Warning: Permanently added '[localhost]:63265' (ECDSA) to the list of known hosts.
2022/09/28 02:50:34 fuzzer started
2022/09/28 02:50:34 dialing manager at localhost:35827
syzkaller login: [   36.939100] cgroup: Unknown subsys name 'net'
[   37.028168] cgroup: Unknown subsys name 'rlimit'
2022/09/28 02:50:50 syscalls: 2215
2022/09/28 02:50:50 code coverage: enabled
2022/09/28 02:50:50 comparison tracing: enabled
2022/09/28 02:50:50 extra coverage: enabled
2022/09/28 02:50:50 setuid sandbox: enabled
2022/09/28 02:50:50 namespace sandbox: enabled
2022/09/28 02:50:50 Android sandbox: enabled
2022/09/28 02:50:50 fault injection: enabled
2022/09/28 02:50:50 leak checking: enabled
2022/09/28 02:50:50 net packet injection: enabled
2022/09/28 02:50:50 net device setup: enabled
2022/09/28 02:50:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/28 02:50:50 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/28 02:50:50 USB emulation: enabled
2022/09/28 02:50:50 hci packet injection: enabled
2022/09/28 02:50:50 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220927                                          )
2022/09/28 02:50:50 802.15.4 emulation: enabled
2022/09/28 02:50:50 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/28 02:50:50 fetching corpus: 50, signal 27863/31047 (executing program)
2022/09/28 02:50:50 fetching corpus: 100, signal 38654/42993 (executing program)
2022/09/28 02:50:50 fetching corpus: 150, signal 50131/55334 (executing program)
2022/09/28 02:50:50 fetching corpus: 200, signal 55582/61731 (executing program)
2022/09/28 02:50:50 fetching corpus: 250, signal 60956/67892 (executing program)
2022/09/28 02:50:51 fetching corpus: 300, signal 68811/76137 (executing program)
2022/09/28 02:50:51 fetching corpus: 350, signal 72424/80387 (executing program)
2022/09/28 02:50:51 fetching corpus: 400, signal 75690/84278 (executing program)
2022/09/28 02:50:51 fetching corpus: 450, signal 79426/88475 (executing program)
2022/09/28 02:50:51 fetching corpus: 500, signal 82405/91895 (executing program)
2022/09/28 02:50:51 fetching corpus: 550, signal 86801/96391 (executing program)
2022/09/28 02:50:51 fetching corpus: 600, signal 90474/100188 (executing program)
2022/09/28 02:50:51 fetching corpus: 650, signal 93273/103181 (executing program)
2022/09/28 02:50:52 fetching corpus: 700, signal 94873/105205 (executing program)
2022/09/28 02:50:52 fetching corpus: 750, signal 96896/107492 (executing program)
2022/09/28 02:50:52 fetching corpus: 800, signal 98376/109262 (executing program)
2022/09/28 02:50:52 fetching corpus: 850, signal 100559/111533 (executing program)
2022/09/28 02:50:52 fetching corpus: 900, signal 102358/113474 (executing program)
2022/09/28 02:50:52 fetching corpus: 950, signal 103385/114812 (executing program)
2022/09/28 02:50:52 fetching corpus: 1000, signal 104781/116389 (executing program)
2022/09/28 02:50:52 fetching corpus: 1050, signal 106298/118026 (executing program)
2022/09/28 02:50:53 fetching corpus: 1100, signal 107829/119615 (executing program)
2022/09/28 02:50:53 fetching corpus: 1150, signal 109262/121065 (executing program)
2022/09/28 02:50:53 fetching corpus: 1200, signal 110200/122128 (executing program)
2022/09/28 02:50:53 fetching corpus: 1250, signal 111709/123677 (executing program)
2022/09/28 02:50:53 fetching corpus: 1300, signal 114311/125737 (executing program)
2022/09/28 02:50:53 fetching corpus: 1350, signal 117630/128211 (executing program)
2022/09/28 02:50:53 fetching corpus: 1400, signal 119578/129806 (executing program)
2022/09/28 02:50:53 fetching corpus: 1450, signal 121860/131517 (executing program)
2022/09/28 02:50:54 fetching corpus: 1500, signal 123108/132532 (executing program)
2022/09/28 02:50:54 fetching corpus: 1550, signal 124364/133702 (executing program)
2022/09/28 02:50:54 fetching corpus: 1600, signal 125650/134684 (executing program)
2022/09/28 02:50:54 fetching corpus: 1650, signal 126368/135372 (executing program)
2022/09/28 02:50:54 fetching corpus: 1700, signal 127467/136268 (executing program)
2022/09/28 02:50:54 fetching corpus: 1750, signal 128975/137316 (executing program)
2022/09/28 02:50:54 fetching corpus: 1799, signal 129880/138007 (executing program)
2022/09/28 02:50:54 fetching corpus: 1849, signal 130939/138709 (executing program)
2022/09/28 02:50:54 fetching corpus: 1899, signal 132144/139456 (executing program)
2022/09/28 02:50:55 fetching corpus: 1949, signal 133345/140276 (executing program)
2022/09/28 02:50:55 fetching corpus: 1999, signal 134436/140897 (executing program)
2022/09/28 02:50:55 fetching corpus: 2048, signal 135132/141354 (executing program)
2022/09/28 02:50:55 fetching corpus: 2097, signal 136679/142153 (executing program)
2022/09/28 02:50:55 fetching corpus: 2147, signal 137637/142643 (executing program)
2022/09/28 02:50:55 fetching corpus: 2197, signal 138638/143134 (executing program)
2022/09/28 02:50:55 fetching corpus: 2246, signal 139686/143649 (executing program)
2022/09/28 02:50:55 fetching corpus: 2296, signal 140856/144094 (executing program)
2022/09/28 02:50:56 fetching corpus: 2345, signal 141396/144363 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141523/144448 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141523/144505 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141523/144581 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141523/144644 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/144711 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/144781 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/144830 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/144887 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/144935 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/144997 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145045 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145105 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145161 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145221 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145285 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145340 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145402 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145456 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145513 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145572 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145627 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145680 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145745 (executing program)
2022/09/28 02:50:56 fetching corpus: 2357, signal 141524/145745 (executing program)
2022/09/28 02:50:58 starting 8 fuzzer processes
02:50:58 executing program 0:
openat$urandom(0xffffffffffffff9c, &(0x7f0000000780), 0x2e000, 0x0)

02:50:58 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$link(0x8, r0, r1)
keyctl$read(0xb, r0, &(0x7f0000000300)=""/4096, 0x1000)

02:50:58 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x4, 0x5, 0x88, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4a1, 0x2, @perf_config_ext={0x9, 0xe2a}, 0x43004, 0x0, 0x2, 0x5, 0x1ff, 0x5, 0x3, 0x0, 0x1, 0x0, 0x400}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x1)
r1 = fork()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
r2 = fcntl$getown(r0, 0x9)
tkill(r2, 0x27)
tkill(r1, 0x16)
capset(&(0x7f00000000c0)={0x20071026, r1}, &(0x7f0000000040)={0xfffffffc, 0x0, 0x1, 0x0, 0x4, 0x1})
ptrace(0x11, r1)
ptrace$setopts(0x4206, r1, 0x0, 0x100034)
ptrace(0x11, r1)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, <r3=>0xee01}}, './file0\x00'})
signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r3}}}], 0x20, 0x400c8c0}, 0x44494)
mount$9p_tcp(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200), 0x8, &(0x7f0000000300)={'trans=tcp,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@afid}, {@afid={'afid', 0x3d, 0x4}}, {@access_user}], [{@obj_type={'obj_type', 0x3d, '/proc/locks\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@obj_type}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}]}})

02:50:58 executing program 3:
setreuid(0xee01, 0xffffffffffffffff)

02:50:58 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x28, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000000001000008000000d2420100128300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e32353936313432303000"/192, 0xc0, 0x400}, {&(0x7f0000010100)="000000000000000000000000457900aa5f634b37b3eeb32debc4d834010040000c00000000000000dbf4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000006100000000000000", 0x40, 0x540}, {&(0x7f0000010300)="0300000004000000000000000000000000000000010400"/32, 0x20, 0x640}, {&(0x7f0000010400)="02000000030000000400000016000f000300040000000000000000000f00c5d7", 0x20, 0x1000}, {&(0x7f0000010500)="ff030000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000dbf4655fdbf4655fdbf4655f00"/8224, 0x2020, 0x2000}, {&(0x7f0000012600)="ed41000000100000dbf4655fdbf4655fdbf4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x4100}, {&(0x7f0000012700)="2000000024b304b624b304b600000000dbf4655f00"/32, 0x20, 0x4180}, {&(0x7f0000012800)="8081000000180000dbf4655fdbf4655fdbf4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030000000", 0x40, 0x4200}, {&(0x7f0000012900)="20000000000000000000000000000000dbf4655f00"/32, 0x20, 0x4280}, {&(0x7f0000012a00)="8081000000180000dbf4655fdbf4655fdbf4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000040000000", 0x40, 0x4300}, {&(0x7f0000012b00)="20000000000000000000000000000000dbf4655f00"/32, 0x20, 0x4380}, {&(0x7f0000012c00)="c041000000400000dbf4655fdbf4655fdbf4655f00000000000002008000000000000800000000000af301000400000000000000000000000400000020000000", 0x40, 0x4a00}, {&(0x7f0000012d00)="20000000000000000000000000000000dbf4655f00"/32, 0x20, 0x4a80}, {&(0x7f0000012e00)="ed41000000100000dbf4655fdbf4655fdbf4655f00000000000002008000000000000800030000000af3010004000000000000000000000001000000500000000000000000000000000000000000000000000000000000000000000000000000000000005c7bc8b50000000000000000000000000000000000000000000000002000000024b304b624b304b624b304b6dbf4655f24b304b60000000000000000", 0xa0, 0x4b00}, {&(0x7f0000012f00)="ed8100001a040000dbf4655fdbf4655fdbf4655f00000000000001008000000000000800010000000af301000400000000000000000000000100000060000000000000000000000000000000000000000000000000000000000000000000000000000000477b71930000000000000000000000000000000000000000000000002000000024b304b624b304b624b304b6dbf4655f24b304b60000000000000000", 0xa0, 0x4c00}, {&(0x7f0000013000)="ffa1000026000000dbf4655fdbf4655fdbf4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3235393631343230302f66696c65302f66696c653000000000000000000000000000000000000000000000517c97ec0000000000000000000000000000000000000000000000002000000024b304b624b304b624b304b6dbf4655f24b304b60000000000000000", 0xa0, 0x4d00}, {&(0x7f0000013100)="ed8100000a000000dbf4655fdbf4655fdbf4655f00000000000001008000000000000800010000000af3010004000000000000000000000001000000700000000000000000000000000000000000000000000000000000000000000000000000000000001d5066540000000000000000000000000000000000000000000000002000000024b304b624b304b624b304b6dbf4655f24b304b60000000000000000000002ea06015400000000000600000000000000786174747231000006014c0000000000060000000000000078617474723200000000000000000000000000000000000000000000000000000000000078617474723200007861747472310000ed81000028230000dbf4655fdbf4655fdbf4655f00000000000002008000000000000800010000000af301000400000000000000000000000300000080000000020000000100000082000000020000000180000082000000000000000000000000000000a0be876c0000000000000000000000000000000000000000000000002000000024b304b624b304b624b304b6dbf4655f24b304b60000000000000000", 0x1a0, 0x4e00}, {&(0x7f0000013300)="ed81000064000000dbf4655fdbf4655fdbf4655f00000000000001008000000000000800010000000af301000400000000000000000000000100000090000000000000000000000000000000000000000000000000000000000000000000000000000000733234d20000000000000000000000000000000000000000000000002000000024b304b624b304b624b304b6dbf4655f24b304b60000000000000000", 0xa0, 0x5000}, {&(0x7f0000013400)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c653300000011000000940f090166696c652e636f6c64000000", 0x80, 0x10000}, {&(0x7f0000013500)="0b0000000c0001022e00000002000000f40f02022e2e00"/32, 0x20, 0x20000}, {&(0x7f0000013600)="00000000001000"/32, 0x20, 0x21000}, {&(0x7f0000013700)="00000000001000"/32, 0x20, 0x22000}, {&(0x7f0000013800)="00000000001000"/32, 0x20, 0x23000}, {&(0x7f0000013900)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x30000}, {&(0x7f0000013a00)="0200"/32, 0x20, 0x30400}, {&(0x7f0000013b00)="0300"/32, 0x20, 0x30800}, {&(0x7f0000013c00)="0400"/32, 0x20, 0x30c00}, {&(0x7f0000013d00)="0500"/32, 0x20, 0x31000}, {&(0x7f0000013e00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000700"/96, 0x60, 0x31400}, {&(0x7f0000013f00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x40000}, {&(0x7f0000014000)="0200"/32, 0x20, 0x40400}, {&(0x7f0000014100)="0300"/32, 0x20, 0x40800}, {&(0x7f0000014200)="0400"/32, 0x20, 0x40c00}, {&(0x7f0000014300)="0500"/32, 0x20, 0x41000}, {&(0x7f0000014400)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000700"/96, 0x60, 0x41400}, {&(0x7f0000014500)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d80f050766696c653100"/64, 0x40, 0x50000}, {&(0x7f0000014600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x60000}, {&(0x7f0000014b00)='syzkallers\x00'/32, 0x20, 0x70000}, {&(0x7f0000014c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x90000}], 0x0, &(0x7f0000014d00))

[   60.133899] audit: type=1400 audit(1664333458.694:6): avc:  denied  { execmem } for  pid=284 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
02:50:58 executing program 5:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x9e, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0)

02:50:58 executing program 7:
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0)
socketpair(0x1d, 0x0, 0x83e8, &(0x7f0000001700))
ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000001780)={0x0, @in={0x2, 0x4e22, @rand_addr=0x64010101}, @rc={0x1f, @any, 0x80}, @rc={0x1f, @any, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001740)='tunl0\x00', 0x0, 0x0, 0x2})
syz_mount_image$vfat(&(0x7f00000044c0), &(0x7f0000004500)='./file0\x00', 0xc1, 0x1, &(0x7f0000005840)=[{0x0}], 0x0, &(0x7f00000058c0)={[], [{@subj_user={'subj_user', 0x3d, 'vcan0\x00'}}]})
openat$sysfs(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)

02:50:58 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6aeaa0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040080", 0x1d, 0x4400}], 0x0, &(0x7f0000014a00))

[   61.390437] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   61.392191] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   61.394505] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   61.396093] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   61.397535] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   61.400246] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   61.402242] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   61.404166] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   61.406655] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   61.412825] Bluetooth: hci1: HCI_REQ-0x0c1a
[   61.414182] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   61.418679] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   61.450067] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   61.451651] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   61.460001] Bluetooth: hci0: HCI_REQ-0x0c1a
[   61.469233] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   61.469647] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   61.474039] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   61.476509] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   61.484528] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   61.487438] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   61.488950] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   61.490975] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   61.492289] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   61.494197] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   61.494663] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   61.495763] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   61.497934] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   61.499856] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   61.501176] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   61.502951] Bluetooth: hci7: HCI_REQ-0x0c1a
[   61.503059] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   61.507621] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   61.509877] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   61.513724] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   61.513823] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   61.525476] Bluetooth: hci5: HCI_REQ-0x0c1a
[   61.544770] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   61.546529] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   61.560878] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   61.565840] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   61.567013] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   61.575463] Bluetooth: hci4: HCI_REQ-0x0c1a
[   61.576478] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   61.577679] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   61.600809] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   61.602722] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   61.608049] Bluetooth: hci6: HCI_REQ-0x0c1a
[   61.621574] Bluetooth: hci3: HCI_REQ-0x0c1a
[   63.467721] Bluetooth: hci2: Opcode 0x c03 failed: -110
[   63.468741] Bluetooth: hci1: command 0x0409 tx timeout
[   63.469403] Bluetooth: hci0: command 0x0409 tx timeout
[   63.531410] Bluetooth: hci7: command 0x0409 tx timeout
[   63.595443] Bluetooth: hci5: command 0x0409 tx timeout
[   63.596045] Bluetooth: hci4: command 0x0409 tx timeout
[   63.659433] Bluetooth: hci3: command 0x0409 tx timeout
[   63.660001] Bluetooth: hci6: command 0x0409 tx timeout
[   65.515930] Bluetooth: hci0: command 0x041b tx timeout
[   65.516410] Bluetooth: hci1: command 0x041b tx timeout
[   65.579386] Bluetooth: hci7: command 0x041b tx timeout
[   65.643423] Bluetooth: hci4: command 0x041b tx timeout
[   65.643844] Bluetooth: hci5: command 0x041b tx timeout
[   65.707490] Bluetooth: hci6: command 0x041b tx timeout
[   65.707915] Bluetooth: hci3: command 0x041b tx timeout
[   67.563408] Bluetooth: hci1: command 0x040f tx timeout
[   67.563468] Bluetooth: hci0: command 0x040f tx timeout
[   67.627407] Bluetooth: hci7: command 0x040f tx timeout
[   67.691419] Bluetooth: hci5: command 0x040f tx timeout
[   67.691807] Bluetooth: hci4: command 0x040f tx timeout
[   67.755445] Bluetooth: hci3: command 0x040f tx timeout
[   67.755844] Bluetooth: hci6: command 0x040f tx timeout
[   68.395466] Bluetooth: hci2: Opcode 0x c03 failed: -110
[   69.611401] Bluetooth: hci1: command 0x0419 tx timeout
[   69.611442] Bluetooth: hci0: command 0x0419 tx timeout
[   69.675464] Bluetooth: hci7: command 0x0419 tx timeout
[   69.739745] Bluetooth: hci4: command 0x0419 tx timeout
[   69.739779] Bluetooth: hci5: command 0x0419 tx timeout
[   69.804148] Bluetooth: hci6: command 0x0419 tx timeout
[   69.804174] Bluetooth: hci3: command 0x0419 tx timeout
[   70.871810] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   70.874991] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   70.876457] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   70.879614] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   70.881585] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   70.883557] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   70.902681] Bluetooth: hci2: HCI_REQ-0x0c1a
[   72.939539] Bluetooth: hci2: command 0x0409 tx timeout
[   74.988734] Bluetooth: hci2: command 0x041b tx timeout
[   77.035439] Bluetooth: hci2: command 0x040f tx timeout
[   79.084506] Bluetooth: hci2: command 0x0419 tx timeout
[  118.411168] loop6: detected capacity change from 0 to 4096
[  118.467819] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  118.525068] audit: type=1400 audit(1664333517.086:7): avc:  denied  { open } for  pid=3753 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  118.526731] audit: type=1400 audit(1664333517.086:8): avc:  denied  { kernel } for  pid=3753 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  118.578297] ------------[ cut here ]------------
[  118.578679] 
[  118.578683] ======================================================
[  118.578687] WARNING: possible circular locking dependency detected
[  118.578691] 6.0.0-rc7-next-20220927 #1 Not tainted
[  118.578700] ------------------------------------------------------
[  118.578704] syz-executor.1/3754 is trying to acquire lock:
[  118.578710] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  118.578753] 
[  118.578753] but task is already holding lock:
[  118.578756] ffff88802d491020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  118.578785] 
[  118.578785] which lock already depends on the new lock.
[  118.578785] 
[  118.578788] 
[  118.578788] the existing dependency chain (in reverse order) is:
[  118.578792] 
[  118.578792] -> #3 (&ctx->lock){....}-{2:2}:
[  118.578805]        _raw_spin_lock+0x2a/0x40
[  118.578818]        __perf_event_task_sched_out+0x53b/0x18d0
[  118.578831]        __schedule+0xedd/0x2470
[  118.578847]        schedule+0xda/0x1b0
[  118.578862]        futex_wait_queue+0xf5/0x1e0
[  118.578875]        futex_wait+0x28e/0x690
[  118.578885]        do_futex+0x2ff/0x380
[  118.578895]        __x64_sys_futex+0x1c6/0x4d0
[  118.578905]        do_syscall_64+0x3b/0x90
[  118.578916]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.578930] 
[  118.578930] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  118.578944]        _raw_spin_lock_nested+0x30/0x40
[  118.578956]        raw_spin_rq_lock_nested+0x1e/0x30
[  118.578970]        task_fork_fair+0x63/0x4d0
[  118.578987]        sched_cgroup_fork+0x3d0/0x540
[  118.579001]        copy_process+0x4183/0x6e20
[  118.579012]        kernel_clone+0xe7/0x890
[  118.579021]        user_mode_thread+0xad/0xf0
[  118.579032]        rest_init+0x24/0x250
[  118.579045]        arch_call_rest_init+0xf/0x14
[  118.579060]        start_kernel+0x4c6/0x4eb
[  118.579071]        secondary_startup_64_no_verify+0xe0/0xeb
[  118.579086] 
[  118.579086] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  118.579099]        _raw_spin_lock_irqsave+0x39/0x60
[  118.579112]        try_to_wake_up+0xab/0x1930
[  118.579125]        up+0x75/0xb0
[  118.579140]        __up_console_sem+0x6e/0x80
[  118.579156]        console_unlock+0x46a/0x590
[  118.579171]        vprintk_emit+0x1bd/0x560
[  118.579187]        vprintk+0x84/0xa0
[  118.579203]        _printk+0xba/0xf1
[  118.579216]        kauditd_hold_skb.cold+0x3f/0x4e
[  118.579227]        kauditd_send_queue+0x233/0x290
[  118.579242]        kauditd_thread+0x5da/0x9a0
[  118.579256]        kthread+0x2ed/0x3a0
[  118.579270]        ret_from_fork+0x22/0x30
[  118.579282] 
[  118.579282] -> #0 ((console_sem).lock){....}-{2:2}:
[  118.579296]        __lock_acquire+0x2a02/0x5e70
[  118.579313]        lock_acquire+0x1a2/0x530
[  118.579328]        _raw_spin_lock_irqsave+0x39/0x60
[  118.579340]        down_trylock+0xe/0x70
[  118.579357]        __down_trylock_console_sem+0x3b/0xd0
[  118.579372]        vprintk_emit+0x16b/0x560
[  118.579389]        vprintk+0x84/0xa0
[  118.579404]        _printk+0xba/0xf1
[  118.579416]        report_bug.cold+0x72/0xab
[  118.579426]        handle_bug+0x3c/0x70
[  118.579436]        exc_invalid_op+0x14/0x50
[  118.579446]        asm_exc_invalid_op+0x16/0x20
[  118.579459]        group_sched_out.part.0+0x2c7/0x460
[  118.579470]        ctx_sched_out+0x8f1/0xc10
[  118.579481]        __perf_event_task_sched_out+0x6d0/0x18d0
[  118.579493]        __schedule+0xedd/0x2470
[  118.579508]        schedule+0xda/0x1b0
[  118.579523]        futex_wait_queue+0xf5/0x1e0
[  118.579534]        futex_wait+0x28e/0x690
[  118.579544]        do_futex+0x2ff/0x380
[  118.579553]        __x64_sys_futex+0x1c6/0x4d0
[  118.579563]        do_syscall_64+0x3b/0x90
[  118.579573]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.579587] 
[  118.579587] other info that might help us debug this:
[  118.579587] 
[  118.579590] Chain exists of:
[  118.579590]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  118.579590] 
[  118.579605]  Possible unsafe locking scenario:
[  118.579605] 
[  118.579607]        CPU0                    CPU1
[  118.579610]        ----                    ----
[  118.579612]   lock(&ctx->lock);
[  118.579618]                                lock(&rq->__lock);
[  118.579625]                                lock(&ctx->lock);
[  118.579631]   lock((console_sem).lock);
[  118.579637] 
[  118.579637]  *** DEADLOCK ***
[  118.579637] 
[  118.579638] 2 locks held by syz-executor.1/3754:
[  118.579645]  #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  118.579676]  #1: ffff88802d491020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  118.579704] 
[  118.579704] stack backtrace:
[  118.579707] CPU: 0 PID: 3754 Comm: syz-executor.1 Not tainted 6.0.0-rc7-next-20220927 #1
[  118.579720] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  118.579728] Call Trace:
[  118.579731]  <TASK>
[  118.579736]  dump_stack_lvl+0x8b/0xb3
[  118.579748]  check_noncircular+0x263/0x2e0
[  118.579765]  ? format_decode+0x26c/0xb50
[  118.579784]  ? print_circular_bug+0x450/0x450
[  118.579801]  ? queued_spin_lock_slowpath+0xcd/0xc80
[  118.579816]  ? format_decode+0x26c/0xb50
[  118.579835]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  118.579853]  __lock_acquire+0x2a02/0x5e70
[  118.579874]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  118.579897]  lock_acquire+0x1a2/0x530
[  118.579913]  ? down_trylock+0xe/0x70
[  118.579932]  ? lock_release+0x750/0x750
[  118.579952]  ? vprintk+0x84/0xa0
[  118.579970]  _raw_spin_lock_irqsave+0x39/0x60
[  118.579982]  ? down_trylock+0xe/0x70
[  118.580000]  down_trylock+0xe/0x70
[  118.580017]  ? vprintk+0x84/0xa0
[  118.580034]  __down_trylock_console_sem+0x3b/0xd0
[  118.580051]  vprintk_emit+0x16b/0x560
[  118.580070]  vprintk+0x84/0xa0
[  118.580087]  _printk+0xba/0xf1
[  118.580100]  ? record_print_text.cold+0x16/0x16
[  118.580117]  ? report_bug.cold+0x66/0xab
[  118.580129]  ? group_sched_out.part.0+0x2c7/0x460
[  118.580141]  report_bug.cold+0x72/0xab
[  118.580153]  handle_bug+0x3c/0x70
[  118.580164]  exc_invalid_op+0x14/0x50
[  118.580175]  asm_exc_invalid_op+0x16/0x20
[  118.580190] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  118.580204] Code: 5e 41 5f e9 ab a9 ef ff e8 a6 a9 ef ff 65 8b 1d 1b 0f ac 7e 31 ff 89 de e8 46 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 89 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 7d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  118.580216] RSP: 0018:ffff88803436f8f8 EFLAGS: 00010006
[  118.580225] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  118.580233] RDX: ffff88803e418000 RSI: ffffffff815666b7 RDI: 0000000000000005
[  118.580240] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001
[  118.580248] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88802d491000
[  118.580256] R13: ffff88806ce3d140 R14: ffffffff8547cf80 R15: 0000000000000002
[  118.580267]  ? group_sched_out.part.0+0x2c7/0x460
[  118.580280]  ? group_sched_out.part.0+0x2c7/0x460
[  118.580294]  ctx_sched_out+0x8f1/0xc10
[  118.580307]  __perf_event_task_sched_out+0x6d0/0x18d0
[  118.580323]  ? lock_is_held_type+0xd7/0x130
[  118.580338]  ? __perf_cgroup_move+0x160/0x160
[  118.580351]  ? set_next_entity+0x304/0x550
[  118.580370]  ? lock_is_held_type+0xd7/0x130
[  118.580386]  __schedule+0xedd/0x2470
[  118.580404]  ? io_schedule_timeout+0x150/0x150
[  118.580421]  ? futex_wait_setup+0x166/0x230
[  118.580436]  schedule+0xda/0x1b0
[  118.580452]  futex_wait_queue+0xf5/0x1e0
[  118.580465]  futex_wait+0x28e/0x690
[  118.580477]  ? futex_wait_setup+0x230/0x230
[  118.580490]  ? lock_is_held_type+0xd7/0x130
[  118.580504]  ? find_held_lock+0x2c/0x110
[  118.580519]  ? futex_hash+0x12/0x200
[  118.580538]  ? futex_wake+0x158/0x490
[  118.580549]  ? fd_install+0x1c7/0x640
[  118.580570]  ? fd_install+0x1f9/0x640
[  118.580586]  do_futex+0x2ff/0x380
[  118.580597]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  118.580614]  __x64_sys_futex+0x1c6/0x4d0
[  118.580627]  ? __x64_sys_futex_time32+0x480/0x480
[  118.580640]  ? syscall_enter_from_user_mode+0x1d/0x50
[  118.580655]  ? syscall_enter_from_user_mode+0x1d/0x50
[  118.580672]  do_syscall_64+0x3b/0x90
[  118.580684]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.580698] RIP: 0033:0x7ff09d841b19
[  118.580707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  118.580718] RSP: 002b:00007ff09adb7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  118.580728] RAX: ffffffffffffffda RBX: 00007ff09d954f68 RCX: 00007ff09d841b19
[  118.580736] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff09d954f68
[  118.580743] RBP: 00007ff09d954f60 R08: 0000000000000000 R09: 0000000000000000
[  118.580751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff09d954f6c
[  118.580758] R13: 00007fff41c7547f R14: 00007ff09adb7300 R15: 0000000000022000
[  118.580771]  </TASK>
[  118.642114] WARNING: CPU: 0 PID: 3754 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  118.642799] Modules linked in:
[  118.643045] CPU: 0 PID: 3754 Comm: syz-executor.1 Not tainted 6.0.0-rc7-next-20220927 #1
[  118.643636] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  118.644452] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  118.644857] Code: 5e 41 5f e9 ab a9 ef ff e8 a6 a9 ef ff 65 8b 1d 1b 0f ac 7e 31 ff 89 de e8 46 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 89 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 7d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  118.646208] RSP: 0018:ffff88803436f8f8 EFLAGS: 00010006
[  118.646602] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  118.647122] RDX: ffff88803e418000 RSI: ffffffff815666b7 RDI: 0000000000000005
[  118.647654] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001
[  118.648183] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88802d491000
[  118.648711] R13: ffff88806ce3d140 R14: ffffffff8547cf80 R15: 0000000000000002
[  118.649237] FS:  00007ff09adb7700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  118.649829] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  118.650265] CR2: 00007fd54e036820 CR3: 00000000185da000 CR4: 0000000000350ef0
[  118.650788] Call Trace:
[  118.650983]  <TASK>
[  118.651155]  ctx_sched_out+0x8f1/0xc10
[  118.651451]  __perf_event_task_sched_out+0x6d0/0x18d0
[  118.651842]  ? lock_is_held_type+0xd7/0x130
[  118.652171]  ? __perf_cgroup_move+0x160/0x160
[  118.652507]  ? set_next_entity+0x304/0x550
[  118.652835]  ? lock_is_held_type+0xd7/0x130
[  118.653161]  __schedule+0xedd/0x2470
[  118.653450]  ? io_schedule_timeout+0x150/0x150
[  118.653803]  ? futex_wait_setup+0x166/0x230
[  118.654145]  schedule+0xda/0x1b0
[  118.654413]  futex_wait_queue+0xf5/0x1e0
[  118.654724]  futex_wait+0x28e/0x690
[  118.655004]  ? futex_wait_setup+0x230/0x230
[  118.655329]  ? lock_is_held_type+0xd7/0x130
[  118.655652]  ? find_held_lock+0x2c/0x110
[  118.655958]  ? futex_hash+0x12/0x200
[  118.656250]  ? futex_wake+0x158/0x490
[  118.656540]  ? fd_install+0x1c7/0x640
[  118.656835]  ? fd_install+0x1f9/0x640
[  118.657127]  do_futex+0x2ff/0x380
[  118.657390]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  118.657818]  __x64_sys_futex+0x1c6/0x4d0
[  118.658129]  ? __x64_sys_futex_time32+0x480/0x480
[  118.658495]  ? syscall_enter_from_user_mode+0x1d/0x50
[  118.658879]  ? syscall_enter_from_user_mode+0x1d/0x50
[  118.659272]  do_syscall_64+0x3b/0x90
[  118.659555]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.659949] RIP: 0033:0x7ff09d841b19
[  118.660228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  118.661564] RSP: 002b:00007ff09adb7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  118.662127] RAX: ffffffffffffffda RBX: 00007ff09d954f68 RCX: 00007ff09d841b19
[  118.662660] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff09d954f68
[  118.663179] RBP: 00007ff09d954f60 R08: 0000000000000000 R09: 0000000000000000
[  118.663704] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff09d954f6c
[  118.664241] R13: 00007fff41c7547f R14: 00007ff09adb7300 R15: 0000000000022000
[  118.664770]  </TASK>
[  118.664947] irq event stamp: 650
[  118.665198] hardirqs last  enabled at (649): [<ffffffff842505ed>] syscall_enter_from_user_mode+0x1d/0x50
[  118.665895] hardirqs last disabled at (650): [<ffffffff842598f5>] __schedule+0x1225/0x2470
[  118.666513] softirqs last  enabled at (388): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  118.667144] softirqs last disabled at (377): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  118.667777] ---[ end trace 0000000000000000 ]---
02:51:57 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6aeaa0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040080", 0x1d, 0x4400}], 0x0, &(0x7f0000014a00))

[  118.902154] EXT4-fs (loop6): unmounting filesystem.
[  118.945308] loop6: detected capacity change from 0 to 4096
[  118.988094] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
02:51:57 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$link(0x8, r0, r1)
keyctl$read(0xb, r0, &(0x7f0000000300)=""/4096, 0x1000)

[  119.060238] EXT4-fs (loop6): unmounting filesystem.
02:51:57 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6aeaa0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040080", 0x1d, 0x4400}], 0x0, &(0x7f0000014a00))

02:51:57 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$link(0x8, r0, r1)
keyctl$read(0xb, r0, &(0x7f0000000300)=""/4096, 0x1000)

[  119.114557] loop6: detected capacity change from 0 to 4096
[  119.138839] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
02:51:57 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6aeaa0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040080", 0x1d, 0x4400}], 0x0, &(0x7f0000014a00))

[  119.225956] EXT4-fs (loop6): unmounting filesystem.
02:51:57 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$link(0x8, r0, r1)
keyctl$read(0xb, r0, &(0x7f0000000300)=""/4096, 0x1000)

[  119.297540] loop6: detected capacity change from 0 to 4096
[  119.308183] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
02:51:57 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$link(0x8, r0, r1)
keyctl$read(0xb, r0, &(0x7f0000000300)=""/4096, 0x1000)

[  119.348816] EXT4-fs (loop6): unmounting filesystem.
02:51:57 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$link(0x8, r0, r1)
keyctl$read(0xb, r0, &(0x7f0000000300)=""/4096, 0x1000)

[  120.029439] capability: warning: `syz-executor.2' uses deprecated v2 capabilities in a way that may be insecure
[  120.045428] 9pnet_fd: p9_fd_create_tcp (3856): problem connecting socket to 127.0.0.1
[  120.080212] 9pnet_fd: p9_fd_create_tcp (3863): problem connecting socket to 127.0.0.1
[  124.651508] Bluetooth: hci0: Opcode 0x c03 failed: -110
[  124.715365] Bluetooth: hci7: Opcode 0x c03 failed: -110
[  124.715384] Bluetooth: hci6: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
02:51:57  Registers:
info registers vcpu 0
RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff823ba0b1 RDI=ffffffff8765a980 RBP=ffffffff8765a940 RSP=ffff88803436f340
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000032 R11=0000000000000001
R12=0000000000000032 R13=ffffffff8765a940 R14=0000000000000010 R15=ffffffff823ba0a0
RIP=ffffffff823ba109 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007ff09adb7700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd54e036820 CR3=00000000185da000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007ff09d9287c0 00007ff09d9287c8
YMM02=0000000000000000 0000000000000000 00007ff09d9287e0 00007ff09d9287c0
YMM03=0000000000000000 0000000000000000 00007ff09d9287c8 00007ff09d9287c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=ffff88806ce3eee0 RCX=0000000000000000 RDX=ffff88803e41d040
RSI=ffffffff813bbed7 RDI=0000000000000005 RBP=0000000000000000 RSP=ffff88803e4f7958
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=0000000000000003 R13=ffffed100d9c7ddd R14=ffff88806ce3eee8 R15=0000000000000001
RIP=ffffffff813bbed9 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055555728a400 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ff09d94f81c CR3=00000000185da000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007ff09d9287c0 00007ff09d9287c8
YMM02=0000000000000000 0000000000000000 00007ff09d9287e0 00007ff09d9287c0
YMM03=0000000000000000 0000000000000000 00007ff09d9287c8 00007ff09d9287c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000