syzkaller login: [ 39.566077] sshd (244) used greatest stack depth: 24776 bytes left Warning: Permanently added '[localhost]:26254' (ECDSA) to the list of known hosts. 2022/09/16 11:48:53 fuzzer started 2022/09/16 11:48:54 dialing manager at localhost:36051 [ 41.600002] cgroup: Unknown subsys name 'net' [ 41.670038] cgroup: Unknown subsys name 'rlimit' 2022/09/16 11:49:07 syscalls: 2215 2022/09/16 11:49:07 code coverage: enabled 2022/09/16 11:49:07 comparison tracing: enabled 2022/09/16 11:49:07 extra coverage: enabled 2022/09/16 11:49:07 setuid sandbox: enabled 2022/09/16 11:49:07 namespace sandbox: enabled 2022/09/16 11:49:07 Android sandbox: enabled 2022/09/16 11:49:07 fault injection: enabled 2022/09/16 11:49:07 leak checking: enabled 2022/09/16 11:49:07 net packet injection: enabled 2022/09/16 11:49:07 net device setup: enabled 2022/09/16 11:49:07 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/16 11:49:07 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/16 11:49:07 USB emulation: enabled 2022/09/16 11:49:07 hci packet injection: enabled 2022/09/16 11:49:07 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220916) 2022/09/16 11:49:07 802.15.4 emulation: enabled 2022/09/16 11:49:07 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/16 11:49:07 fetching corpus: 50, signal 29093/32376 (executing program) 2022/09/16 11:49:07 fetching corpus: 100, signal 41248/45787 (executing program) 2022/09/16 11:49:07 fetching corpus: 150, signal 48824/54538 (executing program) 2022/09/16 11:49:07 fetching corpus: 200, signal 58056/64686 (executing program) 2022/09/16 11:49:07 fetching corpus: 250, signal 63505/71075 (executing program) 2022/09/16 11:49:07 fetching corpus: 300, signal 70749/78995 (executing program) 2022/09/16 11:49:08 fetching corpus: 350, signal 75276/84298 (executing program) 2022/09/16 11:49:08 fetching corpus: 400, signal 79244/88994 (executing program) 2022/09/16 11:49:08 fetching corpus: 450, signal 82972/93418 (executing program) 2022/09/16 11:49:08 fetching corpus: 500, signal 88073/98909 (executing program) 2022/09/16 11:49:08 fetching corpus: 549, signal 90747/102197 (executing program) 2022/09/16 11:49:08 fetching corpus: 599, signal 94982/106844 (executing program) 2022/09/16 11:49:08 fetching corpus: 649, signal 97954/110267 (executing program) 2022/09/16 11:49:09 fetching corpus: 699, signal 100594/113372 (executing program) 2022/09/16 11:49:09 fetching corpus: 749, signal 102560/115823 (executing program) 2022/09/16 11:49:09 fetching corpus: 799, signal 104574/118302 (executing program) 2022/09/16 11:49:09 fetching corpus: 849, signal 106317/120554 (executing program) 2022/09/16 11:49:09 fetching corpus: 899, signal 111779/125737 (executing program) 2022/09/16 11:49:09 fetching corpus: 949, signal 113744/128104 (executing program) 2022/09/16 11:49:09 fetching corpus: 999, signal 117250/131515 (executing program) 2022/09/16 11:49:10 fetching corpus: 1049, signal 118829/133361 (executing program) 2022/09/16 11:49:10 fetching corpus: 1099, signal 121047/135675 (executing program) 2022/09/16 11:49:10 fetching corpus: 1149, signal 123522/138140 (executing program) 2022/09/16 11:49:10 fetching corpus: 1199, signal 124905/139736 (executing program) 2022/09/16 11:49:10 fetching corpus: 1249, signal 126878/141736 (executing program) 2022/09/16 11:49:10 fetching corpus: 1299, signal 128611/143516 (executing program) 2022/09/16 11:49:10 fetching corpus: 1349, signal 130369/145248 (executing program) 2022/09/16 11:49:11 fetching corpus: 1398, signal 131324/146418 (executing program) 2022/09/16 11:49:11 fetching corpus: 1448, signal 132616/147812 (executing program) 2022/09/16 11:49:11 fetching corpus: 1498, signal 134073/149251 (executing program) 2022/09/16 11:49:11 fetching corpus: 1548, signal 137009/151572 (executing program) 2022/09/16 11:49:11 fetching corpus: 1598, signal 138167/152822 (executing program) 2022/09/16 11:49:11 fetching corpus: 1648, signal 139683/154214 (executing program) 2022/09/16 11:49:11 fetching corpus: 1698, signal 141152/155556 (executing program) 2022/09/16 11:49:11 fetching corpus: 1748, signal 142216/156558 (executing program) 2022/09/16 11:49:12 fetching corpus: 1798, signal 143150/157562 (executing program) 2022/09/16 11:49:12 fetching corpus: 1848, signal 144098/158462 (executing program) 2022/09/16 11:49:12 fetching corpus: 1898, signal 145345/159516 (executing program) 2022/09/16 11:49:12 fetching corpus: 1948, signal 146235/160379 (executing program) 2022/09/16 11:49:12 fetching corpus: 1998, signal 148237/161791 (executing program) 2022/09/16 11:49:12 fetching corpus: 2048, signal 150269/163180 (executing program) 2022/09/16 11:49:12 fetching corpus: 2098, signal 151238/163991 (executing program) 2022/09/16 11:49:13 fetching corpus: 2148, signal 152872/165049 (executing program) 2022/09/16 11:49:13 fetching corpus: 2198, signal 154421/166100 (executing program) 2022/09/16 11:49:13 fetching corpus: 2248, signal 155968/167099 (executing program) 2022/09/16 11:49:13 fetching corpus: 2298, signal 156943/167780 (executing program) 2022/09/16 11:49:13 fetching corpus: 2348, signal 158408/168676 (executing program) 2022/09/16 11:49:13 fetching corpus: 2397, signal 159566/169437 (executing program) 2022/09/16 11:49:13 fetching corpus: 2446, signal 162619/170941 (executing program) 2022/09/16 11:49:14 fetching corpus: 2495, signal 163974/171680 (executing program) 2022/09/16 11:49:14 fetching corpus: 2545, signal 165269/172383 (executing program) 2022/09/16 11:49:14 fetching corpus: 2595, signal 166113/172847 (executing program) 2022/09/16 11:49:14 fetching corpus: 2645, signal 166770/173295 (executing program) 2022/09/16 11:49:14 fetching corpus: 2695, signal 167619/173738 (executing program) 2022/09/16 11:49:14 fetching corpus: 2745, signal 168513/174177 (executing program) 2022/09/16 11:49:14 fetching corpus: 2795, signal 169732/174790 (executing program) 2022/09/16 11:49:15 fetching corpus: 2845, signal 170882/175255 (executing program) 2022/09/16 11:49:15 fetching corpus: 2860, signal 171538/175537 (executing program) 2022/09/16 11:49:15 fetching corpus: 2861, signal 171543/175608 (executing program) 2022/09/16 11:49:15 fetching corpus: 2861, signal 171543/175667 (executing program) 2022/09/16 11:49:15 fetching corpus: 2861, signal 171543/175731 (executing program) 2022/09/16 11:49:15 fetching corpus: 2861, signal 171543/175797 (executing program) 2022/09/16 11:49:15 fetching corpus: 2861, signal 171543/175876 (executing program) 2022/09/16 11:49:15 fetching corpus: 2861, signal 171543/175944 (executing program) 2022/09/16 11:49:15 fetching corpus: 2861, signal 171543/176007 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171544/176073 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171544/176138 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171544/176203 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171544/176282 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171544/176359 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171544/176447 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171544/176503 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171544/176555 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171544/176614 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171544/176674 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171544/176742 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171559/176802 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171559/176875 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171559/176945 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171559/177019 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171559/177092 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171559/177161 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171559/177240 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171559/177309 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171559/177379 (executing program) 2022/09/16 11:49:15 fetching corpus: 2862, signal 171559/177379 (executing program) 2022/09/16 11:49:18 starting 8 fuzzer processes 11:49:18 executing program 0: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:49:18 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000009c0)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4, 0x1}]}]}, 0x1c}}, 0x0) 11:49:18 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) copy_file_range(r0, &(0x7f0000000000)=0x200, r0, 0x0, 0xffffffffffffffff, 0x0) 11:49:18 executing program 3: r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fea000/0x14000)=nil, 0x14000, 0xc, 0x10010, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r0, 0x0, &(0x7f0000000040)=@IORING_OP_FILES_UPDATE={0x14, 0x3, 0x0, 0x0, 0xd29, &(0x7f0000000000)=[0xffffffffffffffff], 0x1}, 0x6) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wg2\x00'}) r1 = fork() pidfd_open(r1, 0x0) connect(0xffffffffffffffff, &(0x7f00000000c0)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x8}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @bcast, @default]}, 0x80) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wg0\x00'}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sysvipc/sem\x00', 0x0, 0x0) 11:49:18 executing program 4: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, 0x0, 0x0) [ 65.974318] audit: type=1400 audit(1663328958.589:6): avc: denied { execmem } for pid=285 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:49:18 executing program 5: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x5416, 0x0) 11:49:18 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd99}, 0xc) 11:49:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f00000009c0)=0x6) [ 67.333618] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.335110] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.339145] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.340098] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.342570] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.343537] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.349518] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.353652] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.355296] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.358359] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.359597] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.364742] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.364749] Bluetooth: hci0: HCI_REQ-0x0c1a [ 67.403101] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.406745] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.408034] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.408916] Bluetooth: hci1: HCI_REQ-0x0c1a [ 67.415801] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.419409] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.420902] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.424083] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.427917] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 67.430778] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.436403] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.438952] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 67.440245] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 67.441864] Bluetooth: hci6: HCI_REQ-0x0c1a [ 67.452376] Bluetooth: hci4: HCI_REQ-0x0c1a [ 67.453053] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 67.455881] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 67.462830] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 67.464713] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 67.465882] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 67.467175] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 67.470367] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 67.471975] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 67.473404] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 67.478057] Bluetooth: hci5: HCI_REQ-0x0c1a [ 67.478944] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 67.484175] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.486666] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 67.490505] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 67.495768] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.495787] Bluetooth: hci7: HCI_REQ-0x0c1a [ 67.503728] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.506381] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.507923] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.514666] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.518789] Bluetooth: hci3: HCI_REQ-0x0c1a [ 69.415954] Bluetooth: hci1: command 0x0409 tx timeout [ 69.417351] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 69.418671] Bluetooth: hci0: command 0x0409 tx timeout [ 69.479280] Bluetooth: hci4: command 0x0409 tx timeout [ 69.480371] Bluetooth: hci6: command 0x0409 tx timeout [ 69.544303] Bluetooth: hci3: command 0x0409 tx timeout [ 69.545157] Bluetooth: hci7: command 0x0409 tx timeout [ 69.545995] Bluetooth: hci5: command 0x0409 tx timeout [ 71.463266] Bluetooth: hci0: command 0x041b tx timeout [ 71.463784] Bluetooth: hci1: command 0x041b tx timeout [ 71.527283] Bluetooth: hci6: command 0x041b tx timeout [ 71.527826] Bluetooth: hci4: command 0x041b tx timeout [ 71.591247] Bluetooth: hci5: command 0x041b tx timeout [ 71.591710] Bluetooth: hci7: command 0x041b tx timeout [ 71.592132] Bluetooth: hci3: command 0x041b tx timeout [ 73.511291] Bluetooth: hci1: command 0x040f tx timeout [ 73.512284] Bluetooth: hci0: command 0x040f tx timeout [ 73.575338] Bluetooth: hci4: command 0x040f tx timeout [ 73.576151] Bluetooth: hci6: command 0x040f tx timeout [ 73.639300] Bluetooth: hci3: command 0x040f tx timeout [ 73.640161] Bluetooth: hci7: command 0x040f tx timeout [ 73.641008] Bluetooth: hci5: command 0x040f tx timeout [ 74.601282] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 75.559247] Bluetooth: hci0: command 0x0419 tx timeout [ 75.559762] Bluetooth: hci1: command 0x0419 tx timeout [ 75.624312] Bluetooth: hci6: command 0x0419 tx timeout [ 75.625044] Bluetooth: hci4: command 0x0419 tx timeout [ 75.688266] Bluetooth: hci5: command 0x0419 tx timeout [ 75.688701] Bluetooth: hci7: command 0x0419 tx timeout [ 75.689130] Bluetooth: hci3: command 0x0419 tx timeout [ 79.144303] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 83.688792] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 86.143376] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.152610] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.154621] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.161355] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.164363] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.165059] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.171590] Bluetooth: hci2: HCI_REQ-0x0c1a [ 88.231241] Bluetooth: hci2: command 0x0409 tx timeout [ 90.279245] Bluetooth: hci2: command 0x041b tx timeout [ 92.327295] Bluetooth: hci2: command 0x040f tx timeout [ 94.376326] Bluetooth: hci2: command 0x0419 tx timeout 11:50:10 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd99}, 0xc) 11:50:10 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd99}, 0xc) 11:50:10 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdd99}, 0xc) 11:50:10 executing program 6: r0 = syz_io_uring_setup(0x51dc, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_STATX={0x15, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x64d0, 0x0, 0x0, 0x0, 0x0) 11:50:11 executing program 4: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, 0x0, 0x0) 11:50:11 executing program 6: r0 = syz_io_uring_setup(0x51dc, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_STATX={0x15, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x64d0, 0x0, 0x0, 0x0, 0x0) 11:50:11 executing program 4: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, 0x0, 0x0) [ 118.656940] audit: type=1400 audit(1663329011.272:7): avc: denied { open } for pid=3758 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.661074] audit: type=1400 audit(1663329011.272:8): avc: denied { kernel } for pid=3758 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.685833] ------------[ cut here ]------------ [ 118.686750] WARNING: CPU: 0 PID: 300 at kernel/events/core.c:2233 event_filter_match+0x422/0x660 [ 118.688000] Modules linked in: [ 118.688424] CPU: 0 PID: 300 Comm: syz-executor.5 Not tainted 6.0.0-rc5-next-20220916 #1 [ 118.689861] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 118.692171] RIP: 0010:event_filter_match+0x422/0x660 [ 118.692907] Code: 00 00 00 e9 7c fc ff ff e8 4b 15 f1 ff 65 8b 2d c0 73 ad 7e 31 ff 89 ee e8 eb 11 f1 ff 85 ed 0f 84 ef 00 00 00 e8 2e 15 f1 ff <0f> 0b eb 9f e8 05 92 23 00 e9 17 fc ff ff e8 1b 15 f1 ff 48 8d 7b [ 118.695433] RSP: 0018:ffff88806ce09c70 EFLAGS: 00010046 [ 118.696148] RAX: 0000000080010002 RBX: ffff88803fdd8000 RCX: 0000000000000000 [ 118.697146] RDX: ffff88801003d040 RSI: ffffffff81550212 RDI: 0000000000000005 [ 118.698239] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001 [ 118.699337] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88803fdd8220 [ 118.700431] R13: 0000000000000000 R14: ffff88803fdd80a8 R15: ffff88803fdd8220 [ 118.701529] FS: 0000555555817400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 118.702776] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.703676] CR2: 00007fd4cdcaa650 CR3: 00000000187a8000 CR4: 0000000000350ef0 [ 118.704772] Call Trace: [ 118.705181] [ 118.705543] merge_sched_in+0x107/0x1110 [ 118.706223] visit_groups_merge.constprop.0.isra.0+0x4fc/0xef0 [ 118.707159] ? merge_sched_in+0x1110/0x1110 [ 118.707835] ? lock_is_held_type+0xd7/0x130 [ 118.708545] ctx_sched_in+0x2e6/0x770 [ 118.709149] ? lock_acquire+0x1b2/0x530 [ 118.709793] ? visit_groups_merge.constprop.0.isra.0+0xef0/0xef0 [ 118.710750] ? lock_is_held_type+0xd7/0x130 [ 118.711454] perf_event_sched_in+0x75/0x80 [ 118.712118] ctx_resched+0x1ce/0x390 [ 118.712714] __perf_install_in_context+0x285/0x9c0 [ 118.713484] ? __irq_exit_rcu+0x11b/0x180 [ 118.714165] ? ctx_resched+0x390/0x390 [ 118.714785] remote_function+0x125/0x1b0 [ 118.715437] __flush_smp_call_function_queue+0x1df/0x5a0 [ 118.716282] ? perf_duration_warn+0x40/0x40 [ 118.716954] __sysvec_call_function_single+0x92/0x3a0 [ 118.717691] sysvec_call_function_single+0x89/0xc0 [ 118.718411] [ 118.718744] [ 118.719080] asm_sysvec_call_function_single+0x16/0x20 [ 118.719828] RIP: 0010:__orc_find+0x2/0xf0 [ 118.720429] Code: ff ff e8 41 e8 66 00 e9 43 fd ff ff cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 07 e9 f8 8e 4e 03 0f 1f 84 00 00 00 00 00 41 57 <89> d0 41 56 41 55 41 54 4c 8d 64 87 fc 55 53 48 83 ec 10 85 d2 0f [ 118.722912] RSP: 0018:ffff88803da0f8c0 EFLAGS: 00000216 [ 118.723665] RAX: 000000000000946d RBX: 0000000000000001 RCX: ffffffff811d5f1f [ 118.724639] RDX: 0000000000000009 RSI: ffffffff85e507f6 RDI: ffffffff85b5c56c [ 118.725676] RBP: ffff88803da0f9a8 R08: ffffffff85e507f6 R09: ffffffff85ee508a [ 118.726787] R10: ffffed1007b41f37 R11: 000000000003603d R12: ffff88803da0f991 [ 118.727885] R13: ffff88803da0f9b0 R14: ffff88803da0f950 R15: ffffffff811d5f1f [ 118.728977] ? task_work_run+0x16f/0x280 [ 118.729633] ? task_work_run+0x16f/0x280 [ 118.730290] ? task_work_run+0x16f/0x280 [ 118.730931] unwind_next_frame+0x2b4/0x20b0 [ 118.731611] ? task_work_run+0x170/0x280 [ 118.732259] ? task_work_run+0x170/0x280 [ 118.732896] ? kernel_text_address+0xd/0xb0 [ 118.733568] ? write_profile+0x3e0/0x3e0 [ 118.734221] ? write_profile+0x3e0/0x3e0 [ 118.734877] arch_stack_walk+0x83/0xf0 [ 118.735518] ? task_work_run+0x170/0x280 [ 118.736164] ? dentry_free+0xde/0x160 [ 118.736775] stack_trace_save+0x8c/0xc0 [ 118.737412] ? filter_irq_stacks+0x90/0x90 [ 118.738108] ? dentry_free+0xde/0x160 [ 118.738721] ? kasan_save_stack+0x31/0x40 [ 118.739380] ? kasan_save_stack+0x1e/0x40 [ 118.740040] ? __kasan_record_aux_stack+0x95/0xb0 [ 118.740805] kasan_save_stack+0x1e/0x40 [ 118.741440] ? kasan_save_stack+0x1e/0x40 [ 118.742105] ? kasan_set_track+0x21/0x30 [ 118.742746] ? kasan_save_free_info+0x2a/0x50 [ 118.743459] ? __kasan_slab_free+0x106/0x190 [ 118.744160] ? kmem_cache_free+0xf7/0x610 [ 118.744811] ? dentry_free+0xde/0x160 [ 118.745417] ? __dentry_kill+0x47d/0x5c0 [ 118.746067] ? dput+0x821/0xe10 [ 118.746602] ? __fput+0x3a6/0xa40 [ 118.747144] ? task_work_run+0x170/0x280 [ 118.747783] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 118.748624] ? lock_is_held_type+0xd7/0x130 [ 118.749315] ? find_held_lock+0x2c/0x110 [ 118.750023] ? lock_release+0x3b2/0x750 [ 118.750827] ? __delete_object+0xb3/0x100 [ 118.751692] ? call_rcu+0x589/0xa30 [ 118.752474] ? call_rcu+0x589/0xa30 [ 118.753242] ? lockdep_hardirqs_on+0x79/0x100 [ 118.754230] kasan_set_track+0x21/0x30 [ 118.755062] kasan_save_free_info+0x2a/0x50 [ 118.755997] __kasan_slab_free+0x106/0x190 [ 118.756905] ? dentry_free+0xde/0x160 [ 118.757522] kmem_cache_free+0xf7/0x610 [ 118.758178] dentry_free+0xde/0x160 [ 118.758773] __dentry_kill+0x47d/0x5c0 [ 118.759396] ? dput+0x35/0xe10 [ 118.759938] ? dput+0x35/0xe10 [ 118.760472] dput+0x821/0xe10 [ 118.761005] __fput+0x3a6/0xa40 [ 118.761548] task_work_run+0x170/0x280 [ 118.762178] ? task_work_cancel+0x30/0x30 [ 118.762833] ? exit_to_user_mode_prepare+0x109/0x1a0 [ 118.763551] exit_to_user_mode_prepare+0x199/0x1a0 [ 118.764230] syscall_exit_to_user_mode+0x19/0x40 [ 118.764884] do_syscall_64+0x48/0x90 [ 118.765410] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.766145] RIP: 0033:0x7f8757c7c72b [ 118.766660] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 118.769039] RSP: 002b:00007ffefbdce620 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 118.770065] RAX: 0000000000000000 RBX: 00007f8757daa4c0 RCX: 00007f8757c7c72b [ 118.771011] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 118.771959] RBP: 0000000000000003 R08: 0000000000000000 R09: ff00000000000000 [ 118.772911] R10: 00007f8757dac668 R11: 0000000000000293 R12: 0000000000000003 [ 118.773861] R13: 00007f8757da9140 R14: 00007f8757da9e48 R15: 00007ffefbdce700 [ 118.774855] [ 118.775185] irq event stamp: 122714 [ 118.775682] hardirqs last enabled at (122713): [] call_rcu+0x589/0xa30 [ 118.776764] hardirqs last disabled at (122714): [] sysvec_call_function_single+0xb/0xc0 [ 118.778137] softirqs last enabled at (122662): [] tcp_close+0x38/0xc0 [ 118.779302] softirqs last disabled at (122660): [] release_sock+0x1b/0x1b0 [ 118.780520] ---[ end trace 0000000000000000 ]--- [ 118.781259] ------------[ cut here ]------------ [ 118.781949] WARNING: CPU: 0 PID: 300 at kernel/events/core.c:2557 merge_sched_in+0xadb/0x1110 [ 118.783183] Modules linked in: [ 118.783666] CPU: 0 PID: 300 Comm: syz-executor.5 Tainted: G W 6.0.0-rc5-next-20220916 #1 [ 118.784998] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 118.786648] RIP: 0010:merge_sched_in+0xadb/0x1110 [ 118.787416] Code: ff ff e8 78 16 ef ff 65 8b 05 ed 74 ab 7e 31 ff 89 c6 89 04 24 e8 15 13 ef ff 8b 04 24 85 c0 0f 84 13 02 00 00 e8 55 16 ef ff <0f> 0b e9 c4 fb ff ff e8 49 16 ef ff 4c 89 e8 48 05 18 01 00 00 e9 [ 118.790230] RSP: 0018:ffff88806ce09cb0 EFLAGS: 00010046 [ 118.791070] RAX: 0000000080010002 RBX: ffff88806ce3d100 RCX: 0000000000000000 [ 118.792161] RDX: ffff88801003d040 RSI: ffffffff815700eb RDI: 0000000000000005 [ 118.793196] RBP: ffff88803fdd8000 R08: 0000000000000005 R09: 0000000000000001 [ 118.794242] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88806ce3d100 [ 118.795247] R13: ffff88806ce00000 R14: ffff88803fdd80a8 R15: ffff88803fdd8220 [ 118.796270] FS: 0000555555817400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 118.797421] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.798287] CR2: 00007fd4cdcaa650 CR3: 00000000187a8000 CR4: 0000000000350ef0 [ 118.799310] Call Trace: [ 118.799692] [ 118.800038] visit_groups_merge.constprop.0.isra.0+0x4fc/0xef0 [ 118.800891] ? merge_sched_in+0x1110/0x1110 [ 118.801519] ? lock_is_held_type+0xd7/0x130 [ 118.802191] ctx_sched_in+0x2e6/0x770 [ 118.802754] ? lock_acquire+0x1b2/0x530 [ 118.803354] ? visit_groups_merge.constprop.0.isra.0+0xef0/0xef0 [ 118.804218] ? lock_is_held_type+0xd7/0x130 [ 118.804888] perf_event_sched_in+0x75/0x80 [ 118.805508] ctx_resched+0x1ce/0x390 [ 118.806085] __perf_install_in_context+0x285/0x9c0 [ 118.806796] ? __irq_exit_rcu+0x11b/0x180 [ 118.807429] ? ctx_resched+0x390/0x390 [ 118.808008] remote_function+0x125/0x1b0 [ 118.808606] __flush_smp_call_function_queue+0x1df/0x5a0 [ 118.809376] ? perf_duration_warn+0x40/0x40 [ 118.810021] __sysvec_call_function_single+0x92/0x3a0 [ 118.810763] sysvec_call_function_single+0x89/0xc0 [ 118.811467] [ 118.811802] [ 118.812134] asm_sysvec_call_function_single+0x16/0x20 [ 118.812895] RIP: 0010:__orc_find+0x2/0xf0 [ 118.813485] Code: ff ff e8 41 e8 66 00 e9 43 fd ff ff cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 07 e9 f8 8e 4e 03 0f 1f 84 00 00 00 00 00 41 57 <89> d0 41 56 41 55 41 54 4c 8d 64 87 fc 55 53 48 83 ec 10 85 d2 0f [ 118.816010] RSP: 0018:ffff88803da0f8c0 EFLAGS: 00000216 [ 118.816749] RAX: 000000000000946d RBX: 0000000000000001 RCX: ffffffff811d5f1f [ 118.817728] RDX: 0000000000000009 RSI: ffffffff85e507f6 RDI: ffffffff85b5c56c [ 118.818714] RBP: ffff88803da0f9a8 R08: ffffffff85e507f6 R09: ffffffff85ee508a [ 118.819695] R10: ffffed1007b41f37 R11: 000000000003603d R12: ffff88803da0f991 [ 118.820670] R13: ffff88803da0f9b0 R14: ffff88803da0f950 R15: ffffffff811d5f1f [ 118.821645] ? task_work_run+0x16f/0x280 [ 118.822247] ? task_work_run+0x16f/0x280 [ 118.822829] ? task_work_run+0x16f/0x280 [ 118.823400] unwind_next_frame+0x2b4/0x20b0 [ 118.824009] ? task_work_run+0x170/0x280 [ 118.824582] ? task_work_run+0x170/0x280 [ 118.825154] ? kernel_text_address+0xd/0xb0 [ 118.825755] ? write_profile+0x3e0/0x3e0 [ 118.826341] ? write_profile+0x3e0/0x3e0 [ 118.826928] arch_stack_walk+0x83/0xf0 [ 118.827573] ? task_work_run+0x170/0x280 [ 118.828223] ? dentry_free+0xde/0x160 [ 118.828837] stack_trace_save+0x8c/0xc0 [ 118.829478] ? filter_irq_stacks+0x90/0x90 [ 118.830181] ? dentry_free+0xde/0x160 [ 118.830795] ? kasan_save_stack+0x31/0x40 [ 118.831459] ? kasan_save_stack+0x1e/0x40 [ 118.832114] ? __kasan_record_aux_stack+0x95/0xb0 [ 118.832889] kasan_save_stack+0x1e/0x40 [ 118.833528] ? kasan_save_stack+0x1e/0x40 [ 118.834193] ? kasan_set_track+0x21/0x30 [ 118.834848] ? kasan_save_free_info+0x2a/0x50 [ 118.835570] ? __kasan_slab_free+0x106/0x190 [ 118.836275] ? kmem_cache_free+0xf7/0x610 [ 118.836936] ? dentry_free+0xde/0x160 [ 118.837551] ? __dentry_kill+0x47d/0x5c0 [ 118.838217] ? dput+0x821/0xe10 [ 118.838761] ? __fput+0x3a6/0xa40 [ 118.839314] ? task_work_run+0x170/0x280 [ 118.839956] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 118.840814] ? lock_is_held_type+0xd7/0x130 [ 118.841502] ? find_held_lock+0x2c/0x110 [ 118.842167] ? lock_release+0x3b2/0x750 [ 118.842804] ? __delete_object+0xb3/0x100 [ 118.843468] ? call_rcu+0x589/0xa30 [ 118.844052] ? call_rcu+0x589/0xa30 [ 118.844637] ? lockdep_hardirqs_on+0x79/0x100 [ 118.845358] kasan_set_track+0x21/0x30 [ 118.846002] kasan_save_free_info+0x2a/0x50 [ 118.846696] __kasan_slab_free+0x106/0x190 [ 118.847381] ? dentry_free+0xde/0x160 [ 118.848111] kmem_cache_free+0xf7/0x610 [ 118.848890] dentry_free+0xde/0x160 [ 118.849589] __dentry_kill+0x47d/0x5c0 [ 118.850230] ? dput+0x35/0xe10 [ 118.850761] ? dput+0x35/0xe10 [ 118.851289] dput+0x821/0xe10 [ 118.851817] __fput+0x3a6/0xa40 [ 118.852364] task_work_run+0x170/0x280 [ 118.852988] ? task_work_cancel+0x30/0x30 [ 118.853643] ? exit_to_user_mode_prepare+0x109/0x1a0 [ 118.854486] exit_to_user_mode_prepare+0x199/0x1a0 [ 118.855271] syscall_exit_to_user_mode+0x19/0x40 [ 118.856023] do_syscall_64+0x48/0x90 [ 118.856618] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.857431] RIP: 0033:0x7f8757c7c72b [ 118.858039] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 118.860798] RSP: 002b:00007ffefbdce620 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 118.861976] RAX: 0000000000000000 RBX: 00007f8757daa4c0 RCX: 00007f8757c7c72b [ 118.863066] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 118.864150] RBP: 0000000000000003 R08: 0000000000000000 R09: ff00000000000000 [ 118.865237] R10: 00007f8757dac668 R11: 0000000000000293 R12: 0000000000000003 [ 118.866350] R13: 00007f8757da9140 R14: 00007f8757da9e48 R15: 00007ffefbdce700 [ 118.867472] [ 118.867846] irq event stamp: 122714 [ 118.868405] hardirqs last enabled at (122713): [] call_rcu+0x589/0xa30 [ 118.869655] hardirqs last disabled at (122714): [] sysvec_call_function_single+0xb/0xc0 [ 118.871138] softirqs last enabled at (122662): [] tcp_close+0x38/0xc0 [ 118.872380] softirqs last disabled at (122660): [] release_sock+0x1b/0x1b0 [ 118.873684] ---[ end trace 0000000000000000 ]--- [ 118.880954] Bluetooth: MGMT ver 1.22 11:50:11 executing program 6: r0 = syz_io_uring_setup(0x51dc, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_STATX={0x15, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x64d0, 0x0, 0x0, 0x0, 0x0) [ 119.477470] audit: type=1400 audit(1663329012.091:9): avc: denied { write } for pid=3758 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.481113] ------------[ cut here ]------------ [ 119.481848] WARNING: CPU: 0 PID: 300 at kernel/events/core.c:2047 perf_group_detach+0x99e/0x12f0 [ 119.483065] Modules linked in: [ 119.483524] CPU: 0 PID: 300 Comm: syz-executor.5 Tainted: G W 6.0.0-rc5-next-20220916 #1 [ 119.484799] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.486346] RIP: 0010:perf_group_detach+0x99e/0x12f0 [ 119.487053] Code: 85 d5 f8 ff ff e8 22 57 ee ff 65 44 8b 25 96 b5 aa 7e 31 ff 44 89 e6 e8 c0 53 ee ff 45 85 e4 0f 84 0a 05 00 00 e8 02 57 ee ff <0f> 0b e9 a9 f8 ff ff e8 f6 56 ee ff 65 8b 1d 6b b5 aa 7e 31 ff 89 [ 119.489519] RSP: 0018:ffff88806ce09e60 EFLAGS: 00010046 [ 119.490298] RAX: 0000000080010001 RBX: ffff88803fdd85c8 RCX: 0000000000000000 [ 119.491265] RDX: ffff88801003d040 RSI: ffffffff8157c03e RDI: 0000000000000005 [ 119.492251] RBP: ffff88803fdd85c8 R08: 0000000000000005 R09: 0000000000000001 [ 119.493220] R10: 0000000000000000 R11: ffffffff865ac01b R12: 0000000000000000 [ 119.494209] R13: ffff88803fdd8658 R14: ffff88806ce3d100 R15: ffff88803fdd85c8 [ 119.495193] FS: 0000555555817400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 119.496281] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.497089] CR2: 0000001b2d924000 CR3: 00000000187a8000 CR4: 0000000000350ef0 [ 119.498077] Call Trace: [ 119.498450] [ 119.498780] ? perf_event_idx_default+0x10/0x10 [ 119.499439] ? event_sched_out+0x71c/0xcd0 [ 119.500041] __perf_remove_from_context+0x71e/0xb20 [ 119.500773] event_function+0x297/0x3d0 [ 119.501348] ? perf_output_read+0xf80/0xf80 [ 119.501981] remote_function+0x125/0x1b0 [ 119.502578] __flush_smp_call_function_queue+0x1df/0x5a0 [ 119.503328] ? perf_duration_warn+0x40/0x40 [ 119.503947] __sysvec_call_function_single+0x92/0x3a0 [ 119.504677] sysvec_call_function_single+0x89/0xc0 [ 119.505375] [ 119.505703] [ 119.506048] asm_sysvec_call_function_single+0x16/0x20 [ 119.506791] RIP: 0010:mod_objcg_state+0x3af/0x9e0 [ 119.507485] Code: 00 00 49 c7 44 24 28 00 00 00 00 48 c7 c6 17 0c 7b 81 4c 89 e7 e8 61 2b af ff 48 83 3c 24 00 74 06 e8 65 e3 d1 ff fb 4d 85 ff <0f> 84 95 00 00 00 48 83 c4 28 4c 89 ff 5b 5d 41 5c 41 5d 41 5e 41 [ 119.509947] RSP: 0018:ffff88803da0f660 EFLAGS: 00000246 [ 119.510688] RAX: 000000000001ed99 RBX: ffff88806ce34ba0 RCX: ffffffff812999ff [ 119.511676] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 119.512659] RBP: ffff88806ce34bc8 R08: 0000000000000001 R09: ffffffff86ccb7d7 [ 119.513640] R10: fffffbfff0d996fa R11: 0000000000000001 R12: ffff88806ce34ba0 [ 119.514633] R13: ffff88807ffdc000 R14: 0000000000000006 R15: 0000000000000000 [ 119.515635] ? mark_lock.part.0+0xef/0x2f70 [ 119.516287] memcg_slab_post_alloc_hook+0x1a8/0x440 [ 119.517006] kmem_cache_alloc+0x1e3/0x3e0 [ 119.517613] vm_area_dup+0x7f/0x230 [ 119.518196] ? lock_is_held_type+0xd7/0x130 [ 119.518825] ? mas_next_nentry+0x5dc/0xa00 [ 119.519453] ? vm_area_alloc+0x100/0x100 [ 119.520054] ? mas_find+0x209/0xdd0 [ 119.520613] dup_mmap+0x5e9/0xfc0 [ 119.521150] ? replace_mm_exe_file+0x4b0/0x4b0 [ 119.521820] ? do_raw_spin_unlock+0x4f/0x220 [ 119.522508] ? lockdep_init_map_type+0x2c7/0x7a0 [ 119.523207] ? __init_rwsem+0x129/0x1b0 [ 119.523794] dup_mm+0x91/0x380 [ 119.524285] copy_process+0x6ac7/0x6e20 [ 119.524857] ? lock_is_held_type+0xd7/0x130 [ 119.525502] ? __cleanup_sighand+0xb0/0xb0 [ 119.526109] ? do_raw_spin_unlock+0x4f/0x220 [ 119.526743] ? _raw_spin_unlock+0x24/0x40 [ 119.527326] ? finish_fault+0x4e5/0x8c0 [ 119.527904] kernel_clone+0xe7/0x890 [ 119.528438] ? create_io_thread+0xf0/0xf0 [ 119.529011] ? lock_is_held_type+0xd7/0x130 [ 119.529633] ? lock_is_held_type+0xd7/0x130 [ 119.530256] ? find_held_lock+0x2c/0x110 [ 119.530833] ? lock_release+0x3b2/0x750 [ 119.531417] __do_sys_clone+0xba/0x100 [ 119.531967] ? __do_sys_vfork+0xc0/0xc0 [ 119.532551] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.533285] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.534043] do_syscall_64+0x3b/0x90 [ 119.534585] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.535315] RIP: 0033:0x7f8757cc810b [ 119.535839] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 [ 119.538260] RSP: 002b:00007ffefbdce620 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 119.539251] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8757cc810b [ 119.540202] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 119.541117] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555555817400 [ 119.542085] R10: 00005555558176d0 R11: 0000000000000246 R12: 0000000000000001 [ 119.543064] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffefbdce700 [ 119.544076] [ 119.544415] irq event stamp: 126362 [ 119.544913] hardirqs last enabled at (126361): [] mod_objcg_state+0x3ab/0x9e0 [ 119.546137] hardirqs last disabled at (126362): [] sysvec_call_function_single+0xb/0xc0 [ 119.547446] softirqs last enabled at (126228): [] __irq_exit_rcu+0x11b/0x180 [ 119.548635] softirqs last disabled at (126093): [] __irq_exit_rcu+0x11b/0x180 [ 119.549844] ---[ end trace 0000000000000000 ]--- [ 119.550564] ------------[ cut here ]------------ [ 119.551211] WARNING: CPU: 0 PID: 300 at kernel/events/core.c:2183 perf_group_detach+0x9c7/0x12f0 [ 119.552434] Modules linked in: [ 119.552886] CPU: 0 PID: 300 Comm: syz-executor.5 Tainted: G W 6.0.0-rc5-next-20220916 #1 [ 119.554184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.555715] RIP: 0010:perf_group_detach+0x9c7/0x12f0 [ 119.556427] Code: ff 0f 0b e9 a9 f8 ff ff e8 f6 56 ee ff 65 8b 1d 6b b5 aa 7e 31 ff 89 de e8 96 53 ee ff 85 db 0f 84 86 04 00 00 e8 d9 56 ee ff <0f> 0b e9 0e fa ff ff e8 cd 56 ee ff 48 8b 7c 24 20 48 81 c7 f8 00 [ 119.558922] RSP: 0018:ffff88806ce09e60 EFLAGS: 00010046 [ 119.559655] RAX: 0000000080010001 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.560628] RDX: ffff88801003d040 RSI: ffffffff8157c067 RDI: 0000000000000005 [ 119.561605] RBP: ffff88803fdd85c8 R08: 0000000000000005 R09: 0000000000000001 [ 119.562593] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88803fdd85c8 [ 119.563567] R13: ffff88803fdd85c8 R14: ffff88806ce3d100 R15: ffff88803fdd85c8 [ 119.564556] FS: 0000555555817400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 119.565654] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.566474] CR2: 0000001b2d924000 CR3: 00000000187a8000 CR4: 0000000000350ef0 [ 119.567435] Call Trace: [ 119.567766] [ 119.568052] ? perf_event_idx_default+0x10/0x10 [ 119.568652] ? event_sched_out+0x71c/0xcd0 [ 119.569197] __perf_remove_from_context+0x71e/0xb20 [ 119.569841] event_function+0x297/0x3d0 [ 119.570372] ? perf_output_read+0xf80/0xf80 [ 119.570961] remote_function+0x125/0x1b0 [ 119.571529] __flush_smp_call_function_queue+0x1df/0x5a0 [ 119.572270] ? perf_duration_warn+0x40/0x40 [ 119.572896] __sysvec_call_function_single+0x92/0x3a0 [ 119.573633] sysvec_call_function_single+0x89/0xc0 [ 119.574375] [ 119.574675] [ 119.575017] asm_sysvec_call_function_single+0x16/0x20 [ 119.575779] RIP: 0010:mod_objcg_state+0x3af/0x9e0 [ 119.576492] Code: 00 00 49 c7 44 24 28 00 00 00 00 48 c7 c6 17 0c 7b 81 4c 89 e7 e8 61 2b af ff 48 83 3c 24 00 74 06 e8 65 e3 d1 ff fb 4d 85 ff <0f> 84 95 00 00 00 48 83 c4 28 4c 89 ff 5b 5d 41 5c 41 5d 41 5e 41 [ 119.579113] RSP: 0018:ffff88803da0f660 EFLAGS: 00000246 [ 119.579889] RAX: 000000000001ed99 RBX: ffff88806ce34ba0 RCX: ffffffff812999ff [ 119.580918] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 119.581886] RBP: ffff88806ce34bc8 R08: 0000000000000001 R09: ffffffff86ccb7d7 [ 119.582881] R10: fffffbfff0d996fa R11: 0000000000000001 R12: ffff88806ce34ba0 [ 119.583857] R13: ffff88807ffdc000 R14: 0000000000000006 R15: 0000000000000000 [ 119.584854] ? mark_lock.part.0+0xef/0x2f70 [ 119.585497] memcg_slab_post_alloc_hook+0x1a8/0x440 [ 119.586145] kmem_cache_alloc+0x1e3/0x3e0 [ 119.586678] vm_area_dup+0x7f/0x230 [ 119.587178] ? lock_is_held_type+0xd7/0x130 [ 119.587734] ? mas_next_nentry+0x5dc/0xa00 [ 119.588278] ? vm_area_alloc+0x100/0x100 [ 119.588817] ? mas_find+0x209/0xdd0 [ 119.589321] dup_mmap+0x5e9/0xfc0 [ 119.589835] ? replace_mm_exe_file+0x4b0/0x4b0 [ 119.590490] ? do_raw_spin_unlock+0x4f/0x220 [ 119.591212] ? lockdep_init_map_type+0x2c7/0x7a0 [ 119.591841] ? __init_rwsem+0x129/0x1b0 [ 119.592366] dup_mm+0x91/0x380 [ 119.592804] copy_process+0x6ac7/0x6e20 [ 119.593314] ? lock_is_held_type+0xd7/0x130 [ 119.593901] ? __cleanup_sighand+0xb0/0xb0 [ 119.594462] ? do_raw_spin_unlock+0x4f/0x220 [ 119.595045] ? _raw_spin_unlock+0x24/0x40 [ 119.595586] ? finish_fault+0x4e5/0x8c0 [ 119.596125] kernel_clone+0xe7/0x890 [ 119.596658] ? create_io_thread+0xf0/0xf0 [ 119.597329] ? lock_is_held_type+0xd7/0x130 [ 119.598064] ? lock_is_held_type+0xd7/0x130 [ 119.598775] ? find_held_lock+0x2c/0x110 [ 119.599448] ? lock_release+0x3b2/0x750 [ 119.600111] __do_sys_clone+0xba/0x100 [ 119.600748] ? __do_sys_vfork+0xc0/0xc0 [ 119.601423] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.602298] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.603156] do_syscall_64+0x3b/0x90 [ 119.603776] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.604616] RIP: 0033:0x7f8757cc810b [ 119.605223] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 [ 119.608082] RSP: 002b:00007ffefbdce620 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 119.609293] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8757cc810b [ 119.610440] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 119.611574] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555555817400 [ 119.612711] R10: 00005555558176d0 R11: 0000000000000246 R12: 0000000000000001 [ 119.613851] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffefbdce700 [ 119.615044] [ 119.615435] irq event stamp: 126362 [ 119.616024] hardirqs last enabled at (126361): [] mod_objcg_state+0x3ab/0x9e0 [ 119.617441] hardirqs last disabled at (126362): [] sysvec_call_function_single+0xb/0xc0 [ 119.618991] softirqs last enabled at (126228): [] __irq_exit_rcu+0x11b/0x180 [ 119.620391] softirqs last disabled at (126093): [] __irq_exit_rcu+0x11b/0x180 [ 119.621780] ---[ end trace 0000000000000000 ]--- [ 119.622618] ------------[ cut here ]------------ [ 119.623374] WARNING: CPU: 0 PID: 300 at kernel/events/core.c:655 perf_event_update_sibling_time+0xd5/0x4d0 [ 119.624915] Modules linked in: [ 119.625449] CPU: 0 PID: 300 Comm: syz-executor.5 Tainted: G W 6.0.0-rc5-next-20220916 #1 [ 119.626965] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.628762] RIP: 0010:perf_event_update_sibling_time+0xd5/0x4d0 [ 119.629753] Code: 5e 41 5f e9 5d c5 f0 ff e8 58 c5 f0 ff 65 8b 1d cd 23 ad 7e 31 ff 89 de e8 f8 c1 f0 ff 85 db 0f 84 d3 02 00 00 e8 3b c5 f0 ff <0f> 0b eb 97 e8 32 c5 f0 ff 48 8d 7d 10 48 b8 00 00 00 00 00 fc ff [ 119.632668] RSP: 0018:ffff88806ce09e58 EFLAGS: 00010046 [ 119.633537] RAX: 0000000080010001 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.634709] RDX: ffff88801003d040 RSI: ffffffff81555205 RDI: 0000000000000005 [ 119.635860] RBP: ffff88803fdd85c8 R08: 0000000000000005 R09: 0000000000000001 [ 119.637011] R10: 0000000000000000 R11: ffffffff865ac01b R12: 0000000000000000 [ 119.638174] R13: ffff88803fdd8670 R14: 0000000000000001 R15: 0000000000000001 [ 119.639327] FS: 0000555555817400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 119.640625] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.641573] CR2: 0000001b2d924000 CR3: 00000000187a8000 CR4: 0000000000350ef0 [ 119.642756] Call Trace: [ 119.643193] [ 119.643566] ? lock_is_held_type+0xd7/0x130 [ 119.644287] ? perf_event_update_time+0x285/0x380 [ 119.645098] list_del_event+0x524/0x860 [ 119.645779] __perf_remove_from_context+0xd2/0xb20 [ 119.646614] event_function+0x297/0x3d0 [ 119.647286] ? perf_output_read+0xf80/0xf80 [ 119.648021] remote_function+0x125/0x1b0 [ 119.648706] __flush_smp_call_function_queue+0x1df/0x5a0 [ 119.649494] ? perf_duration_warn+0x40/0x40 [ 119.650198] __sysvec_call_function_single+0x92/0x3a0 [ 119.650971] sysvec_call_function_single+0x89/0xc0 [ 119.651703] [ 119.652035] [ 119.652367] asm_sysvec_call_function_single+0x16/0x20 [ 119.653141] RIP: 0010:mod_objcg_state+0x3af/0x9e0 [ 119.653843] Code: 00 00 49 c7 44 24 28 00 00 00 00 48 c7 c6 17 0c 7b 81 4c 89 e7 e8 61 2b af ff 48 83 3c 24 00 74 06 e8 65 e3 d1 ff fb 4d 85 ff <0f> 84 95 00 00 00 48 83 c4 28 4c 89 ff 5b 5d 41 5c 41 5d 41 5e 41 [ 119.656424] RSP: 0018:ffff88803da0f660 EFLAGS: 00000246 [ 119.657187] RAX: 000000000001ed99 RBX: ffff88806ce34ba0 RCX: ffffffff812999ff [ 119.658248] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 119.659281] RBP: ffff88806ce34bc8 R08: 0000000000000001 R09: ffffffff86ccb7d7 [ 119.660263] R10: fffffbfff0d996fa R11: 0000000000000001 R12: ffff88806ce34ba0 [ 119.661226] R13: ffff88807ffdc000 R14: 0000000000000006 R15: 0000000000000000 [ 119.662221] ? mark_lock.part.0+0xef/0x2f70 [ 119.662852] memcg_slab_post_alloc_hook+0x1a8/0x440 [ 119.663562] kmem_cache_alloc+0x1e3/0x3e0 [ 119.664158] vm_area_dup+0x7f/0x230 [ 119.664721] ? lock_is_held_type+0xd7/0x130 [ 119.665344] ? mas_next_nentry+0x5dc/0xa00 [ 119.665945] ? vm_area_alloc+0x100/0x100 [ 119.666544] ? mas_find+0x209/0xdd0 [ 119.667107] dup_mmap+0x5e9/0xfc0 [ 119.667638] ? replace_mm_exe_file+0x4b0/0x4b0 [ 119.668295] ? do_raw_spin_unlock+0x4f/0x220 [ 119.668941] ? lockdep_init_map_type+0x2c7/0x7a0 [ 119.669634] ? __init_rwsem+0x129/0x1b0 [ 119.670229] dup_mm+0x91/0x380 [ 119.670712] copy_process+0x6ac7/0x6e20 [ 119.671285] ? lock_is_held_type+0xd7/0x130 [ 119.671925] ? __cleanup_sighand+0xb0/0xb0 [ 119.672518] ? do_raw_spin_unlock+0x4f/0x220 [ 119.673156] ? _raw_spin_unlock+0x24/0x40 [ 119.673755] ? finish_fault+0x4e5/0x8c0 [ 119.674343] kernel_clone+0xe7/0x890 [ 119.674874] ? create_io_thread+0xf0/0xf0 [ 119.675449] ? lock_is_held_type+0xd7/0x130 [ 119.676070] ? lock_is_held_type+0xd7/0x130 [ 119.676686] ? find_held_lock+0x2c/0x110 [ 119.677269] ? lock_release+0x3b2/0x750 [ 119.677846] __do_sys_clone+0xba/0x100 [ 119.678396] ? __do_sys_vfork+0xc0/0xc0 [ 119.678969] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.679683] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.680418] do_syscall_64+0x3b/0x90 [ 119.680945] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.681664] RIP: 0033:0x7f8757cc810b [ 119.682205] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 [ 119.684631] RSP: 002b:00007ffefbdce620 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 119.685671] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8757cc810b [ 119.686643] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 119.687601] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555555817400 [ 119.688571] R10: 00005555558176d0 R11: 0000000000000246 R12: 0000000000000001 [ 119.689529] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffefbdce700 [ 119.690535] [ 119.690866] irq event stamp: 126362 [ 119.691370] hardirqs last enabled at (126361): [] mod_objcg_state+0x3ab/0x9e0 [ 119.692584] hardirqs last disabled at (126362): [] sysvec_call_function_single+0xb/0xc0 [ 119.693879] softirqs last enabled at (126228): [] __irq_exit_rcu+0x11b/0x180 [ 119.695066] softirqs last disabled at (126093): [] __irq_exit_rcu+0x11b/0x180 [ 119.696261] ---[ end trace 0000000000000000 ]--- 11:50:20 executing program 0: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:50:20 executing program 4: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, 0x0, 0x0) 11:50:20 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f00000009c0)=0x6) 11:50:20 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000a940)=[{&(0x7f0000000080)={0x2c, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @u32}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x5, 0xa, 0x0, 0x0, @binary='{'}]}]}, 0x2c}], 0x1}, 0x0) 11:50:20 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) copy_file_range(r0, &(0x7f0000000000)=0x200, r0, 0x0, 0xffffffffffffffff, 0x0) 11:50:20 executing program 6: r0 = syz_io_uring_setup(0x51dc, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_STATX={0x15, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x64d0, 0x0, 0x0, 0x0, 0x0) 11:50:20 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000009c0)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4, 0x1}]}]}, 0x1c}}, 0x0) 11:50:20 executing program 5: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x5416, 0x0) 11:50:20 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) copy_file_range(r0, &(0x7f0000000000)=0x200, r0, 0x0, 0xffffffffffffffff, 0x0) 11:50:20 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000009c0)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4, 0x1}]}]}, 0x1c}}, 0x0) 11:50:20 executing program 5: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x5416, 0x0) 11:50:20 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f00000009c0)=0x6) 11:50:20 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000a940)=[{&(0x7f0000000080)={0x2c, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @u32}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x5, 0xa, 0x0, 0x0, @binary='{'}]}]}, 0x2c}], 0x1}, 0x0) 11:50:20 executing program 6: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:50:20 executing program 4: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:50:20 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000009c0)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4, 0x1}]}]}, 0x1c}}, 0x0) 11:50:20 executing program 0: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:50:20 executing program 5: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x5416, 0x0) 11:50:20 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:50:20 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f00000009c0)=0x6) 11:50:20 executing program 6: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:50:20 executing program 4: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:50:20 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000a940)=[{&(0x7f0000000080)={0x2c, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @u32}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x5, 0xa, 0x0, 0x0, @binary='{'}]}]}, 0x2c}], 0x1}, 0x0) 11:50:20 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) copy_file_range(r0, &(0x7f0000000000)=0x200, r0, 0x0, 0xffffffffffffffff, 0x0) 11:50:20 executing program 7: r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmctl$IPC_RMID(r0, 0x0) 11:50:20 executing program 6: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:50:20 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:50:20 executing program 4: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) [ 128.234616] ------------[ cut here ]------------ [ 128.235293] WARNING: CPU: 0 PID: 4027 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 128.236494] Modules linked in: [ 128.236931] CPU: 0 PID: 4027 Comm: syz-executor.6 Tainted: G W 6.0.0-rc5-next-20220916 #1 [ 128.238142] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 128.239557] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 128.240253] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 128.242558] RSP: 0000:ffff88806ce09e48 EFLAGS: 00010046 [ 128.243234] RAX: 0000000080010001 RBX: 0000000000000000 RCX: 0000000000000000 [ 128.244130] RDX: ffff88803b3f9ac0 RSI: ffffffff81566027 RDI: 0000000000000005 [ 128.245036] RBP: ffff888008661158 R08: 0000000000000005 R09: 0000000000000001 [ 128.245934] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88806ce3d100 [ 128.246859] R13: ffff88806ce3d100 R14: ffffffff8547c7c0 R15: 0000000000000002 [ 128.247762] FS: 00005555565ac400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 128.248776] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.249513] CR2: 00007f6931cb5b42 CR3: 000000003efd0000 CR4: 0000000000350ef0 [ 128.250447] Call Trace: [ 128.250807] [ 128.251118] ctx_sched_out+0x8f1/0xc10 [ 128.251656] ctx_resched+0x2f3/0x390 [ 128.252173] __perf_install_in_context+0x285/0x9c0 [ 128.252828] ? __irq_exit_rcu+0x11b/0x180 [ 128.253397] ? ctx_resched+0x390/0x390 [ 128.253930] remote_function+0x125/0x1b0 [ 128.254511] __flush_smp_call_function_queue+0x1df/0x5a0 [ 128.255233] ? perf_duration_warn+0x40/0x40 [ 128.255826] __sysvec_call_function_single+0x92/0x3a0 [ 128.256524] sysvec_call_function_single+0x89/0xc0 [ 128.257193] [ 128.257503] [ 128.257815] asm_sysvec_call_function_single+0x16/0x20 [ 128.258532] RIP: 0010:lock_is_held_type+0xf8/0x130 [ 128.259199] Code: 60 ef 86 84 e8 a9 0c 00 00 b8 ff ff ff ff 65 0f c1 05 cc 42 de 7b 83 f8 01 75 26 48 f7 04 24 00 02 00 00 74 01 fb 48 83 c4 08 <44> 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f e9 06 06 3c 00 45 31 ed eb [ 128.261593] RSP: 0000:ffff88803fcafe38 EFLAGS: 00000282 [ 128.262328] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000001 [ 128.263279] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 128.264232] RBP: ffffffff85406fa0 R08: 0000000000000001 R09: 0000000000000000 [ 128.265162] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88803b3f9ac0 [ 128.266110] R13: 0000000000000001 R14: 00000000ffffffff R15: ffff88803b3fa460 [ 128.267098] handle_mm_fault+0x145/0xa20 [ 128.267663] do_user_addr_fault+0x536/0x1300 [ 128.268289] exc_page_fault+0x98/0x1a0 [ 128.268843] asm_exc_page_fault+0x22/0x30 [ 128.269424] RIP: 0033:0x7f6931c04bfc [ 128.269929] Code: d2 0f 84 2b 18 00 00 48 83 fa 01 0f 84 2d 18 00 00 49 89 d3 89 f1 89 f8 48 83 e1 3f 48 83 e0 3f 83 f9 30 77 49 83 f8 30 77 44 <66> 0f 12 0f 66 0f 12 16 66 0f 16 4f 08 66 0f 16 56 08 66 0f ef c0 [ 128.272342] RSP: 002b:00007ffcdb8806d8 EFLAGS: 00010287 [ 128.273046] RAX: 0000000000000002 RBX: 00007f6931cc9720 RCX: 000000000000001b [ 128.273973] RDX: 0000000000000007 RSI: 00007f6931c88ddb RDI: 00007f6931cb5b42 [ 128.274933] RBP: 00007f6931cb5b42 R08: 00007f6932146000 R09: 0000001b2e022ca4 [ 128.275876] R10: 0000000000001605 R11: 0000000000000007 R12: 000000000001f453 [ 128.276806] R13: 00000000000003e8 R14: 00007f6931d41f60 R15: 000000000001f435 [ 128.277760] [ 128.278079] irq event stamp: 2296 [ 128.278538] hardirqs last enabled at (2295): [] do_user_addr_fault+0x786/0x1300 [ 128.279703] hardirqs last disabled at (2296): [] sysvec_call_function_single+0xb/0xc0 [ 128.280933] softirqs last enabled at (2058): [] __irq_exit_rcu+0x11b/0x180 [ 128.282074] softirqs last disabled at (2053): [] __irq_exit_rcu+0x11b/0x180 [ 128.283191] ---[ end trace 0000000000000000 ]--- 11:50:21 executing program 0: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:50:21 executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000900)=0x1, 0x4) 11:50:21 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002840)=[{&(0x7f0000002100)="e2", 0x1}], 0x1, &(0x7f0000000780)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0) recvmsg$unix(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)}, 0x0) 11:50:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000a940)=[{&(0x7f0000000080)={0x2c, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @u32}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x5, 0xa, 0x0, 0x0, @binary='{'}]}]}, 0x2c}], 0x1}, 0x0) 11:50:21 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000980), &(0x7f0000000940)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0x1d, r0, &(0x7f0000000000)=""/20, 0x14) 11:50:21 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum') close(r0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80) fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1) r3 = dup(r1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8) 11:50:21 executing program 7: fallocate(0xffffffffffffffff, 0x0, 0x2, 0x0) readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000300)=""/102, 0x66}], 0x1) r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)) getdents64(r0, &(0x7f0000000140)=""/26, 0x1a) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYRES32], 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r5, &(0x7f0000000040)=""/169, 0x200000e9) sendfile(r4, r3, 0x0, 0xfffffdef) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="20007dbc498dfb68165e5d25d36f3c17011c5c89ce961f15c73cc5791bb3acd2c7b7625d009eeb67c405fce273f1e3c3c4c2b59cdeb7b76aa850ec4604cf9511ae707cea5eccbebe49a6dc24307e93bfc20f071b872699c1bece45fccc848fa4fa013572"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10004000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000180)='./file1\x00', 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/consoles\x00', 0x0, 0x0) 11:50:21 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x0, 0x2, &(0x7f0000000380)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x73}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000011200)=ANY=[]) chdir(&(0x7f00000000c0)='./file0\x00') io_setup(0x6, &(0x7f0000000040)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105241, 0x0) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) io_submit(r0, 0x4000, &(0x7f00000004c0)=[&(0x7f0000000200)={0xeffdffff, 0x8008, 0x10, 0x1, 0x0, r1, &(0x7f00000001c0)="10", 0x1}]) 11:50:21 executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000900)=0x1, 0x4) [ 128.539646] loop6: detected capacity change from 0 to 256 [ 128.546857] hrtimer: interrupt took 30367 ns [ 128.601380] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) VM DIAGNOSIS: 11:50:11 Registers: info registers vcpu 0 RAX=000000000000002e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b3251 RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff88806ce09640 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002e R11=0000000000000001 R12=000000000000002e R13=ffffffff87641b60 R14=0000000000000010 R15=ffffffff822b3240 RIP=ffffffff822b32a9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555555817400 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd4cdcaa650 CR3=00000000187a8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 00e800a800000000 0000000000000000 YMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM02=0000000000000000 0000000000000000 00524f5252450040 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=000000000001d839 RBX=1ffff11007fbaf84 RCX=ffffc900007cb000 RDX=0000000000040000 RSI=ffffffff813bc113 RDI=0000000000000005 RBP=ffff88803fdd7cc8 RSP=ffff88803fdd7c00 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000000000001 R13=0000000000000000 R14=0000000000000000 R15=0000000000000200 RIP=ffffffff813bc115 RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd577eb4700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fcbfd578610 CR3=000000003dca4000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00362e6f732e6362 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 ffff0000000000ff ffffffffffffffff YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000