Warning: Permanently added '[localhost]:34422' (ECDSA) to the list of known hosts. 2022/10/31 13:36:58 fuzzer started 2022/10/31 13:36:58 dialing manager at localhost:40945 syzkaller login: [ 35.453774] cgroup: Unknown subsys name 'net' [ 35.596369] cgroup: Unknown subsys name 'rlimit' 2022/10/31 13:37:13 syscalls: 2217 2022/10/31 13:37:13 code coverage: enabled 2022/10/31 13:37:13 comparison tracing: enabled 2022/10/31 13:37:13 extra coverage: enabled 2022/10/31 13:37:13 setuid sandbox: enabled 2022/10/31 13:37:13 namespace sandbox: enabled 2022/10/31 13:37:13 Android sandbox: enabled 2022/10/31 13:37:13 fault injection: enabled 2022/10/31 13:37:13 leak checking: enabled 2022/10/31 13:37:13 net packet injection: enabled 2022/10/31 13:37:13 net device setup: enabled 2022/10/31 13:37:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/31 13:37:13 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/31 13:37:13 USB emulation: enabled 2022/10/31 13:37:13 hci packet injection: enabled 2022/10/31 13:37:13 wifi device emulation: enabled 2022/10/31 13:37:13 802.15.4 emulation: enabled 2022/10/31 13:37:13 fetching corpus: 0, signal 0/2000 (executing program) 2022/10/31 13:37:13 fetching corpus: 50, signal 36152/39691 (executing program) 2022/10/31 13:37:13 fetching corpus: 100, signal 47902/52956 (executing program) 2022/10/31 13:37:14 fetching corpus: 150, signal 58476/64957 (executing program) 2022/10/31 13:37:14 fetching corpus: 200, signal 67972/75780 (executing program) 2022/10/31 13:37:14 fetching corpus: 250, signal 77029/86004 (executing program) 2022/10/31 13:37:14 fetching corpus: 300, signal 82379/92566 (executing program) 2022/10/31 13:37:14 fetching corpus: 350, signal 86311/97705 (executing program) 2022/10/31 13:37:14 fetching corpus: 400, signal 88827/101469 (executing program) 2022/10/31 13:37:14 fetching corpus: 450, signal 95332/108935 (executing program) 2022/10/31 13:37:15 fetching corpus: 500, signal 99577/114225 (executing program) 2022/10/31 13:37:15 fetching corpus: 550, signal 103214/118971 (executing program) 2022/10/31 13:37:15 fetching corpus: 600, signal 105901/122771 (executing program) 2022/10/31 13:37:15 fetching corpus: 650, signal 110421/128150 (executing program) 2022/10/31 13:37:15 fetching corpus: 700, signal 116456/134821 (executing program) 2022/10/31 13:37:15 fetching corpus: 750, signal 118932/138206 (executing program) 2022/10/31 13:37:15 fetching corpus: 800, signal 122729/142761 (executing program) 2022/10/31 13:37:16 fetching corpus: 850, signal 126881/147666 (executing program) 2022/10/31 13:37:16 fetching corpus: 900, signal 130707/152193 (executing program) 2022/10/31 13:37:16 fetching corpus: 950, signal 133317/155610 (executing program) 2022/10/31 13:37:16 fetching corpus: 1000, signal 136491/159477 (executing program) 2022/10/31 13:37:16 fetching corpus: 1050, signal 138544/162356 (executing program) 2022/10/31 13:37:16 fetching corpus: 1100, signal 141140/165718 (executing program) 2022/10/31 13:37:16 fetching corpus: 1150, signal 142934/168359 (executing program) 2022/10/31 13:37:17 fetching corpus: 1200, signal 145653/171704 (executing program) 2022/10/31 13:37:17 fetching corpus: 1250, signal 147553/174308 (executing program) 2022/10/31 13:37:17 fetching corpus: 1300, signal 149251/176688 (executing program) 2022/10/31 13:37:17 fetching corpus: 1350, signal 150925/179077 (executing program) 2022/10/31 13:37:17 fetching corpus: 1400, signal 154232/182740 (executing program) 2022/10/31 13:37:17 fetching corpus: 1450, signal 156295/185330 (executing program) 2022/10/31 13:37:18 fetching corpus: 1500, signal 158509/188057 (executing program) 2022/10/31 13:37:18 fetching corpus: 1550, signal 160429/190561 (executing program) 2022/10/31 13:37:18 fetching corpus: 1600, signal 161971/192717 (executing program) 2022/10/31 13:37:18 fetching corpus: 1650, signal 163742/195023 (executing program) 2022/10/31 13:37:18 fetching corpus: 1700, signal 165240/197068 (executing program) 2022/10/31 13:37:18 fetching corpus: 1750, signal 166767/199097 (executing program) 2022/10/31 13:37:18 fetching corpus: 1800, signal 168199/201039 (executing program) 2022/10/31 13:37:18 fetching corpus: 1850, signal 169349/202819 (executing program) 2022/10/31 13:37:19 fetching corpus: 1900, signal 170683/204717 (executing program) 2022/10/31 13:37:19 fetching corpus: 1950, signal 171911/206534 (executing program) 2022/10/31 13:37:19 fetching corpus: 2000, signal 173360/208463 (executing program) 2022/10/31 13:37:19 fetching corpus: 2050, signal 175216/210744 (executing program) 2022/10/31 13:37:19 fetching corpus: 2100, signal 176558/212557 (executing program) 2022/10/31 13:37:19 fetching corpus: 2150, signal 178070/214493 (executing program) 2022/10/31 13:37:19 fetching corpus: 2200, signal 179491/216309 (executing program) 2022/10/31 13:37:20 fetching corpus: 2250, signal 180551/217862 (executing program) 2022/10/31 13:37:20 fetching corpus: 2300, signal 182376/219968 (executing program) 2022/10/31 13:37:20 fetching corpus: 2350, signal 184020/221891 (executing program) 2022/10/31 13:37:20 fetching corpus: 2400, signal 185104/223416 (executing program) 2022/10/31 13:37:20 fetching corpus: 2450, signal 187837/226072 (executing program) 2022/10/31 13:37:20 fetching corpus: 2500, signal 189473/227911 (executing program) 2022/10/31 13:37:20 fetching corpus: 2550, signal 190524/229346 (executing program) 2022/10/31 13:37:21 fetching corpus: 2600, signal 191854/230970 (executing program) 2022/10/31 13:37:21 fetching corpus: 2650, signal 193121/232531 (executing program) 2022/10/31 13:37:21 fetching corpus: 2700, signal 194406/234042 (executing program) 2022/10/31 13:37:21 fetching corpus: 2750, signal 196032/235782 (executing program) 2022/10/31 13:37:21 fetching corpus: 2800, signal 196752/236908 (executing program) 2022/10/31 13:37:21 fetching corpus: 2850, signal 197532/238146 (executing program) 2022/10/31 13:37:21 fetching corpus: 2900, signal 198241/239263 (executing program) 2022/10/31 13:37:21 fetching corpus: 2950, signal 199301/240640 (executing program) 2022/10/31 13:37:22 fetching corpus: 3000, signal 200344/241969 (executing program) 2022/10/31 13:37:22 fetching corpus: 3050, signal 200981/243041 (executing program) 2022/10/31 13:37:22 fetching corpus: 3100, signal 202336/244530 (executing program) 2022/10/31 13:37:22 fetching corpus: 3150, signal 203173/245667 (executing program) 2022/10/31 13:37:22 fetching corpus: 3200, signal 204177/246905 (executing program) 2022/10/31 13:37:22 fetching corpus: 3250, signal 205301/248192 (executing program) 2022/10/31 13:37:22 fetching corpus: 3300, signal 206290/249385 (executing program) 2022/10/31 13:37:22 fetching corpus: 3350, signal 207146/250474 (executing program) 2022/10/31 13:37:23 fetching corpus: 3400, signal 207950/251551 (executing program) 2022/10/31 13:37:23 fetching corpus: 3450, signal 209065/252775 (executing program) 2022/10/31 13:37:23 fetching corpus: 3500, signal 210341/254130 (executing program) 2022/10/31 13:37:23 fetching corpus: 3550, signal 211353/255332 (executing program) 2022/10/31 13:37:23 fetching corpus: 3600, signal 212131/256356 (executing program) 2022/10/31 13:37:23 fetching corpus: 3650, signal 213449/257633 (executing program) 2022/10/31 13:37:23 fetching corpus: 3700, signal 214101/258533 (executing program) 2022/10/31 13:37:24 fetching corpus: 3750, signal 215160/259622 (executing program) 2022/10/31 13:37:24 fetching corpus: 3800, signal 215883/260556 (executing program) 2022/10/31 13:37:24 fetching corpus: 3849, signal 216881/261645 (executing program) 2022/10/31 13:37:24 fetching corpus: 3899, signal 218112/262801 (executing program) 2022/10/31 13:37:24 fetching corpus: 3949, signal 218782/263694 (executing program) 2022/10/31 13:37:24 fetching corpus: 3999, signal 219386/264535 (executing program) 2022/10/31 13:37:24 fetching corpus: 4049, signal 220132/265447 (executing program) 2022/10/31 13:37:25 fetching corpus: 4099, signal 221148/266473 (executing program) 2022/10/31 13:37:25 fetching corpus: 4149, signal 222158/267500 (executing program) 2022/10/31 13:37:25 fetching corpus: 4199, signal 222901/268356 (executing program) 2022/10/31 13:37:25 fetching corpus: 4249, signal 223700/269230 (executing program) 2022/10/31 13:37:25 fetching corpus: 4299, signal 224312/270004 (executing program) 2022/10/31 13:37:25 fetching corpus: 4349, signal 225394/271001 (executing program) 2022/10/31 13:37:25 fetching corpus: 4399, signal 226030/271797 (executing program) 2022/10/31 13:37:25 fetching corpus: 4449, signal 226692/272564 (executing program) 2022/10/31 13:37:26 fetching corpus: 4499, signal 227704/273524 (executing program) 2022/10/31 13:37:26 fetching corpus: 4549, signal 228401/274303 (executing program) 2022/10/31 13:37:26 fetching corpus: 4599, signal 229097/275048 (executing program) 2022/10/31 13:37:26 fetching corpus: 4649, signal 229601/275751 (executing program) 2022/10/31 13:37:26 fetching corpus: 4699, signal 230618/276668 (executing program) 2022/10/31 13:37:26 fetching corpus: 4749, signal 231425/277457 (executing program) 2022/10/31 13:37:26 fetching corpus: 4799, signal 232066/278127 (executing program) 2022/10/31 13:37:27 fetching corpus: 4849, signal 232935/278885 (executing program) 2022/10/31 13:37:27 fetching corpus: 4899, signal 233565/279633 (executing program) 2022/10/31 13:37:27 fetching corpus: 4949, signal 234295/280360 (executing program) 2022/10/31 13:37:27 fetching corpus: 4999, signal 235174/281123 (executing program) 2022/10/31 13:37:27 fetching corpus: 5049, signal 235734/281718 (executing program) 2022/10/31 13:37:27 fetching corpus: 5099, signal 236509/282400 (executing program) 2022/10/31 13:37:27 fetching corpus: 5149, signal 237391/283187 (executing program) 2022/10/31 13:37:27 fetching corpus: 5199, signal 238047/283804 (executing program) 2022/10/31 13:37:28 fetching corpus: 5249, signal 238718/284426 (executing program) 2022/10/31 13:37:28 fetching corpus: 5299, signal 239690/285128 (executing program) 2022/10/31 13:37:28 fetching corpus: 5349, signal 240268/285697 (executing program) 2022/10/31 13:37:28 fetching corpus: 5399, signal 240893/286341 (executing program) 2022/10/31 13:37:28 fetching corpus: 5449, signal 241604/286949 (executing program) 2022/10/31 13:37:28 fetching corpus: 5499, signal 242418/287558 (executing program) 2022/10/31 13:37:28 fetching corpus: 5549, signal 242925/288093 (executing program) 2022/10/31 13:37:29 fetching corpus: 5599, signal 243461/288667 (executing program) 2022/10/31 13:37:29 fetching corpus: 5649, signal 243911/289176 (executing program) 2022/10/31 13:37:29 fetching corpus: 5699, signal 244380/289663 (executing program) 2022/10/31 13:37:29 fetching corpus: 5749, signal 245072/290237 (executing program) 2022/10/31 13:37:29 fetching corpus: 5798, signal 245561/290760 (executing program) 2022/10/31 13:37:29 fetching corpus: 5848, signal 246103/291301 (executing program) 2022/10/31 13:37:29 fetching corpus: 5898, signal 246619/291798 (executing program) 2022/10/31 13:37:29 fetching corpus: 5948, signal 247166/292274 (executing program) 2022/10/31 13:37:30 fetching corpus: 5998, signal 247820/292838 (executing program) 2022/10/31 13:37:30 fetching corpus: 6048, signal 248756/293391 (executing program) 2022/10/31 13:37:30 fetching corpus: 6098, signal 249360/293874 (executing program) 2022/10/31 13:37:30 fetching corpus: 6147, signal 250489/294438 (executing program) 2022/10/31 13:37:30 fetching corpus: 6196, signal 251245/294931 (executing program) 2022/10/31 13:37:30 fetching corpus: 6246, signal 251847/295373 (executing program) 2022/10/31 13:37:30 fetching corpus: 6296, signal 252377/295801 (executing program) 2022/10/31 13:37:30 fetching corpus: 6346, signal 252981/296292 (executing program) 2022/10/31 13:37:31 fetching corpus: 6396, signal 253499/296696 (executing program) 2022/10/31 13:37:31 fetching corpus: 6445, signal 254177/297136 (executing program) 2022/10/31 13:37:31 fetching corpus: 6494, signal 254838/297587 (executing program) 2022/10/31 13:37:31 fetching corpus: 6543, signal 255545/298032 (executing program) 2022/10/31 13:37:31 fetching corpus: 6593, signal 255885/298396 (executing program) 2022/10/31 13:37:31 fetching corpus: 6643, signal 256342/298772 (executing program) 2022/10/31 13:37:31 fetching corpus: 6693, signal 257218/299160 (executing program) 2022/10/31 13:37:32 fetching corpus: 6743, signal 257828/299534 (executing program) 2022/10/31 13:37:32 fetching corpus: 6792, signal 258154/299896 (executing program) 2022/10/31 13:37:32 fetching corpus: 6842, signal 258844/300259 (executing program) 2022/10/31 13:37:32 fetching corpus: 6890, signal 259204/300581 (executing program) 2022/10/31 13:37:32 fetching corpus: 6938, signal 259808/300923 (executing program) 2022/10/31 13:37:32 fetching corpus: 6987, signal 260260/301246 (executing program) 2022/10/31 13:37:32 fetching corpus: 7036, signal 260802/301558 (executing program) 2022/10/31 13:37:32 fetching corpus: 7086, signal 261562/301894 (executing program) 2022/10/31 13:37:33 fetching corpus: 7136, signal 262312/302218 (executing program) 2022/10/31 13:37:33 fetching corpus: 7186, signal 262893/302559 (executing program) 2022/10/31 13:37:33 fetching corpus: 7235, signal 263397/302856 (executing program) 2022/10/31 13:37:33 fetching corpus: 7285, signal 263844/303133 (executing program) 2022/10/31 13:37:33 fetching corpus: 7335, signal 264305/303414 (executing program) 2022/10/31 13:37:33 fetching corpus: 7385, signal 264840/303693 (executing program) 2022/10/31 13:37:33 fetching corpus: 7435, signal 265285/303967 (executing program) 2022/10/31 13:37:33 fetching corpus: 7485, signal 265602/304211 (executing program) 2022/10/31 13:37:34 fetching corpus: 7535, signal 266222/304316 (executing program) 2022/10/31 13:37:34 fetching corpus: 7585, signal 266612/304316 (executing program) 2022/10/31 13:37:34 fetching corpus: 7635, signal 267019/304317 (executing program) 2022/10/31 13:37:34 fetching corpus: 7685, signal 267525/304318 (executing program) 2022/10/31 13:37:34 fetching corpus: 7735, signal 267859/304318 (executing program) 2022/10/31 13:37:34 fetching corpus: 7784, signal 268751/304319 (executing program) 2022/10/31 13:37:34 fetching corpus: 7834, signal 269080/304319 (executing program) 2022/10/31 13:37:34 fetching corpus: 7884, signal 269366/304319 (executing program) 2022/10/31 13:37:35 fetching corpus: 7934, signal 269840/304321 (executing program) 2022/10/31 13:37:35 fetching corpus: 7984, signal 270275/304325 (executing program) 2022/10/31 13:37:35 fetching corpus: 8034, signal 270912/304325 (executing program) 2022/10/31 13:37:35 fetching corpus: 8084, signal 271418/304332 (executing program) 2022/10/31 13:37:35 fetching corpus: 8133, signal 271777/304332 (executing program) 2022/10/31 13:37:35 fetching corpus: 8183, signal 272155/304335 (executing program) 2022/10/31 13:37:35 fetching corpus: 8233, signal 272735/304335 (executing program) 2022/10/31 13:37:35 fetching corpus: 8283, signal 273244/304353 (executing program) 2022/10/31 13:37:36 fetching corpus: 8333, signal 273536/304358 (executing program) 2022/10/31 13:37:36 fetching corpus: 8383, signal 274002/304358 (executing program) 2022/10/31 13:37:36 fetching corpus: 8433, signal 274469/304358 (executing program) 2022/10/31 13:37:36 fetching corpus: 8483, signal 275063/304358 (executing program) 2022/10/31 13:37:36 fetching corpus: 8532, signal 275478/304358 (executing program) 2022/10/31 13:37:36 fetching corpus: 8582, signal 275943/304358 (executing program) 2022/10/31 13:37:36 fetching corpus: 8632, signal 276444/304366 (executing program) 2022/10/31 13:37:37 fetching corpus: 8682, signal 276703/304367 (executing program) 2022/10/31 13:37:37 fetching corpus: 8732, signal 277130/304367 (executing program) 2022/10/31 13:37:37 fetching corpus: 8782, signal 277644/304367 (executing program) 2022/10/31 13:37:37 fetching corpus: 8832, signal 278172/304370 (executing program) 2022/10/31 13:37:37 fetching corpus: 8882, signal 278459/304370 (executing program) 2022/10/31 13:37:37 fetching corpus: 8931, signal 279031/304370 (executing program) 2022/10/31 13:37:37 fetching corpus: 8981, signal 279442/304370 (executing program) 2022/10/31 13:37:38 fetching corpus: 9030, signal 279855/304371 (executing program) 2022/10/31 13:37:38 fetching corpus: 9080, signal 280245/304374 (executing program) 2022/10/31 13:37:38 fetching corpus: 9130, signal 280625/304374 (executing program) 2022/10/31 13:37:38 fetching corpus: 9180, signal 281200/304374 (executing program) 2022/10/31 13:37:38 fetching corpus: 9230, signal 281486/304379 (executing program) 2022/10/31 13:37:38 fetching corpus: 9279, signal 281726/304383 (executing program) 2022/10/31 13:37:38 fetching corpus: 9329, signal 282109/304384 (executing program) 2022/10/31 13:37:39 fetching corpus: 9378, signal 282412/304386 (executing program) 2022/10/31 13:37:39 fetching corpus: 9428, signal 282968/304386 (executing program) 2022/10/31 13:37:39 fetching corpus: 9478, signal 283436/304386 (executing program) 2022/10/31 13:37:39 fetching corpus: 9527, signal 283824/304393 (executing program) 2022/10/31 13:37:39 fetching corpus: 9577, signal 284062/304393 (executing program) 2022/10/31 13:37:40 fetching corpus: 9627, signal 284330/304408 (executing program) 2022/10/31 13:37:40 fetching corpus: 9677, signal 284571/304411 (executing program) 2022/10/31 13:37:40 fetching corpus: 9726, signal 285093/304411 (executing program) 2022/10/31 13:37:40 fetching corpus: 9776, signal 285369/304411 (executing program) 2022/10/31 13:37:40 fetching corpus: 9826, signal 285698/304414 (executing program) 2022/10/31 13:37:40 fetching corpus: 9876, signal 286072/304414 (executing program) 2022/10/31 13:37:40 fetching corpus: 9926, signal 286480/304414 (executing program) 2022/10/31 13:37:40 fetching corpus: 9976, signal 286771/304414 (executing program) 2022/10/31 13:37:41 fetching corpus: 10026, signal 287243/304414 (executing program) 2022/10/31 13:37:41 fetching corpus: 10075, signal 287784/304414 (executing program) 2022/10/31 13:37:41 fetching corpus: 10124, signal 288229/304448 (executing program) 2022/10/31 13:37:41 fetching corpus: 10174, signal 288529/304448 (executing program) 2022/10/31 13:37:41 fetching corpus: 10224, signal 288810/304448 (executing program) 2022/10/31 13:37:41 fetching corpus: 10273, signal 289268/304458 (executing program) 2022/10/31 13:37:41 fetching corpus: 10323, signal 289653/304458 (executing program) 2022/10/31 13:37:41 fetching corpus: 10373, signal 289952/304463 (executing program) 2022/10/31 13:37:42 fetching corpus: 10423, signal 290223/304463 (executing program) 2022/10/31 13:37:42 fetching corpus: 10473, signal 290545/304477 (executing program) 2022/10/31 13:37:42 fetching corpus: 10523, signal 290873/304477 (executing program) 2022/10/31 13:37:42 fetching corpus: 10573, signal 291127/304477 (executing program) 2022/10/31 13:37:42 fetching corpus: 10621, signal 291382/304477 (executing program) 2022/10/31 13:37:42 fetching corpus: 10671, signal 291689/304478 (executing program) 2022/10/31 13:37:43 fetching corpus: 10721, signal 292287/304482 (executing program) 2022/10/31 13:37:43 fetching corpus: 10770, signal 292708/304483 (executing program) 2022/10/31 13:37:43 fetching corpus: 10820, signal 293082/304493 (executing program) 2022/10/31 13:37:43 fetching corpus: 10869, signal 293560/304564 (executing program) 2022/10/31 13:37:43 fetching corpus: 10919, signal 293708/304564 (executing program) 2022/10/31 13:37:43 fetching corpus: 10969, signal 294126/304564 (executing program) 2022/10/31 13:37:43 fetching corpus: 11019, signal 294383/304564 (executing program) 2022/10/31 13:37:44 fetching corpus: 11069, signal 294889/304564 (executing program) 2022/10/31 13:37:44 fetching corpus: 11118, signal 295128/304566 (executing program) 2022/10/31 13:37:44 fetching corpus: 11168, signal 295503/304567 (executing program) 2022/10/31 13:37:44 fetching corpus: 11218, signal 295831/304569 (executing program) 2022/10/31 13:37:44 fetching corpus: 11268, signal 296297/304570 (executing program) 2022/10/31 13:37:44 fetching corpus: 11318, signal 296672/304570 (executing program) 2022/10/31 13:37:44 fetching corpus: 11368, signal 297059/304661 (executing program) 2022/10/31 13:37:45 fetching corpus: 11418, signal 297371/304661 (executing program) 2022/10/31 13:37:45 fetching corpus: 11467, signal 297702/304661 (executing program) 2022/10/31 13:37:45 fetching corpus: 11517, signal 298018/304663 (executing program) 2022/10/31 13:37:45 fetching corpus: 11533, signal 298080/304663 (executing program) 2022/10/31 13:37:45 fetching corpus: 11533, signal 298080/304663 (executing program) 2022/10/31 13:37:47 starting 8 fuzzer processes 13:37:47 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0f85403, &(0x7f0000000040)) 13:37:47 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000008980)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ssrr={0x89, 0x8, 0x4, [@local]}]}}}], 0x18}}], 0x1, 0x0) 13:37:47 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCINQ(r0, 0x8903, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) 13:37:47 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f00000012c0)={@rand_addr, @empty}, 0xc) [ 84.380106] audit: type=1400 audit(1667223467.823:6): avc: denied { execmem } for pid=281 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 13:37:47 executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) signalfd(r0, &(0x7f0000000000), 0x8) 13:37:47 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="1bf7ff000000000200e61f"], 0x1c}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000001440)=[{&(0x7f0000000240)=""/222, 0xde}], 0x1) 13:37:47 executing program 7: syz_emit_ethernet(0xbe, &(0x7f0000001180)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x88, 0x0, @private=0xa010102, @local}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "9cc34027cad83ed73be4f93e7326b9e1da67ee3561924fa66bfa0cb75cff5171", "117ad553083cf29887cf5f29c7a6c95c7558a7482e05b26986482338c4a4807a788dafc8181760316d293733eea7f8d3", "a75e81563131a3cfe7a7f5a39f877d4c3d74923d6412b791b7128fae", {"45ce2e1db012ba00", "e313e602785b0268a2ed03bd928ccf20"}}}}}}}, 0x0) 13:37:47 executing program 6: perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast}, 0x10) [ 85.719389] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.721236] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.722868] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.727157] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.728509] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.733761] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.735400] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.736631] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.742399] Bluetooth: hci0: HCI_REQ-0x0c1a [ 85.774567] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 85.777517] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 85.779644] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.780897] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.784128] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.785518] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.790934] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.792526] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.795019] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 85.796976] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 85.797938] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.801642] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 85.803303] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.807408] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 85.807523] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.810081] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.812361] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 85.814923] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 85.817843] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 85.819021] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.821554] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 85.826390] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.828086] Bluetooth: hci7: HCI_REQ-0x0c1a [ 85.829534] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 85.830496] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.832442] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 85.837837] Bluetooth: hci5: HCI_REQ-0x0c1a [ 85.840373] Bluetooth: hci2: HCI_REQ-0x0c1a [ 85.841508] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.856288] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.872849] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.874038] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.876871] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.878419] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.879610] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.883322] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 85.885302] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.889979] Bluetooth: hci3: HCI_REQ-0x0c1a [ 85.916325] Bluetooth: hci1: HCI_REQ-0x0c1a [ 85.929930] Bluetooth: hci4: HCI_REQ-0x0c1a [ 87.785129] Bluetooth: hci0: command 0x0409 tx timeout [ 87.785855] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 87.849722] Bluetooth: hci7: command 0x0409 tx timeout [ 87.913798] Bluetooth: hci2: command 0x0409 tx timeout [ 87.914435] Bluetooth: hci5: command 0x0409 tx timeout [ 87.977889] Bluetooth: hci4: command 0x0409 tx timeout [ 87.978498] Bluetooth: hci1: command 0x0409 tx timeout [ 87.978955] Bluetooth: hci3: command 0x0409 tx timeout [ 89.833790] Bluetooth: hci0: command 0x041b tx timeout [ 89.896754] Bluetooth: hci7: command 0x041b tx timeout [ 89.961746] Bluetooth: hci5: command 0x041b tx timeout [ 89.962245] Bluetooth: hci2: command 0x041b tx timeout [ 90.025745] Bluetooth: hci3: command 0x041b tx timeout [ 90.026234] Bluetooth: hci1: command 0x041b tx timeout [ 90.026591] Bluetooth: hci4: command 0x041b tx timeout [ 91.880763] Bluetooth: hci0: command 0x040f tx timeout [ 91.944720] Bluetooth: hci7: command 0x040f tx timeout [ 92.009743] Bluetooth: hci2: command 0x040f tx timeout [ 92.010132] Bluetooth: hci5: command 0x040f tx timeout [ 92.073824] Bluetooth: hci4: command 0x040f tx timeout [ 92.074216] Bluetooth: hci1: command 0x040f tx timeout [ 92.074558] Bluetooth: hci3: command 0x040f tx timeout [ 93.288878] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 93.928817] Bluetooth: hci0: command 0x0419 tx timeout [ 93.992818] Bluetooth: hci7: command 0x0419 tx timeout [ 94.057956] Bluetooth: hci5: command 0x0419 tx timeout [ 94.058708] Bluetooth: hci2: command 0x0419 tx timeout [ 94.120799] Bluetooth: hci3: command 0x0419 tx timeout [ 94.121597] Bluetooth: hci1: command 0x0419 tx timeout [ 94.122400] Bluetooth: hci4: command 0x0419 tx timeout [ 98.728778] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 101.881974] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 101.897620] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 101.898798] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 101.914564] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 101.919195] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 101.935822] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 101.949751] Bluetooth: hci6: HCI_REQ-0x0c1a [ 103.977743] Bluetooth: hci6: command 0x0409 tx timeout [ 106.025009] Bluetooth: hci6: command 0x041b tx timeout [ 108.072727] Bluetooth: hci6: command 0x040f tx timeout [ 110.121775] Bluetooth: hci6: command 0x0419 tx timeout [ 147.638072] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 147.642888] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 147.644201] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 147.647104] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 147.648820] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 147.650245] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 147.655080] Bluetooth: hci0: HCI_REQ-0x0c1a [ 147.941067] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 147.943990] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 147.945149] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 147.948483] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 147.950618] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 147.952648] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 147.957360] Bluetooth: hci2: HCI_REQ-0x0c1a [ 147.957554] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 147.961034] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 147.962616] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 147.966641] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 147.969197] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 147.975128] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 147.982767] Bluetooth: hci4: HCI_REQ-0x0c1a [ 149.737753] Bluetooth: hci0: command 0x0409 tx timeout [ 149.864708] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 149.928754] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 149.929797] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 149.930373] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 149.992734] Bluetooth: hci2: command 0x0409 tx timeout [ 149.993351] Bluetooth: hci4: command 0x0409 tx timeout [ 151.784750] Bluetooth: hci0: command 0x041b tx timeout [ 152.041181] Bluetooth: hci4: command 0x041b tx timeout [ 152.042019] Bluetooth: hci2: command 0x041b tx timeout [ 152.755230] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 152.764203] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 152.768826] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 152.772143] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 152.774427] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 152.776025] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 152.788127] Bluetooth: hci3: HCI_REQ-0x0c1a [ 153.004081] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 153.006789] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 153.008455] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 153.012211] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 153.016013] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 153.017742] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 153.022683] Bluetooth: hci5: HCI_REQ-0x0c1a [ 153.077326] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 153.086241] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 153.119527] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 153.146911] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 153.167508] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 153.174542] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 153.200806] Bluetooth: hci7: HCI_REQ-0x0c1a [ 153.832729] Bluetooth: hci0: command 0x040f tx timeout [ 153.930208] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.931360] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.933979] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 154.088787] Bluetooth: hci2: command 0x040f tx timeout [ 154.089597] Bluetooth: hci4: command 0x040f tx timeout [ 154.112223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.113476] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.116433] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 154.473396] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 154.856746] Bluetooth: hci3: command 0x0409 tx timeout [ 155.049752] Bluetooth: hci5: command 0x0409 tx timeout 13:38:58 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @empty}, {0x2, 0x0, @broadcast}}) [ 155.240779] Bluetooth: hci7: command 0x0409 tx timeout 13:38:58 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @empty}, {0x2, 0x0, @broadcast}}) 13:38:58 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @empty}, {0x2, 0x0, @broadcast}}) 13:38:58 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @empty}, {0x2, 0x0, @broadcast}}) 13:38:59 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) 13:38:59 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000000)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835dcf4ecacd3bf6ef28ae3dc96c80ff23", @ANYBLOB="60e6be07e7b1e8d253cfe25d9d09ecd936291b1c8585948b34e85da7a9ae923c4b74e1fcdbcddc9f17be8ae7039b9588a4245ab9ea245139317ce9efbee759df6fe1c69f086c84445ce3e4c647904c9918aa62d54cb9658f40337eb89032d09bfac172b993ea9bb60d72090043da16977937311e98d63815daed21081674f162a80bdac760f1c84918d84e9dc342503e5f826d54e6ae8c9a142f242d441b618c4d", @ANYBLOB=',']) epoll_wait(0xffffffffffffffff, &(0x7f0000000300)=[{}, {}, {}], 0x3, 0x5) acct(&(0x7f00000001c0)='./file1\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, &(0x7f0000000340)={{0x101, 0x7}, 0x100, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x70) [ 155.880746] Bluetooth: hci0: command 0x0419 tx timeout [ 155.926125] loop1: detected capacity change from 0 to 40 [ 155.937053] audit: type=1400 audit(1667223539.380:7): avc: denied { open } for pid=4021 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 155.939772] audit: type=1400 audit(1667223539.380:8): avc: denied { kernel } for pid=4021 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 156.017670] hrtimer: interrupt took 22632 ns [ 156.127033] loop1: detected capacity change from 0 to 40 [ 156.137749] Bluetooth: hci4: command 0x0419 tx timeout [ 156.138477] Bluetooth: hci2: command 0x0419 tx timeout [ 156.221062] Process accounting resumed 13:38:59 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000000)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835dcf4ecacd3bf6ef28ae3dc96c80ff23", @ANYBLOB="60e6be07e7b1e8d253cfe25d9d09ecd936291b1c8585948b34e85da7a9ae923c4b74e1fcdbcddc9f17be8ae7039b9588a4245ab9ea245139317ce9efbee759df6fe1c69f086c84445ce3e4c647904c9918aa62d54cb9658f40337eb89032d09bfac172b993ea9bb60d72090043da16977937311e98d63815daed21081674f162a80bdac760f1c84918d84e9dc342503e5f826d54e6ae8c9a142f242d441b618c4d", @ANYBLOB=',']) epoll_wait(0xffffffffffffffff, &(0x7f0000000300)=[{}, {}, {}], 0x3, 0x5) acct(&(0x7f00000001c0)='./file1\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, &(0x7f0000000340)={{0x101, 0x7}, 0x100, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x70) [ 156.303516] loop1: detected capacity change from 0 to 40 [ 156.905770] Bluetooth: hci3: command 0x041b tx timeout [ 157.006408] Process accounting resumed 13:39:00 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000000)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835dcf4ecacd3bf6ef28ae3dc96c80ff23", @ANYBLOB="60e6be07e7b1e8d253cfe25d9d09ecd936291b1c8585948b34e85da7a9ae923c4b74e1fcdbcddc9f17be8ae7039b9588a4245ab9ea245139317ce9efbee759df6fe1c69f086c84445ce3e4c647904c9918aa62d54cb9658f40337eb89032d09bfac172b993ea9bb60d72090043da16977937311e98d63815daed21081674f162a80bdac760f1c84918d84e9dc342503e5f826d54e6ae8c9a142f242d441b618c4d", @ANYBLOB=',']) epoll_wait(0xffffffffffffffff, &(0x7f0000000300)=[{}, {}, {}], 0x3, 0x5) acct(&(0x7f00000001c0)='./file1\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, &(0x7f0000000340)={{0x101, 0x7}, 0x100, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x70) [ 157.097740] Bluetooth: hci5: command 0x041b tx timeout [ 157.289761] Bluetooth: hci7: command 0x041b tx timeout [ 157.293417] Process accounting resumed [ 157.702645] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 157.705823] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 157.709013] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 157.717918] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 157.722842] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 157.724444] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 157.732740] Bluetooth: hci1: HCI_REQ-0x0c1a [ 158.952784] Bluetooth: hci3: command 0x040f tx timeout [ 159.145593] Bluetooth: hci5: command 0x040f tx timeout [ 159.336863] Bluetooth: hci7: command 0x040f tx timeout [ 159.784899] Bluetooth: hci1: command 0x0409 tx timeout [ 161.001704] Bluetooth: hci3: command 0x0419 tx timeout [ 161.193705] Bluetooth: hci5: command 0x0419 tx timeout [ 161.385702] Bluetooth: hci7: command 0x0419 tx timeout [ 161.833711] Bluetooth: hci1: command 0x041b tx timeout [ 163.881856] Bluetooth: hci1: command 0x040f tx timeout [ 165.929739] Bluetooth: hci1: command 0x0419 tx timeout [ 199.221994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.223547] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.226327] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 199.435647] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.437146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.439789] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 201.262389] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.263207] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.265558] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 201.416154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.417758] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.422457] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 203.314199] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.315135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.318307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 203.434406] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.435381] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.437159] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 205.956969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.957541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.959063] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 206.005476] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.006331] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.007606] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 206.022002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.022558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.024197] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 206.063955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.064548] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.066049] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 206.669509] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.670293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.671456] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 206.741255] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.742136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.743644] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 208.243848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.245610] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.260937] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 208.279335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.281199] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.283500] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:40:06 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000000)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835dcf4ecacd3bf6ef28ae3dc96c80ff23", @ANYBLOB="60e6be07e7b1e8d253cfe25d9d09ecd936291b1c8585948b34e85da7a9ae923c4b74e1fcdbcddc9f17be8ae7039b9588a4245ab9ea245139317ce9efbee759df6fe1c69f086c84445ce3e4c647904c9918aa62d54cb9658f40337eb89032d09bfac172b993ea9bb60d72090043da16977937311e98d63815daed21081674f162a80bdac760f1c84918d84e9dc342503e5f826d54e6ae8c9a142f242d441b618c4d", @ANYBLOB=',']) epoll_wait(0xffffffffffffffff, &(0x7f0000000300)=[{}, {}, {}], 0x3, 0x5) acct(&(0x7f00000001c0)='./file1\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, &(0x7f0000000340)={{0x101, 0x7}, 0x100, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x70) 13:40:06 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0f85403, &(0x7f0000000040)) 13:40:06 executing program 6: perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast}, 0x10) 13:40:06 executing program 7: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x0, 0x1000, 0x20, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0) r1 = openat2(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) syz_io_uring_setup(0x1ae4, &(0x7f0000000140)={0x0, 0x177, 0x8, 0x2, 0x30a, 0x0, r1}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f00000001c0)) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) 13:40:06 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_channels={0x50}}) 13:40:06 executing program 4: creat(&(0x7f00000000c0)='./file0\x00', 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x200000, 0x0, 0x2}, 0x18) 13:40:06 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@private1}, 0x30) 13:40:06 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) io_cancel(0x0, 0x0, 0x0) [ 223.347362] device syz_tun entered promiscuous mode 13:40:06 executing program 5: r0 = creat(&(0x7f0000000840)='./file0\x00', 0x0) write$binfmt_aout(r0, &(0x7f0000000000)={{0xcc, 0x1, 0x1, 0x14b, 0xca, 0x8001, 0xdf, 0x2b56}, "2bd31c91e4e23de6774360b2786bd9c06937df1fe242c36454998f899c2ee55681f47debd7aba13e70ac16f06c1ecb8ca9960b4b56cd5b7913382e512ecbe4a6cd3e366d1af17eb362c47a1c7c65913e715ef9307c97719dee705388aff86539f59976359a6a9df1bb7936c1b9ce6e726326f16782544a86962bb15a23bac7dc633e8db0f292119da5a00e410f8d34ef9fdb754adc3d98c8254cef219124ba70a8add876b78afc472deaee26c6d9dc2ae5db0f3cb50bbc0f55c711d9f6a8bf0b5395fe6caac520d7773e24dd7f13c2a5676ea88b9552f2680c03f4f972847133cab5cdf83df0971e54a7376dd3aad8a4ce11123fd306fbfac872df1d", ['\x00', '\x00', '\x00', '\x00']}, 0x51c) mount$cgroup(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f00000009c0), 0x0, &(0x7f0000000a00)={[{@none}, {}]}) 13:40:06 executing program 4: mlock2(&(0x7f0000ff4000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000040)=0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x90c83, 0x0) finit_module(r1, &(0x7f0000000100)='/,*\x00', 0x3) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='smaps_rollup\x00') perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0xfffffffffffffffd, 0x2000000000000000}, 0x10, 0x3, 0x8, 0x9, 0x40000000000, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3) ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f00000001c0)=0x1) mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000008, 0x10, r0, 0x10000) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x2) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x1, 0x40, 0x0, 0x4d, 0x0, 0x7f, 0x8126, 0xc, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_bp={&(0x7f0000000200), 0xa}, 0x43420, 0x5, 0x93, 0x4, 0x9, 0x3f, 0x7, 0x0, 0x7, 0x0, 0x7}, 0x0, 0xb, r0, 0x3) openat2(r2, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) [ 223.379925] device syz_tun left promiscuous mode [ 223.394964] loop1: detected capacity change from 0 to 40 [ 223.425868] random: crng reseeded on system resumption 13:40:06 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0f85403, &(0x7f0000000040)) [ 223.454177] cgroup: none used incorrectly 13:40:06 executing program 6: perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast}, 0x10) [ 223.466127] audit: type=1400 audit(1667223606.909:9): avc: denied { write } for pid=6875 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 223.469372] cgroup: none used incorrectly 13:40:06 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) io_cancel(0x0, 0x0, 0x0) 13:40:06 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@private1}, 0x30) [ 223.528256] BUG: unable to handle page fault for address: ffffed100fffc000 [ 223.528756] #PF: supervisor write access in kernel mode [ 223.529105] #PF: error_code(0x0002) - not-present page [ 223.529445] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 223.530532] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 223.531741] CPU: 0 PID: 6877 Comm: syz-executor.4 Not tainted 6.1.0-rc3-next-20221031 #1 [ 223.533666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 223.534918] RIP: 0010:__memset+0x24/0x50 [ 223.535201] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 223.536346] RSP: 0018:ffff88801f90fcc0 EFLAGS: 00010216 [ 223.536688] RAX: 0000000000000000 RBX: ffff88800bf2b3c0 RCX: 1ffffe21fe516132 [ 223.537144] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 223.537599] RBP: ffff8880086398c0 R08: 0000000000000005 R09: ffffed10017e5678 [ 223.538055] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880086398c0 [ 223.538535] R13: ffff88800bf2b3c0 R14: ffffffff815f27a0 R15: 1ffff11001195a1f [ 223.539003] FS: 00007f3056aea700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 223.539623] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 223.540163] CR2: ffffed100fffc000 CR3: 000000001f856000 CR4: 0000000000350ef0 [ 223.540820] Call Trace: [ 223.541072] [ 223.541288] kasan_unpoison+0x23/0x60 [ 223.541658] mempool_exit+0x1c2/0x330 [ 223.542023] bioset_exit+0x2c9/0x630 [ 223.542387] ? _raw_spin_unlock_irq+0x1f/0x60 [ 223.542827] disk_release+0x143/0x490 [ 223.543188] ? disk_release+0x0/0x490 [ 223.543548] ? device_release+0x0/0x250 [ 223.543926] device_release+0xa2/0x250 [ 223.544304] ? device_release+0x0/0x250 [ 223.544685] kobject_put+0x173/0x280 [ 223.545045] put_device+0x1b/0x40 [ 223.545374] put_disk+0x41/0x60 [ 223.545702] loop_control_ioctl+0x4d1/0x630 [ 223.546114] ? loop_control_ioctl+0x0/0x630 [ 223.546534] ? selinux_file_ioctl+0xb1/0x270 [ 223.546973] ? loop_control_ioctl+0x0/0x630 [ 223.547378] __x64_sys_ioctl+0x19a/0x220 [ 223.547661] do_syscall_64+0x3b/0xa0 [ 223.547923] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 223.548269] RIP: 0033:0x7f3059574b19 [ 223.548520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 223.549681] RSP: 002b:00007f3056aea188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 223.550171] RAX: ffffffffffffffda RBX: 00007f3059687f60 RCX: 00007f3059574b19 [ 223.550639] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000005 [ 223.551104] RBP: 00007f30595cef6d R08: 0000000000000000 R09: 0000000000000000 [ 223.551571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 223.552034] R13: 00007fffd4c0949f R14: 00007f3056aea300 R15: 0000000000022000 [ 223.552504] [ 223.552667] Modules linked in: [ 223.552883] CR2: ffffed100fffc000 [ 223.553120] ---[ end trace 0000000000000000 ]--- [ 223.553429] RIP: 0010:__memset+0x24/0x50 [ 223.553707] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 223.554860] RSP: 0018:ffff88801f90fcc0 EFLAGS: 00010216 [ 223.555210] RAX: 0000000000000000 RBX: ffff88800bf2b3c0 RCX: 1ffffe21fe516132 [ 223.555665] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 223.556118] RBP: ffff8880086398c0 R08: 0000000000000005 R09: ffffed10017e5678 [ 223.556582] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880086398c0 [ 223.557034] R13: ffff88800bf2b3c0 R14: ffffffff815f27a0 R15: 1ffff11001195a1f [ 223.557493] FS: 00007f3056aea700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 223.558006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 223.558397] CR2: ffffed100fffc000 CR3: 000000001f856000 CR4: 0000000000350ef0 13:40:07 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@private1}, 0x30) 13:40:07 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) io_cancel(0x0, 0x0, 0x0) [ 223.860706] device syz_tun entered promiscuous mode [ 224.605497] Bluetooth: hci6: command 0x0406 tx timeout [ 224.629625] device syz_tun left promiscuous mode [ 224.826903] Process accounting resumed [ 224.831977] random: crng reseeded on system resumption [ 224.895412] BUG: unable to handle page fault for address: ffffed100fffc000 [ 224.896148] #PF: supervisor write access in kernel mode [ 224.896673] #PF: error_code(0x0002) - not-present page [ 224.897192] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 224.897872] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI [ 224.898379] CPU: 1 PID: 6905 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 224.899315] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 224.900122] RIP: 0010:__memset+0x24/0x50 [ 224.900555] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 224.902339] RSP: 0018:ffff888019b77cc0 EFLAGS: 00010216 [ 224.902902] RAX: 0000000000000000 RBX: ffff88800bf2b540 RCX: 1ffffe21fe516138 [ 224.903594] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 224.904293] RBP: ffff8880086398c0 R08: 0000000000000005 R09: ffffed10017e56a8 [ 224.904993] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880086398c0 [ 224.905696] R13: ffff88800bf2b540 R14: ffffffff815f27a0 R15: 1ffff1100119561f [ 224.906417] FS: 00007f3056aa8700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 224.907209] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 224.907791] CR2: ffffed100fffc000 CR3: 000000001f856000 CR4: 0000000000350ee0 [ 224.908500] Call Trace: [ 224.908765] [ 224.909002] kasan_unpoison+0x23/0x60 [ 224.909395] mempool_exit+0x1c2/0x330 [ 224.909798] bioset_exit+0x2c9/0x630 [ 224.910183] ? _raw_spin_unlock+0x24/0x50 [ 224.910620] ? blkg_destroy_all.isra.0+0x157/0x230 [ 224.911148] disk_release+0x143/0x490 [ 224.911538] ? disk_release+0x0/0x490 [ 224.911930] ? device_release+0x0/0x250 [ 224.912337] device_release+0xa2/0x250 [ 224.912736] ? device_release+0x0/0x250 [ 224.913142] kobject_put+0x173/0x280 [ 224.913526] put_device+0x1b/0x40 [ 224.913887] put_disk+0x41/0x60 [ 224.914239] loop_control_ioctl+0x4d1/0x630 [ 224.914686] ? loop_control_ioctl+0x0/0x630 [ 224.915134] ? selinux_file_ioctl+0xb1/0x270 [ 224.915596] ? loop_control_ioctl+0x0/0x630 [ 224.916038] __x64_sys_ioctl+0x19a/0x220 [ 224.916463] do_syscall_64+0x3b/0xa0 [ 224.916854] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 224.917375] RIP: 0033:0x7f3059574b19 [ 224.917752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 224.919522] RSP: 002b:00007f3056aa8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 224.920267] RAX: ffffffffffffffda RBX: 00007f30596880e0 RCX: 00007f3059574b19 [ 224.920964] RDX: 0000000000000003 RSI: 0000000000004c81 RDI: 0000000000000004 [ 224.921658] RBP: 00007f30595cef6d R08: 0000000000000000 R09: 0000000000000000 [ 224.922352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 224.923061] R13: 00007fffd4c0949f R14: 00007f3056aa8300 R15: 0000000000022000 [ 224.923773] [ 224.924014] Modules linked in: [ 224.924356] CR2: ffffed100fffc000 [ 224.924708] ---[ end trace 0000000000000000 ]--- [ 224.925182] RIP: 0010:__memset+0x24/0x50 [ 224.925599] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 224.927372] RSP: 0018:ffff88801f90fcc0 EFLAGS: 00010216 [ 224.927904] RAX: 0000000000000000 RBX: ffff88800bf2b3c0 RCX: 1ffffe21fe516132 [ 224.928606] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 224.929302] RBP: ffff8880086398c0 R08: 0000000000000005 R09: ffffed10017e5678 [ 224.930004] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880086398c0 [ 224.930716] R13: ffff88800bf2b3c0 R14: ffffffff815f27a0 R15: 1ffff11001195a1f [ 224.931420] FS: 00007f3056aa8700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 224.932206] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 224.932781] CR2: ffffed100fffc000 CR3: 000000001f856000 CR4: 0000000000350ee0 [ 225.020486] BUG: unable to handle page fault for address: ffffed100fffc000 [ 225.021392] #PF: supervisor write access in kernel mode [ 225.022025] #PF: error_code(0x0002) - not-present page [ 225.022647] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 225.023444] Oops: 0002 [#3] PREEMPT SMP KASAN NOPTI [ 225.024042] CPU: 0 PID: 6859 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 225.025154] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 225.026111] RIP: 0010:__memset+0x24/0x50 [ 225.026628] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 225.028753] RSP: 0018:ffff8880412cfcc0 EFLAGS: 00010216 [ 225.029392] RAX: 0000000000000000 RBX: ffff88800bf2b0c0 RCX: 1ffffe21fe516126 [ 225.030240] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 225.031105] RBP: ffff8880086398c0 R08: 0000000000000005 R09: ffffed10017e5618 [ 225.031948] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880086398c0 [ 225.032786] R13: ffff88800bf2b0c0 R14: ffffffff815f27a0 R15: 1ffff1100112521f [ 225.033633] FS: 00007f4737cc3700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 225.034580] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 225.035274] CR2: ffffed100fffc000 CR3: 0000000039e90000 CR4: 0000000000350ef0 [ 225.036114] Call Trace: [ 225.036425] [ 225.036719] kasan_unpoison+0x23/0x60 [ 225.037197] mempool_exit+0x1c2/0x330 [ 225.037667] bioset_exit+0x2c9/0x630 [ 225.038139] ? _raw_spin_unlock+0x24/0x50 [ 225.038665] ? blkg_destroy_all.isra.0+0x157/0x230 [ 225.039281] disk_release+0x143/0x490 [ 225.039745] ? disk_release+0x0/0x490 [ 225.040220] ? device_release+0x0/0x250 [ 225.040700] device_release+0xa2/0x250 [ 225.041180] ? device_release+0x0/0x250 [ 225.041657] kobject_put+0x173/0x280 [ 225.042121] put_device+0x1b/0x40 [ 225.042554] put_disk+0x41/0x60 [ 225.042974] loop_control_ioctl+0x4d1/0x630 [ 225.043508] ? loop_control_ioctl+0x0/0x630 [ 225.044028] ? selinux_file_ioctl+0xb1/0x270 [ 225.044589] ? loop_control_ioctl+0x0/0x630 [ 225.045114] __x64_sys_ioctl+0x19a/0x220 [ 225.045626] do_syscall_64+0x3b/0xa0 [ 225.046090] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 225.046733] RIP: 0033:0x7f473a74db19 [ 225.047179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 225.049273] RSP: 002b:00007f4737cc3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 225.050162] RAX: ffffffffffffffda RBX: 00007f473a860f60 RCX: 00007f473a74db19 [ 225.051009] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 225.051849] RBP: 00007f473a7a7f6d R08: 0000000000000000 R09: 0000000000000000 [ 225.052690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 225.053518] R13: 00007ffdb9f2ac7f R14: 00007f4737cc3300 R15: 0000000000022000 [ 225.054416] [ 225.054713] Modules linked in: [ 225.055106] CR2: ffffed100fffc000 [ 225.055523] ---[ end trace 0000000000000000 ]--- [ 225.056085] RIP: 0010:__memset+0x24/0x50 [ 225.056616] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 225.058752] RSP: 0018:ffff88801f90fcc0 EFLAGS: 00010216 [ 225.059387] RAX: 0000000000000000 RBX: ffff88800bf2b3c0 RCX: 1ffffe21fe516132 [ 225.060222] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 225.061064] RBP: ffff8880086398c0 R08: 0000000000000005 R09: ffffed10017e5678 [ 225.061893] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880086398c0 [ 225.062743] R13: ffff88800bf2b3c0 R14: ffffffff815f27a0 R15: 1ffff11001195a1f [ 225.063580] FS: 00007f4737cc3700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 225.064503] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 225.065183] CR2: ffffed100fffc000 CR3: 0000000039e90000 CR4: 0000000000350ef0 VM DIAGNOSIS: 13:40:07 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82451091 RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff88801f90f508 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000020 R11=0000000000000001 R12=0000000000000020 R13=ffffffff879a19a0 R14=0000000000000010 R15=ffffffff82451080 RIP=ffffffff824510e9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f3056aea700 00000000 00000000 GS =0000 ffff88806d000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe058e104000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe058e102000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed100fffc000 CR3=000000001f856000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffff00ffffffffffffffff XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000010000 RBX=1ffff1100da2138c RCX=ffffffff81585693 RDX=ffff88801fa20000 RSI=0000000000000000 RDI=0000000000000001 RBP=ffff88806d109e30 RSP=ffff88806d109c40 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffff888037a124a0 R13=ffff8880412cf718 R14=ffff888037a12340 R15=0000000000000000 RIP=ffffffff81585693 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4737cc3700 00000000 00000000 GS =0000 ffff88806d100000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe3f34dbf000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe3f34dbd000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f01bb687650 CR3=0000000039e90000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000