0x041b tx timeout [ 71.278074] Bluetooth: hci1: command 0x041b tx timeout [ 71.278123] Bluetooth: hci4: command 0x041b tx timeout [ 71.342110] Bluetooth: hci6: command 0x041b tx timeout [ 71.342549] Bluetooth: hci7: command 0x041b tx timeout [ 71.342960] Bluetooth: hci5: command 0x041b tx timeout [ 71.406111] Bluetooth: hci3: command 0x041b tx timeout [ 73.262107] Bluetooth: hci0: command 0x040f tx timeout [ 73.326105] Bluetooth: hci4: command 0x040f tx timeout [ 73.327075] Bluetooth: hci1: command 0x040f tx timeout [ 73.390129] Bluetooth: hci5: command 0x040f tx timeout [ 73.390164] Bluetooth: hci7: command 0x040f tx timeout [ 73.390610] Bluetooth: hci6: command 0x040f tx timeout [ 73.454104] Bluetooth: hci3: command 0x040f tx timeout [ 74.350242] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 75.310079] Bluetooth: hci0: command 0x0419 tx timeout [ 75.374076] Bluetooth: hci1: command 0x0419 tx timeout [ 75.374510] Bluetooth: hci4: command 0x0419 tx timeout [ 75.438072] Bluetooth: hci7: command 0x0419 tx timeout [ 75.438525] Bluetooth: hci5: command 0x0419 tx timeout [ 75.439643] Bluetooth: hci6: command 0x0419 tx timeout [ 75.502111] Bluetooth: hci3: command 0x0419 tx timeout [ 78.830103] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 81.342242] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.345440] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.346687] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.354252] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.358641] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 81.360785] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.367811] Bluetooth: hci2: HCI_REQ-0x0c1a [ 83.374168] Bluetooth: hci2: command 0x0409 tx timeout [ 85.422087] Bluetooth: hci2: command 0x041b tx timeout [ 87.470104] Bluetooth: hci2: command 0x040f tx timeout [ 89.519062] Bluetooth: hci2: command 0x0419 tx timeout 12:31:05 executing program 4: syz_mount_image$nfs(&(0x7f0000000040), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={[{'noacl'}]}) 12:31:05 executing program 3: setresuid(0x0, 0xee00, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040)=0x0, &(0x7f0000000080)) setresuid(r0, 0x0, 0x0) setresuid(0xee00, 0x0, 0x0) 12:31:05 executing program 4: syz_mount_image$nfs(&(0x7f0000000040), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={[{'noacl'}]}) 12:31:05 executing program 4: syz_mount_image$nfs(&(0x7f0000000040), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={[{'noacl'}]}) 12:31:05 executing program 3: setresuid(0x0, 0xee00, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040)=0x0, &(0x7f0000000080)) setresuid(r0, 0x0, 0x0) setresuid(0xee00, 0x0, 0x0) 12:31:05 executing program 4: setresuid(0x0, 0xee00, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040)=0x0, &(0x7f0000000080)) setresuid(r0, 0x0, 0x0) setresuid(0xee00, 0x0, 0x0) 12:31:06 executing program 4: setresuid(0x0, 0xee00, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040)=0x0, &(0x7f0000000080)) setresuid(r0, 0x0, 0x0) setresuid(0xee00, 0x0, 0x0) 12:31:06 executing program 3: setresuid(0x0, 0xee00, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040)=0x0, &(0x7f0000000080)) setresuid(r0, 0x0, 0x0) setresuid(0xee00, 0x0, 0x0) [ 121.291825] audit: type=1326 audit(1663936266.775:7): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3825 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f5d3c3b19 code=0x0 [ 121.671967] ext4: Unknown parameter 'mask' [ 121.679190] ext4: Unknown parameter 'mask' 12:31:12 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) 12:31:12 executing program 7: syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NET_DM_CMD_STOP(r0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 12:31:12 executing program 5: clone3(&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f00000009c0)=""/102391, 0xfffffffffffffeb7, 0x0, 0x0}, 0x63) 12:31:12 executing program 6: futex(&(0x7f0000000000), 0x5, 0x0, 0x0, &(0x7f00000001c0), 0x2000000) 12:31:12 executing program 3: get_robust_list(0x0, 0x0, 0xffffffffffffffff) 12:31:12 executing program 4: setresuid(0x0, 0xee00, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040)=0x0, &(0x7f0000000080)) setresuid(r0, 0x0, 0x0) setresuid(0xee00, 0x0, 0x0) 12:31:12 executing program 2: r0 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x2, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0) 12:31:12 executing program 1: shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000080)=""/163) [ 127.355497] audit: type=1326 audit(1663936272.823:8): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3968 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f5d3c3b19 code=0x0 12:31:12 executing program 5: clone3(&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f00000009c0)=""/102391, 0xfffffffffffffeb7, 0x0, 0x0}, 0x63) 12:31:12 executing program 3: get_robust_list(0x0, 0x0, 0xffffffffffffffff) 12:31:12 executing program 1: shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000080)=""/163) 12:31:12 executing program 2: r0 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x2, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0) 12:31:12 executing program 4: syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f0000000640)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}}}}}]}}, 0x0) [ 127.554118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.562588] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.077720] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.079768] misc raw-gadget: fail, usb_gadget_register_driver returned -16 12:31:13 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) 12:31:13 executing program 3: get_robust_list(0x0, 0x0, 0xffffffffffffffff) 12:31:13 executing program 5: clone3(&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f00000009c0)=""/102391, 0xfffffffffffffeb7, 0x0, 0x0}, 0x63) 12:31:13 executing program 1: shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000080)=""/163) 12:31:13 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) 12:31:13 executing program 2: r0 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x2, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0) 12:31:13 executing program 7: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x40000, 0xd, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f80000200040000300000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="00000000727241610500000007000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f73668553b300080820000400008000f80000200040000300000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10800}, {&(0x7f0000010600)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x11000}, {&(0x7f0000010700)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x11800}, {&(0x7f0000010800)="53595a4b414c4c45522020080000eb80325132510000eb80325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000c6eb70325132510000eb70325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000c6eb70325132510000eb70325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000c6eb70325132510000eb70325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000c6eb70325132510000eb703251070064000000", 0x120, 0x12000}, {&(0x7f0000010a00)="2e202020202020202020201000c6eb70325132510000eb7032510300000000002e2e2020202020202020201000c6eb70325132510000eb70325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000c6eb70325132510000eb70325104001a040000", 0x80, 0x16000}, {&(0x7f0000010b00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x1a000}, {&(0x7f0000011000)='syzkallers\x00'/32, 0x20, 0x1e000}, {&(0x7f0000011100)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x26000}], 0x0, &(0x7f0000011200)) 12:31:13 executing program 6: futex(&(0x7f0000000000), 0x5, 0x0, 0x0, &(0x7f00000001c0), 0x2000000) [ 128.152626] audit: type=1326 audit(1663936273.635:9): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4002 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f5d3c3b19 code=0x0 [ 128.204900] loop7: detected capacity change from 0 to 608 12:31:13 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd99}, 0xc) 12:31:13 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) 12:31:13 executing program 6: futex(&(0x7f0000000000), 0x5, 0x0, 0x0, &(0x7f00000001c0), 0x2000000) [ 128.368477] audit: type=1326 audit(1663936273.852:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4020 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f5d3c3b19 code=0x0 12:31:13 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd99}, 0xc) 12:31:13 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) 12:31:13 executing program 3: get_robust_list(0x0, 0x0, 0xffffffffffffffff) 12:31:13 executing program 7: setresuid(0x0, 0xee01, 0xffffffffffffffff) 12:31:13 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) [ 128.533833] audit: type=1400 audit(1663936274.017:11): avc: denied { open } for pid=4024 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.536785] audit: type=1400 audit(1663936274.017:12): avc: denied { kernel } for pid=4024 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.555885] ------------[ cut here ]------------ [ 128.555919] [ 128.555924] ====================================================== [ 128.555930] WARNING: possible circular locking dependency detected [ 128.555937] 6.0.0-rc6-next-20220923 #1 Not tainted [ 128.555950] ------------------------------------------------------ [ 128.555955] syz-executor.5/4030 is trying to acquire lock: 12:31:14 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) [ 128.555967] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 128.556039] [ 128.556039] but task is already holding lock: [ 128.556044] ffff88800d846020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 128.556096] [ 128.556096] which lock already depends on the new lock. [ 128.556096] [ 128.556101] [ 128.556101] the existing dependency chain (in reverse order) is: [ 128.556107] [ 128.556107] -> #3 (&ctx->lock){....}-{2:2}: [ 128.556133] _raw_spin_lock+0x2a/0x40 [ 128.556169] __perf_event_task_sched_out+0x53b/0x18d0 [ 128.556193] __schedule+0xedd/0x2470 [ 128.556219] schedule+0xda/0x1b0 [ 128.556244] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.556266] syscall_exit_to_user_mode+0x19/0x40 [ 128.556290] do_syscall_64+0x48/0x90 [ 128.556321] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.556345] [ 128.556345] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 128.556371] _raw_spin_lock_nested+0x30/0x40 [ 128.556406] raw_spin_rq_lock_nested+0x1e/0x30 [ 128.556430] task_fork_fair+0x63/0x4d0 [ 128.556461] sched_cgroup_fork+0x3d0/0x540 [ 128.556488] copy_process+0x4183/0x6e20 [ 128.556507] kernel_clone+0xe7/0x890 [ 128.556525] user_mode_thread+0xad/0xf0 [ 128.556544] rest_init+0x24/0x250 [ 128.556566] arch_call_rest_init+0xf/0x14 [ 128.556598] start_kernel+0x4c1/0x4e6 [ 128.556627] secondary_startup_64_no_verify+0xe0/0xeb [ 128.556653] [ 128.556653] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 128.556679] _raw_spin_lock_irqsave+0x39/0x60 [ 128.556714] try_to_wake_up+0xab/0x1930 [ 128.556739] up+0x75/0xb0 [ 128.556765] __up_console_sem+0x6e/0x80 [ 128.556794] console_unlock+0x46a/0x590 [ 128.556824] vprintk_emit+0x1bd/0x560 [ 128.556855] vprintk+0x84/0xa0 [ 128.556885] _printk+0xba/0xf1 [ 128.556905] kauditd_hold_skb.cold+0x3f/0x4e [ 128.556937] kauditd_send_queue+0x233/0x290 [ 128.556965] kauditd_thread+0x5da/0x9a0 [ 128.556991] kthread+0x2ed/0x3a0 [ 128.557018] ret_from_fork+0x22/0x30 [ 128.557041] [ 128.557041] -> #0 ((console_sem).lock){....}-{2:2}: [ 128.557067] __lock_acquire+0x2a02/0x5e70 [ 128.557099] lock_acquire+0x1a2/0x530 [ 128.557129] _raw_spin_lock_irqsave+0x39/0x60 [ 128.557164] down_trylock+0xe/0x70 [ 128.557192] __down_trylock_console_sem+0x3b/0xd0 [ 128.557223] vprintk_emit+0x16b/0x560 [ 128.557253] vprintk+0x84/0xa0 [ 128.557283] _printk+0xba/0xf1 [ 128.557302] report_bug.cold+0x72/0xab [ 128.557333] handle_bug+0x3c/0x70 12:31:14 executing program 7: setresuid(0x0, 0xee01, 0xffffffffffffffff) [ 128.557363] exc_invalid_op+0x14/0x50 [ 128.557395] asm_exc_invalid_op+0x16/0x20 [ 128.557417] group_sched_out.part.0+0x2c7/0x460 [ 128.557438] ctx_sched_out+0x8f1/0xc10 [ 128.557457] __perf_event_task_sched_out+0x6d0/0x18d0 [ 128.557481] __schedule+0xedd/0x2470 [ 128.557507] schedule+0xda/0x1b0 [ 128.557531] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.557552] syscall_exit_to_user_mode+0x19/0x40 [ 128.557575] do_syscall_64+0x48/0x90 [ 128.557606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.557630] [ 128.557630] other info that might help us debug this: [ 128.557630] [ 128.557635] Chain exists of: [ 128.557635] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 128.557635] [ 128.557663] Possible unsafe locking scenario: [ 128.557663] [ 128.557667] CPU0 CPU1 [ 128.557672] ---- ---- [ 128.557676] lock(&ctx->lock); [ 128.557686] lock(&rq->__lock); [ 128.557698] lock(&ctx->lock); [ 128.557710] lock((console_sem).lock); [ 128.557721] [ 128.557721] *** DEADLOCK *** [ 128.557721] [ 128.557724] 2 locks held by syz-executor.5/4030: [ 128.557737] #0: ffff88806cf37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 128.557793] #1: ffff88800d846020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 128.557846] [ 128.557846] stack backtrace: [ 128.557851] CPU: 1 PID: 4030 Comm: syz-executor.5 Not tainted 6.0.0-rc6-next-20220923 #1 [ 128.557875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 128.557889] Call Trace: [ 128.557895] [ 128.557902] dump_stack_lvl+0x8b/0xb3 [ 128.557937] check_noncircular+0x263/0x2e0 [ 128.557968] ? format_decode+0x26c/0xb50 [ 128.557998] ? print_circular_bug+0x450/0x450 [ 128.558031] ? enable_ptr_key_workfn+0x20/0x20 [ 128.558062] ? format_decode+0x26c/0xb50 [ 128.558095] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 128.558129] __lock_acquire+0x2a02/0x5e70 [ 128.558170] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 128.558213] lock_acquire+0x1a2/0x530 [ 128.558245] ? down_trylock+0xe/0x70 [ 128.558277] ? lock_release+0x750/0x750 [ 128.558316] ? vprintk+0x84/0xa0 [ 128.558350] _raw_spin_lock_irqsave+0x39/0x60 [ 128.558386] ? down_trylock+0xe/0x70 [ 128.558417] down_trylock+0xe/0x70 [ 128.558446] ? vprintk+0x84/0xa0 [ 128.558478] __down_trylock_console_sem+0x3b/0xd0 [ 128.558512] vprintk_emit+0x16b/0x560 [ 128.558548] vprintk+0x84/0xa0 [ 128.558581] _printk+0xba/0xf1 [ 128.558602] ? record_print_text.cold+0x16/0x16 [ 128.558632] ? report_bug.cold+0x66/0xab [ 128.558666] ? group_sched_out.part.0+0x2c7/0x460 [ 128.558689] report_bug.cold+0x72/0xab [ 128.558724] handle_bug+0x3c/0x70 [ 128.558757] exc_invalid_op+0x14/0x50 [ 128.558791] asm_exc_invalid_op+0x16/0x20 [ 128.558814] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 128.558841] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 128.558862] RSP: 0018:ffff88803eaffc48 EFLAGS: 00010006 [ 128.558879] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 128.558894] RDX: ffff88803eaf0000 RSI: ffffffff81564fb7 RDI: 0000000000000005 [ 128.558908] RBP: ffff88803eb00000 R08: 0000000000000005 R09: 0000000000000001 [ 128.558922] R10: 0000000000000000 R11: ffffffff865b005b R12: ffff88800d846000 [ 128.558937] R13: ffff88806cf3d140 R14: ffffffff8547d040 R15: 0000000000000002 [ 128.558958] ? group_sched_out.part.0+0x2c7/0x460 [ 128.558984] ? group_sched_out.part.0+0x2c7/0x460 [ 128.559009] ctx_sched_out+0x8f1/0xc10 [ 128.559034] __perf_event_task_sched_out+0x6d0/0x18d0 [ 128.559064] ? lock_is_held_type+0xd7/0x130 [ 128.559090] ? __perf_cgroup_move+0x160/0x160 [ 128.559113] ? set_next_entity+0x304/0x550 [ 128.559147] ? update_curr+0x267/0x740 [ 128.559182] ? lock_is_held_type+0xd7/0x130 [ 128.559208] __schedule+0xedd/0x2470 [ 128.559240] ? io_schedule_timeout+0x150/0x150 [ 128.559271] ? rcu_read_lock_sched_held+0x3e/0x80 [ 128.559310] schedule+0xda/0x1b0 [ 128.559338] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.559361] syscall_exit_to_user_mode+0x19/0x40 [ 128.559387] do_syscall_64+0x48/0x90 [ 128.559420] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.559445] RIP: 0033:0x7fe12e906b19 [ 128.559461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.559482] RSP: 002b:00007fe12be7c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 128.559502] RAX: 0000000000000001 RBX: 00007fe12ea19f68 RCX: 00007fe12e906b19 [ 128.559517] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe12ea19f6c [ 128.559531] RBP: 00007fe12ea19f60 R08: 000000000000000e R09: 0000000000000000 [ 128.559544] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe12ea19f6c [ 128.559558] R13: 00007ffff4348adf R14: 00007fe12be7c300 R15: 0000000000022000 [ 128.559583] [ 128.666811] WARNING: CPU: 1 PID: 4030 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 128.668221] Modules linked in: [ 128.668719] CPU: 1 PID: 4030 Comm: syz-executor.5 Not tainted 6.0.0-rc6-next-20220923 #1 [ 128.669925] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 128.671615] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 128.672453] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 128.675138] RSP: 0018:ffff88803eaffc48 EFLAGS: 00010006 [ 128.675961] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 128.677030] RDX: ffff88803eaf0000 RSI: ffffffff81564fb7 RDI: 0000000000000005 [ 128.678088] RBP: ffff88803eb00000 R08: 0000000000000005 R09: 0000000000000001 [ 128.679140] R10: 0000000000000000 R11: ffffffff865b005b R12: ffff88800d846000 [ 128.680217] R13: ffff88806cf3d140 R14: ffffffff8547d040 R15: 0000000000000002 [ 128.681271] FS: 00007fe12be7c700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 128.682438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.683274] CR2: 0000001b2de22000 CR3: 00000000177a8000 CR4: 0000000000350ee0 [ 128.684303] Call Trace: [ 128.684682] [ 128.685024] ctx_sched_out+0x8f1/0xc10 [ 128.685600] __perf_event_task_sched_out+0x6d0/0x18d0 [ 128.686348] ? lock_is_held_type+0xd7/0x130 [ 128.686980] ? __perf_cgroup_move+0x160/0x160 [ 128.687638] ? set_next_entity+0x304/0x550 [ 128.688280] ? update_curr+0x267/0x740 [ 128.688859] ? lock_is_held_type+0xd7/0x130 [ 128.689483] __schedule+0xedd/0x2470 [ 128.690075] ? io_schedule_timeout+0x150/0x150 [ 128.690803] ? rcu_read_lock_sched_held+0x3e/0x80 [ 128.691576] schedule+0xda/0x1b0 [ 128.692141] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.692917] syscall_exit_to_user_mode+0x19/0x40 [ 128.693665] do_syscall_64+0x48/0x90 [ 128.694260] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.695065] RIP: 0033:0x7fe12e906b19 [ 128.695643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.698471] RSP: 002b:00007fe12be7c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 128.699617] RAX: 0000000000000001 RBX: 00007fe12ea19f68 RCX: 00007fe12e906b19 [ 128.700692] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe12ea19f6c [ 128.701773] RBP: 00007fe12ea19f60 R08: 000000000000000e R09: 0000000000000000 [ 128.702849] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe12ea19f6c [ 128.703967] R13: 00007ffff4348adf R14: 00007fe12be7c300 R15: 0000000000022000 [ 128.705091] [ 128.705458] irq event stamp: 708 [ 128.705995] hardirqs last enabled at (707): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 128.707433] hardirqs last disabled at (708): [] __schedule+0x1225/0x2470 [ 128.708711] softirqs last enabled at (524): [] __irq_exit_rcu+0x11b/0x180 [ 128.709995] softirqs last disabled at (515): [] __irq_exit_rcu+0x11b/0x180 [ 128.711307] ---[ end trace 0000000000000000 ]--- 12:31:14 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd99}, 0xc) 12:31:14 executing program 6: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) 12:31:14 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) 12:31:14 executing program 1: openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/custom1\x00', 0x802, 0x0) 12:31:14 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000)=""/51, &(0x7f0000000040)=0x33) 12:31:14 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) 12:31:14 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd99}, 0xc) [ 129.011181] ieee80211 : Selected rate control algorithm 'minstrel_ht' [ 129.061466] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht' [ 129.100552] syz-executor.5 (4030) used greatest stack depth: 24664 bytes left 12:31:14 executing program 6: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) 12:31:14 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) 12:31:14 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000)=""/51, &(0x7f0000000040)=0x33) 12:31:14 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000580)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) bind$inet6(r0, &(0x7f00000044c0)={0xa, 0x0, 0x0, @dev}, 0x1c) 12:31:14 executing program 7: setresuid(0x0, 0xee01, 0xffffffffffffffff) 12:31:14 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) 12:31:14 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) 12:31:14 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x56ad, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000140), 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x6e, 0xa0, 0xfc00}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000009c0)) r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x4) perf_event_open$cgroup(&(0x7f0000000500)={0x5, 0x80, 0x1, 0x2, 0xc1, 0xf9, 0x0, 0xd26, 0x4854d, 0x5, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000240), 0x2}, 0x42000, 0x200, 0x40, 0x0, 0x7fffffff, 0x8, 0x1, 0x0, 0x9}, r0, 0x10, 0xffffffffffffffff, 0xc) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, r0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000001, 0x8010, 0xffffffffffffffff, 0x10000000) close(r0) r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x1, 0x8, 0x6a, 0xfe, 0x0, 0x3, 0x0, 0xb, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfccec63, 0x4, @perf_config_ext={0x1, 0x8000}, 0x20, 0x0, 0x4, 0x3, 0x0, 0x6, 0xff, 0x0, 0x81, 0x0, 0x1}, 0xffffffffffffffff, 0x0, r1, 0x9) syz_io_uring_setup(0x35a6, &(0x7f00000003c0)={0x0, 0x132c, 0x10, 0x2, 0x371}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000440), &(0x7f0000000480)) [ 129.219327] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht' 12:31:14 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000)=""/51, &(0x7f0000000040)=0x33) 12:31:14 executing program 6: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) 12:31:14 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000580)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) bind$inet6(r0, &(0x7f00000044c0)={0xa, 0x0, 0x0, @dev}, 0x1c) 12:31:14 executing program 7: setresuid(0x0, 0xee01, 0xffffffffffffffff) 12:31:14 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000580)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) bind$inet6(r0, &(0x7f00000044c0)={0xa, 0x0, 0x0, @dev}, 0x1c) 12:31:14 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) [ 129.405183] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht' 12:31:14 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000)=""/51, &(0x7f0000000040)=0x33) 12:31:14 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000580)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) bind$inet6(r0, &(0x7f00000044c0)={0xa, 0x0, 0x0, @dev}, 0x1c) 12:31:14 executing program 7: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) 12:31:14 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 12:31:14 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) [ 129.493642] loop6: detected capacity change from 0 to 264192 [ 129.520469] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht' [ 129.542025] hrtimer: interrupt took 18455 ns [ 129.559120] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 129.560627] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 129.561511] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 129.562356] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 40 00 [ 129.563334] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 30 prio class 2 [ 129.670740] syz-executor.5 (4094) used greatest stack depth: 24536 bytes left 12:31:15 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000580)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) bind$inet6(r0, &(0x7f00000044c0)={0xa, 0x0, 0x0, @dev}, 0x1c) 12:31:15 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000580)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) bind$inet6(r0, &(0x7f00000044c0)={0xa, 0x0, 0x0, @dev}, 0x1c) 12:31:15 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) 12:31:15 executing program 7: ptrace(0x10, 0x1) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0) 12:31:15 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) fcntl$setlease(r0, 0x400, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000080)='./file0\x00') 12:31:15 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x56ad, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000140), 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x6e, 0xa0, 0xfc00}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000009c0)) r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x4) perf_event_open$cgroup(&(0x7f0000000500)={0x5, 0x80, 0x1, 0x2, 0xc1, 0xf9, 0x0, 0xd26, 0x4854d, 0x5, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000240), 0x2}, 0x42000, 0x200, 0x40, 0x0, 0x7fffffff, 0x8, 0x1, 0x0, 0x9}, r0, 0x10, 0xffffffffffffffff, 0xc) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, r0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000001, 0x8010, 0xffffffffffffffff, 0x10000000) close(r0) r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x1, 0x8, 0x6a, 0xfe, 0x0, 0x3, 0x0, 0xb, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfccec63, 0x4, @perf_config_ext={0x1, 0x8000}, 0x20, 0x0, 0x4, 0x3, 0x0, 0x6, 0xff, 0x0, 0x81, 0x0, 0x1}, 0xffffffffffffffff, 0x0, r1, 0x9) syz_io_uring_setup(0x35a6, &(0x7f00000003c0)={0x0, 0x132c, 0x10, 0x2, 0x371}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000440), &(0x7f0000000480)) 12:31:15 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) 12:31:15 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 129.924904] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' [ 129.964447] loop6: detected capacity change from 0 to 264192 [ 129.979092] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' 12:31:15 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000580)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) bind$inet6(r0, &(0x7f00000044c0)={0xa, 0x0, 0x0, @dev}, 0x1c) 12:31:15 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) fcntl$setlease(r0, 0x400, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000080)='./file0\x00') 12:31:15 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) fcntl$setlease(r0, 0x400, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000080)='./file0\x00') 12:31:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 12:31:15 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) fcntl$setlease(r0, 0x400, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000080)='./file0\x00') [ 130.061332] loop1: detected capacity change from 0 to 264192 12:31:15 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) fcntl$setlease(r0, 0x400, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000080)='./file0\x00') 12:31:15 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) [ 130.125734] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 130.127753] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 130.128536] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 130.129270] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 40 00 [ 130.130103] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 30 prio class 2 [ 130.131673] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.132143] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.132731] Buffer I/O error on dev sr0, logical block 0, async page read [ 130.133413] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.133805] I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.134613] Buffer I/O error on dev sr0, logical block 1, async page read [ 130.135284] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.135673] I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.136383] Buffer I/O error on dev sr0, logical block 2, async page read [ 130.137127] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.137518] I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.138123] Buffer I/O error on dev sr0, logical block 3, async page read [ 130.138784] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.139196] I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.139798] Buffer I/O error on dev sr0, logical block 4, async page read [ 130.140471] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.140863] I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.141483] Buffer I/O error on dev sr0, logical block 5, async page read [ 130.142183] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.142575] I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.143371] Buffer I/O error on dev sr0, logical block 6, async page read [ 130.144132] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.144524] I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.145124] Buffer I/O error on dev sr0, logical block 7, async page read [ 130.155910] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' 12:31:15 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x56ad, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000140), 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x6e, 0xa0, 0xfc00}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000009c0)) r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x4) perf_event_open$cgroup(&(0x7f0000000500)={0x5, 0x80, 0x1, 0x2, 0xc1, 0xf9, 0x0, 0xd26, 0x4854d, 0x5, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000240), 0x2}, 0x42000, 0x200, 0x40, 0x0, 0x7fffffff, 0x8, 0x1, 0x0, 0x9}, r0, 0x10, 0xffffffffffffffff, 0xc) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, r0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000001, 0x8010, 0xffffffffffffffff, 0x10000000) close(r0) r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x1, 0x8, 0x6a, 0xfe, 0x0, 0x3, 0x0, 0xb, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfccec63, 0x4, @perf_config_ext={0x1, 0x8000}, 0x20, 0x0, 0x4, 0x3, 0x0, 0x6, 0xff, 0x0, 0x81, 0x0, 0x1}, 0xffffffffffffffff, 0x0, r1, 0x9) syz_io_uring_setup(0x35a6, &(0x7f00000003c0)={0x0, 0x132c, 0x10, 0x2, 0x371}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000440), &(0x7f0000000480)) 12:31:15 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) fcntl$setlease(r0, 0x400, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000080)='./file0\x00') 12:31:15 executing program 3: syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) 12:31:15 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$notify(r1, 0x402, 0x2) dup3(r0, r1, 0x0) [ 130.245658] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 130.246814] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 130.247611] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 130.248364] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 40 00 [ 130.250043] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.250490] Buffer I/O error on dev sr0, logical block 0, async page read [ 130.251207] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.251614] Buffer I/O error on dev sr0, logical block 1, async page read [ 130.252360] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.252905] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.253503] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.254344] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.254961] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.255546] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.256359] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.256915] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.257567] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.258189] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.258767] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.259353] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.259945] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.260527] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.261345] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.261887] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.262463] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.263013] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.263602] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.264242] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.264822] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.265452] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.266262] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.266840] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.267472] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.268045] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.268775] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.269221] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.269381] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.269535] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.269876] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.270046] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.270199] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.270346] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.270492] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.270654] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.270865] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.271085] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.271444] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.272687] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.273450] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.273777] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.273979] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.274727] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.275562] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 130.275782] sr 1:0:0:0: [sr0] tag#0 unaligned transfer VM DIAGNOSIS: 12:31:14 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000000 RCX=ffffffff817a9138 RDX=1ffffd40001ca799 RSI=0000000000000008 RDI=ffffea0000e53cc8 RBP=ffffea0000e53cc0 RSP=ffff88803ea9f618 R8 =0000000000000000 R9 =ffffea0000e53cc7 R10=fffff940001ca798 R11=0000000000000001 R12=0000000000000000 R13=ffff8880101851a0 R14=dffffc0000000000 R15=ffffea0000e53cc0 RIP=ffffffff816e3737 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020000180 CR3=000000001b172000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000028 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b17e1 RDI=ffffffff87645be0 RBP=ffffffff87645ba0 RSP=ffff88803eaff698 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000028 R11=0000000000000001 R12=0000000000000028 R13=ffffffff87645ba0 R14=0000000000000010 R15=ffffffff822b17d0 RIP=ffffffff822b1839 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe12be7c700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2de22000 CR3=00000000177a8000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fe12e9ed7c0 00007fe12e9ed7c8 YMM02=0000000000000000 0000000000000000 00007fe12e9ed7e0 00007fe12e9ed7c0 YMM03=0000000000000000 0000000000000000 00007fe12e9ed7c8 00007fe12e9ed7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000