Warning: Permanently added '[localhost]:40539' (ECDSA) to the list of known hosts. 2022/09/15 11:13:53 fuzzer started 2022/09/15 11:13:53 dialing manager at localhost:36559 syzkaller login: [ 36.327005] cgroup: Unknown subsys name 'net' [ 36.431690] cgroup: Unknown subsys name 'rlimit' 2022/09/15 11:14:08 syscalls: 2215 2022/09/15 11:14:08 code coverage: enabled 2022/09/15 11:14:08 comparison tracing: enabled 2022/09/15 11:14:08 extra coverage: enabled 2022/09/15 11:14:08 setuid sandbox: enabled 2022/09/15 11:14:08 namespace sandbox: enabled 2022/09/15 11:14:08 Android sandbox: enabled 2022/09/15 11:14:08 fault injection: enabled 2022/09/15 11:14:08 leak checking: enabled 2022/09/15 11:14:08 net packet injection: enabled 2022/09/15 11:14:08 net device setup: enabled 2022/09/15 11:14:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/15 11:14:08 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/15 11:14:08 USB emulation: enabled 2022/09/15 11:14:08 hci packet injection: enabled 2022/09/15 11:14:08 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220915) 2022/09/15 11:14:08 802.15.4 emulation: enabled 2022/09/15 11:14:08 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/15 11:14:08 fetching corpus: 22, signal 26241/29373 (executing program) 2022/09/15 11:14:08 fetching corpus: 72, signal 43090/47011 (executing program) 2022/09/15 11:14:09 fetching corpus: 122, signal 56902/61214 (executing program) 2022/09/15 11:14:09 fetching corpus: 172, signal 67233/71742 (executing program) 2022/09/15 11:14:09 fetching corpus: 222, signal 72888/77828 (executing program) 2022/09/15 11:14:09 fetching corpus: 272, signal 78274/83459 (executing program) 2022/09/15 11:14:09 fetching corpus: 322, signal 82649/88029 (executing program) 2022/09/15 11:14:09 fetching corpus: 372, signal 85124/90823 (executing program) 2022/09/15 11:14:09 fetching corpus: 422, signal 89598/95246 (executing program) 2022/09/15 11:14:10 fetching corpus: 472, signal 92876/98491 (executing program) 2022/09/15 11:14:10 fetching corpus: 522, signal 95570/101199 (executing program) 2022/09/15 11:14:10 fetching corpus: 572, signal 99667/104995 (executing program) 2022/09/15 11:14:10 fetching corpus: 622, signal 103199/108233 (executing program) 2022/09/15 11:14:10 fetching corpus: 672, signal 107127/111669 (executing program) 2022/09/15 11:14:11 fetching corpus: 722, signal 109623/113890 (executing program) 2022/09/15 11:14:11 fetching corpus: 772, signal 111480/115524 (executing program) 2022/09/15 11:14:11 fetching corpus: 822, signal 114424/117934 (executing program) 2022/09/15 11:14:11 fetching corpus: 872, signal 115981/119207 (executing program) 2022/09/15 11:14:11 fetching corpus: 921, signal 118576/121154 (executing program) 2022/09/15 11:14:11 fetching corpus: 971, signal 119965/122210 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/123341 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/123430 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/123513 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/123596 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/123665 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/123757 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/123837 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/123920 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124008 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124093 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124199 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124302 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124372 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124459 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124556 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124644 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124728 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124810 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124875 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/124949 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125033 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125108 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125172 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125249 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125324 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125400 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125481 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125587 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125677 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125775 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125846 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/125927 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/126004 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/126099 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/126188 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/126259 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/126333 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/126437 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/126527 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/126579 (executing program) 2022/09/15 11:14:12 fetching corpus: 1014, signal 121507/126579 (executing program) 2022/09/15 11:14:15 starting 8 fuzzer processes 11:14:15 executing program 0: r0 = syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000180)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0xc811}, 0x94) io_uring_enter(r0, 0x6c64, 0x0, 0x0, 0x0, 0x0) 11:14:15 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in=@broadcast, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x8, 0x0, 0x0, 0x2}, {{@in6=@empty}, 0x0, @in6=@local}}, 0xe8) 11:14:15 executing program 2: syz_io_uring_setup(0x5ee3, &(0x7f00000005c0), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000640), 0x0) syz_io_uring_setup(0x187, &(0x7f00000006c0), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000740), &(0x7f0000000780)) 11:14:15 executing program 3: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010600)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d002000200020002000200020002000200020002000200000000000000000be000000000000be252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011400)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000011e00)) [ 57.699964] audit: type=1400 audit(1663240455.299:6): avc: denied { execmem } for pid=284 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:14:15 executing program 4: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:14:15 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:14:15 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$sock(r0, &(0x7f0000001f40)=[{{&(0x7f0000000080)=@in={0x2, 0x4e23, @multicast2}, 0x80, 0x0, 0x0, &(0x7f0000000440)=[@txtime={{0x18}}], 0x18}}], 0x1, 0x0) 11:14:15 executing program 7: io_setup(0x6, &(0x7f0000000040)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8c3c1, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x2, 0x0, r1, 0x0}]) [ 58.972636] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.976654] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.978136] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.981667] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.983421] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 58.984859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 58.989807] Bluetooth: hci0: HCI_REQ-0x0c1a [ 59.039829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 59.042512] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 59.043807] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 59.052196] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 59.052771] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 59.054817] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 59.056568] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 59.057786] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 59.058562] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 59.064926] Bluetooth: hci1: HCI_REQ-0x0c1a [ 59.100117] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 59.102903] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 59.105020] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 59.106382] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 59.108178] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 59.110116] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 59.111376] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 59.120340] Bluetooth: hci2: HCI_REQ-0x0c1a [ 59.120374] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 59.121686] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 59.174582] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 59.175702] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 59.186670] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 59.188245] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 59.189217] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 59.190212] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 59.193206] Bluetooth: hci4: HCI_REQ-0x0c1a [ 59.214067] Bluetooth: hci3: HCI_REQ-0x0c1a [ 59.326468] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 59.326934] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 59.337941] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 59.338064] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 59.340493] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 59.340496] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 59.342496] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 59.342554] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 59.344940] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 59.355844] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 59.362880] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 59.363738] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 59.371552] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 59.373082] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 59.374770] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 59.377159] Bluetooth: hci6: HCI_REQ-0x0c1a [ 59.378083] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 59.383587] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 59.393830] Bluetooth: hci5: HCI_REQ-0x0c1a [ 59.438171] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 59.487142] Bluetooth: hci7: HCI_REQ-0x0c1a [ 61.004006] Bluetooth: hci0: command 0x0409 tx timeout [ 61.131462] Bluetooth: hci1: command 0x0409 tx timeout [ 61.131653] Bluetooth: hci2: command 0x0409 tx timeout [ 61.259374] Bluetooth: hci4: command 0x0409 tx timeout [ 61.259409] Bluetooth: hci3: command 0x0409 tx timeout [ 61.387533] Bluetooth: hci6: command 0x0409 tx timeout [ 61.515445] Bluetooth: hci7: command 0x0409 tx timeout [ 61.516144] Bluetooth: hci5: command 0x0409 tx timeout [ 63.052637] Bluetooth: hci0: command 0x041b tx timeout [ 63.180391] Bluetooth: hci2: command 0x041b tx timeout [ 63.181038] Bluetooth: hci1: command 0x041b tx timeout [ 63.308783] Bluetooth: hci3: command 0x041b tx timeout [ 63.309448] Bluetooth: hci4: command 0x041b tx timeout [ 63.436370] Bluetooth: hci6: command 0x041b tx timeout [ 63.564435] Bluetooth: hci5: command 0x041b tx timeout [ 63.565419] Bluetooth: hci7: command 0x041b tx timeout [ 65.100416] Bluetooth: hci0: command 0x040f tx timeout [ 65.228371] Bluetooth: hci1: command 0x040f tx timeout [ 65.229376] Bluetooth: hci2: command 0x040f tx timeout [ 65.355981] Bluetooth: hci4: command 0x040f tx timeout [ 65.356906] Bluetooth: hci3: command 0x040f tx timeout [ 65.483373] Bluetooth: hci6: command 0x040f tx timeout [ 65.612455] Bluetooth: hci7: command 0x040f tx timeout [ 65.613149] Bluetooth: hci5: command 0x040f tx timeout [ 67.148442] Bluetooth: hci0: command 0x0419 tx timeout [ 67.276377] Bluetooth: hci2: command 0x0419 tx timeout [ 67.277001] Bluetooth: hci1: command 0x0419 tx timeout [ 67.404599] Bluetooth: hci3: command 0x0419 tx timeout [ 67.405192] Bluetooth: hci4: command 0x0419 tx timeout [ 67.532369] Bluetooth: hci6: command 0x0419 tx timeout [ 67.660429] Bluetooth: hci5: command 0x0419 tx timeout [ 67.661914] Bluetooth: hci7: command 0x0419 tx timeout [ 111.354899] loop4: detected capacity change from 0 to 40 [ 111.452240] audit: type=1400 audit(1663240509.051:7): avc: denied { open } for pid=3763 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.453906] audit: type=1400 audit(1663240509.051:8): avc: denied { kernel } for pid=3763 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.468201] ------------[ cut here ]------------ [ 111.468225] [ 111.468229] ====================================================== [ 111.468233] WARNING: possible circular locking dependency detected [ 111.468238] 6.0.0-rc5-next-20220915 #1 Not tainted [ 111.468244] ------------------------------------------------------ [ 111.468247] syz-executor.4/3764 is trying to acquire lock: [ 111.468254] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 111.468294] [ 111.468294] but task is already holding lock: [ 111.468297] ffff88800e645020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 111.468328] [ 111.468328] which lock already depends on the new lock. [ 111.468328] [ 111.468332] [ 111.468332] the existing dependency chain (in reverse order) is: [ 111.468335] [ 111.468335] -> #3 (&ctx->lock){....}-{2:2}: [ 111.468349] _raw_spin_lock+0x2a/0x40 [ 111.468367] __perf_event_task_sched_out+0x53b/0x18d0 [ 111.468380] __schedule+0xedd/0x2470 [ 111.468391] schedule+0xda/0x1b0 [ 111.468401] futex_wait_queue+0xf5/0x1e0 [ 111.468413] futex_wait+0x28e/0x690 [ 111.468423] do_futex+0x2ff/0x380 [ 111.468432] __x64_sys_futex+0x1c6/0x4d0 [ 111.468442] do_syscall_64+0x3b/0x90 [ 111.468457] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 111.468475] [ 111.468475] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 111.468489] _raw_spin_lock_nested+0x30/0x40 [ 111.468508] raw_spin_rq_lock_nested+0x1e/0x30 [ 111.468521] task_fork_fair+0x63/0x4d0 [ 111.468539] sched_cgroup_fork+0x3d0/0x540 [ 111.468553] copy_process+0x4183/0x6e20 [ 111.468564] kernel_clone+0xe7/0x890 [ 111.468574] user_mode_thread+0xad/0xf0 [ 111.468584] rest_init+0x24/0x250 [ 111.468602] arch_call_rest_init+0xf/0x14 [ 111.468615] start_kernel+0x4c1/0x4e6 [ 111.468625] secondary_startup_64_no_verify+0xe0/0xeb [ 111.468640] [ 111.468640] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 111.468653] _raw_spin_lock_irqsave+0x39/0x60 [ 111.468669] try_to_wake_up+0xab/0x1920 [ 111.468682] up+0x75/0xb0 [ 111.468694] __up_console_sem+0x6e/0x80 [ 111.468710] console_unlock+0x46a/0x590 [ 111.468727] do_con_write+0xc05/0x1d50 [ 111.468739] con_write+0x21/0x40 [ 111.468749] n_tty_write+0x4d4/0xfe0 [ 111.468762] file_tty_write.constprop.0+0x49c/0x8f0 [ 111.468775] vfs_write+0x9c3/0xd90 [ 111.468794] ksys_write+0x127/0x250 [ 111.468812] do_syscall_64+0x3b/0x90 [ 111.468825] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 111.468843] [ 111.468843] -> #0 ((console_sem).lock){....}-{2:2}: [ 111.468856] __lock_acquire+0x2a02/0x5e70 [ 111.468873] lock_acquire+0x1a2/0x530 [ 111.468889] _raw_spin_lock_irqsave+0x39/0x60 [ 111.468905] down_trylock+0xe/0x70 [ 111.468917] __down_trylock_console_sem+0x3b/0xd0 [ 111.468934] vprintk_emit+0x16b/0x560 [ 111.468951] vprintk+0x84/0xa0 [ 111.468967] _printk+0xba/0xf1 [ 111.468986] report_bug.cold+0x72/0xab [ 111.468999] handle_bug+0x3c/0x70 [ 111.469013] exc_invalid_op+0x14/0x50 [ 111.469026] asm_exc_invalid_op+0x16/0x20 [ 111.469043] group_sched_out.part.0+0x2c7/0x460 [ 111.469054] ctx_sched_out+0x8f1/0xc10 [ 111.469064] __perf_event_task_sched_out+0x6d0/0x18d0 [ 111.469076] __schedule+0xedd/0x2470 [ 111.469086] schedule+0xda/0x1b0 [ 111.469096] futex_wait_queue+0xf5/0x1e0 [ 111.469106] futex_wait+0x28e/0x690 [ 111.469116] do_futex+0x2ff/0x380 [ 111.469125] __x64_sys_futex+0x1c6/0x4d0 [ 111.469134] do_syscall_64+0x3b/0x90 [ 111.469148] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 111.469168] [ 111.469168] other info that might help us debug this: [ 111.469168] [ 111.469171] Chain exists of: [ 111.469171] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 111.469171] [ 111.469188] Possible unsafe locking scenario: [ 111.469188] [ 111.469191] CPU0 CPU1 [ 111.469193] ---- ---- [ 111.469195] lock(&ctx->lock); [ 111.469201] lock(&rq->__lock); [ 111.469207] lock(&ctx->lock); [ 111.469214] lock((console_sem).lock); [ 111.469219] [ 111.469219] *** DEADLOCK *** [ 111.469219] [ 111.469222] 2 locks held by syz-executor.4/3764: [ 111.469229] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 111.469254] #1: ffff88800e645020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 111.469282] [ 111.469282] stack backtrace: [ 111.469285] CPU: 0 PID: 3764 Comm: syz-executor.4 Not tainted 6.0.0-rc5-next-20220915 #1 [ 111.469297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 111.469305] Call Trace: [ 111.469309] [ 111.469314] dump_stack_lvl+0x8b/0xb3 [ 111.469330] check_noncircular+0x263/0x2e0 [ 111.469347] ? format_decode+0x26c/0xb50 [ 111.469362] ? print_circular_bug+0x450/0x450 [ 111.469380] ? enable_ptr_key_workfn+0x20/0x20 [ 111.469395] ? format_decode+0x26c/0xb50 [ 111.469411] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 111.469429] __lock_acquire+0x2a02/0x5e70 [ 111.469451] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 111.469474] lock_acquire+0x1a2/0x530 [ 111.469491] ? down_trylock+0xe/0x70 [ 111.469506] ? rcu_read_unlock+0x40/0x40 [ 111.469527] ? vprintk+0x84/0xa0 [ 111.469545] _raw_spin_lock_irqsave+0x39/0x60 [ 111.469562] ? down_trylock+0xe/0x70 [ 111.469575] down_trylock+0xe/0x70 [ 111.469589] ? vprintk+0x84/0xa0 [ 111.469606] __down_trylock_console_sem+0x3b/0xd0 [ 111.469624] vprintk_emit+0x16b/0x560 [ 111.469643] vprintk+0x84/0xa0 [ 111.469661] _printk+0xba/0xf1 [ 111.469679] ? record_print_text.cold+0x16/0x16 [ 111.469702] ? report_bug.cold+0x66/0xab [ 111.469717] ? group_sched_out.part.0+0x2c7/0x460 [ 111.469728] report_bug.cold+0x72/0xab [ 111.469744] handle_bug+0x3c/0x70 [ 111.469758] exc_invalid_op+0x14/0x50 [ 111.469773] asm_exc_invalid_op+0x16/0x20 [ 111.469791] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 111.469805] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 111.469816] RSP: 0018:ffff88803bf978f8 EFLAGS: 00010006 [ 111.469825] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 111.469853] RDX: ffff888017598000 RSI: ffffffff81566027 RDI: 0000000000000005 [ 111.469861] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 111.469868] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800e645000 [ 111.469876] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 111.469887] ? group_sched_out.part.0+0x2c7/0x460 [ 111.469900] ? group_sched_out.part.0+0x2c7/0x460 [ 111.469913] ctx_sched_out+0x8f1/0xc10 [ 111.469926] __perf_event_task_sched_out+0x6d0/0x18d0 [ 111.469941] ? lock_is_held_type+0xd7/0x130 [ 111.469960] ? __perf_cgroup_move+0x160/0x160 [ 111.469972] ? set_next_entity+0x304/0x550 [ 111.469992] ? lock_is_held_type+0xd7/0x130 [ 111.470012] __schedule+0xedd/0x2470 [ 111.470025] ? io_schedule_timeout+0x150/0x150 [ 111.470037] ? futex_wait_setup+0x166/0x230 [ 111.470052] schedule+0xda/0x1b0 [ 111.470063] futex_wait_queue+0xf5/0x1e0 [ 111.470075] futex_wait+0x28e/0x690 [ 111.470087] ? futex_wait_setup+0x230/0x230 [ 111.470100] ? wake_up_q+0x8b/0xf0 [ 111.470114] ? do_raw_spin_unlock+0x4f/0x220 [ 111.470134] ? futex_wake+0x158/0x490 [ 111.470150] ? fd_install+0x1f9/0x640 [ 111.470167] do_futex+0x2ff/0x380 [ 111.470178] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 111.470194] __x64_sys_futex+0x1c6/0x4d0 [ 111.470206] ? __x64_sys_futex_time32+0x480/0x480 [ 111.470219] ? syscall_enter_from_user_mode+0x1d/0x50 [ 111.470238] ? syscall_enter_from_user_mode+0x1d/0x50 [ 111.470259] do_syscall_64+0x3b/0x90 [ 111.470274] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 111.470292] RIP: 0033:0x7f9ba9836b19 [ 111.470301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.470311] RSP: 002b:00007f9ba6dac218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 111.470323] RAX: ffffffffffffffda RBX: 00007f9ba9949f68 RCX: 00007f9ba9836b19 [ 111.470331] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9ba9949f68 [ 111.470338] RBP: 00007f9ba9949f60 R08: 0000000000000000 R09: 0000000000000000 [ 111.470345] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ba9949f6c [ 111.470352] R13: 00007ffe4eec4aff R14: 00007f9ba6dac300 R15: 0000000000022000 [ 111.470365] [ 111.530477] WARNING: CPU: 0 PID: 3764 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 111.531087] Modules linked in: [ 111.531305] CPU: 0 PID: 3764 Comm: syz-executor.4 Not tainted 6.0.0-rc5-next-20220915 #1 [ 111.531832] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 111.532562] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 111.532923] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 111.534108] RSP: 0018:ffff88803bf978f8 EFLAGS: 00010006 [ 111.534460] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 111.534930] RDX: ffff888017598000 RSI: ffffffff81566027 RDI: 0000000000000005 [ 111.535395] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 111.535865] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800e645000 [ 111.536340] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 111.536810] FS: 00007f9ba6dac700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 111.537341] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.537721] CR2: 00007f00955b11f0 CR3: 000000003d386000 CR4: 0000000000350ef0 [ 111.538208] Call Trace: [ 111.538385] [ 111.538542] ctx_sched_out+0x8f1/0xc10 [ 111.538807] __perf_event_task_sched_out+0x6d0/0x18d0 [ 111.539156] ? lock_is_held_type+0xd7/0x130 [ 111.539457] ? __perf_cgroup_move+0x160/0x160 [ 111.539761] ? set_next_entity+0x304/0x550 [ 111.540055] ? lock_is_held_type+0xd7/0x130 [ 111.540351] __schedule+0xedd/0x2470 [ 111.540607] ? io_schedule_timeout+0x150/0x150 [ 111.540915] ? futex_wait_setup+0x166/0x230 [ 111.541207] schedule+0xda/0x1b0 [ 111.541446] futex_wait_queue+0xf5/0x1e0 [ 111.541719] futex_wait+0x28e/0x690 [ 111.541973] ? futex_wait_setup+0x230/0x230 [ 111.542264] ? wake_up_q+0x8b/0xf0 [ 111.542508] ? do_raw_spin_unlock+0x4f/0x220 [ 111.542812] ? futex_wake+0x158/0x490 [ 111.543077] ? fd_install+0x1f9/0x640 [ 111.543339] do_futex+0x2ff/0x380 [ 111.543578] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 111.543969] __x64_sys_futex+0x1c6/0x4d0 [ 111.544246] ? __x64_sys_futex_time32+0x480/0x480 [ 111.544570] ? syscall_enter_from_user_mode+0x1d/0x50 [ 111.544919] ? syscall_enter_from_user_mode+0x1d/0x50 [ 111.545272] do_syscall_64+0x3b/0x90 [ 111.545528] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 111.545884] RIP: 0033:0x7f9ba9836b19 [ 111.546136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.547311] RSP: 002b:00007f9ba6dac218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 111.547807] RAX: ffffffffffffffda RBX: 00007f9ba9949f68 RCX: 00007f9ba9836b19 [ 111.548274] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9ba9949f68 [ 111.548745] RBP: 00007f9ba9949f60 R08: 0000000000000000 R09: 0000000000000000 [ 111.549217] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ba9949f6c [ 111.549689] R13: 00007ffe4eec4aff R14: 00007f9ba6dac300 R15: 0000000000022000 [ 111.550179] [ 111.550340] irq event stamp: 6300 [ 111.550569] hardirqs last enabled at (6299): [] syscall_enter_from_user_mode+0x1d/0x50 [ 111.551200] hardirqs last disabled at (6300): [] __schedule+0x1225/0x2470 [ 111.551741] softirqs last enabled at (5962): [] __irq_exit_rcu+0x11b/0x180 [ 111.552309] softirqs last disabled at (5931): [] __irq_exit_rcu+0x11b/0x180 [ 111.552879] ---[ end trace 0000000000000000 ]--- [ 111.586580] syz-executor.4: attempt to access beyond end of device [ 111.586580] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 111.587631] Buffer I/O error on dev loop4, logical block 10, lost async page write 11:15:09 executing program 4: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) [ 111.686037] loop4: detected capacity change from 0 to 40 [ 111.766660] syz-executor.4: attempt to access beyond end of device [ 111.766660] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 111.767581] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 111.821797] syz-executor.4 (3784) used greatest stack depth: 24472 bytes left 11:15:09 executing program 4: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) [ 111.878901] loop4: detected capacity change from 0 to 40 [ 111.960065] syz-executor.4: attempt to access beyond end of device [ 111.960065] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 111.961272] Buffer I/O error on dev loop4, logical block 10, lost async page write 11:15:09 executing program 4: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) [ 112.051864] loop4: detected capacity change from 0 to 40 [ 112.153742] syz-executor.4: attempt to access beyond end of device [ 112.153742] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 112.154963] Buffer I/O error on dev loop4, logical block 10, lost async page write 11:15:10 executing program 4: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) [ 112.431254] loop4: detected capacity change from 0 to 40 [ 112.505335] hrtimer: interrupt took 18215 ns [ 112.662561] syz-executor.4: attempt to access beyond end of device [ 112.662561] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 112.664164] Buffer I/O error on dev loop4, logical block 10, lost async page write 11:15:10 executing program 4: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) [ 112.774655] loop4: detected capacity change from 0 to 40 [ 112.852669] syz-executor.4: attempt to access beyond end of device [ 112.852669] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 112.853989] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 114.398062] loop3: detected capacity change from 0 to 240 [ 114.401591] random: crng reseeded on system resumption [ 114.409478] ISO 9660 Extensions: Microsoft Joliet Level 3 [ 114.440645] Restarting kernel threads ... done. [ 114.491751] random: crng reseeded on system resumption [ 114.495036] Restarting kernel threads ... done. 11:15:12 executing program 0: r0 = syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000180)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0xc811}, 0x94) io_uring_enter(r0, 0x6c64, 0x0, 0x0, 0x0, 0x0) 11:15:12 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in=@broadcast, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x8, 0x0, 0x0, 0x2}, {{@in6=@empty}, 0x0, @in6=@local}}, 0xe8) 11:15:12 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) [ 114.543100] loop2: detected capacity change from 0 to 40 11:15:12 executing program 4: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:12 executing program 7: io_setup(0x6, &(0x7f0000000040)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8c3c1, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x2, 0x0, r1, 0x0}]) 11:15:12 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$sock(r0, &(0x7f0000001f40)=[{{&(0x7f0000000080)=@in={0x2, 0x4e23, @multicast2}, 0x80, 0x0, 0x0, &(0x7f0000000440)=[@txtime={{0x18}}], 0x18}}], 0x1, 0x0) [ 114.561731] loop4: detected capacity change from 0 to 40 11:15:12 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:12 executing program 3: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010600)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d002000200020002000200020002000200020002000200000000000000000be000000000000be252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011400)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000011e00)) 11:15:12 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in=@broadcast, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x8, 0x0, 0x0, 0x2}, {{@in6=@empty}, 0x0, @in6=@local}}, 0xe8) [ 114.591812] loop3: detected capacity change from 0 to 240 [ 114.593632] ISO 9660 Extensions: Microsoft Joliet Level 3 11:15:12 executing program 7: io_setup(0x6, &(0x7f0000000040)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8c3c1, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x2, 0x0, r1, 0x0}]) 11:15:12 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in=@broadcast, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x8, 0x0, 0x0, 0x2}, {{@in6=@empty}, 0x0, @in6=@local}}, 0xe8) [ 114.661743] syz-executor.2: attempt to access beyond end of device [ 114.661743] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 114.663153] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 114.680532] syz-executor.4: attempt to access beyond end of device [ 114.680532] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 11:15:12 executing program 3: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010600)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d002000200020002000200020002000200020002000200000000000000000be000000000000be252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011400)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000011e00)) [ 114.681528] Buffer I/O error on dev loop4, logical block 10, lost async page write 11:15:12 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$sock(r0, &(0x7f0000001f40)=[{{&(0x7f0000000080)=@in={0x2, 0x4e23, @multicast2}, 0x80, 0x0, 0x0, &(0x7f0000000440)=[@txtime={{0x18}}], 0x18}}], 0x1, 0x0) 11:15:12 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:12 executing program 1: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:12 executing program 0: r0 = syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000180)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0xc811}, 0x94) io_uring_enter(r0, 0x6c64, 0x0, 0x0, 0x0, 0x0) [ 114.779621] loop2: detected capacity change from 0 to 40 [ 114.787939] loop3: detected capacity change from 0 to 240 [ 114.791081] random: crng reseeded on system resumption [ 114.799364] ISO 9660 Extensions: Microsoft Joliet Level 3 [ 114.811034] Restarting kernel threads ... done. [ 114.868229] syz-executor.2: attempt to access beyond end of device [ 114.868229] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 114.869470] Buffer I/O error on dev loop2, logical block 10, lost async page write 11:15:12 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:12 executing program 7: io_setup(0x6, &(0x7f0000000040)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8c3c1, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x2, 0x0, r1, 0x0}]) 11:15:12 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$sock(r0, &(0x7f0000001f40)=[{{&(0x7f0000000080)=@in={0x2, 0x4e23, @multicast2}, 0x80, 0x0, 0x0, &(0x7f0000000440)=[@txtime={{0x18}}], 0x18}}], 0x1, 0x0) 11:15:12 executing program 1: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:12 executing program 0: r0 = syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000180)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0xc811}, 0x94) io_uring_enter(r0, 0x6c64, 0x0, 0x0, 0x0, 0x0) 11:15:12 executing program 3: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010600)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d002000200020002000200020002000200020002000200000000000000000be000000000000be252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000011400)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000011e00)) 11:15:12 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 114.951788] loop2: detected capacity change from 0 to 40 [ 114.956947] random: crng reseeded on system resumption [ 114.959113] loop3: detected capacity change from 0 to 240 [ 114.967389] ISO 9660 Extensions: Microsoft Joliet Level 3 [ 115.307945] random: crng reseeded on system resumption 11:15:12 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:12 executing program 4: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:12 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 115.402711] random: crng reseeded on system resumption [ 115.436013] Restarting kernel threads ... done. [ 115.524762] random: crng reseeded on system resumption 11:15:12 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:13 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 115.542730] Restarting kernel threads ... done. 11:15:13 executing program 1: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:13 executing program 4: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:13 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:13 executing program 3: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:13 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:13 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:13 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:13 executing program 2: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 115.897185] random: crng reseeded on system resumption [ 115.912512] Restarting kernel threads ... done. 11:15:13 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:13 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 115.957800] random: crng reseeded on system resumption [ 115.974386] Restarting kernel threads ... done. 11:15:13 executing program 3: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 116.033171] random: crng reseeded on system resumption [ 116.045456] Restarting kernel threads ... done. [ 116.068764] random: crng reseeded on system resumption [ 116.080840] Restarting kernel threads ... done. [ 116.172773] random: crng reseeded on system resumption [ 116.203644] random: crng reseeded on system resumption [ 116.314632] random: crng reseeded on system resumption [ 116.614054] loop7: detected capacity change from 0 to 40 [ 116.632744] loop1: detected capacity change from 0 to 40 [ 116.659672] random: crng reseeded on system resumption [ 116.666818] Restarting kernel threads ... done. [ 116.683660] random: crng reseeded on system resumption 11:15:14 executing program 2: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:14 executing program 7: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:14 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:14 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:14 executing program 3: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:14 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:14 executing program 4: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 116.695077] Restarting kernel threads ... [ 116.696727] loop6: detected capacity change from 0 to 40 [ 116.698907] done. 11:15:14 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) [ 116.741688] random: crng reseeded on system resumption [ 116.745035] syz-executor.6: attempt to access beyond end of device [ 116.745035] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 116.746083] Buffer I/O error on dev loop6, logical block 10, lost async page write 11:15:14 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:15:14 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) [ 116.802923] loop6: detected capacity change from 0 to 40 11:15:14 executing program 2: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') r1 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r1, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ff6000/0x4000)=nil, 0x7000) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000140)=""/237) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000100)='/dev/l\xd4\xd2j\x97\xd0ME\x12w\xaf\xf2T\xe8#rol\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 116.847053] syz-executor.1: attempt to access beyond end of device [ 116.847053] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 116.848129] Buffer I/O error on dev loop1, logical block 10, lost async page write 11:15:14 executing program 3: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:14 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:14 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:14 executing program 4: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) getresuid(&(0x7f00000009c0), &(0x7f0000000a00), 0x0) [ 116.949188] loop3: detected capacity change from 0 to 40 [ 116.973371] loop5: detected capacity change from 0 to 40 [ 116.975607] loop0: detected capacity change from 0 to 40 11:15:14 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:14 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x40, 0xa}}}}, 0x17) [ 117.020253] syz-executor.7: attempt to access beyond end of device [ 117.020253] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 117.021679] Buffer I/O error on dev loop7, logical block 10, lost async page write [ 117.075404] syz-executor.6: attempt to access beyond end of device [ 117.075404] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 117.076831] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 117.107762] loop1: detected capacity change from 0 to 40 [ 117.122598] random: crng reseeded on system resumption 11:15:14 executing program 7: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:14 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x40, 0xa}}}}, 0x17) [ 117.211906] loop7: detected capacity change from 0 to 40 11:15:14 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x40, 0xa}}}}, 0x17) [ 117.239623] syz-executor.0: attempt to access beyond end of device [ 117.239623] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 117.240810] Buffer I/O error on dev loop0, logical block 10, lost async page write 11:15:14 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:14 executing program 2: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000480)={{0x1, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0xffffffffffffffff}) msgsnd(r0, &(0x7f00000000c0)={0x2, "74848fdbc62213fa9fd1bc3e5dfae511978965582f482b667b2cacdd2c8622c1cc0443a88c4aee586f85f8a92c7e7ded0e55d7f8abb2a10234f5799fe935852879e323ceb5605452e3ae4eaabf5a51f008ac6f5ea0934923cd35cf1bf0ef2a3e28235a54053239a75a3db1bd192738f6896c944da74ef03643e5345113f7a351638f28b3a98cce546b3f651ee018e0a8d9e6d76d60c6d64b1fe4a4b60f246e3385b359197bdba4fc5747fe9152fe9399ae34a747977d891a4607141f15b43c71b3474b32279ad39a664f3dfb14da3a9213ae9ec4a9bbdd714ffca398f029440ba55763797a8e4795cfbd8f67a4871a02b51c755ccc72760dfe55a50da2f9e432db308acd923027df710ab813bad7d60beff7794541e0d0630c8ad2711fc783e4d56256645c7f2f121fd0c053eb151cd8f09d794d80784309eca4615eeebe52c8482f5a3ba176093b5ba80687dcbaf658f1946dbae7115f8b48891236d24caf1956f1249b35068720f1ce85fc428f53fd5a516d9c8a2b8423a3beee62ea6bb660f5e8c5dfefacf8f3e323120f4a76174a8e13986f121b35e9c0be2b8d1544da5dd93cfb175a6ced418f3968e32ab3df6d049d4d6528f7f1150a642dd7126083d67feac58629c3abfbae76d723ce71f98ead167adb34dcd67fdc1d127d2771f5421780e72952cf13800670f09e35413deb8250dfdff16759edbc0810a7d42ad149e6c7dcb17e5ea2c9b90c799dac02cd17eef93aede84e5bc3a2747474f149b82e76a0ce5991f97c18a2a68b71c99bf51e3669040b15b9c8a2fe83d0a39d3d98f69117b8cfb6bbf4209f3c8f1927eba87975af0bfebdc7a831c8482ec6d6536d6bdc807033dcfb0bfe5d04c86f31b75d46a2bb4a53e4616d024d9dacb283645120019ef9fae77883f4a99b681be06858c5b6cce1719190af2de95cc3fc44cf9f912eb1e24ed0666d18970e68ebe86734e209489a9caaa48fba775f5458d255f208915ff15298619f4c52bc2246fe4b570c4214376cd419f9eee1e3c7eb1a71c25c1dd6ca2467023142bf423bf395081ace28eeee48f0291a3264ab26ffc3a375c29fdc6a5bba9663b034ba9a62a667c37f7d8e0f742e0879e9d1cd2b8f51e874805e392b6288bbe9c212df70884e2cdbccdd146478156e6bcc15463f7b9a0da69a7599e27e995d4f97608dea752bb8404d12077384422dc9f376444a31130c1e83aa007c9d2ee5a6193b805ce99dac5f5d6356c5b114ad5e17893075e837b49c33a8f91fa7d213738cd30ef198c79f3c41be7aec79722a826f980afa56d93331a1f5100883e79bcb0ad5f0e3a0b63b2790269c6bc95f2ff2b6a2aa453b3797808ad32ee3d0a231c58189fd5c97e825524c59fefb7b7e1c85430b411e0db2b5ab4df508f32619cd0cdc11f4f2126232bc5070b545dc3f9decf100ead051376f65f40a240549b4de6baa6ccd8e51b3a211795fec419252acab6e156291adc3293d436942143837d904285fa9f0f9004b762297d9155f3e5f3ac6df255d98fa436ff24dc43eb64728ef713c06e474bdd8f929ea5578d4e5f24b0ba07035be9ffc012715efb8f2e3e5f782ffefe1f633e1230d7de4ed64ec8aa9498eaff54e3256dad5fe32af57aa90c501be14a13e832cd3d29dad0435619ab67110a4b18ed65f96ce58764aa234664a21ac2724224182aca650000fc64a90cc945304b6baf324a7041096d048c56b2e4fba6b1976f395de23461e81c7311034131f36afdffb3a4653eb52f8e3f402102edf735cfe750a7a611ad77985b6c9faf639d5f036e201c4ea0253031643adb6840069d6b8b86c526f3ca5c1b0ee4499e20ac02660a6a5aaa2d9513fd9f4f2f9fe2a37a990f81b357f57a1afe85131c7e60b27940b6ac2a793f861fd7d626fa1f9081a19f2a0151298e13b0d2fdf615b531d6305a717339a990555b0336b49a280c53ad2db26637c7eb52464e6fa5dcec84f2b7e33dea8618247a8467620d54cbb28fe38437b0d22b8ea62aac5c6155dda47fd903c4c29c6486b802c9d92b03216fffb19dd4616ada8d5ccfb8cd0fd59c065f658382e600557a6cd9e3dacf1a90814b0ee546653820b5ad647e4f52382b7802f53512b90c9871c65c554dba59c072210ce767f387c04ced7cc6a0d7672a839d9c93631a7ac6f72225a612082d4d0e61d75a7710a92ea866e1d63463563592e46a50d5039f7269d207664e1b3c522e066570e86f8f203a0d5cdbdf67a35044049445b46a3682b884bc7c9b55e0ed9dafe39f73d261318493e3e3d1a4e61a2e4d96c5062060a1dbce784c10d4a0cc720acb4b94a29adfa8547e803df16b8b7e257e7960463a6e6c1ca5d9cbfff852d7240257f7e55caf95c5c0885d55a9b2be185973387ea006f7c2819f2edb58799e02b714e144653b19ee3541290debbd28734bab8d9483dc2988dbfde71c77f59b046ed8c19526d833c94318ac7553a38b809ff20aa4128803d0a2df275ba2441cc216ed67efe626634219a26ef9217acacd39fa5d61506d57a197a00d157971ed05dfc0bb8de4dfc7081e9a5f1ec1627d49dd769cc180ea38156b6e2ce74851ec448bd98a32e5c3d441fe8a87415c7e5598f455349cd4cdd5699b8c1bf07a814779d47ba66c005820201d07e92b05447aecb341cf80111156b4d5481ebd1d2620cba9224bdb47546c37e977205a62d1688470d5a5ef4cb864cc420dcf5d815e3ef8be7dfb139e3fe8771b3aecd87e59155064b8f4126e9c35b5ad96af57754a446fa7838499982e2ab8a57f9534908a4fce6d38981afdf58074e16bf5b335e810d5a0fe01c56c6f3e7fc74ba3c4090cf842f79cc347bd5b42b820a526014116337f04d7a2eccf912e2e8cff307d2956c3e5c5dba004547cee660bf2dd622a916a7c5b0e5bc83bedba275a64afe2b18fd1528952a6cbe35f3c90ebf95969bf52bd8c2f13ebc4e236979c83aac06512c054d1799e9296cb679a30974c44d101de9f52706c48bc6d11bb52204c53831b0e1ee41d37961123077a55d62f00066803b652372a6268bec978388b09ab74f2a00a9b1c8e25db4db136739e27826cbc90d7ce055945350f86c5b198217562add552c33e62d8319646b4a4f3a690ddb60bf8f8ffe89b6553e33019998f4b95719397db24bdb3e53b73fc92f4b654360102951b09f1db22faa65a0ef51f6d614eb40d8f4f01344c23c88bd449833b9c16e020fa9aef821ff7531113408e0acfc3ff2e9ce24d4652f3c763bfcdabda88e6b7698b0aa720154f6e5b23b724f0b92f4304b627e8a2df9455669615418127e84c94402b5af7cd9417187fb9987ebd1d3ad35d7e39b7fe5ce6174a7bab0672a92f827bcee17e88bd3ea9b3d30645764bdc9bd94cddcda919b4c343023d51dd050803fea4c8c58af0ea0f88e0254dd178e55d83c8c3fbf352e6dee3a6b7f0f3c6dee48664a6b11baf11f3250e2578eedb1229dc2339f619f2e4f0513db421eff3f54f274ee4cee889c676d1acdcd1962230e8bc4abf78bc76aaa80561b83c58cb925f310d70890b39a7abd61a2510c717698705e0bfe127db5f62ac0cb47cfecf7daccbfd4a24d27c1c4f970f366bb9e52c3095b39f01e0bc2d08bea9efe5701a186ec61066d6ee711e70093f52e06b133685d6b392c21e1adfe34c9fbce826a13018b5a429ae1f4ed2d53dd1c9058a24e09f8beceea2b518e6df4924df99bfc340a9e8252116878f8b149449bc282fd97d0548576ee5c2f5ab94b5a6b0786007b658f6e7a895f986d3ec2da7b220036cd65a9d515b94b8ea2d8afb72499efd2426618c97b498de39fa83629e671d03c42bb06e25073d7c7349429a7142f67abd6a64aa487bf6532bbe47209d81373cee02d96c6ed505f1fff41c4cf0bce34999d8932fd6ad282775fee3331f0d2d2ef8d63d7bcf235bc6bc601b4a0dac81dd67ff379c6f25e4f0bea1110acd82272ac41230eb3ed58bcb2930b1334da01421b5ee25307e4f0455c3ec36a24df5855713a1f38383d44c12527db174cf9388e17db8419fd88eb5bcb464ded85bfd1e26eabecf67b6e865d1d7dab72ec11d552c6a45eb2a7b6f0e9a0839fa1fd72faf6daee1dd9c257b741a4ee33ad24024450ee732f80fff7784253150cf5bda9779a7a31c6c70ef8a883a5eed6a017f38da184ff11685e8491928d002ad4483e0f6ac37f773efb64fa2e5c441350f1d94e9c62346977f4fa38ffabb2cfd25a0b6b942575933b17806151017fef1496def6e3c44e2018e25346ff6ebff8d0c723e8e5c2ef75c6bf3d2a08b0e54d289eb0000f40ded6ca212704f0ae8af95296f768b5cef91cb6ac6653fe7e5aef24eceef621b1013497fd00dbe0581a0025e101f363662ae9a6fffe6fb7b006bf1985a7a4e40f972d2f0f40cdf85b9fe43cb99e05aa05b04ce224fb9a6911c2700eb8cd8fbdda4877abcb1dbcae1ee2761c6652cc73a58aadb9ec98d4fcac710f8a40fbcafb9760db7fe030c59f528cefc7a25208f68356d19aba2c1859ef5149d5f08c2ce1ae7cbc210aa8d99d70d342b4bca74b2fef8ef8d03749b0e321faf5bd2242d90b9fce1dfa900dcc73260d8e58ebb35b4b333389eeeee356685965fd293e61916c108b0402b6a1e0fabe3f41ca8fb8df2cb129f7f52d9b9ed4a2476faff56013bb2829073e4108ca0da7591b770f0f803c51fbe4b81a94ffcb2443b4a066c65f148c7543c03e6ccc86b962ccf9fdff62c502df97fb854d5ffae09adecf31af358d00ef5de711d180e7179e3af00a587a9471726fea2244fd39bf5d53851781bbdc29f92912d5824ba55322d21ce6da3f3cfffd572b9923d96f4129f6aaf66795e8d287deb49edcde313a70db336998503c35b79913bc25f1eac62ea33bc0dbe120d1086fce23a687e39f3c3ecf95c26f9a8c9a7238909106f71a1c452ec591fa12d34d419f8627325067c09cf2301d39b4fabda7e051474e71625abbb35a300449bf62b489e56626aa7d665abbd3b5fb0c9ed65212fa5f2486e995df58bd1c5a642bc392567abf2e2bd4cc1bb7ee04cbd63ba06702a33b372652bba90c505eabe371bb73d8b25293aa7df4160eacd25a848920b15b419fbdcd05a97763d8f3e3261322f77a4ecb4ccdbad86aa5f31a95f87c75b51c243cd931cc65c7d8a10b67bb73473c90112634acc4b9afea7c7f378ad546afd6792881c9004346be0bddfcf03d3495542b74043289414fd7aceacafb13bb2eddb30e948e38fa8961da0e7d60d463e6a8548a1e4c8aab6b5cd9c686e6d01dea93c9bd0f98a5104af79c248049e304463d564c3f24da9138ac8192059f9d81072d375b23dfc1764bdceefa18d115d63c871016e6a1fd51225d05632687a090fd6eb5fec015fcc63c4b47ff96aa885bf85dbbd4fc95592b499c00094c49f22393c99f2aa24f26c98a3efac8106ba4599af81070ae5e34e11395c0aca9df16faa961bc09baed0f7b1e546f3d3f6a108e2267fc229a7b0d4673061bb71f95500b172516ec9fef152a885f0607d5be2284b4f625ee4a808be8dcd7e82148b8b65700572511f259ef785915b0db94c4ff1807ed4245af3a2bcd3c44be6da2fed0d52f1aa18b6fe4cc67118087e277cbea70a240ae33f5ac2d72ea94b955a3efd2434d08ed52c3dda9de3082dd95a2afdff930bf16156363ba782c31d2db617f463a2fdf6030bb814dd03c2f13167ad7277b36a5"}, 0xfd1, 0x0) msgrcv(r0, &(0x7f0000000000)={0x0, ""/49}, 0x39, 0x0, 0x3800) [ 117.305485] loop6: detected capacity change from 0 to 40 [ 117.313747] syz-executor.3: attempt to access beyond end of device [ 117.313747] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 117.314890] Buffer I/O error on dev loop3, logical block 10, lost async page write 11:15:14 executing program 4: syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x40, 0xa}}}}, 0x17) [ 117.370861] syz-executor.7: attempt to access beyond end of device [ 117.370861] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 117.371991] Buffer I/O error on dev loop7, logical block 10, lost async page write [ 117.400433] syz-executor.1: attempt to access beyond end of device [ 117.400433] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 117.401495] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 117.508745] syz-executor.5: attempt to access beyond end of device [ 117.508745] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 117.509793] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 117.525163] syz-executor.6: attempt to access beyond end of device [ 117.525163] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 117.526139] Buffer I/O error on dev loop6, logical block 10, lost async page write 11:15:15 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:15 executing program 2: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000480)={{0x1, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0xffffffffffffffff}) msgsnd(r0, &(0x7f00000000c0)={0x2, "74848fdbc62213fa9fd1bc3e5dfae511978965582f482b667b2cacdd2c8622c1cc0443a88c4aee586f85f8a92c7e7ded0e55d7f8abb2a10234f5799fe935852879e323ceb5605452e3ae4eaabf5a51f008ac6f5ea0934923cd35cf1bf0ef2a3e28235a54053239a75a3db1bd192738f6896c944da74ef03643e5345113f7a351638f28b3a98cce546b3f651ee018e0a8d9e6d76d60c6d64b1fe4a4b60f246e3385b359197bdba4fc5747fe9152fe9399ae34a747977d891a4607141f15b43c71b3474b32279ad39a664f3dfb14da3a9213ae9ec4a9bbdd714ffca398f029440ba55763797a8e4795cfbd8f67a4871a02b51c755ccc72760dfe55a50da2f9e432db308acd923027df710ab813bad7d60beff7794541e0d0630c8ad2711fc783e4d56256645c7f2f121fd0c053eb151cd8f09d794d80784309eca4615eeebe52c8482f5a3ba176093b5ba80687dcbaf658f1946dbae7115f8b48891236d24caf1956f1249b35068720f1ce85fc428f53fd5a516d9c8a2b8423a3beee62ea6bb660f5e8c5dfefacf8f3e323120f4a76174a8e13986f121b35e9c0be2b8d1544da5dd93cfb175a6ced418f3968e32ab3df6d049d4d6528f7f1150a642dd7126083d67feac58629c3abfbae76d723ce71f98ead167adb34dcd67fdc1d127d2771f5421780e72952cf13800670f09e35413deb8250dfdff16759edbc0810a7d42ad149e6c7dcb17e5ea2c9b90c799dac02cd17eef93aede84e5bc3a2747474f149b82e76a0ce5991f97c18a2a68b71c99bf51e3669040b15b9c8a2fe83d0a39d3d98f69117b8cfb6bbf4209f3c8f1927eba87975af0bfebdc7a831c8482ec6d6536d6bdc807033dcfb0bfe5d04c86f31b75d46a2bb4a53e4616d024d9dacb283645120019ef9fae77883f4a99b681be06858c5b6cce1719190af2de95cc3fc44cf9f912eb1e24ed0666d18970e68ebe86734e209489a9caaa48fba775f5458d255f208915ff15298619f4c52bc2246fe4b570c4214376cd419f9eee1e3c7eb1a71c25c1dd6ca2467023142bf423bf395081ace28eeee48f0291a3264ab26ffc3a375c29fdc6a5bba9663b034ba9a62a667c37f7d8e0f742e0879e9d1cd2b8f51e874805e392b6288bbe9c212df70884e2cdbccdd146478156e6bcc15463f7b9a0da69a7599e27e995d4f97608dea752bb8404d12077384422dc9f376444a31130c1e83aa007c9d2ee5a6193b805ce99dac5f5d6356c5b114ad5e17893075e837b49c33a8f91fa7d213738cd30ef198c79f3c41be7aec79722a826f980afa56d93331a1f5100883e79bcb0ad5f0e3a0b63b2790269c6bc95f2ff2b6a2aa453b3797808ad32ee3d0a231c58189fd5c97e825524c59fefb7b7e1c85430b411e0db2b5ab4df508f32619cd0cdc11f4f2126232bc5070b545dc3f9decf100ead051376f65f40a240549b4de6baa6ccd8e51b3a211795fec419252acab6e156291adc3293d436942143837d904285fa9f0f9004b762297d9155f3e5f3ac6df255d98fa436ff24dc43eb64728ef713c06e474bdd8f929ea5578d4e5f24b0ba07035be9ffc012715efb8f2e3e5f782ffefe1f633e1230d7de4ed64ec8aa9498eaff54e3256dad5fe32af57aa90c501be14a13e832cd3d29dad0435619ab67110a4b18ed65f96ce58764aa234664a21ac2724224182aca650000fc64a90cc945304b6baf324a7041096d048c56b2e4fba6b1976f395de23461e81c7311034131f36afdffb3a4653eb52f8e3f402102edf735cfe750a7a611ad77985b6c9faf639d5f036e201c4ea0253031643adb6840069d6b8b86c526f3ca5c1b0ee4499e20ac02660a6a5aaa2d9513fd9f4f2f9fe2a37a990f81b357f57a1afe85131c7e60b27940b6ac2a793f861fd7d626fa1f9081a19f2a0151298e13b0d2fdf615b531d6305a717339a990555b0336b49a280c53ad2db26637c7eb52464e6fa5dcec84f2b7e33dea8618247a8467620d54cbb28fe38437b0d22b8ea62aac5c6155dda47fd903c4c29c6486b802c9d92b03216fffb19dd4616ada8d5ccfb8cd0fd59c065f658382e600557a6cd9e3dacf1a90814b0ee546653820b5ad647e4f52382b7802f53512b90c9871c65c554dba59c072210ce767f387c04ced7cc6a0d7672a839d9c93631a7ac6f72225a612082d4d0e61d75a7710a92ea866e1d63463563592e46a50d5039f7269d207664e1b3c522e066570e86f8f203a0d5cdbdf67a35044049445b46a3682b884bc7c9b55e0ed9dafe39f73d261318493e3e3d1a4e61a2e4d96c5062060a1dbce784c10d4a0cc720acb4b94a29adfa8547e803df16b8b7e257e7960463a6e6c1ca5d9cbfff852d7240257f7e55caf95c5c0885d55a9b2be185973387ea006f7c2819f2edb58799e02b714e144653b19ee3541290debbd28734bab8d9483dc2988dbfde71c77f59b046ed8c19526d833c94318ac7553a38b809ff20aa4128803d0a2df275ba2441cc216ed67efe626634219a26ef9217acacd39fa5d61506d57a197a00d157971ed05dfc0bb8de4dfc7081e9a5f1ec1627d49dd769cc180ea38156b6e2ce74851ec448bd98a32e5c3d441fe8a87415c7e5598f455349cd4cdd5699b8c1bf07a814779d47ba66c005820201d07e92b05447aecb341cf80111156b4d5481ebd1d2620cba9224bdb47546c37e977205a62d1688470d5a5ef4cb864cc420dcf5d815e3ef8be7dfb139e3fe8771b3aecd87e59155064b8f4126e9c35b5ad96af57754a446fa7838499982e2ab8a57f9534908a4fce6d38981afdf58074e16bf5b335e810d5a0fe01c56c6f3e7fc74ba3c4090cf842f79cc347bd5b42b820a526014116337f04d7a2eccf912e2e8cff307d2956c3e5c5dba004547cee660bf2dd622a916a7c5b0e5bc83bedba275a64afe2b18fd1528952a6cbe35f3c90ebf95969bf52bd8c2f13ebc4e236979c83aac06512c054d1799e9296cb679a30974c44d101de9f52706c48bc6d11bb52204c53831b0e1ee41d37961123077a55d62f00066803b652372a6268bec978388b09ab74f2a00a9b1c8e25db4db136739e27826cbc90d7ce055945350f86c5b198217562add552c33e62d8319646b4a4f3a690ddb60bf8f8ffe89b6553e33019998f4b95719397db24bdb3e53b73fc92f4b654360102951b09f1db22faa65a0ef51f6d614eb40d8f4f01344c23c88bd449833b9c16e020fa9aef821ff7531113408e0acfc3ff2e9ce24d4652f3c763bfcdabda88e6b7698b0aa720154f6e5b23b724f0b92f4304b627e8a2df9455669615418127e84c94402b5af7cd9417187fb9987ebd1d3ad35d7e39b7fe5ce6174a7bab0672a92f827bcee17e88bd3ea9b3d30645764bdc9bd94cddcda919b4c343023d51dd050803fea4c8c58af0ea0f88e0254dd178e55d83c8c3fbf352e6dee3a6b7f0f3c6dee48664a6b11baf11f3250e2578eedb1229dc2339f619f2e4f0513db421eff3f54f274ee4cee889c676d1acdcd1962230e8bc4abf78bc76aaa80561b83c58cb925f310d70890b39a7abd61a2510c717698705e0bfe127db5f62ac0cb47cfecf7daccbfd4a24d27c1c4f970f366bb9e52c3095b39f01e0bc2d08bea9efe5701a186ec61066d6ee711e70093f52e06b133685d6b392c21e1adfe34c9fbce826a13018b5a429ae1f4ed2d53dd1c9058a24e09f8beceea2b518e6df4924df99bfc340a9e8252116878f8b149449bc282fd97d0548576ee5c2f5ab94b5a6b0786007b658f6e7a895f986d3ec2da7b220036cd65a9d515b94b8ea2d8afb72499efd2426618c97b498de39fa83629e671d03c42bb06e25073d7c7349429a7142f67abd6a64aa487bf6532bbe47209d81373cee02d96c6ed505f1fff41c4cf0bce34999d8932fd6ad282775fee3331f0d2d2ef8d63d7bcf235bc6bc601b4a0dac81dd67ff379c6f25e4f0bea1110acd82272ac41230eb3ed58bcb2930b1334da01421b5ee25307e4f0455c3ec36a24df5855713a1f38383d44c12527db174cf9388e17db8419fd88eb5bcb464ded85bfd1e26eabecf67b6e865d1d7dab72ec11d552c6a45eb2a7b6f0e9a0839fa1fd72faf6daee1dd9c257b741a4ee33ad24024450ee732f80fff7784253150cf5bda9779a7a31c6c70ef8a883a5eed6a017f38da184ff11685e8491928d002ad4483e0f6ac37f773efb64fa2e5c441350f1d94e9c62346977f4fa38ffabb2cfd25a0b6b942575933b17806151017fef1496def6e3c44e2018e25346ff6ebff8d0c723e8e5c2ef75c6bf3d2a08b0e54d289eb0000f40ded6ca212704f0ae8af95296f768b5cef91cb6ac6653fe7e5aef24eceef621b1013497fd00dbe0581a0025e101f363662ae9a6fffe6fb7b006bf1985a7a4e40f972d2f0f40cdf85b9fe43cb99e05aa05b04ce224fb9a6911c2700eb8cd8fbdda4877abcb1dbcae1ee2761c6652cc73a58aadb9ec98d4fcac710f8a40fbcafb9760db7fe030c59f528cefc7a25208f68356d19aba2c1859ef5149d5f08c2ce1ae7cbc210aa8d99d70d342b4bca74b2fef8ef8d03749b0e321faf5bd2242d90b9fce1dfa900dcc73260d8e58ebb35b4b333389eeeee356685965fd293e61916c108b0402b6a1e0fabe3f41ca8fb8df2cb129f7f52d9b9ed4a2476faff56013bb2829073e4108ca0da7591b770f0f803c51fbe4b81a94ffcb2443b4a066c65f148c7543c03e6ccc86b962ccf9fdff62c502df97fb854d5ffae09adecf31af358d00ef5de711d180e7179e3af00a587a9471726fea2244fd39bf5d53851781bbdc29f92912d5824ba55322d21ce6da3f3cfffd572b9923d96f4129f6aaf66795e8d287deb49edcde313a70db336998503c35b79913bc25f1eac62ea33bc0dbe120d1086fce23a687e39f3c3ecf95c26f9a8c9a7238909106f71a1c452ec591fa12d34d419f8627325067c09cf2301d39b4fabda7e051474e71625abbb35a300449bf62b489e56626aa7d665abbd3b5fb0c9ed65212fa5f2486e995df58bd1c5a642bc392567abf2e2bd4cc1bb7ee04cbd63ba06702a33b372652bba90c505eabe371bb73d8b25293aa7df4160eacd25a848920b15b419fbdcd05a97763d8f3e3261322f77a4ecb4ccdbad86aa5f31a95f87c75b51c243cd931cc65c7d8a10b67bb73473c90112634acc4b9afea7c7f378ad546afd6792881c9004346be0bddfcf03d3495542b74043289414fd7aceacafb13bb2eddb30e948e38fa8961da0e7d60d463e6a8548a1e4c8aab6b5cd9c686e6d01dea93c9bd0f98a5104af79c248049e304463d564c3f24da9138ac8192059f9d81072d375b23dfc1764bdceefa18d115d63c871016e6a1fd51225d05632687a090fd6eb5fec015fcc63c4b47ff96aa885bf85dbbd4fc95592b499c00094c49f22393c99f2aa24f26c98a3efac8106ba4599af81070ae5e34e11395c0aca9df16faa961bc09baed0f7b1e546f3d3f6a108e2267fc229a7b0d4673061bb71f95500b172516ec9fef152a885f0607d5be2284b4f625ee4a808be8dcd7e82148b8b65700572511f259ef785915b0db94c4ff1807ed4245af3a2bcd3c44be6da2fed0d52f1aa18b6fe4cc67118087e277cbea70a240ae33f5ac2d72ea94b955a3efd2434d08ed52c3dda9de3082dd95a2afdff930bf16156363ba782c31d2db617f463a2fdf6030bb814dd03c2f13167ad7277b36a5"}, 0xfd1, 0x0) msgrcv(r0, &(0x7f0000000000)={0x0, ""/49}, 0x39, 0x0, 0x3800) 11:15:15 executing program 3: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 11:15:15 executing program 6: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000480)={{0x1, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0xffffffffffffffff}) msgsnd(r0, &(0x7f00000000c0)={0x2, "74848fdbc62213fa9fd1bc3e5dfae511978965582f482b667b2cacdd2c8622c1cc0443a88c4aee586f85f8a92c7e7ded0e55d7f8abb2a10234f5799fe935852879e323ceb5605452e3ae4eaabf5a51f008ac6f5ea0934923cd35cf1bf0ef2a3e28235a54053239a75a3db1bd192738f6896c944da74ef03643e5345113f7a351638f28b3a98cce546b3f651ee018e0a8d9e6d76d60c6d64b1fe4a4b60f246e3385b359197bdba4fc5747fe9152fe9399ae34a747977d891a4607141f15b43c71b3474b32279ad39a664f3dfb14da3a9213ae9ec4a9bbdd714ffca398f029440ba55763797a8e4795cfbd8f67a4871a02b51c755ccc72760dfe55a50da2f9e432db308acd923027df710ab813bad7d60beff7794541e0d0630c8ad2711fc783e4d56256645c7f2f121fd0c053eb151cd8f09d794d80784309eca4615eeebe52c8482f5a3ba176093b5ba80687dcbaf658f1946dbae7115f8b48891236d24caf1956f1249b35068720f1ce85fc428f53fd5a516d9c8a2b8423a3beee62ea6bb660f5e8c5dfefacf8f3e323120f4a76174a8e13986f121b35e9c0be2b8d1544da5dd93cfb175a6ced418f3968e32ab3df6d049d4d6528f7f1150a642dd7126083d67feac58629c3abfbae76d723ce71f98ead167adb34dcd67fdc1d127d2771f5421780e72952cf13800670f09e35413deb8250dfdff16759edbc0810a7d42ad149e6c7dcb17e5ea2c9b90c799dac02cd17eef93aede84e5bc3a2747474f149b82e76a0ce5991f97c18a2a68b71c99bf51e3669040b15b9c8a2fe83d0a39d3d98f69117b8cfb6bbf4209f3c8f1927eba87975af0bfebdc7a831c8482ec6d6536d6bdc807033dcfb0bfe5d04c86f31b75d46a2bb4a53e4616d024d9dacb283645120019ef9fae77883f4a99b681be06858c5b6cce1719190af2de95cc3fc44cf9f912eb1e24ed0666d18970e68ebe86734e209489a9caaa48fba775f5458d255f208915ff15298619f4c52bc2246fe4b570c4214376cd419f9eee1e3c7eb1a71c25c1dd6ca2467023142bf423bf395081ace28eeee48f0291a3264ab26ffc3a375c29fdc6a5bba9663b034ba9a62a667c37f7d8e0f742e0879e9d1cd2b8f51e874805e392b6288bbe9c212df70884e2cdbccdd146478156e6bcc15463f7b9a0da69a7599e27e995d4f97608dea752bb8404d12077384422dc9f376444a31130c1e83aa007c9d2ee5a6193b805ce99dac5f5d6356c5b114ad5e17893075e837b49c33a8f91fa7d213738cd30ef198c79f3c41be7aec79722a826f980afa56d93331a1f5100883e79bcb0ad5f0e3a0b63b2790269c6bc95f2ff2b6a2aa453b3797808ad32ee3d0a231c58189fd5c97e825524c59fefb7b7e1c85430b411e0db2b5ab4df508f32619cd0cdc11f4f2126232bc5070b545dc3f9decf100ead051376f65f40a240549b4de6baa6ccd8e51b3a211795fec419252acab6e156291adc3293d436942143837d904285fa9f0f9004b762297d9155f3e5f3ac6df255d98fa436ff24dc43eb64728ef713c06e474bdd8f929ea5578d4e5f24b0ba07035be9ffc012715efb8f2e3e5f782ffefe1f633e1230d7de4ed64ec8aa9498eaff54e3256dad5fe32af57aa90c501be14a13e832cd3d29dad0435619ab67110a4b18ed65f96ce58764aa234664a21ac2724224182aca650000fc64a90cc945304b6baf324a7041096d048c56b2e4fba6b1976f395de23461e81c7311034131f36afdffb3a4653eb52f8e3f402102edf735cfe750a7a611ad77985b6c9faf639d5f036e201c4ea0253031643adb6840069d6b8b86c526f3ca5c1b0ee4499e20ac02660a6a5aaa2d9513fd9f4f2f9fe2a37a990f81b357f57a1afe85131c7e60b27940b6ac2a793f861fd7d626fa1f9081a19f2a0151298e13b0d2fdf615b531d6305a717339a990555b0336b49a280c53ad2db26637c7eb52464e6fa5dcec84f2b7e33dea8618247a8467620d54cbb28fe38437b0d22b8ea62aac5c6155dda47fd903c4c29c6486b802c9d92b03216fffb19dd4616ada8d5ccfb8cd0fd59c065f658382e600557a6cd9e3dacf1a90814b0ee546653820b5ad647e4f52382b7802f53512b90c9871c65c554dba59c072210ce767f387c04ced7cc6a0d7672a839d9c93631a7ac6f72225a612082d4d0e61d75a7710a92ea866e1d63463563592e46a50d5039f7269d207664e1b3c522e066570e86f8f203a0d5cdbdf67a35044049445b46a3682b884bc7c9b55e0ed9dafe39f73d261318493e3e3d1a4e61a2e4d96c5062060a1dbce784c10d4a0cc720acb4b94a29adfa8547e803df16b8b7e257e7960463a6e6c1ca5d9cbfff852d7240257f7e55caf95c5c0885d55a9b2be185973387ea006f7c2819f2edb58799e02b714e144653b19ee3541290debbd28734bab8d9483dc2988dbfde71c77f59b046ed8c19526d833c94318ac7553a38b809ff20aa4128803d0a2df275ba2441cc216ed67efe626634219a26ef9217acacd39fa5d61506d57a197a00d157971ed05dfc0bb8de4dfc7081e9a5f1ec1627d49dd769cc180ea38156b6e2ce74851ec448bd98a32e5c3d441fe8a87415c7e5598f455349cd4cdd5699b8c1bf07a814779d47ba66c005820201d07e92b05447aecb341cf80111156b4d5481ebd1d2620cba9224bdb47546c37e977205a62d1688470d5a5ef4cb864cc420dcf5d815e3ef8be7dfb139e3fe8771b3aecd87e59155064b8f4126e9c35b5ad96af57754a446fa7838499982e2ab8a57f9534908a4fce6d38981afdf58074e16bf5b335e810d5a0fe01c56c6f3e7fc74ba3c4090cf842f79cc347bd5b42b820a526014116337f04d7a2eccf912e2e8cff307d2956c3e5c5dba004547cee660bf2dd622a916a7c5b0e5bc83bedba275a64afe2b18fd1528952a6cbe35f3c90ebf95969bf52bd8c2f13ebc4e236979c83aac06512c054d1799e9296cb679a30974c44d101de9f52706c48bc6d11bb52204c53831b0e1ee41d37961123077a55d62f00066803b652372a6268bec978388b09ab74f2a00a9b1c8e25db4db136739e27826cbc90d7ce055945350f86c5b198217562add552c33e62d8319646b4a4f3a690ddb60bf8f8ffe89b6553e33019998f4b95719397db24bdb3e53b73fc92f4b654360102951b09f1db22faa65a0ef51f6d614eb40d8f4f01344c23c88bd449833b9c16e020fa9aef821ff7531113408e0acfc3ff2e9ce24d4652f3c763bfcdabda88e6b7698b0aa720154f6e5b23b724f0b92f4304b627e8a2df9455669615418127e84c94402b5af7cd9417187fb9987ebd1d3ad35d7e39b7fe5ce6174a7bab0672a92f827bcee17e88bd3ea9b3d30645764bdc9bd94cddcda919b4c343023d51dd050803fea4c8c58af0ea0f88e0254dd178e55d83c8c3fbf352e6dee3a6b7f0f3c6dee48664a6b11baf11f3250e2578eedb1229dc2339f619f2e4f0513db421eff3f54f274ee4cee889c676d1acdcd1962230e8bc4abf78bc76aaa80561b83c58cb925f310d70890b39a7abd61a2510c717698705e0bfe127db5f62ac0cb47cfecf7daccbfd4a24d27c1c4f970f366bb9e52c3095b39f01e0bc2d08bea9efe5701a186ec61066d6ee711e70093f52e06b133685d6b392c21e1adfe34c9fbce826a13 VM DIAGNOSIS: 11:15:09 Registers: info registers vcpu 0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b29f1 RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff88803bf97348 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000038 R11=0000000000000001 R12=0000000000000038 R13=ffffffff87641b60 R14=0000000000000010 R15=ffffffff822b29e0 RIP=ffffffff822b2a49 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f9ba6dac700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f00955b11f0 CR3=000000003d386000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM01=0000000000000000 0000000000000000 2525252525252525 2525252525252525 YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=00000049247e4fdc RBX=0000000000000000 RCX=00000000000006e0 RDX=0000000000000049 RSI=ffff88806cf27140 RDI=0000000000006eeb RBP=ffff88806cf27140 RSP=ffff88806cf09ed8 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000013d83 R11=0000000000000001 R12=0000000000006eeb R13=0000000000000000 R14=0000000000000000 R15=ffff88806cf2a640 RIP=ffffffff810f2f41 RFL=00000012 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6856e371f0 CR3=000000003c8da000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f YMM01=0000000000000000 0000000000000000 6461657268747062 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 00302e6f732e6461 657268747062696c YMM03=0000000000000000 0000000000000000 2f756e672d78756e 696c2d34365f3638 YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000