Warning: Permanently added '[localhost]:59075' (ECDSA) to the list of known hosts.
2022/09/23 13:40:44 fuzzer started
2022/09/23 13:40:45 dialing manager at localhost:38881
syzkaller login: [   37.507260] cgroup: Unknown subsys name 'net'
[   37.625031] cgroup: Unknown subsys name 'rlimit'
2022/09/23 13:40:58 syscalls: 2215
2022/09/23 13:40:58 code coverage: enabled
2022/09/23 13:40:58 comparison tracing: enabled
2022/09/23 13:40:58 extra coverage: enabled
2022/09/23 13:40:58 setuid sandbox: enabled
2022/09/23 13:40:58 namespace sandbox: enabled
2022/09/23 13:40:58 Android sandbox: enabled
2022/09/23 13:40:58 fault injection: enabled
2022/09/23 13:40:58 leak checking: enabled
2022/09/23 13:40:58 net packet injection: enabled
2022/09/23 13:40:58 net device setup: enabled
2022/09/23 13:40:58 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/23 13:40:58 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/23 13:40:58 USB emulation: enabled
2022/09/23 13:40:58 hci packet injection: enabled
2022/09/23 13:40:58 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220923                                          )
2022/09/23 13:40:58 802.15.4 emulation: enabled
2022/09/23 13:40:58 fetching corpus: 50, signal 31102/32808 (executing program)
2022/09/23 13:40:58 fetching corpus: 100, signal 44326/47516 (executing program)
2022/09/23 13:40:59 fetching corpus: 150, signal 53434/57976 (executing program)
2022/09/23 13:40:59 fetching corpus: 200, signal 60215/66020 (executing program)
2022/09/23 13:40:59 fetching corpus: 250, signal 66676/73650 (executing program)
2022/09/23 13:40:59 fetching corpus: 300, signal 69755/77960 (executing program)
2022/09/23 13:40:59 fetching corpus: 350, signal 75007/84237 (executing program)
2022/09/23 13:40:59 fetching corpus: 400, signal 80853/90913 (executing program)
2022/09/23 13:40:59 fetching corpus: 450, signal 82925/94042 (executing program)
2022/09/23 13:40:59 fetching corpus: 500, signal 86725/98748 (executing program)
2022/09/23 13:41:00 fetching corpus: 550, signal 90813/103626 (executing program)
2022/09/23 13:41:00 fetching corpus: 600, signal 92580/106389 (executing program)
2022/09/23 13:41:00 fetching corpus: 650, signal 95325/109963 (executing program)
2022/09/23 13:41:00 fetching corpus: 700, signal 97452/112925 (executing program)
2022/09/23 13:41:00 fetching corpus: 750, signal 99448/115759 (executing program)
2022/09/23 13:41:00 fetching corpus: 800, signal 100851/118066 (executing program)
2022/09/23 13:41:00 fetching corpus: 850, signal 103923/121720 (executing program)
2022/09/23 13:41:00 fetching corpus: 900, signal 105854/124370 (executing program)
2022/09/23 13:41:01 fetching corpus: 950, signal 107710/126928 (executing program)
2022/09/23 13:41:01 fetching corpus: 1000, signal 110571/130257 (executing program)
2022/09/23 13:41:01 fetching corpus: 1050, signal 113100/133288 (executing program)
2022/09/23 13:41:01 fetching corpus: 1100, signal 114779/135636 (executing program)
2022/09/23 13:41:01 fetching corpus: 1150, signal 117767/138967 (executing program)
2022/09/23 13:41:01 fetching corpus: 1200, signal 119422/141153 (executing program)
2022/09/23 13:41:01 fetching corpus: 1250, signal 123229/144988 (executing program)
2022/09/23 13:41:01 fetching corpus: 1300, signal 125221/147396 (executing program)
2022/09/23 13:41:02 fetching corpus: 1350, signal 128052/150406 (executing program)
2022/09/23 13:41:02 fetching corpus: 1400, signal 129509/152349 (executing program)
2022/09/23 13:41:02 fetching corpus: 1450, signal 131212/154446 (executing program)
2022/09/23 13:41:02 fetching corpus: 1500, signal 132400/156093 (executing program)
2022/09/23 13:41:02 fetching corpus: 1550, signal 133406/157610 (executing program)
2022/09/23 13:41:02 fetching corpus: 1600, signal 134659/159258 (executing program)
2022/09/23 13:41:02 fetching corpus: 1650, signal 136338/161197 (executing program)
2022/09/23 13:41:02 fetching corpus: 1700, signal 137383/162672 (executing program)
2022/09/23 13:41:03 fetching corpus: 1750, signal 139059/164572 (executing program)
2022/09/23 13:41:03 fetching corpus: 1800, signal 140432/166276 (executing program)
2022/09/23 13:41:03 fetching corpus: 1850, signal 141996/167997 (executing program)
2022/09/23 13:41:03 fetching corpus: 1900, signal 143439/169615 (executing program)
2022/09/23 13:41:03 fetching corpus: 1950, signal 146205/172077 (executing program)
2022/09/23 13:41:03 fetching corpus: 2000, signal 147202/173392 (executing program)
2022/09/23 13:41:03 fetching corpus: 2050, signal 148236/174680 (executing program)
2022/09/23 13:41:03 fetching corpus: 2100, signal 149659/176260 (executing program)
2022/09/23 13:41:04 fetching corpus: 2150, signal 150152/177201 (executing program)
2022/09/23 13:41:04 fetching corpus: 2200, signal 151398/178598 (executing program)
2022/09/23 13:41:04 fetching corpus: 2250, signal 152431/179798 (executing program)
2022/09/23 13:41:04 fetching corpus: 2300, signal 153941/181288 (executing program)
2022/09/23 13:41:04 fetching corpus: 2350, signal 154713/182308 (executing program)
2022/09/23 13:41:04 fetching corpus: 2400, signal 156761/184044 (executing program)
2022/09/23 13:41:04 fetching corpus: 2450, signal 157821/185202 (executing program)
2022/09/23 13:41:04 fetching corpus: 2500, signal 158822/186319 (executing program)
2022/09/23 13:41:04 fetching corpus: 2550, signal 160068/187478 (executing program)
2022/09/23 13:41:05 fetching corpus: 2600, signal 161954/189091 (executing program)
2022/09/23 13:41:05 fetching corpus: 2650, signal 163404/190383 (executing program)
2022/09/23 13:41:05 fetching corpus: 2700, signal 165211/191826 (executing program)
2022/09/23 13:41:05 fetching corpus: 2750, signal 166163/192788 (executing program)
2022/09/23 13:41:05 fetching corpus: 2800, signal 167460/193888 (executing program)
2022/09/23 13:41:05 fetching corpus: 2850, signal 168462/194810 (executing program)
2022/09/23 13:41:05 fetching corpus: 2900, signal 169889/195925 (executing program)
2022/09/23 13:41:06 fetching corpus: 2950, signal 171010/196874 (executing program)
2022/09/23 13:41:06 fetching corpus: 3000, signal 171639/197625 (executing program)
2022/09/23 13:41:06 fetching corpus: 3050, signal 173326/198831 (executing program)
2022/09/23 13:41:06 fetching corpus: 3100, signal 174313/199654 (executing program)
2022/09/23 13:41:06 fetching corpus: 3150, signal 175234/200416 (executing program)
2022/09/23 13:41:06 fetching corpus: 3200, signal 177511/201744 (executing program)
2022/09/23 13:41:06 fetching corpus: 3250, signal 178387/202504 (executing program)
2022/09/23 13:41:07 fetching corpus: 3300, signal 179201/203168 (executing program)
2022/09/23 13:41:07 fetching corpus: 3350, signal 180400/204024 (executing program)
2022/09/23 13:41:07 fetching corpus: 3400, signal 181118/204653 (executing program)
2022/09/23 13:41:07 fetching corpus: 3450, signal 182203/205383 (executing program)
2022/09/23 13:41:07 fetching corpus: 3500, signal 182691/205898 (executing program)
2022/09/23 13:41:07 fetching corpus: 3550, signal 183743/206547 (executing program)
2022/09/23 13:41:07 fetching corpus: 3600, signal 184589/207123 (executing program)
2022/09/23 13:41:08 fetching corpus: 3650, signal 185395/207692 (executing program)
2022/09/23 13:41:08 fetching corpus: 3700, signal 186248/208313 (executing program)
2022/09/23 13:41:08 fetching corpus: 3750, signal 187294/208981 (executing program)
2022/09/23 13:41:08 fetching corpus: 3800, signal 188147/209503 (executing program)
2022/09/23 13:41:08 fetching corpus: 3850, signal 188726/209956 (executing program)
2022/09/23 13:41:08 fetching corpus: 3900, signal 189741/210487 (executing program)
2022/09/23 13:41:08 fetching corpus: 3950, signal 190584/210974 (executing program)
2022/09/23 13:41:08 fetching corpus: 4000, signal 191364/211464 (executing program)
2022/09/23 13:41:08 fetching corpus: 4050, signal 192488/212007 (executing program)
2022/09/23 13:41:09 fetching corpus: 4100, signal 193048/212380 (executing program)
2022/09/23 13:41:09 fetching corpus: 4150, signal 193786/212791 (executing program)
2022/09/23 13:41:09 fetching corpus: 4200, signal 195146/213372 (executing program)
2022/09/23 13:41:09 fetching corpus: 4250, signal 195713/213683 (executing program)
2022/09/23 13:41:09 fetching corpus: 4300, signal 196804/214103 (executing program)
2022/09/23 13:41:09 fetching corpus: 4350, signal 197775/214507 (executing program)
2022/09/23 13:41:09 fetching corpus: 4400, signal 198553/214846 (executing program)
2022/09/23 13:41:10 fetching corpus: 4450, signal 199630/215222 (executing program)
2022/09/23 13:41:10 fetching corpus: 4500, signal 200429/215534 (executing program)
2022/09/23 13:41:10 fetching corpus: 4550, signal 201068/215803 (executing program)
2022/09/23 13:41:10 fetching corpus: 4600, signal 201692/216036 (executing program)
2022/09/23 13:41:10 fetching corpus: 4650, signal 202197/216272 (executing program)
2022/09/23 13:41:10 fetching corpus: 4700, signal 202698/216483 (executing program)
2022/09/23 13:41:10 fetching corpus: 4750, signal 202955/216672 (executing program)
2022/09/23 13:41:10 fetching corpus: 4800, signal 203632/216876 (executing program)
2022/09/23 13:41:10 fetching corpus: 4850, signal 204256/217150 (executing program)
2022/09/23 13:41:11 fetching corpus: 4900, signal 204719/217311 (executing program)
2022/09/23 13:41:11 fetching corpus: 4950, signal 205585/217537 (executing program)
2022/09/23 13:41:11 fetching corpus: 5000, signal 205969/217665 (executing program)
2022/09/23 13:41:11 fetching corpus: 5050, signal 206407/217832 (executing program)
2022/09/23 13:41:11 fetching corpus: 5100, signal 206855/217981 (executing program)
2022/09/23 13:41:11 fetching corpus: 5150, signal 208155/218147 (executing program)
2022/09/23 13:41:11 fetching corpus: 5200, signal 208552/218237 (executing program)
2022/09/23 13:41:12 fetching corpus: 5250, signal 209976/218365 (executing program)
2022/09/23 13:41:12 fetching corpus: 5300, signal 210640/218466 (executing program)
2022/09/23 13:41:12 fetching corpus: 5350, signal 211347/218517 (executing program)
2022/09/23 13:41:12 fetching corpus: 5400, signal 212123/218527 (executing program)
2022/09/23 13:41:12 fetching corpus: 5404, signal 212188/218527 (executing program)
2022/09/23 13:41:12 fetching corpus: 5404, signal 212188/218527 (executing program)
2022/09/23 13:41:15 starting 8 fuzzer processes
13:41:15 executing program 0:
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x7cf}}, './file0\x00'})
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_START_SCHED_SCAN(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xf8, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xf3, 0x7}}}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0xc0, 0x7d, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xba, 0x1, "79a1b24e797d1a3c54172e8475a8469154372777b390cbb1dca6b73bc583aca15ca076781ca6e54bbdac377e32e1cac9aec4b1b86f349eff297d857b343ec74b50f196be75d76bd65f702aeabc5186edd680e43580e9b7b8553fbf3747f495c537af0521bbb9fbf9bb3b78ebe4195c51f5eeaa5b733a4e31fe02456314c76b2c2c47a3f2182cdd8c2bb3483f1678972d04d7e06aeb52293bdd65132c09d39d6a8f3ac624259be6334c67c84bec8d8db428820d8c0543"}]}, @NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac=@broadcast}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}]}, 0xf8}, 0x1, 0x0, 0x0, 0x810}, 0x40090)
stat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0))
r3 = creat(&(0x7f0000000340)='./file0\x00', 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, r4, 0x2, 0x70bd28, 0x25dfdbfb, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f00000006c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000500)={0x144, 0x1, 0x2, 0x3, 0x0, 0x0, {0xb, 0x0, 0x1}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x6}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x6}, @CTA_EXPECT_FN={0x8, 0xb, 'sip\x00'}, @CTA_EXPECT_NAT={0x110, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xf}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x74, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x3d}}, {0x8, 0x2, @local}}}]}, @CTA_EXPECT_NAT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @local}}}]}, @CTA_EXPECT_NAT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_NAT_DIR={0x8}]}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x3}]}, 0x144}, 0x1, 0x0, 0x0, 0x20000011}, 0x4000000)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000700)='/sys/module/e1000', 0xd0500, 0x90)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x58, r1, 0x4, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x7, 0x41}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x20b}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x7}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2c6}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1644}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x18}]}, 0x58}, 0x1, 0x0, 0x0, 0x20044000}, 0xc840)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000940), 0x80, 0x0)
pwritev(r6, &(0x7f0000000ac0)=[{&(0x7f0000000980)="2fb85062c8fc6a27cca175c243e3c08214a214849de8e4d2a0ea2f4320e42a6994bad9c849a65432b80179d8fb3ae4a88a592b7614b0cb35999285950fb96a192282864b840d2c04d39acb07445d7fd55d8a054ba991c1146723250e171c9055222272ea28e2e7", 0x67}, {&(0x7f0000000a00)="8d619f9e73d9ff6e0539a7509ddaaef900bd5ecf849634bdfa7c0ad0bfdbb5af459fc827ad183afcb8bab6bd698c2a7abdde853f47dbc20e392416588c2153d3608ab8b4e2211be67e162e375b829e0bfd00a22b1e1d55ece55df8ab4d69db14c69b78ec33818038a665a669a833bb7f81ac791a0c97f1f3387278c70cd6eea0e12b15595ac2764f3438c8a9b8a5ed310c78d96e62c9988e1b5bc7649799a00fcdaa0f4b", 0xa4}], 0x2, 0x7fab, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b40), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000b80)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x1c, r7, 0x2, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40080)
r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000cc0), 0x10380, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000c80), r9)
r10 = pidfd_getfd(0xffffffffffffffff, r3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000d00)={'vxcan1\x00'})

13:41:15 executing program 1:
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1001, 0x38)
chroot(&(0x7f0000000040)='./file0\x00')
r1 = openat(r0, &(0x7f0000000080)='./file0\x00', 0x4000, 0xc0)
r2 = openat(r1, &(0x7f00000000c0)='./file0\x00', 0x20400, 0x80)
syncfs(r2)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/devices\x00', 0x0, 0x0)
fcntl$getown(r2, 0x9)
setsockopt(r2, 0x7, 0x2, &(0x7f0000000140)="d0dfe73e9e34c277eae3441130e28793d7cba4bf94d0c4a34517c04d9976e9d18cc5399d26220095ecce964b6c5dcd68f27b5d6604d383d6b0daadf40eec6ff33db2119ede34ff098eca15a0afefb4fbbb0fb01dbd7888604849109f5db18781ad6ced9691d33ea79dbb6eba4b005e6ee09c3dda632d0f51d89cc01ff621e7ff52aacc0f96", 0x85)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
pwrite64(r3, &(0x7f0000000240)="b2f3dd0345a2aa97df3991e1ee26fc4103b36bbadaa4183dfa6e747140286b28260064a8ba63f522834e7a5e3891a29d2b28336e50653b44e3ae64e17ee5e3e5123dbe8e8def26d7613ed95522d3c2fdc5a85dfabd0d0c7b8f96b5a216c033865bb35f9d83db3888d5405459bff8737d503496f6e850770963106f6a3f3938f0bc9e8b91", 0x84, 0x5)
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000300), &(0x7f0000000340)=0x4)
r4 = openat$incfs(r1, &(0x7f0000000380)='.pending_reads\x00', 0x80343, 0x81)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r4, 0xc0406619, &(0x7f00000003c0)={@desc={0x1, 0x0, @desc1}})
renameat2(r1, &(0x7f0000000400)='./file0\x00', r0, &(0x7f0000000440)='./file0\x00', 0x0)
chown(&(0x7f0000000480)='./file0\x00', 0xee00, 0xee01)
setsockopt$inet6_IPV6_PKTINFO(r4, 0x29, 0x32, &(0x7f00000004c0)={@private0={0xfc, 0x0, '\x00', 0x1}}, 0x14)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000500), 0xb8040, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(r5, 0x80049370, &(0x7f0000000540))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000580)='/sys/module/devres', 0x0, 0x8)

13:41:15 executing program 2:
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x80, 0x160)
ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f0000000040)={{0x0, 0xad2}, 0x100})
bind$unix(r0, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000200), 0x441, 0x0)
fcntl$setstatus(r1, 0x4, 0x40000)
bind$unix(r1, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e)
r2 = openat2(r0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x10080, 0x10, 0x10}, 0x18)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000340))
ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000540))
bind$unix(r1, &(0x7f0000000580)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
r3 = fcntl$dupfd(r0, 0x406, r1)
connect$unix(r3, &(0x7f0000000600)=@file={0x1, './file0\x00'}, 0x6e)
r4 = syz_mount_image$vfat(&(0x7f0000000680), &(0x7f00000006c0)='./file0\x00', 0x25dc9571, 0x3, &(0x7f0000000940)=[{&(0x7f0000000700)="0aa06e701fcaa2f985e84ba87836905535c56884740eb5356e835ce0ae63d93859ee41450501a360bb414606d3c25971e60b5137f80a13df501dcb3952ad86913fae7781a8653d35e3dc0099ed63388c066db14b3655472f01119a708c615b31a151a853393da7016067f244304abef94732e8d178a16ded3b665be6d258310e9d", 0x81, 0x80}, {&(0x7f00000007c0)="0f82b7a711c58666ee2980e4e89166fa20498b32aa0b3cb586494a621186e30c84424cef098dc24aabbb869e424afbc68dd8fce62eed93c2234cc0a0afcef8ab2c36dd67b03d6318128fc0b18b6c26a038bd3eb9173c870f675e115ae780dd2c0128e6b72f9cf91ddd9884d850bbbe0433778d1c4a17667ca686bcc78093014bbeb29f21ad87cced609e9a8fdf06", 0x8e, 0x5}, {&(0x7f0000000880)="0e474980ed3bc07b2cac08e12ba88dd47c1fcc94b450a4ab4196c51eb388b4bddddc3efb1814d46bc37e8017e4e98f24294a42bebaa613c2d748f36f52ad138042a53ac3401c51fb7d69846e43b7424302ce60b47d93eb12a7d987347c78a58fd43fa13ffcec65073cbcfba974de9d5f28920eb9a87215991d8f008063332ad0d9db28425b977422425d61178f5efc1a7849a0c48d7b46a943ab74177157600470c6d26228e7c426", 0xa8, 0x76}], 0x40, &(0x7f00000009c0)={[{@numtail}, {@shortname_win95}, {@nonumtail}, {@uni_xlateno}, {@shortname_win95}, {@shortname_win95}, {@rodir}, {@utf8}], [{@fowner_gt={'fowner>', 0xee01}}, {@euid_eq}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@obj_role={'obj_role', 0x3d, '/dev/vcsu\x00'}}, {@audit}]})
r5 = openat(r4, &(0x7f0000000ac0)='./file0\x00', 0x303040, 0xc1)
r6 = syz_open_dev$ptys(0xc, 0x3, 0x1)
preadv2(r6, &(0x7f0000000f40)=[{&(0x7f0000000b00)=""/122, 0x7a}, {&(0x7f0000000b80)=""/174, 0xae}, {&(0x7f0000000c40)=""/54, 0x36}, {&(0x7f0000000c80)=""/40, 0x28}, {&(0x7f0000000cc0)=""/105, 0x69}, {&(0x7f0000000d40)=""/145, 0x91}, {&(0x7f0000000e00)=""/94, 0x5e}, {&(0x7f0000000e80)=""/141, 0x8d}], 0x8, 0x80000001, 0x9, 0x8)
preadv(r6, &(0x7f0000001080)=[{&(0x7f0000000fc0)=""/148, 0x94}], 0x1, 0x3, 0x8)
getsockname$unix(r5, &(0x7f00000010c0)=@abs, &(0x7f0000001140)=0x6e)
openat(r3, &(0x7f0000001180)='./file0\x00', 0x54d80, 0x12)
ioctl$EXT4_IOC_CHECKPOINT(r1, 0x4004662b, &(0x7f00000011c0))

13:41:15 executing program 4:
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)

[   67.225876] audit: type=1400 audit(1663940475.178:6): avc:  denied  { execmem } for  pid=281 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
13:41:15 executing program 5:
prlimit64(0x0, 0x0, &(0x7f0000000000)={0x3, 0x3f}, &(0x7f0000000040))
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=<r0=>0x0)
prlimit64(r0, 0x2, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f00000000c0)={0x4, 0x7}, &(0x7f0000000100))
r1 = getpgid(r0)
prlimit64(r1, 0x7, &(0x7f0000000140)={0x7, 0x1}, &(0x7f0000000180))
prlimit64(r1, 0x3, 0x0, &(0x7f00000001c0))
getrlimit(0x7, &(0x7f0000000200))
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_WAITACTIVE(r2, 0x5607)
ioctl$TCXONC(r2, 0x540a, 0x0)
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000240)=<r3=>0x0)
prlimit64(r3, 0x5, &(0x7f0000000280)={0xd1a, 0x8}, &(0x7f00000002c0))
prlimit64(r3, 0x7, &(0x7f0000000300)={0x2, 0x5}, &(0x7f0000000340))
prlimit64(r3, 0x8, &(0x7f0000000380)={0xb5, 0x280000000000}, &(0x7f00000003c0))
prlimit64(r0, 0x8, &(0x7f0000000400)={0xfffffffffffffe00, 0x6}, &(0x7f0000000440))
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000480)=<r4=>0x0)
prlimit64(r4, 0x9, &(0x7f00000004c0)={0xfc00000000000000, 0x5}, &(0x7f0000000500))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000540)={0x0, <r5=>0x0})
prlimit64(r5, 0x1, &(0x7f00000005c0)={0x7fff}, &(0x7f0000000600))

13:41:15 executing program 6:
r0 = socket(0x2, 0x4, 0x1)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000000c0)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000)="173cadc8deb7204ffacba39c2fec76b9a3b6b70ed12f366e6e2cab2745a470e2dc81514c7d863f395e07e1180150073ba4ef9d3d4caf8f863423015a5154b1e35a20bbece11891e1f0e11a3af0745726fc31e016a5a49cc49468f9627d5ff000f24f159d3dcb72977b9857d7f198fd7d62d7b05e3099ee9eaef81b3c99c782445a664a12122da507eec578a8a8bf5ca662f31be4eb0f6dd1b8aa27fb49fe170d2bedb0212c", 0xa5, r0}, 0x68)
write(r0, &(0x7f0000000140)="174e85c48b2850cba20a5da84d5b3c0f618ea1c6267f2cec8535b125c7f76e01", 0x20)
r1 = accept$inet(r0, &(0x7f0000000180)={0x2, 0x0, @multicast2}, &(0x7f00000001c0)=0x10)
r2 = accept(r1, 0x0, &(0x7f0000000200))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000240)={@remote, @dev={0xac, 0x14, 0x14, 0x26}, 0x1, 0x4, [@dev={0xac, 0x14, 0x14, 0x37}, @remote, @private=0xa010100, @broadcast]}, 0x20)
accept(r0, &(0x7f0000000280)=@can={0x1d, <r4=>0x0}, &(0x7f0000000300)=0x80)
bind$packet(r2, &(0x7f0000000340)={0x11, 0xf6, r4, 0x1, 0x1f, 0x6, @random="39c4ab1bcd36"}, 0x14)
listen(r1, 0xec)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18, r3, {0xee01, 0xffffffffffffffff}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r5=>r2, {0x7}}, './file1\x00'})
sendfile(r5, r0, &(0x7f0000000400)=0x23d8463e, 0x101)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000440)='/sys/module/psmouse', 0x642a090a9104270d, 0x3)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r6, 0x8983, &(0x7f0000000480)={0x1, 'netpci0\x00', {}, 0x4d})
syz_io_uring_setup(0x3bcc, &(0x7f00000004c0)={0x0, 0x2280, 0x4, 0x2, 0x180, 0x0, r6}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000540), &(0x7f0000000580))
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000005c0)={@private=0xa010102, @empty, 0x1, 0x1, [@empty]}, 0x14)
syz_io_uring_setup(0x6744, &(0x7f0000000600)={0x0, 0x16b6, 0x4, 0x2, 0x13a, 0x0, r5}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000680), &(0x7f00000006c0))
r7 = creat(&(0x7f0000000700)='./file1\x00', 0x1)
getsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f0000000740)={{{@in=@broadcast, @in=@initdev}}, {{@in6=@mcast1}, 0x0, @in6=@loopback}}, &(0x7f0000000840)=0xe8)

13:41:15 executing program 7:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, &(0x7f0000000040)={0x8, 'wg1\x00', {'veth1_to_bond\x00'}, 0x7ff})
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0, {0x980b}}, './file0\x00'})
getsockopt$IP_SET_OP_GET_BYNAME(r1, 0x1, 0x53, &(0x7f00000000c0)={0x6, 0x7, 'syz2\x00'}, &(0x7f0000000100)=0x28)
r2 = dup3(r0, r1, 0x80000)
perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x1, 0x40, 0x9, 0xdb, 0x0, 0xfffffffffffff000, 0x40000, 0x8, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x100, 0x4, @perf_config_ext={0x9, 0x1ff}, 0x8080, 0x0, 0x8, 0x9, 0xff1d, 0x2, 0x5, 0x0, 0xffff, 0x0, 0x38000}, 0x0, 0xd, r2, 0x0)
r3 = accept4(0xffffffffffffffff, &(0x7f00000001c0)=@nfc, &(0x7f0000000240)=0x80, 0x80800)
setsockopt$inet6_icmp_ICMP_FILTER(r3, 0x1, 0x1, &(0x7f0000000280)={0x4cd1}, 0x4)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000340)={'veth1_to_batadv\x00', &(0x7f00000002c0)=@ethtool_link_settings={0x4c, 0x5, 0x6, 0x5, 0x1, 0x1, 0x8d, 0x40, 0x1f, 0x4, [0x3, 0x7fffffff, 0x1e5, 0x1, 0xffffff7b, 0x8001, 0x10001, 0x3], [0x2, 0x80000000, 0x7, 0xa22, 0x1, 0x2, 0x8, 0xd38f, 0x1]}})
r4 = syz_open_dev$vcsu(&(0x7f0000000380), 0x6, 0x200)
ioctl$AUTOFS_DEV_IOCTL_READY(r4, 0xc0189376, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r5=>r1, {0x40}}, './file0\x00'})
bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e22, 0xffffffe1, @mcast2, 0x6b2}, 0x1c)
r6 = dup3(r3, r4, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000440), &(0x7f0000000480)=0xc)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, 0x0, 0x709, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x1c}}, 0x20048801)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r5, 0x29, 0x37, &(0x7f00000005c0)={0x129, 0xc, '\x00', [@calipso={0x7, 0x28, {0x0, 0x8, 0x20, 0xf937, [0xffffffffffffffc1, 0x9, 0x401, 0x1]}}, @ra={0x5, 0x2, 0x81}, @generic={0x72, 0x2d, "73b479679a2964a990c041a2bcfef1dba5fe1d93b4bc8765e6248ea161abd18f371793da884d709d63377d33b0"}, @enc_lim]}, 0x68)
getsockopt$inet_IP_IPSEC_POLICY(r6, 0x0, 0x10, &(0x7f0000000680)={{{@in=@dev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast1}}, &(0x7f0000000780)=0xe8)
getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000000940)={{{@in6=@private1, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@loopback}, 0x0, @in6=@private1}}, &(0x7f0000000a40)=0xe8)
getsockname$packet(r4, &(0x7f0000000a80)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000ac0)=0x14)
sendmsg$ETHTOOL_MSG_EEE_GET(r4, &(0x7f0000000f80)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000f40)={&(0x7f0000000d00)={0x23c, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x23c}, 0x1, 0x0, 0x0, 0x14}, 0x4040000)

13:41:15 executing program 3:
sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x1d0, 0x1, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x3ff}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0x4, 0x6}}, @NFQA_PAYLOAD={0xc5, 0xa, "52a392f51f844fcec1f6d968ec334906f58e9148b85eb79da7c03ea4d916bf796d3d1a35e0fcfc448ed4623d37a00dc71c148927dcaf3fa3e42bedb40d76488dda40c8114d5c087b4382049ca3d577171614a3fdfb93e452d2582a8e207a844f231f7216ea95c6c7207267c8c208fe937deba99d82fe7edb72ee498810de6db054f8cfb2f50f1deb6fdde7894654167a078e78181cd6be5cfd9825d1ad77667c998511ceff892938fe552d7feeb9e01af5c07c7a1dd417596abcf7bb3ac9b65f5d"}, @NFQA_CT={0xc, 0xb, 0x0, 0x1, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x2}]}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffe, 0x3}}, @NFQA_VLAN={0x24, 0x13, 0x0, 0x1, [@NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x1}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0xfff}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x7}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x4}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0x1}}, @NFQA_VLAN={0x4c, 0x13, 0x0, 0x1, [@NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0xf0b6}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x7e77b0ed339c7081}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x4}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x9a8}, @NFQA_VLAN_PROTO={0x6}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x1ff}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0xfffb}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x988}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x8001}]}, @NFQA_EXP={0x44, 0xf, 0x0, 0x1, [@CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x62b}, @CTA_EXPECT_MASTER={0x38, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x80000000}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x40080}, 0x40000)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x2c, 0x0, 0x10, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xec, 0x52}}}}, [@NL80211_ATTR_MAC={0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x40044)
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x54, r0, 0x19, 0x70bd2b, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x54}, 0x1, 0x0, 0x0, 0x4e666b5aee81e042}, 0x1)
socketpair(0x11, 0x3, 0x4, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000005c0)={0x0, <r3=>0x0})
r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000640)='ns/time\x00')
sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f00000007c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000780)={&(0x7f0000000680)={0xd0, 0x0, 0x10, 0x70bd26, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r4}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x80}, 0x4)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), r2)
sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f0000000900)={&(0x7f0000000800), 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x34, r5, 0x400, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3f, 0x1e}}}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "c8f39ef63541d86584c4bfd05c5be74d"}]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x41)
r6 = msgget$private(0x0, 0x30e)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000940)={{0x1, 0x1, 0x18, <r7=>r2, {0x0, <r8=>0xffffffffffffffff}}, './file0\x00'})
ioctl$NS_GET_OWNER_UID(r4, 0xb704, &(0x7f0000000980)=<r9=>0x0)
msgctl$IPC_SET(r6, 0x1, &(0x7f00000009c0)={{0x1, 0xee00, r8, r9, 0x0, 0x0, 0x41}, 0x0, 0x0, 0x1, 0x7, 0x39, 0x100, 0x7, 0x3, 0x1ff, 0x8, r3, r3})
ioctl$EXT4_IOC_GETSTATE(r1, 0x40046629, &(0x7f0000000a40))
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r4, 0xd000943e, &(0x7f0000000a80)={0x0, <r10=>0x0, "07ee4a66aa23897015a90654322e382a2407ad1cf17c937d98a63d9e65c7b73a623958b0675c15b51c6b47a81bf5d31c85cb952d9aaf6dca6ce4acc73959c349f1a6ea4e3bf7ea530ea0fc11cfddca781589459b96ff79b937dc0362028209ad08f3f51228dd484f078c79f3c3345d351b9b1a7396f1fba069cf6fba6a24e7ec07765abcc1ed26ea577ac44bb724d0f926707e30ae01cd4e587d807d5a8be1425a589b738d40b363d35b78f2f8d6d0a1e071ad7341824ab404471e182f9e4989a39635fc6c36dc70d2ad0e0f06eed3a7a6351a1ed8af4f6b03ae29504a86d099a7589f04dc7d7b9e22a8558df9d9b3246a4303ff97cf3ca0bf7061f21164fcff", "87bf29cf8db90052e240e094c3aaeb7817ebdae06b5797979fd016908cf8c628060067f39edc0bdc26a2935e79c02a2cf6a79d9eed1aa02f07787851ba699853b9efc4425d3f2c13ee85eeae1f8a84553b07c2b25250201504453d92cecdff6479b00cb50067148f86963da0d77f544d13a066b72e6a6093366c62150f14fad11a1f00c30b4b3299efe439b9f66dadc24eec2b0b8bb469d6643acb94610b23a21cb00265495c6e9a69e815d26f99ed4da43fb95b505c666d9b55c829f85ca1e251ab10440e3e8b79de99509bedac5cfeb432ad2d11c88c72e64286119f7439e1772b0f43feb8616cd6dc48adeb7c7cba8f98b136df40e5152e4075e8d07ed80a7fe709ff8be3e0d81e222742a5b6c7ea76a390dd99f3469242a4434ccd0e029cca0b26829608132c926b6edb3c250ec3810305f730ef9dae23e340a99d26209ce06066149a5a9fa4bf4e82f05dbb35c8137493b68c25d899d65a591cb50dd5ebff5f9133c7fc577447337e68b7d57a1b55f5448a4ea7a5b2f44d4d780210d705b570b61bd39ab209ae2b3f7e9bdbaa276bca8dca2feff8fad249a883ab9d57fcfe45d67e192bb17aa6410543a9eb51be381b29bc9d2660d19cebf2c2db628eff7682870963dcd65a31cfb3fd459476157942a7b1adddae45e302803da3630618c0a15998858b8cd72a0a137f380ff3699079f95d9c7b38dec761bd8b074418ef47cf4b15093ab9d80d051016c9412c4c4c0132bd04d202f908bd6bb0e63cecc356ac7f00b0470255983077eaf2032821757a5b928644316477183c088295c5129ffe7ea31ad9452ba8fd966414e02a2033b09d07d30abc91b5234a81b1c88abc873d44206f8d78bad9b7ef1cc7a186ecd6d93ffc8b5f94f6445ec40a617efd801cbce8e3675983cb5588acc7392d3dceac530ea33673cab982277cfae8332e64162f0cea0a5c03e77fc0f7c70d30f29304c0f729cf3941b5c0e4d4d310a94fca6f45d12923b1b5e767da8cc94230b0a2a0dc39b673c3700cc693e5c2123f6591347906b2fce0779e2a1dbc77aa50255404ebade54def61f112f59f758b5bb20f1992de43b90a16a2c7dd342d24f592bc2e002b9b726fa8542dd62f09726b247df75c4640fc8f4be1925859585c423aa0f603d990c93cb9e8981f42175e2be4a04d84be594be8b10740c0c52884fe4f54aa51345ee3ffee746b1de566e3eceba9073db028ebb4e3dab4dd66f03878b2005f171bdd14b51fba5f1d03bc2bc93d50f8fd5cd6049e8b2662b33900306f417f8422b419d30508a6ae953149ed59c91e2f1268a8fed51889080417dab51dfb42d8a9e69910e2f6d941d9ddadd5e21bf1f295f3bf2526ae89e83f4c8ba88bc4a4bfb4cf1fd0c864aa34b4538eda1a35661256f80c5025cc1f380512819dbc66d15bc24435a2f5db4ae7d3a06714024d239adb69c710fe6a073217394861dc1aea2b424e7c691adcb38eb99f1090b3f4083fb6098e7849c9d924e0d4749de9809ebf9e0df41eaad52fe41395fcbc635bfb42509b5e1b5613e4f3ac9f7a275195751946e15ad584c77969fe4bcd6c9cee9623f6663e989dd8fb797c34afa8103837ab3afbb5faedadeb981f8d4c2d243c08adde18cb24160bb8ebd607f6c053ebb2cb5390e31b3603033e9ebbbc95f581e17e03c5cef21930b0a445fa462a1779fccfcc193cb3bb67cead5386c9a340da837f1dca5526889dd09130f6a44e5ccff1cb32917f1eb91df3e8ac49ad09a50ce161a89737795494ba32e17c8cbb17e8e1b921fa2f801bdf4f46b500fab5cc207d0167ac4e92a5dc5b0bdf9bad97079551e49104390052b32aeb07ea4af1b0a6892ffc6c722e1e01438e1a82e240415694e5786c7d52e855906d0aa3e6b4027ab518c5510ad59648004ca08a404de2b85fe6ef35e94e7d4825da92222ad6d961af07f8899b65eb268e569d2b70c2fe591d974e91d9ae40f105d2a985a71acd8d3093f27af74445ce4044f178ea8e68c5320c866fe107defea4d82dee6621a5f3383689addbcccc3d43c304c640bbe5492c32b361a9cee08d9cce89abde3315c1813a80f404f096951bab1344bf425541399a9afade0b4642fded94ed216e8cadc8ef2708961daadf80a722ad7a1c4b25910316c16b3c81fb4250642b6ae6853617f422caf80599a4e8535d90b618b00ef927e701bc31897f1e34e88c7190b2f888e6d8512a5fafdb9c6a389292d5b655653eff1c3d3b92c936f8e1a95cfc75a768eadd85bda31f078e967f8b41a21ad4d5775cfbf300b0e02fd3ed079f429b06523b4fb645e7b8857a3c13db8306f0c48cf15674f2b5419fb548f6adbc24b70698d3a1dd0a22781a15e6a61e22909a6c4dcfa1e699a11a75b253daee344ee9630782a7e58b381bc3f25077a816b8b61a0d7e18e3825f9446a6420fd233dca97c6d2299f1fa46a6dc0718023954ee6c4d6dbb3535eff29e822e3b396071e47e5dee18b2651ff416ff2ed4f58aad75593f781c7f0b23cd21ad1e1f62de436f9d2ca394c9e5b3846d319f874aaa5582608205e40e5e7db36c68523bda2633f6f2348d16f13c2745cf5a104f2b8ddbcd60a4c3ba78576fe37da3c349b3e59c38e298b70ed6369591cf4dfb18746e6574e557618ae40c06d8826e4d44967a400dc298d53d23ab8e98dd0bec0f6f9b9fa6d8eceae43f89b7989be27182275ecd33ad7af3895ec8a211b7852dcfcad8eefd7a4ceb11401e2ff278088720898dd2250b4f841320acbc2fea1ac153de1a3c16064949f6b890330980419d8572a17eef1965220507b3486e86239c446e7f953136c614bcb472a03a38acaeb09ea953227b9ce15f362d7935c1dec620b324efd9a9b1697488946dfef3bbd75bc25bac5268927602ca5ad7f00a647023e5a29a28b8ca5f56f673b3941109ff293328de6b43e2bc85d9134f14498813667f9a6888382cce2811d0486e88cc47a43c4cfb687b2993ebc30f7519c3fd4ae6f62e01e75d739bcdcf4172178c129d5f43df55eaaafc4c8354dd119f7d6ac2abd44d93f11cbcbfbc3ee0dd1817fb40d59ce02b529f61d3c3356ae86773374ca914b934848913b8f3a59b0335daed7e0f7827d563a4e337c996fec24efa069f07abca2fedf9e0c6e10f13ac6c101aeeae5a7e5dd71c588599adfe78eb8efb7eb160f5a76eb3a557787afa688a0e3b6b93f22aa44c38ce9ab599be9419544e9255cec13aee8ec96c8246cfcf94aa7432a10fe872d93db034115a13cd88c1e60b4e03d813636c75108ee54dba6b36b1a77ff6197f43a526ecf848f0b95a701922026288174ab8b19ef2bac805ed9778c44dc6f17ee7e62645818d31c55f6eb6a03c2feac155a7f44513f7e7dc96c7e21cacc43a9d9f13010865b283c6df482b99e70a9961b56cb0e05ae1d2917e08cfa69cd107448625aad2b1f96625ad72274b6b6277ae8cf6631c4c1ba54e650a3780008eb0f2161c40218e293b2cd382d506f37ede9bbabb056e1cd69cd744bc474a3582ebd8f285cf1dea8d9dac8977fc295d49fa2436c4073cc522649613ce007da50f2e2954e9a72eb6411d0b1f0f3b0a356be0271f9924e0dbd4c8b10d22dc6e1be2a1e6453e12dc8c2e02ffb9ae6cc710bc4bfe792386a7eca28e1c4dca5f6b7df082c82dc98e7b18412ebb408ed3f615ff8b4ab50ab9e2a16be82bf2061fc9c0abb6aa92e79910d41f34fec6cc5e987771b5ca2898509bcd16fb2fb81a46116398db3d2ae81ef60f6eced7e7fb3706024f5f6356697357fed86617d8e94855cd10e804a4982836ba6d30e7db071b3525363a907cb2f4d2e38241d5ae7abacc87b85edf29b58a4fdf5c90bf1163541d772e8f975089b80ef0d09c52b9e5203549d2d3c846b60789c3f9e73c54af7ef21f8315ddf4ae458b5ccb6ab6c385b7d2c53d754cc49798ca722f0bcb094a1ba9925f44b2b368a19ad4514553e50d8d4a835d4044cc03d0ee76d99617ab13c1e319e6128ee02605f4eba0db6e0fd39c1b228e19231bd1a82055ea1b79ab494810cc7397f07cd22107f613aab8c97bfa66e93fa4d88384a56f7b5f0002804099749881e6a5385c531c57a4eec8a83afeffa75fe48e08d9cd62f5e1e384f19f2594153cab3eaaa0f9acdb5c283a0e99a2b7fc1bcea3087c566ba0ef92c187f10c4ab7552733bd56361af082731e7f54cb69fc16b52276a2f7755f1447a143641af7fb7279b4871dfb9e46c6382786f47f00e2b2cc2fab51921dc173967c9be57f0740e2338935f697626b958b664424551bc426c79b029e81f685c2f11828ebd023343deb024327b3e5e5177d71d540cb1c3842515acef48930c40f7e18d6bb1380c962f9fb00d271ecc413b0dbd3f25ef76505be0413b044f081894c64e60cfdfa651cb350e8220e6d43b9802e48abc7ed20fa9decd92301d748131fc9c805862fd2c966c371a864804344100d245caeb55639682ce34b39e04b59a3a77715020fbbf35e5db18e80b90584fd314e500aa3849704d807381c12ed0a1869c9e190b7b6876684adc25ef7d7891b84c8a6bbccf66effba1a56660a3a25803aeaddec42dab1e1ddbbc73ec48c5b4400bb89767e8fd6afa49ca5130b0c149e2022bdfa8250411523981ea990f5288a6e65e33a4c1828e6d8215e2c51cf9b7d676d605a7b52ffb7434ef7706579c6979f92e3b758db931d15b7ce77934176d68fd42a5e434bc7daa1e486027901606237fef6f15d539c2a3fb2085b34e6ab50058b52e57d7a7be3b3b3583ba0bbec3f10ea9edec237da6878e880ed809c4e858a796355594c65ad50547bbed5298e6705d756500a8d130e33c64196db5ada5bbc21e640c89b68c84952e93f248026c8b27b1430249dd5167a2e59afd5a420fda97b9661d7171c8880ab2840122597c3e2e4c34879f75a5fe9085331da57d88b9bc4621a544edc1338176e73beaf28ee2974e8dc94a2be40e9b6882934a570df369fe11e8bba3b1559459552ef68344facbac574f69e1ee41e9fee8a497f87ea1260712ef2a2405ca32e57791dd443b9fcbb38c9569207222de6456cd079c068db03addab3ca5547a432b26cbd597a9d5c83542a40f617f786f376a4c4ed97dcfd1d7dfe313f86255f36496ac6ca71129529e16eaaa44117e651354fc063ac0468fcbbc1130023dcaca09b65d39719c05bcb44808d9b9dbf7c45ddac83e5a7a63dc0ebd7196c860e0e05372d5aee0bb62faf7fdda6ce5a6ddbf996d9c0aecd8bafbe790e95405125fe9d3dc7f28f244e4654428382d1b50962a4ad00892644618be86bf31a435e1dd0926dd4751e68e5b0f87317718db709f783504ebe1852d0653e76f89888011bf27837422eb8a3a22d87aa85a223bf141d9261a73ffa809d188e4a7d2b7e04a392e0fee662"})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r4, 0xc0709411, &(0x7f0000001a80)={{<r11=>0x0, 0x3, 0xbd4b, 0x32119fb4, 0x8001, 0x20, 0xfffffffffffffff7, 0x9, 0x7, 0xb8, 0x2, 0x3, 0x0, 0x55328e8b, 0x61000}, 0x10, [0x0, 0x0]})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r7, 0xd000943d, &(0x7f0000001b00)={0x2, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r12=>0x0}], 0x5, "e4ba1a69730924"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000002b00)={<r13=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000677c0)={0x9, [{}, {r10}, {r11, r12}, {}, {r13}], 0x4, "071a7af818dfa4"})

[   68.518356] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   68.519975] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   68.522069] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   68.524330] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   68.525372] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   68.527317] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   68.530147] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   68.532889] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   68.534298] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   68.536733] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   68.538636] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   68.539954] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   68.545552] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   68.546819] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   68.548287] Bluetooth: hci1: HCI_REQ-0x0c1a
[   68.553282] Bluetooth: hci0: HCI_REQ-0x0c1a
[   68.576585] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   68.580866] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   68.582935] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   68.584437] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   68.585736] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   68.589994] Bluetooth: hci2: HCI_REQ-0x0c1a
[   68.590946] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   68.593983] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   68.599759] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   68.601597] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   68.608506] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   68.617039] Bluetooth: hci3: HCI_REQ-0x0c1a
[   68.635795] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   68.640462] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   68.641762] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   68.642121] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   68.644729] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   68.646464] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   68.647682] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   68.651682] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   68.658989] Bluetooth: hci5: HCI_REQ-0x0c1a
[   68.683480] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   68.695909] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   68.717815] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   68.723962] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   68.735433] Bluetooth: hci4: HCI_REQ-0x0c1a
[   70.588767] Bluetooth: hci0: command 0x0409 tx timeout
[   70.589402] Bluetooth: hci1: command 0x0409 tx timeout
[   70.651266] Bluetooth: hci2: command 0x0409 tx timeout
[   70.651352] Bluetooth: hci6: Opcode 0x c03 failed: -110
[   70.652230] Bluetooth: hci3: command 0x0409 tx timeout
[   70.716246] Bluetooth: hci5: command 0x0409 tx timeout
[   70.779365] Bluetooth: hci4: command 0x0409 tx timeout
[   70.780450] Bluetooth: hci7: Opcode 0x c03 failed: -110
[   72.635307] Bluetooth: hci1: command 0x041b tx timeout
[   72.636104] Bluetooth: hci0: command 0x041b tx timeout
[   72.699354] Bluetooth: hci3: command 0x041b tx timeout
[   72.700122] Bluetooth: hci2: command 0x041b tx timeout
[   72.763271] Bluetooth: hci5: command 0x041b tx timeout
[   72.827284] Bluetooth: hci4: command 0x041b tx timeout
[   73.607123] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   73.611119] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   73.613213] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   73.619349] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   73.623353] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   73.625649] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   73.636679] Bluetooth: hci6: HCI_REQ-0x0c1a
[   74.684342] Bluetooth: hci0: command 0x040f tx timeout
[   74.684814] Bluetooth: hci1: command 0x040f tx timeout
[   74.748224] Bluetooth: hci2: command 0x040f tx timeout
[   74.748664] Bluetooth: hci3: command 0x040f tx timeout
[   74.811733] Bluetooth: hci5: command 0x040f tx timeout
[   74.876249] Bluetooth: hci4: command 0x040f tx timeout
[   75.709016] Bluetooth: hci6: command 0x0409 tx timeout
[   75.836287] Bluetooth: hci7: Opcode 0x c03 failed: -110
[   76.732285] Bluetooth: hci1: command 0x0419 tx timeout
[   76.732730] Bluetooth: hci0: command 0x0419 tx timeout
[   76.796372] Bluetooth: hci3: command 0x0419 tx timeout
[   76.796844] Bluetooth: hci2: command 0x0419 tx timeout
[   76.860317] Bluetooth: hci5: command 0x0419 tx timeout
[   76.923317] Bluetooth: hci4: command 0x0419 tx timeout
[   77.757535] Bluetooth: hci6: command 0x041b tx timeout
[   79.803359] Bluetooth: hci6: command 0x040f tx timeout
[   80.379270] Bluetooth: hci7: Opcode 0x c03 failed: -110
[   81.851260] Bluetooth: hci6: command 0x0419 tx timeout
[   83.116935] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   83.136969] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   83.147397] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   83.181916] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   83.186252] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   83.201804] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   83.222084] Bluetooth: hci7: HCI_REQ-0x0c1a
[   85.244291] Bluetooth: hci7: command 0x0409 tx timeout
[   87.291277] Bluetooth: hci7: command 0x041b tx timeout
[   89.339265] Bluetooth: hci7: command 0x040f tx timeout
[   91.387229] Bluetooth: hci7: command 0x0419 tx timeout
13:42:08 executing program 6:
r0 = syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
rename(0x0, &(0x7f0000000040)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffffff, 0x0, 0x40, 0x1)
openat(r0, &(0x7f0000000200)='./file1\x00', 0x80000, 0x0)
r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000002c0), 0x1cd802, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x2811, r2, 0x0)
r3 = openat2(r2, &(0x7f0000000000)='./file1\x00', &(0x7f0000000440)={0x101001, 0x144, 0x15}, 0x18)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r4, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fallocate(r5, 0x10, 0x0, 0x6)
fcntl$getown(r5, 0x9)
pwritev(r3, &(0x7f0000000240)=[{&(0x7f0000000300)="0702bb36edefdf8fef90cc99fd26b912bc9bfc3e2d485b598390aa39f3897b10d03bc2682aa953379ed8236c609bd71ab0ab291b82bf4a43072d6cba93bb6354b2fb3f96ff2702cc173f0f082641a049966edca98826b3d92f3e728f5b2a07fecaecf45876b68d67eea2e25b5e94f8de", 0x70}, {&(0x7f0000000380)="a1e1d63a5f76c9b7780f97886ba74e970d5ec2ac8ff37e5c0490e864b975087aac20d1e14ac6dd8cda0e030963c297c8c236061b1efbeef27cad5d9653f299560039f45fc5816310a32e24b23cba756eca76dc4a07250d3b7297b4513f31773c9adf5c2ab0076d5568bf457543e68353b7397807e759ba3508cf9bcafb2d41e6e166ad3ae0b18cbd18135d61680d9a5b86696d7fdd77d19651cec1d1a75a5316e41ff6", 0xa3}, {&(0x7f0000000540)="def80b8db0c796fd5537ce41b187d128adc82d16f0c39e9c6448e1705aa9b8eb8ec799d0ced0fc64eacbd103a94578ff010000008874530050a13a292d6272ee13a066fc6a7f71b01ad53c18c6f8ccd7e850189c630d7c2cb2519c78ff", 0x5d}, {&(0x7f00000004c0)="a3808eb3934f3df40907a015fd1ffce225cc4147403d6ed67127ece4b81aba77ad8fe6ae3ded384743ea26ef9ad9d4ba5b14bd3b9afff0bc0d51a8c6514501336b83dc38d81a6b026a6344732d801fb416b7f3e859fd78ec8a6ad5b519be8aaa641d457848c514", 0x67}], 0x4, 0x0, 0x401)

[  120.261871] audit: type=1400 audit(1663940528.214:7): avc:  denied  { open } for  pid=3555 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  120.263396] audit: type=1400 audit(1663940528.214:8): avc:  denied  { kernel } for  pid=3555 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  120.278773] ------------[ cut here ]------------
[  120.278825] 
[  120.278828] ======================================================
[  120.278832] WARNING: possible circular locking dependency detected
[  120.278836] 6.0.0-rc6-next-20220923 #1 Not tainted
[  120.278842] ------------------------------------------------------
[  120.278846] syz-executor.6/3556 is trying to acquire lock:
[  120.278852] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  120.278892] 
[  120.278892] but task is already holding lock:
[  120.278896] ffff88800cf20420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  120.278924] 
[  120.278924] which lock already depends on the new lock.
[  120.278924] 
[  120.278927] 
[  120.278927] the existing dependency chain (in reverse order) is:
[  120.278931] 
[  120.278931] -> #3 (&ctx->lock){....}-{2:2}:
[  120.278945]        _raw_spin_lock+0x2a/0x40
[  120.278964]        __perf_event_task_sched_out+0x53b/0x18d0
[  120.278976]        __schedule+0xedd/0x2470
[  120.278990]        schedule+0xda/0x1b0
[  120.279003]        futex_wait_queue+0xf5/0x1e0
[  120.279014]        futex_wait+0x28e/0x690
[  120.279024]        do_futex+0x2ff/0x380
[  120.279034]        __x64_sys_futex+0x1c6/0x4d0
[  120.279044]        do_syscall_64+0x3b/0x90
[  120.279060]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  120.279072] 
[  120.279072] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  120.279086]        _raw_spin_lock_nested+0x30/0x40
[  120.279104]        raw_spin_rq_lock_nested+0x1e/0x30
[  120.279117]        task_fork_fair+0x63/0x4d0
[  120.279133]        sched_cgroup_fork+0x3d0/0x540
[  120.279147]        copy_process+0x4183/0x6e20
[  120.279161]        kernel_clone+0xe7/0x890
[  120.279170]        user_mode_thread+0xad/0xf0
[  120.279180]        rest_init+0x24/0x250
[  120.279191]        arch_call_rest_init+0xf/0x14
[  120.279209]        start_kernel+0x4c1/0x4e6
[  120.279224]        secondary_startup_64_no_verify+0xe0/0xeb
[  120.279238] 
[  120.279238] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  120.279251]        _raw_spin_lock_irqsave+0x39/0x60
[  120.279269]        try_to_wake_up+0xab/0x1930
[  120.279282]        up+0x75/0xb0
[  120.279295]        __up_console_sem+0x6e/0x80
[  120.279311]        console_unlock+0x46a/0x590
[  120.279327]        do_con_write+0xc05/0x1d50
[  120.279339]        con_write+0x21/0x40
[  120.279349]        n_tty_write+0x4d4/0xfe0
[  120.279362]        file_tty_write.constprop.0+0x49c/0x8f0
[  120.279375]        vfs_write+0x9c3/0xd90
[  120.279393]        ksys_write+0x127/0x250
[  120.279412]        do_syscall_64+0x3b/0x90
[  120.279428]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  120.279440] 
[  120.279440] -> #0 ((console_sem).lock){....}-{2:2}:
[  120.279454]        __lock_acquire+0x2a02/0x5e70
[  120.279470]        lock_acquire+0x1a2/0x530
[  120.279486]        _raw_spin_lock_irqsave+0x39/0x60
[  120.279504]        down_trylock+0xe/0x70
[  120.279518]        __down_trylock_console_sem+0x3b/0xd0
[  120.279534]        vprintk_emit+0x16b/0x560
[  120.279549]        vprintk+0x84/0xa0
[  120.279565]        _printk+0xba/0xf1
[  120.279576]        report_bug.cold+0x72/0xab
[  120.279592]        handle_bug+0x3c/0x70
[  120.279608]        exc_invalid_op+0x14/0x50
[  120.279624]        asm_exc_invalid_op+0x16/0x20
[  120.279635]        group_sched_out.part.0+0x2c7/0x460
[  120.279646]        ctx_sched_out+0x8f1/0xc10
[  120.279656]        __perf_event_task_sched_out+0x6d0/0x18d0
[  120.279668]        __schedule+0xedd/0x2470
[  120.279681]        schedule+0xda/0x1b0
[  120.279693]        futex_wait_queue+0xf5/0x1e0
[  120.279704]        futex_wait+0x28e/0x690
[  120.279713]        do_futex+0x2ff/0x380
[  120.279722]        __x64_sys_futex+0x1c6/0x4d0
[  120.279732]        do_syscall_64+0x3b/0x90
[  120.279748]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  120.279760] 
[  120.279760] other info that might help us debug this:
[  120.279760] 
[  120.279763] Chain exists of:
[  120.279763]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  120.279763] 
[  120.279778]  Possible unsafe locking scenario:
[  120.279778] 
[  120.279780]        CPU0                    CPU1
[  120.279782]        ----                    ----
[  120.279785]   lock(&ctx->lock);
[  120.279791]                                lock(&rq->__lock);
[  120.279797]                                lock(&ctx->lock);
[  120.279803]   lock((console_sem).lock);
[  120.279809] 
[  120.279809]  *** DEADLOCK ***
[  120.279809] 
[  120.279811] 2 locks held by syz-executor.6/3556:
[  120.279818]  #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  120.279846]  #1: ffff88800cf20420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  120.279874] 
[  120.279874] stack backtrace:
[  120.279876] CPU: 0 PID: 3556 Comm: syz-executor.6 Not tainted 6.0.0-rc6-next-20220923 #1
[  120.279889] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  120.279897] Call Trace:
[  120.279901]  <TASK>
[  120.279905]  dump_stack_lvl+0x8b/0xb3
[  120.279923]  check_noncircular+0x263/0x2e0
[  120.279939]  ? format_decode+0x26c/0xb50
[  120.279955]  ? print_circular_bug+0x450/0x450
[  120.279972]  ? queued_spin_lock_slowpath+0xcd/0xc80
[  120.279986]  ? format_decode+0x26c/0xb50
[  120.280005]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  120.280025]  __lock_acquire+0x2a02/0x5e70
[  120.280046]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  120.280068]  lock_acquire+0x1a2/0x530
[  120.280084]  ? down_trylock+0xe/0x70
[  120.280100]  ? lock_release+0x750/0x750
[  120.280120]  ? vprintk+0x84/0xa0
[  120.280138]  _raw_spin_lock_irqsave+0x39/0x60
[  120.280156]  ? down_trylock+0xe/0x70
[  120.280172]  down_trylock+0xe/0x70
[  120.280187]  ? vprintk+0x84/0xa0
[  120.280204]  __down_trylock_console_sem+0x3b/0xd0
[  120.280220]  vprintk_emit+0x16b/0x560
[  120.280239]  vprintk+0x84/0xa0
[  120.280256]  _printk+0xba/0xf1
[  120.280267]  ? record_print_text.cold+0x16/0x16
[  120.280282]  ? report_bug.cold+0x66/0xab
[  120.280299]  ? group_sched_out.part.0+0x2c7/0x460
[  120.280311]  report_bug.cold+0x72/0xab
[  120.280329]  handle_bug+0x3c/0x70
[  120.280346]  exc_invalid_op+0x14/0x50
[  120.280363]  asm_exc_invalid_op+0x16/0x20
[  120.280375] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  120.280389] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  120.280401] RSP: 0018:ffff88803e7df8f8 EFLAGS: 00010006
[  120.280410] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  120.280417] RDX: ffff88801da59ac0 RSI: ffffffff81564fb7 RDI: 0000000000000005
[  120.280425] RBP: ffff888008668000 R08: 0000000000000005 R09: 0000000000000001
[  120.280433] R10: 0000000000000000 R11: ffffffff865b001b R12: ffff88800cf20400
[  120.280440] R13: ffff88806ce3d140 R14: ffffffff8547d040 R15: 0000000000000002
[  120.280451]  ? group_sched_out.part.0+0x2c7/0x460
[  120.280464]  ? group_sched_out.part.0+0x2c7/0x460
[  120.280477]  ctx_sched_out+0x8f1/0xc10
[  120.280490]  __perf_event_task_sched_out+0x6d0/0x18d0
[  120.280505]  ? lock_is_held_type+0xd7/0x130
[  120.280519]  ? __perf_cgroup_move+0x160/0x160
[  120.280530]  ? set_next_entity+0x304/0x550
[  120.280550]  ? lock_is_held_type+0xd7/0x130
[  120.280563]  __schedule+0xedd/0x2470
[  120.280579]  ? io_schedule_timeout+0x150/0x150
[  120.280594]  ? futex_wait_setup+0x166/0x230
[  120.280608]  schedule+0xda/0x1b0
[  120.280623]  futex_wait_queue+0xf5/0x1e0
[  120.280635]  futex_wait+0x28e/0x690
[  120.280647]  ? futex_wait_setup+0x230/0x230
[  120.280660]  ? wake_up_q+0x8b/0xf0
[  120.280673]  ? do_raw_spin_unlock+0x4f/0x220
[  120.280692]  ? futex_wake+0x158/0x490
[  120.280708]  ? fd_install+0x1f9/0x640
[  120.280724]  do_futex+0x2ff/0x380
[  120.280735]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  120.280751]  __x64_sys_futex+0x1c6/0x4d0
[  120.280763]  ? __x64_sys_futex_time32+0x480/0x480
[  120.280776]  ? syscall_enter_from_user_mode+0x1d/0x50
[  120.280789]  ? syscall_enter_from_user_mode+0x1d/0x50
[  120.280804]  do_syscall_64+0x3b/0x90
[  120.280821]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  120.280834] RIP: 0033:0x7f6dcaa19b19
[  120.280842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  120.280853] RSP: 002b:00007f6dc7f8f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  120.280864] RAX: ffffffffffffffda RBX: 00007f6dcab2cf68 RCX: 00007f6dcaa19b19
[  120.280871] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6dcab2cf68
[  120.280878] RBP: 00007f6dcab2cf60 R08: 0000000000000000 R09: 0000000000000000
[  120.280886] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6dcab2cf6c
[  120.280893] R13: 00007ffe5217827f R14: 00007f6dc7f8f300 R15: 0000000000022000
[  120.280905]  </TASK>
[  120.340308] WARNING: CPU: 0 PID: 3556 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  120.340955] Modules linked in:
[  120.341186] CPU: 0 PID: 3556 Comm: syz-executor.6 Not tainted 6.0.0-rc6-next-20220923 #1
[  120.341755] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  120.342545] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  120.342934] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  120.344205] RSP: 0018:ffff88803e7df8f8 EFLAGS: 00010006
[  120.344577] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  120.345075] RDX: ffff88801da59ac0 RSI: ffffffff81564fb7 RDI: 0000000000000005
[  120.345581] RBP: ffff888008668000 R08: 0000000000000005 R09: 0000000000000001
[  120.346085] R10: 0000000000000000 R11: ffffffff865b001b R12: ffff88800cf20400
[  120.346590] R13: ffff88806ce3d140 R14: ffffffff8547d040 R15: 0000000000000002
[  120.347099] FS:  00007f6dc7f8f700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  120.347665] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  120.348073] CR2: 00007f60a9df1260 CR3: 000000000f4ea000 CR4: 0000000000350ef0
[  120.348582] Call Trace:
[  120.348768]  <TASK>
[  120.348936]  ctx_sched_out+0x8f1/0xc10
[  120.349220]  __perf_event_task_sched_out+0x6d0/0x18d0
[  120.349595]  ? lock_is_held_type+0xd7/0x130
[  120.349914]  ? __perf_cgroup_move+0x160/0x160
[  120.350239]  ? set_next_entity+0x304/0x550
[  120.350549]  ? lock_is_held_type+0xd7/0x130
[  120.350863]  __schedule+0xedd/0x2470
[  120.351136]  ? io_schedule_timeout+0x150/0x150
[  120.351472]  ? futex_wait_setup+0x166/0x230
[  120.351792]  schedule+0xda/0x1b0
[  120.352047]  futex_wait_queue+0xf5/0x1e0
[  120.352348]  futex_wait+0x28e/0x690
[  120.352614]  ? futex_wait_setup+0x230/0x230
[  120.352927]  ? wake_up_q+0x8b/0xf0
[  120.353194]  ? do_raw_spin_unlock+0x4f/0x220
[  120.353533]  ? futex_wake+0x158/0x490
[  120.353844]  ? fd_install+0x1f9/0x640
[  120.354138]  do_futex+0x2ff/0x380
[  120.354406]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  120.354837]  __x64_sys_futex+0x1c6/0x4d0
[  120.355147]  ? __x64_sys_futex_time32+0x480/0x480
[  120.355519]  ? syscall_enter_from_user_mode+0x1d/0x50
[  120.355911]  ? syscall_enter_from_user_mode+0x1d/0x50
[  120.356306]  do_syscall_64+0x3b/0x90
[  120.356595]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  120.356980] RIP: 0033:0x7f6dcaa19b19
[  120.357263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  120.358620] RSP: 002b:00007f6dc7f8f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  120.359161] RAX: ffffffffffffffda RBX: 00007f6dcab2cf68 RCX: 00007f6dcaa19b19
[  120.359630] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6dcab2cf68
[  120.360098] RBP: 00007f6dcab2cf60 R08: 0000000000000000 R09: 0000000000000000
[  120.360563] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6dcab2cf6c
[  120.361029] R13: 00007ffe5217827f R14: 00007f6dc7f8f300 R15: 0000000000022000
[  120.361504]  </TASK>
[  120.361663] irq event stamp: 2220
[  120.361896] hardirqs last  enabled at (2219): [<ffffffff8425030d>] syscall_enter_from_user_mode+0x1d/0x50
[  120.362524] hardirqs last disabled at (2220): [<ffffffff84259645>] __schedule+0x1225/0x2470
[  120.363075] softirqs last  enabled at (1884): [<ffffffff8116fa8b>] __irq_exit_rcu+0x11b/0x180
[  120.363642] softirqs last disabled at (1875): [<ffffffff8116fa8b>] __irq_exit_rcu+0x11b/0x180
[  120.364209] ---[ end trace 0000000000000000 ]---
13:42:08 executing program 6:
r0 = syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
rename(0x0, &(0x7f0000000040)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffffff, 0x0, 0x40, 0x1)
openat(r0, &(0x7f0000000200)='./file1\x00', 0x80000, 0x0)
r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000002c0), 0x1cd802, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x2811, r2, 0x0)
r3 = openat2(r2, &(0x7f0000000000)='./file1\x00', &(0x7f0000000440)={0x101001, 0x144, 0x15}, 0x18)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r4, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fallocate(r5, 0x10, 0x0, 0x6)
fcntl$getown(r5, 0x9)
pwritev(r3, &(0x7f0000000240)=[{&(0x7f0000000300)="0702bb36edefdf8fef90cc99fd26b912bc9bfc3e2d485b598390aa39f3897b10d03bc2682aa953379ed8236c609bd71ab0ab291b82bf4a43072d6cba93bb6354b2fb3f96ff2702cc173f0f082641a049966edca98826b3d92f3e728f5b2a07fecaecf45876b68d67eea2e25b5e94f8de", 0x70}, {&(0x7f0000000380)="a1e1d63a5f76c9b7780f97886ba74e970d5ec2ac8ff37e5c0490e864b975087aac20d1e14ac6dd8cda0e030963c297c8c236061b1efbeef27cad5d9653f299560039f45fc5816310a32e24b23cba756eca76dc4a07250d3b7297b4513f31773c9adf5c2ab0076d5568bf457543e68353b7397807e759ba3508cf9bcafb2d41e6e166ad3ae0b18cbd18135d61680d9a5b86696d7fdd77d19651cec1d1a75a5316e41ff6", 0xa3}, {&(0x7f0000000540)="def80b8db0c796fd5537ce41b187d128adc82d16f0c39e9c6448e1705aa9b8eb8ec799d0ced0fc64eacbd103a94578ff010000008874530050a13a292d6272ee13a066fc6a7f71b01ad53c18c6f8ccd7e850189c630d7c2cb2519c78ff", 0x5d}, {&(0x7f00000004c0)="a3808eb3934f3df40907a015fd1ffce225cc4147403d6ed67127ece4b81aba77ad8fe6ae3ded384743ea26ef9ad9d4ba5b14bd3b9afff0bc0d51a8c6514501336b83dc38d81a6b026a6344732d801fb416b7f3e859fd78ec8a6ad5b519be8aaa641d457848c514", 0x67}], 0x4, 0x0, 0x401)

13:42:08 executing program 6:
r0 = syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
rename(0x0, &(0x7f0000000040)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffffff, 0x0, 0x40, 0x1)
openat(r0, &(0x7f0000000200)='./file1\x00', 0x80000, 0x0)
r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000002c0), 0x1cd802, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x2811, r2, 0x0)
r3 = openat2(r2, &(0x7f0000000000)='./file1\x00', &(0x7f0000000440)={0x101001, 0x144, 0x15}, 0x18)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r4, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fallocate(r5, 0x10, 0x0, 0x6)
fcntl$getown(r5, 0x9)
pwritev(r3, &(0x7f0000000240)=[{&(0x7f0000000300)="0702bb36edefdf8fef90cc99fd26b912bc9bfc3e2d485b598390aa39f3897b10d03bc2682aa953379ed8236c609bd71ab0ab291b82bf4a43072d6cba93bb6354b2fb3f96ff2702cc173f0f082641a049966edca98826b3d92f3e728f5b2a07fecaecf45876b68d67eea2e25b5e94f8de", 0x70}, {&(0x7f0000000380)="a1e1d63a5f76c9b7780f97886ba74e970d5ec2ac8ff37e5c0490e864b975087aac20d1e14ac6dd8cda0e030963c297c8c236061b1efbeef27cad5d9653f299560039f45fc5816310a32e24b23cba756eca76dc4a07250d3b7297b4513f31773c9adf5c2ab0076d5568bf457543e68353b7397807e759ba3508cf9bcafb2d41e6e166ad3ae0b18cbd18135d61680d9a5b86696d7fdd77d19651cec1d1a75a5316e41ff6", 0xa3}, {&(0x7f0000000540)="def80b8db0c796fd5537ce41b187d128adc82d16f0c39e9c6448e1705aa9b8eb8ec799d0ced0fc64eacbd103a94578ff010000008874530050a13a292d6272ee13a066fc6a7f71b01ad53c18c6f8ccd7e850189c630d7c2cb2519c78ff", 0x5d}, {&(0x7f00000004c0)="a3808eb3934f3df40907a015fd1ffce225cc4147403d6ed67127ece4b81aba77ad8fe6ae3ded384743ea26ef9ad9d4ba5b14bd3b9afff0bc0d51a8c6514501336b83dc38d81a6b026a6344732d801fb416b7f3e859fd78ec8a6ad5b519be8aaa641d457848c514", 0x67}], 0x4, 0x0, 0x401)

13:42:08 executing program 6:
r0 = syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
rename(0x0, &(0x7f0000000040)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffffff, 0x0, 0x40, 0x1)
openat(r0, &(0x7f0000000200)='./file1\x00', 0x80000, 0x0)
r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000002c0), 0x1cd802, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x2811, r2, 0x0)
r3 = openat2(r2, &(0x7f0000000000)='./file1\x00', &(0x7f0000000440)={0x101001, 0x144, 0x15}, 0x18)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r4, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fallocate(r5, 0x10, 0x0, 0x6)
fcntl$getown(r5, 0x9)
pwritev(r3, &(0x7f0000000240)=[{&(0x7f0000000300)="0702bb36edefdf8fef90cc99fd26b912bc9bfc3e2d485b598390aa39f3897b10d03bc2682aa953379ed8236c609bd71ab0ab291b82bf4a43072d6cba93bb6354b2fb3f96ff2702cc173f0f082641a049966edca98826b3d92f3e728f5b2a07fecaecf45876b68d67eea2e25b5e94f8de", 0x70}, {&(0x7f0000000380)="a1e1d63a5f76c9b7780f97886ba74e970d5ec2ac8ff37e5c0490e864b975087aac20d1e14ac6dd8cda0e030963c297c8c236061b1efbeef27cad5d9653f299560039f45fc5816310a32e24b23cba756eca76dc4a07250d3b7297b4513f31773c9adf5c2ab0076d5568bf457543e68353b7397807e759ba3508cf9bcafb2d41e6e166ad3ae0b18cbd18135d61680d9a5b86696d7fdd77d19651cec1d1a75a5316e41ff6", 0xa3}, {&(0x7f0000000540)="def80b8db0c796fd5537ce41b187d128adc82d16f0c39e9c6448e1705aa9b8eb8ec799d0ced0fc64eacbd103a94578ff010000008874530050a13a292d6272ee13a066fc6a7f71b01ad53c18c6f8ccd7e850189c630d7c2cb2519c78ff", 0x5d}, {&(0x7f00000004c0)="a3808eb3934f3df40907a015fd1ffce225cc4147403d6ed67127ece4b81aba77ad8fe6ae3ded384743ea26ef9ad9d4ba5b14bd3b9afff0bc0d51a8c6514501336b83dc38d81a6b026a6344732d801fb416b7f3e859fd78ec8a6ad5b519be8aaa641d457848c514", 0x67}], 0x4, 0x0, 0x401)

13:42:08 executing program 6:
r0 = syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
rename(0x0, &(0x7f0000000040)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffffff, 0x0, 0x40, 0x1)
openat(r0, &(0x7f0000000200)='./file1\x00', 0x80000, 0x0)
r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000002c0), 0x1cd802, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x2811, r2, 0x0)
openat2(r2, &(0x7f0000000000)='./file1\x00', &(0x7f0000000440)={0x101001, 0x144, 0x15}, 0x18)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fallocate(r4, 0x10, 0x0, 0x6)
fcntl$getown(r4, 0x9)

13:42:09 executing program 6:
r0 = syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
rename(0x0, &(0x7f0000000040)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffffff, 0x0, 0x40, 0x1)
openat(r0, &(0x7f0000000200)='./file1\x00', 0x80000, 0x0)
r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000002c0), 0x1cd802, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x2811, r2, 0x0)
openat2(r2, &(0x7f0000000000)='./file1\x00', &(0x7f0000000440)={0x101001, 0x144, 0x15}, 0x18)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fallocate(r4, 0x10, 0x0, 0x6)

13:42:09 executing program 6:
r0 = syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
rename(0x0, &(0x7f0000000040)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffffff, 0x0, 0x40, 0x1)
openat(r0, &(0x7f0000000200)='./file1\x00', 0x80000, 0x0)
r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000002c0), 0x1cd802, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x2811, r2, 0x0)
openat2(r2, &(0x7f0000000000)='./file1\x00', &(0x7f0000000440)={0x101001, 0x144, 0x15}, 0x18)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fallocate(r4, 0x10, 0x0, 0x6)

13:42:09 executing program 6:
r0 = syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
rename(0x0, &(0x7f0000000040)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffffff, 0x0, 0x40, 0x1)
openat(r0, &(0x7f0000000200)='./file1\x00', 0x80000, 0x0)
r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000002c0), 0x1cd802, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x2811, r2, 0x0)
openat2(r2, &(0x7f0000000000)='./file1\x00', &(0x7f0000000440)={0x101001, 0x144, 0x15}, 0x18)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./file1\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)

[  121.642180] hrtimer: interrupt took 16140 ns
[  124.152086] loop2: detected capacity change from 0 to 264192
[  124.153514] =======================================================
[  124.153514] WARNING: The mand mount option has been deprecated and
[  124.153514]          and is ignored by this kernel. Remove the mand
[  124.153514]          option from the mount to silence this warning.
[  124.153514] =======================================================
[  124.156488] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  124.169546] loop2: detected capacity change from 0 to 264192
[  124.170157] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22

VM DIAGNOSIS:
13:42:08  Registers:
info registers vcpu 0
RAX=000000000000005d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822b17e1 RDI=ffffffff87645be0 RBP=ffffffff87645ba0 RSP=ffff88803e7df348
R8 =0000000000000001 R9 =000000000000000a R10=000000000000005d R11=0000000000000001
R12=000000000000005d R13=ffffffff87645ba0 R14=0000000000000010 R15=ffffffff822b17d0
RIP=ffffffff822b1839 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f6dc7f8f700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f60a9df1260 CR3=000000000f4ea000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000ff0000000000 000000000000ff00
YMM01=0000000000000000 0000000000000000 ffff00ffffffffff ffffffffffff00ff
YMM02=0000000000000000 0000000000000000 4c4700362e322e32 5f4342494c470035
YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000470035
YMM04=0000000000000000 0000000000000000 4342494c4700362e 322e325f4342494c
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=1ffffffff0b76025 RBX=ffffffff85bb0128 RCX=ffffffff816c3b17 RDX=0000000000000000
RSI=ffffffff85ece126 RDI=ffffffff85bb011c RBP=ffffffff85bb011c RSP=ffff88801da87460
R8 =ffffffff85ece126 R9 =ffffffff85ecdfbc R10=ffffed1003b50eb2 R11=000000000003603d
R12=ffffffff85bb0138 R13=ffffffff85bb011c R14=ffffffff85bb011c R15=dffffc0000000000
RIP=ffffffff81119bef RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fed36070000 CR3=000000003efe4000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f
YMM01=0000000000000000 0000000000000000 6f732e616d7a6c62 696c2f756e672d78
YMM02=0000000000000000 0000000000000000 00352e6f732e616d 7a6c62696c2f756e
YMM03=0000000000000000 0000000000000000 672d78756e696c2d 34365f3638782f62
YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000