Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:23501' (ECDSA) to the list of known hosts. 2022/09/12 18:22:12 fuzzer started 2022/09/12 18:22:13 dialing manager at localhost:38027 syzkaller login: [ 36.844799] cgroup: Unknown subsys name 'net' [ 36.947931] cgroup: Unknown subsys name 'rlimit' 2022/09/12 18:22:26 syscalls: 2215 2022/09/12 18:22:26 code coverage: enabled 2022/09/12 18:22:26 comparison tracing: enabled 2022/09/12 18:22:26 extra coverage: enabled 2022/09/12 18:22:26 setuid sandbox: enabled 2022/09/12 18:22:26 namespace sandbox: enabled 2022/09/12 18:22:26 Android sandbox: enabled 2022/09/12 18:22:26 fault injection: enabled 2022/09/12 18:22:26 leak checking: enabled 2022/09/12 18:22:26 net packet injection: enabled 2022/09/12 18:22:26 net device setup: enabled 2022/09/12 18:22:26 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/12 18:22:26 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/12 18:22:26 USB emulation: enabled 2022/09/12 18:22:26 hci packet injection: enabled 2022/09/12 18:22:26 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220912) 2022/09/12 18:22:26 802.15.4 emulation: enabled 2022/09/12 18:22:27 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/12 18:22:27 fetching corpus: 36, signal 25251/28851 (executing program) 2022/09/12 18:22:27 fetching corpus: 86, signal 40780/45843 (executing program) 2022/09/12 18:22:27 fetching corpus: 136, signal 54226/60635 (executing program) 2022/09/12 18:22:27 fetching corpus: 185, signal 64188/71810 (executing program) 2022/09/12 18:22:27 fetching corpus: 235, signal 70606/79505 (executing program) 2022/09/12 18:22:27 fetching corpus: 285, signal 75988/86083 (executing program) 2022/09/12 18:22:27 fetching corpus: 335, signal 80378/91657 (executing program) 2022/09/12 18:22:28 fetching corpus: 385, signal 84517/96950 (executing program) 2022/09/12 18:22:28 fetching corpus: 435, signal 88223/101797 (executing program) 2022/09/12 18:22:28 fetching corpus: 485, signal 93050/107607 (executing program) 2022/09/12 18:22:28 fetching corpus: 535, signal 97200/112659 (executing program) 2022/09/12 18:22:28 fetching corpus: 585, signal 101432/117836 (executing program) 2022/09/12 18:22:28 fetching corpus: 635, signal 104073/121481 (executing program) 2022/09/12 18:22:29 fetching corpus: 685, signal 108986/127086 (executing program) 2022/09/12 18:22:29 fetching corpus: 735, signal 111887/130840 (executing program) 2022/09/12 18:22:29 fetching corpus: 785, signal 113936/133859 (executing program) 2022/09/12 18:22:29 fetching corpus: 835, signal 115479/136351 (executing program) 2022/09/12 18:22:29 fetching corpus: 885, signal 118963/140451 (executing program) 2022/09/12 18:22:29 fetching corpus: 935, signal 121308/143571 (executing program) 2022/09/12 18:22:29 fetching corpus: 985, signal 123866/146831 (executing program) 2022/09/12 18:22:29 fetching corpus: 1035, signal 125604/149431 (executing program) 2022/09/12 18:22:29 fetching corpus: 1085, signal 127448/152050 (executing program) 2022/09/12 18:22:30 fetching corpus: 1135, signal 130555/155634 (executing program) 2022/09/12 18:22:30 fetching corpus: 1185, signal 133489/159145 (executing program) 2022/09/12 18:22:30 fetching corpus: 1235, signal 135469/161792 (executing program) 2022/09/12 18:22:30 fetching corpus: 1285, signal 137312/164283 (executing program) 2022/09/12 18:22:30 fetching corpus: 1335, signal 139873/167308 (executing program) 2022/09/12 18:22:30 fetching corpus: 1385, signal 141556/169582 (executing program) 2022/09/12 18:22:30 fetching corpus: 1435, signal 142994/171704 (executing program) 2022/09/12 18:22:31 fetching corpus: 1485, signal 144938/174172 (executing program) 2022/09/12 18:22:31 fetching corpus: 1535, signal 146928/176613 (executing program) 2022/09/12 18:22:31 fetching corpus: 1585, signal 147891/178263 (executing program) 2022/09/12 18:22:31 fetching corpus: 1635, signal 150340/181035 (executing program) 2022/09/12 18:22:31 fetching corpus: 1685, signal 151693/182974 (executing program) 2022/09/12 18:22:31 fetching corpus: 1735, signal 153505/185201 (executing program) 2022/09/12 18:22:31 fetching corpus: 1785, signal 155370/187442 (executing program) 2022/09/12 18:22:31 fetching corpus: 1835, signal 156988/189507 (executing program) 2022/09/12 18:22:32 fetching corpus: 1885, signal 158337/191283 (executing program) 2022/09/12 18:22:32 fetching corpus: 1935, signal 159388/192889 (executing program) 2022/09/12 18:22:32 fetching corpus: 1985, signal 160778/194679 (executing program) 2022/09/12 18:22:32 fetching corpus: 2035, signal 162015/196375 (executing program) 2022/09/12 18:22:32 fetching corpus: 2085, signal 163052/197867 (executing program) 2022/09/12 18:22:32 fetching corpus: 2134, signal 164671/199761 (executing program) 2022/09/12 18:22:32 fetching corpus: 2184, signal 166201/201546 (executing program) 2022/09/12 18:22:33 fetching corpus: 2234, signal 168045/203594 (executing program) 2022/09/12 18:22:33 fetching corpus: 2284, signal 169223/205113 (executing program) 2022/09/12 18:22:33 fetching corpus: 2334, signal 170021/206435 (executing program) 2022/09/12 18:22:33 fetching corpus: 2384, signal 171441/208106 (executing program) 2022/09/12 18:22:33 fetching corpus: 2434, signal 172292/209368 (executing program) 2022/09/12 18:22:33 fetching corpus: 2484, signal 173013/210520 (executing program) 2022/09/12 18:22:33 fetching corpus: 2534, signal 173999/211847 (executing program) 2022/09/12 18:22:34 fetching corpus: 2584, signal 175594/213642 (executing program) 2022/09/12 18:22:34 fetching corpus: 2634, signal 177359/215413 (executing program) 2022/09/12 18:22:34 fetching corpus: 2684, signal 178406/216752 (executing program) 2022/09/12 18:22:34 fetching corpus: 2734, signal 179681/218218 (executing program) 2022/09/12 18:22:34 fetching corpus: 2784, signal 180725/219485 (executing program) 2022/09/12 18:22:34 fetching corpus: 2834, signal 181602/220717 (executing program) 2022/09/12 18:22:34 fetching corpus: 2884, signal 182755/222030 (executing program) 2022/09/12 18:22:35 fetching corpus: 2934, signal 184447/223660 (executing program) 2022/09/12 18:22:35 fetching corpus: 2984, signal 185357/224882 (executing program) 2022/09/12 18:22:35 fetching corpus: 3034, signal 186495/226147 (executing program) 2022/09/12 18:22:35 fetching corpus: 3084, signal 187178/227209 (executing program) 2022/09/12 18:22:35 fetching corpus: 3134, signal 187832/228190 (executing program) 2022/09/12 18:22:35 fetching corpus: 3184, signal 188919/229362 (executing program) 2022/09/12 18:22:36 fetching corpus: 3234, signal 189591/230334 (executing program) 2022/09/12 18:22:36 fetching corpus: 3284, signal 190865/231595 (executing program) 2022/09/12 18:22:36 fetching corpus: 3334, signal 192175/232856 (executing program) 2022/09/12 18:22:36 fetching corpus: 3384, signal 193168/233951 (executing program) 2022/09/12 18:22:36 fetching corpus: 3434, signal 194272/235080 (executing program) 2022/09/12 18:22:36 fetching corpus: 3484, signal 195077/236010 (executing program) 2022/09/12 18:22:36 fetching corpus: 3534, signal 196190/237154 (executing program) 2022/09/12 18:22:37 fetching corpus: 3584, signal 197063/238171 (executing program) 2022/09/12 18:22:37 fetching corpus: 3634, signal 197815/239101 (executing program) 2022/09/12 18:22:37 fetching corpus: 3684, signal 198569/240028 (executing program) 2022/09/12 18:22:37 fetching corpus: 3734, signal 199411/240950 (executing program) 2022/09/12 18:22:37 fetching corpus: 3784, signal 200781/242090 (executing program) 2022/09/12 18:22:37 fetching corpus: 3834, signal 201890/243090 (executing program) 2022/09/12 18:22:37 fetching corpus: 3884, signal 202492/243935 (executing program) 2022/09/12 18:22:38 fetching corpus: 3934, signal 204190/245163 (executing program) 2022/09/12 18:22:38 fetching corpus: 3984, signal 205321/246181 (executing program) 2022/09/12 18:22:38 fetching corpus: 4034, signal 206066/246993 (executing program) 2022/09/12 18:22:38 fetching corpus: 4084, signal 207442/248081 (executing program) 2022/09/12 18:22:38 fetching corpus: 4134, signal 208245/248913 (executing program) 2022/09/12 18:22:38 fetching corpus: 4184, signal 208962/249710 (executing program) 2022/09/12 18:22:38 fetching corpus: 4234, signal 209676/250483 (executing program) 2022/09/12 18:22:39 fetching corpus: 4283, signal 210821/251455 (executing program) 2022/09/12 18:22:39 fetching corpus: 4333, signal 211837/252347 (executing program) 2022/09/12 18:22:39 fetching corpus: 4383, signal 212468/253030 (executing program) 2022/09/12 18:22:39 fetching corpus: 4433, signal 212984/253657 (executing program) 2022/09/12 18:22:39 fetching corpus: 4483, signal 213491/254330 (executing program) 2022/09/12 18:22:39 fetching corpus: 4533, signal 214005/254927 (executing program) 2022/09/12 18:22:39 fetching corpus: 4583, signal 214771/255621 (executing program) 2022/09/12 18:22:39 fetching corpus: 4633, signal 215714/256289 (executing program) 2022/09/12 18:22:40 fetching corpus: 4683, signal 216270/256878 (executing program) 2022/09/12 18:22:40 fetching corpus: 4733, signal 216944/257479 (executing program) 2022/09/12 18:22:40 fetching corpus: 4783, signal 217749/258128 (executing program) 2022/09/12 18:22:40 fetching corpus: 4833, signal 218407/258724 (executing program) 2022/09/12 18:22:40 fetching corpus: 4883, signal 219049/259316 (executing program) 2022/09/12 18:22:40 fetching corpus: 4932, signal 219484/259822 (executing program) 2022/09/12 18:22:40 fetching corpus: 4982, signal 220212/260410 (executing program) 2022/09/12 18:22:41 fetching corpus: 5032, signal 221005/261008 (executing program) 2022/09/12 18:22:41 fetching corpus: 5081, signal 222334/261774 (executing program) 2022/09/12 18:22:41 fetching corpus: 5130, signal 223031/262350 (executing program) 2022/09/12 18:22:41 fetching corpus: 5180, signal 223917/262924 (executing program) 2022/09/12 18:22:41 fetching corpus: 5230, signal 224625/263488 (executing program) 2022/09/12 18:22:41 fetching corpus: 5280, signal 225309/264040 (executing program) 2022/09/12 18:22:42 fetching corpus: 5330, signal 226064/264558 (executing program) 2022/09/12 18:22:42 fetching corpus: 5380, signal 226603/265009 (executing program) 2022/09/12 18:22:42 fetching corpus: 5430, signal 227224/265535 (executing program) 2022/09/12 18:22:42 fetching corpus: 5480, signal 227848/266021 (executing program) 2022/09/12 18:22:42 fetching corpus: 5530, signal 228450/266525 (executing program) 2022/09/12 18:22:42 fetching corpus: 5580, signal 229004/266959 (executing program) 2022/09/12 18:22:42 fetching corpus: 5630, signal 229869/267454 (executing program) 2022/09/12 18:22:42 fetching corpus: 5680, signal 230479/267844 (executing program) 2022/09/12 18:22:42 fetching corpus: 5730, signal 230971/268255 (executing program) 2022/09/12 18:22:43 fetching corpus: 5779, signal 231967/268697 (executing program) 2022/09/12 18:22:43 fetching corpus: 5829, signal 232907/269135 (executing program) 2022/09/12 18:22:43 fetching corpus: 5879, signal 233673/269578 (executing program) 2022/09/12 18:22:43 fetching corpus: 5929, signal 234073/269938 (executing program) 2022/09/12 18:22:43 fetching corpus: 5979, signal 234654/270312 (executing program) 2022/09/12 18:22:43 fetching corpus: 6029, signal 235322/270653 (executing program) 2022/09/12 18:22:43 fetching corpus: 6079, signal 235949/270999 (executing program) 2022/09/12 18:22:44 fetching corpus: 6129, signal 236612/271395 (executing program) 2022/09/12 18:22:44 fetching corpus: 6179, signal 237314/271744 (executing program) 2022/09/12 18:22:44 fetching corpus: 6229, signal 238099/272062 (executing program) 2022/09/12 18:22:44 fetching corpus: 6279, signal 238507/272355 (executing program) 2022/09/12 18:22:44 fetching corpus: 6329, signal 239803/272863 (executing program) 2022/09/12 18:22:44 fetching corpus: 6379, signal 240226/273145 (executing program) 2022/09/12 18:22:44 fetching corpus: 6429, signal 240818/273416 (executing program) 2022/09/12 18:22:44 fetching corpus: 6479, signal 241430/273693 (executing program) 2022/09/12 18:22:45 fetching corpus: 6529, signal 242058/273953 (executing program) 2022/09/12 18:22:45 fetching corpus: 6579, signal 242563/274174 (executing program) 2022/09/12 18:22:45 fetching corpus: 6629, signal 242981/274371 (executing program) 2022/09/12 18:22:45 fetching corpus: 6679, signal 243515/274377 (executing program) 2022/09/12 18:22:45 fetching corpus: 6729, signal 243970/274393 (executing program) 2022/09/12 18:22:45 fetching corpus: 6779, signal 244391/274406 (executing program) 2022/09/12 18:22:45 fetching corpus: 6829, signal 244840/274410 (executing program) 2022/09/12 18:22:45 fetching corpus: 6879, signal 245323/274426 (executing program) 2022/09/12 18:22:46 fetching corpus: 6929, signal 245807/274426 (executing program) 2022/09/12 18:22:46 fetching corpus: 6979, signal 246320/274436 (executing program) 2022/09/12 18:22:46 fetching corpus: 7028, signal 246893/274554 (executing program) 2022/09/12 18:22:46 fetching corpus: 7078, signal 247420/274567 (executing program) 2022/09/12 18:22:46 fetching corpus: 7128, signal 247692/274588 (executing program) 2022/09/12 18:22:46 fetching corpus: 7178, signal 248182/274597 (executing program) 2022/09/12 18:22:46 fetching corpus: 7228, signal 248542/274606 (executing program) 2022/09/12 18:22:46 fetching corpus: 7278, signal 248944/274619 (executing program) 2022/09/12 18:22:47 fetching corpus: 7328, signal 249488/274628 (executing program) 2022/09/12 18:22:47 fetching corpus: 7378, signal 249858/274629 (executing program) 2022/09/12 18:22:47 fetching corpus: 7428, signal 250206/274635 (executing program) 2022/09/12 18:22:47 fetching corpus: 7478, signal 250603/274636 (executing program) 2022/09/12 18:22:47 fetching corpus: 7527, signal 251004/274687 (executing program) 2022/09/12 18:22:47 fetching corpus: 7577, signal 251696/274709 (executing program) 2022/09/12 18:22:47 fetching corpus: 7627, signal 252181/274712 (executing program) 2022/09/12 18:22:48 fetching corpus: 7677, signal 252660/274712 (executing program) 2022/09/12 18:22:48 fetching corpus: 7727, signal 253212/274726 (executing program) 2022/09/12 18:22:48 fetching corpus: 7777, signal 253832/274750 (executing program) 2022/09/12 18:22:48 fetching corpus: 7827, signal 254452/274760 (executing program) 2022/09/12 18:22:48 fetching corpus: 7877, signal 254779/274793 (executing program) 2022/09/12 18:22:48 fetching corpus: 7927, signal 255241/274882 (executing program) 2022/09/12 18:22:48 fetching corpus: 7977, signal 255667/274912 (executing program) 2022/09/12 18:22:48 fetching corpus: 8027, signal 256237/274915 (executing program) 2022/09/12 18:22:49 fetching corpus: 8077, signal 256560/274933 (executing program) 2022/09/12 18:22:49 fetching corpus: 8127, signal 257144/274948 (executing program) 2022/09/12 18:22:49 fetching corpus: 8177, signal 257582/274993 (executing program) 2022/09/12 18:22:49 fetching corpus: 8226, signal 257908/275001 (executing program) 2022/09/12 18:22:49 fetching corpus: 8276, signal 258258/275015 (executing program) 2022/09/12 18:22:49 fetching corpus: 8326, signal 258644/275070 (executing program) 2022/09/12 18:22:49 fetching corpus: 8376, signal 259088/275073 (executing program) 2022/09/12 18:22:50 fetching corpus: 8426, signal 259521/275086 (executing program) 2022/09/12 18:22:50 fetching corpus: 8476, signal 259850/275092 (executing program) 2022/09/12 18:22:50 fetching corpus: 8526, signal 260255/275101 (executing program) 2022/09/12 18:22:50 fetching corpus: 8576, signal 260712/275135 (executing program) 2022/09/12 18:22:50 fetching corpus: 8626, signal 261178/275161 (executing program) 2022/09/12 18:22:50 fetching corpus: 8675, signal 261800/275187 (executing program) 2022/09/12 18:22:50 fetching corpus: 8725, signal 262149/275219 (executing program) 2022/09/12 18:22:50 fetching corpus: 8775, signal 262733/275219 (executing program) 2022/09/12 18:22:51 fetching corpus: 8825, signal 263072/275219 (executing program) 2022/09/12 18:22:51 fetching corpus: 8875, signal 263391/275239 (executing program) 2022/09/12 18:22:51 fetching corpus: 8925, signal 263798/275242 (executing program) 2022/09/12 18:22:51 fetching corpus: 8975, signal 264016/275250 (executing program) 2022/09/12 18:22:51 fetching corpus: 9016, signal 264397/275253 (executing program) 2022/09/12 18:22:51 fetching corpus: 9016, signal 264397/275253 (executing program) 2022/09/12 18:22:53 starting 8 fuzzer processes 18:22:53 executing program 0: r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$revoke(0x3, r0) keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) 18:22:53 executing program 2: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001280)) r1 = getpid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)=0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) clone3(&(0x7f0000000440)={0x80000800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100), {0x37}, &(0x7f0000000180)=""/79, 0x4f, &(0x7f0000004c80)=""/102400, &(0x7f0000000380)=[r2, 0x0, r2], 0x3}, 0x58) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r3, 0x80047213, &(0x7f00000004c0)) r4 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(r1, 0x0, 0x7, r5, &(0x7f0000000140)={r4, 0xffffffffffffffff, 0x3d}) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r6, 0x0, 0x10000027f) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) perf_event_open(&(0x7f0000000580)={0x3, 0x80, 0x4, 0x85, 0xf, 0x9, 0x0, 0xb6, 0x40121, 0x4ce85b42c354d306, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x6, @perf_bp={&(0x7f0000000540), 0x2}, 0x4000, 0x100, 0x0, 0x8, 0x3195, 0x9, 0xfffa, 0x0, 0xfac, 0x0, 0x5}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x3) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 18:22:53 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, 0x0) 18:22:53 executing program 3: rt_sigaction(0x11, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000540)) 18:22:53 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, 0x0) dup(r0) preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000600)=""/63, 0x3d}, {&(0x7f0000000540)=""/105}, {&(0x7f0000000240)=""/46}, {&(0x7f0000000840)=""/4096}], 0x3d, 0x0, 0xfff80000) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000640)='./binderfs/custom1\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000001840)={0x0, 0xffffffffffffffff, 0xaba, 0x1}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001dc0)=ANY=[@ANYBLOB="b80000001900010000000000000006000000000000000000000011d47bc3938200000000000000000000000000000000000a00000000000000000000000000000000009ca43950179cfb9a9f5fd37f82818f92b4bb5bf8273dae8100000000000000c6d64b33a60ebfd79500738b20ba0c461a0915136246ce2efeead48d617d384864f63475d9d67971e2bae69cc316b8418d3a7eb37152ff7fcc50196f6317cdbf6caff91416877a0500cb2414a3ff16fc2d34f3b58af10047a07872dbfa99cbd9a746c417d06c82119741e39e0a9acaab0acfba3491fdafce738a2f90cc11e739217d11d42760a499234f39b943cbefce18629a03a8d3b0d485ee000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000e0000000000000000000000b952781cebcdde7700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1e13d30c761ef"], 0xb8}}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) pwritev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)="1c", 0x1}], 0x1, 0x7fffffc, 0x6) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0x69, 0x2, 0xf9, 0x81, 0x0, 0x0, 0x201, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x9a6, 0x4, @perf_config_ext={0x8, 0x3}, 0x18020, 0x6, 0x9, 0x9, 0x4, 0xfffffff8, 0x8217, 0x0, 0x6, 0x0, 0x500000000000000}, 0x0, 0x2, 0xffffffffffffffff, 0x8) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000780)={0x2}) lseek(r3, 0x0, 0x3) [ 77.221568] audit: type=1400 audit(1663006973.810:6): avc: denied { execmem } for pid=285 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 18:22:53 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0x9, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x0, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0x7eb7c92c}, 0x0, 0xe, r1, 0x8) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000b, 0x4010, 0xffffffffffffffff, 0xf871a000) r4 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x10001, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) sendmsg$netlink(r4, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="1b00"/12], 0x1c}], 0x1}, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000000)=0x501) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x4000, 0x7, &(0x7f0000ff7000/0x4000)=nil) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305) 18:22:53 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080), 0x4) 18:22:53 executing program 6: syz_emit_ethernet(0x2b, &(0x7f0000000100)={@multicast, @empty, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, {0x11, 0x0, 0x0, @empty, 'x'}}}}}, 0x0) [ 78.510751] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.513484] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.515114] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.518510] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.520200] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.521875] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.526758] Bluetooth: hci0: HCI_REQ-0x0c1a [ 78.559818] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.570697] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.572487] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.574168] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.578643] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.579569] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.579875] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.582436] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.587466] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.587468] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.592569] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.599923] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.600041] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.601482] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 78.605028] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.627803] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 78.629468] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 78.630574] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.632912] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.634394] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.637442] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.639577] Bluetooth: hci3: HCI_REQ-0x0c1a [ 78.643392] Bluetooth: hci1: HCI_REQ-0x0c1a [ 78.647969] Bluetooth: hci2: HCI_REQ-0x0c1a [ 78.665778] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 78.667692] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 78.669084] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 78.671753] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 78.673518] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 78.675082] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 78.679829] Bluetooth: hci6: HCI_REQ-0x0c1a [ 78.683545] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.684336] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 78.691781] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 78.693002] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.698262] Bluetooth: hci4: HCI_REQ-0x0c1a [ 78.720586] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 78.722097] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 78.724122] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 78.726872] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 78.730610] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 78.734963] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 78.738918] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 78.739924] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 78.743632] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 78.748624] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 78.752543] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 78.756926] Bluetooth: hci5: HCI_REQ-0x0c1a [ 78.760330] Bluetooth: hci7: HCI_REQ-0x0c1a [ 80.589712] Bluetooth: hci0: command 0x0409 tx timeout [ 80.676352] Bluetooth: hci2: command 0x0409 tx timeout [ 80.676923] Bluetooth: hci3: command 0x0409 tx timeout [ 80.718404] Bluetooth: hci6: command 0x0409 tx timeout [ 80.729759] Bluetooth: hci4: command 0x0409 tx timeout [ 80.731107] Bluetooth: hci1: command 0x0409 tx timeout [ 80.781540] Bluetooth: hci7: command 0x0409 tx timeout [ 80.782451] Bluetooth: hci5: command 0x0409 tx timeout [ 82.637467] Bluetooth: hci0: command 0x041b tx timeout [ 82.701569] Bluetooth: hci3: command 0x041b tx timeout [ 82.702412] Bluetooth: hci2: command 0x041b tx timeout [ 82.765383] Bluetooth: hci1: command 0x041b tx timeout [ 82.766171] Bluetooth: hci4: command 0x041b tx timeout [ 82.766956] Bluetooth: hci6: command 0x041b tx timeout [ 82.830453] Bluetooth: hci5: command 0x041b tx timeout [ 82.832211] Bluetooth: hci7: command 0x041b tx timeout [ 84.686390] Bluetooth: hci0: command 0x040f tx timeout [ 84.749376] Bluetooth: hci2: command 0x040f tx timeout [ 84.749890] Bluetooth: hci3: command 0x040f tx timeout [ 84.814427] Bluetooth: hci6: command 0x040f tx timeout [ 84.814939] Bluetooth: hci4: command 0x040f tx timeout [ 84.815401] Bluetooth: hci1: command 0x040f tx timeout [ 84.877368] Bluetooth: hci7: command 0x040f tx timeout [ 84.877975] Bluetooth: hci5: command 0x040f tx timeout [ 86.733469] Bluetooth: hci0: command 0x0419 tx timeout [ 86.797446] Bluetooth: hci3: command 0x0419 tx timeout [ 86.798211] Bluetooth: hci2: command 0x0419 tx timeout [ 86.861480] Bluetooth: hci1: command 0x0419 tx timeout [ 86.862259] Bluetooth: hci4: command 0x0419 tx timeout [ 86.864961] Bluetooth: hci6: command 0x0419 tx timeout [ 86.925412] Bluetooth: hci5: command 0x0419 tx timeout [ 86.926191] Bluetooth: hci7: command 0x0419 tx timeout 18:23:47 executing program 6: syz_emit_ethernet(0x2b, &(0x7f0000000100)={@multicast, @empty, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, {0x11, 0x0, 0x0, @empty, 'x'}}}}}, 0x0) 18:23:48 executing program 6: syz_emit_ethernet(0x2b, &(0x7f0000000100)={@multicast, @empty, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, {0x11, 0x0, 0x0, @empty, 'x'}}}}}, 0x0) 18:23:48 executing program 6: syz_emit_ethernet(0x2b, &(0x7f0000000100)={@multicast, @empty, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, {0x11, 0x0, 0x0, @empty, 'x'}}}}}, 0x0) 18:23:48 executing program 6: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x400540, 0x1) fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x3, 0x1, 0x5, 0x7eaab1a6, 0xffffffffffffffff}) ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000080)) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) getsockname(r1, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f00000001c0)=0x80) getegid() getuid() openat$cgroup_type(r1, &(0x7f0000001880), 0x2, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f00000018c0), 0x410000, 0x0) syz_open_dev$loop(&(0x7f0000001d80), 0x8b, 0x40000) syz_open_procfs$namespace(0x0, &(0x7f0000001e00)='ns/ipc\x00') getresuid(&(0x7f0000001e40), &(0x7f0000001e80), &(0x7f0000001ec0)) getresuid(&(0x7f0000001fc0), &(0x7f0000002000), &(0x7f0000002040)) [ 133.214755] audit: type=1400 audit(1663007029.804:7): avc: denied { open } for pid=3935 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 133.216264] audit: type=1400 audit(1663007029.804:8): avc: denied { kernel } for pid=3935 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 133.225197] ------------[ cut here ]------------ [ 133.225219] [ 133.225222] ====================================================== [ 133.225226] WARNING: possible circular locking dependency detected [ 133.225231] 6.0.0-rc5-next-20220912 #1 Not tainted [ 133.225237] ------------------------------------------------------ [ 133.225240] syz-executor.4/3936 is trying to acquire lock: [ 133.225247] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 133.225289] [ 133.225289] but task is already holding lock: [ 133.225291] ffff88800e30fc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 133.225320] [ 133.225320] which lock already depends on the new lock. [ 133.225320] [ 133.225324] [ 133.225324] the existing dependency chain (in reverse order) is: [ 133.225327] [ 133.225327] -> #3 (&ctx->lock){....}-{2:2}: [ 133.225341] _raw_spin_lock+0x2a/0x40 [ 133.225359] __perf_event_task_sched_out+0x53b/0x18d0 [ 133.225372] __schedule+0xedd/0x2470 [ 133.225382] schedule+0xda/0x1b0 [ 133.225391] exit_to_user_mode_prepare+0x114/0x1a0 [ 133.225412] syscall_exit_to_user_mode+0x19/0x40 [ 133.225430] do_syscall_64+0x48/0x90 [ 133.225444] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 133.225463] [ 133.225463] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 133.225477] _raw_spin_lock_nested+0x30/0x40 [ 133.225492] raw_spin_rq_lock_nested+0x1e/0x30 [ 133.225506] task_fork_fair+0x63/0x4d0 [ 133.225524] sched_cgroup_fork+0x3d0/0x540 [ 133.225538] copy_process+0x3f9e/0x6df0 [ 133.225549] kernel_clone+0xe7/0x890 [ 133.225559] user_mode_thread+0xad/0xf0 [ 133.225569] rest_init+0x24/0x250 [ 133.225585] arch_call_rest_init+0xf/0x14 [ 133.225605] start_kernel+0x4c1/0x4e6 [ 133.225622] secondary_startup_64_no_verify+0xe0/0xeb [ 133.225636] [ 133.225636] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 133.225650] _raw_spin_lock_irqsave+0x39/0x60 [ 133.225665] try_to_wake_up+0xab/0x1920 [ 133.225678] up+0x75/0xb0 [ 133.225690] __up_console_sem+0x6e/0x80 [ 133.225707] console_unlock+0x46a/0x590 [ 133.225723] vprintk_emit+0x1bd/0x560 [ 133.225740] vprintk+0x84/0xa0 [ 133.225757] _printk+0xba/0xf1 [ 133.225775] kauditd_hold_skb.cold+0x3f/0x4e [ 133.225790] kauditd_send_queue+0x233/0x290 [ 133.225805] kauditd_thread+0x5da/0x9a0 [ 133.225819] kthread+0x2ed/0x3a0 [ 133.225834] ret_from_fork+0x22/0x30 [ 133.225847] [ 133.225847] -> #0 ((console_sem).lock){....}-{2:2}: [ 133.225861] __lock_acquire+0x2a02/0x5e70 [ 133.225877] lock_acquire+0x1a2/0x530 [ 133.225894] _raw_spin_lock_irqsave+0x39/0x60 [ 133.225908] down_trylock+0xe/0x70 [ 133.225921] __down_trylock_console_sem+0x3b/0xd0 [ 133.225944] vprintk_emit+0x16b/0x560 [ 133.225961] vprintk+0x84/0xa0 [ 133.225977] _printk+0xba/0xf1 [ 133.225994] report_bug.cold+0x72/0xab [ 133.226006] handle_bug+0x3c/0x70 [ 133.226018] exc_invalid_op+0x14/0x50 [ 133.226031] asm_exc_invalid_op+0x16/0x20 [ 133.226048] group_sched_out.part.0+0x2c7/0x460 [ 133.226058] ctx_sched_out+0x8f1/0xc10 [ 133.226068] __perf_event_task_sched_out+0x6d0/0x18d0 [ 133.226080] __schedule+0xedd/0x2470 [ 133.226089] schedule+0xda/0x1b0 [ 133.226098] exit_to_user_mode_prepare+0x114/0x1a0 [ 133.226118] syscall_exit_to_user_mode+0x19/0x40 [ 133.226135] do_syscall_64+0x48/0x90 [ 133.226147] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 133.226164] [ 133.226164] other info that might help us debug this: [ 133.226164] [ 133.226167] Chain exists of: [ 133.226167] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 133.226167] [ 133.226182] Possible unsafe locking scenario: [ 133.226182] [ 133.226185] CPU0 CPU1 [ 133.226187] ---- ---- [ 133.226190] lock(&ctx->lock); [ 133.226196] lock(&rq->__lock); [ 133.226202] lock(&ctx->lock); [ 133.226209] lock((console_sem).lock); [ 133.226215] [ 133.226215] *** DEADLOCK *** [ 133.226215] [ 133.226217] 2 locks held by syz-executor.4/3936: [ 133.226224] #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 133.226249] #1: ffff88800e30fc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 133.226277] [ 133.226277] stack backtrace: [ 133.226280] CPU: 1 PID: 3936 Comm: syz-executor.4 Not tainted 6.0.0-rc5-next-20220912 #1 [ 133.226293] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 133.226302] Call Trace: [ 133.226305] [ 133.226309] dump_stack_lvl+0x8b/0xb3 [ 133.226323] check_noncircular+0x263/0x2e0 [ 133.226340] ? format_decode+0x26c/0xb50 [ 133.226356] ? print_circular_bug+0x450/0x450 [ 133.226373] ? enable_ptr_key_workfn+0x20/0x20 [ 133.226387] ? __lockdep_reset_lock+0x180/0x180 [ 133.226404] ? format_decode+0x26c/0xb50 [ 133.226419] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 133.226437] __lock_acquire+0x2a02/0x5e70 [ 133.226459] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 133.226482] lock_acquire+0x1a2/0x530 [ 133.226499] ? down_trylock+0xe/0x70 [ 133.226514] ? rcu_read_unlock+0x40/0x40 [ 133.226532] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 133.226553] ? vprintk+0x84/0xa0 [ 133.226572] _raw_spin_lock_irqsave+0x39/0x60 [ 133.226587] ? down_trylock+0xe/0x70 [ 133.226601] down_trylock+0xe/0x70 [ 133.226614] ? vprintk+0x84/0xa0 [ 133.226632] __down_trylock_console_sem+0x3b/0xd0 [ 133.226650] vprintk_emit+0x16b/0x560 [ 133.226670] ? lock_downgrade+0x6d0/0x6d0 [ 133.226691] vprintk+0x84/0xa0 [ 133.226709] _printk+0xba/0xf1 [ 133.226727] ? record_print_text.cold+0x16/0x16 [ 133.226747] ? hrtimer_try_to_cancel+0x163/0x2c0 [ 133.226761] ? lock_downgrade+0x6d0/0x6d0 [ 133.226779] ? report_bug.cold+0x66/0xab [ 133.226793] ? group_sched_out.part.0+0x2c7/0x460 [ 133.226805] report_bug.cold+0x72/0xab [ 133.226819] handle_bug+0x3c/0x70 [ 133.226833] exc_invalid_op+0x14/0x50 [ 133.226847] asm_exc_invalid_op+0x16/0x20 [ 133.226865] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 133.226878] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 133.226890] RSP: 0018:ffff8880432c7c48 EFLAGS: 00010006 [ 133.226899] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 133.226907] RDX: ffff88800bf71ac0 RSI: ffffffff81566027 RDI: 0000000000000005 [ 133.226915] RBP: ffff888043388000 R08: 0000000000000005 R09: 0000000000000001 [ 133.226922] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800e30fc00 [ 133.226930] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002 [ 133.226941] ? group_sched_out.part.0+0x2c7/0x460 [ 133.226954] ? group_sched_out.part.0+0x2c7/0x460 [ 133.226967] ctx_sched_out+0x8f1/0xc10 [ 133.226980] __perf_event_task_sched_out+0x6d0/0x18d0 [ 133.226995] ? lock_is_held_type+0xd7/0x130 [ 133.227014] ? __perf_cgroup_move+0x160/0x160 [ 133.227026] ? set_next_entity+0x304/0x550 [ 133.227044] ? update_curr+0x267/0x740 [ 133.227063] ? lock_is_held_type+0xd7/0x130 [ 133.227081] __schedule+0xedd/0x2470 [ 133.227094] ? io_schedule_timeout+0x150/0x150 [ 133.227106] ? __x64_sys_futex_time32+0x480/0x480 [ 133.227120] schedule+0xda/0x1b0 [ 133.227131] exit_to_user_mode_prepare+0x114/0x1a0 [ 133.227152] syscall_exit_to_user_mode+0x19/0x40 [ 133.227169] do_syscall_64+0x48/0x90 [ 133.227183] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 133.227201] RIP: 0033:0x7f1457eb3b19 [ 133.227209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 133.227220] RSP: 002b:00007f1455429218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 133.227231] RAX: 0000000000000001 RBX: 00007f1457fc6f68 RCX: 00007f1457eb3b19 [ 133.227239] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1457fc6f6c [ 133.227246] RBP: 00007f1457fc6f60 R08: 000000000000000e R09: 0000000000000000 [ 133.227254] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f1457fc6f6c [ 133.227261] R13: 00007ffdd6c4d27f R14: 00007f1455429300 R15: 0000000000022000 [ 133.227274] [ 133.286022] WARNING: CPU: 1 PID: 3936 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 133.286699] Modules linked in: [ 133.286936] CPU: 1 PID: 3936 Comm: syz-executor.4 Not tainted 6.0.0-rc5-next-20220912 #1 [ 133.287525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 133.288338] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 133.288738] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 133.290061] RSP: 0018:ffff8880432c7c48 EFLAGS: 00010006 [ 133.290472] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 133.290996] RDX: ffff88800bf71ac0 RSI: ffffffff81566027 RDI: 0000000000000005 [ 133.291524] RBP: ffff888043388000 R08: 0000000000000005 R09: 0000000000000001 [ 133.292049] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800e30fc00 [ 133.292578] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002 [ 133.293119] FS: 00007f1455429700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 133.293721] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.294170] CR2: 00007fd663f136f4 CR3: 00000000174bc000 CR4: 0000000000350ee0 [ 133.294703] Call Trace: [ 133.294902] [ 133.295085] ctx_sched_out+0x8f1/0xc10 [ 133.295397] __perf_event_task_sched_out+0x6d0/0x18d0 [ 133.295799] ? lock_is_held_type+0xd7/0x130 [ 133.296130] ? __perf_cgroup_move+0x160/0x160 [ 133.296469] ? set_next_entity+0x304/0x550 [ 133.296804] ? update_curr+0x267/0x740 [ 133.297119] ? lock_is_held_type+0xd7/0x130 [ 133.297457] __schedule+0xedd/0x2470 [ 133.297750] ? io_schedule_timeout+0x150/0x150 [ 133.298107] ? __x64_sys_futex_time32+0x480/0x480 [ 133.298473] schedule+0xda/0x1b0 [ 133.298730] exit_to_user_mode_prepare+0x114/0x1a0 [ 133.299116] syscall_exit_to_user_mode+0x19/0x40 [ 133.299497] do_syscall_64+0x48/0x90 [ 133.299786] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 133.300183] RIP: 0033:0x7f1457eb3b19 [ 133.300462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 133.301792] RSP: 002b:00007f1455429218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 133.302378] RAX: 0000000000000001 RBX: 00007f1457fc6f68 RCX: 00007f1457eb3b19 [ 133.302915] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1457fc6f6c [ 133.303448] RBP: 00007f1457fc6f60 R08: 000000000000000e R09: 0000000000000000 [ 133.303982] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f1457fc6f6c [ 133.304520] R13: 00007ffdd6c4d27f R14: 00007f1455429300 R15: 0000000000022000 [ 133.305071] [ 133.305251] irq event stamp: 2604 [ 133.305508] hardirqs last enabled at (2603): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 133.306224] hardirqs last disabled at (2604): [] __schedule+0x1225/0x2470 [ 133.306848] softirqs last enabled at (2070): [] __irq_exit_rcu+0x11b/0x180 [ 133.307511] softirqs last disabled at (2015): [] __irq_exit_rcu+0x11b/0x180 [ 133.308171] ---[ end trace 0000000000000000 ]--- [ 133.477297] hrtimer: interrupt took 15950 ns [ 133.582868] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3953 comm=syz-executor.7 [ 133.685562] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3953 comm=syz-executor.7 [ 133.700803] audit: type=1400 audit(1663007030.290:9): avc: denied { write } for pid=3959 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 18:23:50 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:50 executing program 6: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x400540, 0x1) fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x3, 0x1, 0x5, 0x7eaab1a6, 0xffffffffffffffff}) ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000080)) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) getsockname(r1, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f00000001c0)=0x80) getegid() getuid() openat$cgroup_type(r1, &(0x7f0000001880), 0x2, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f00000018c0), 0x410000, 0x0) syz_open_dev$loop(&(0x7f0000001d80), 0x8b, 0x40000) syz_open_procfs$namespace(0x0, &(0x7f0000001e00)='ns/ipc\x00') getresuid(&(0x7f0000001e40), &(0x7f0000001e80), &(0x7f0000001ec0)) getresuid(&(0x7f0000001fc0), &(0x7f0000002000), &(0x7f0000002040)) 18:23:50 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r1, &(0x7f0000000240)="01", 0x1) close(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) write(r0, &(0x7f0000000000)='B&8a', 0x4) close(r2) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 18:23:50 executing program 5: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv2(r0, 0x0, 0x0, 0x0, 0xe00, 0x0) 18:23:50 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000280)=@polexpire={0xc8, 0x1b, 0x1, 0x0, 0x0, {{{@in=@multicast1, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@XFRMA_IF_ID={0x8}]}, 0xc8}}, 0x0) 18:23:50 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, 0x0) dup(r0) preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000600)=""/63, 0x3d}, {&(0x7f0000000540)=""/105}, {&(0x7f0000000240)=""/46}, {&(0x7f0000000840)=""/4096}], 0x3d, 0x0, 0xfff80000) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000640)='./binderfs/custom1\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000001840)={0x0, 0xffffffffffffffff, 0xaba, 0x1}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001dc0)=ANY=[@ANYBLOB="b80000001900010000000000000006000000000000000000000011d47bc3938200000000000000000000000000000000000a00000000000000000000000000000000009ca43950179cfb9a9f5fd37f82818f92b4bb5bf8273dae8100000000000000c6d64b33a60ebfd79500738b20ba0c461a0915136246ce2efeead48d617d384864f63475d9d67971e2bae69cc316b8418d3a7eb37152ff7fcc50196f6317cdbf6caff91416877a0500cb2414a3ff16fc2d34f3b58af10047a07872dbfa99cbd9a746c417d06c82119741e39e0a9acaab0acfba3491fdafce738a2f90cc11e739217d11d42760a499234f39b943cbefce18629a03a8d3b0d485ee000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000e0000000000000000000000b952781cebcdde7700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1e13d30c761ef"], 0xb8}}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) pwritev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)="1c", 0x1}], 0x1, 0x7fffffc, 0x6) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0x69, 0x2, 0xf9, 0x81, 0x0, 0x0, 0x201, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x9a6, 0x4, @perf_config_ext={0x8, 0x3}, 0x18020, 0x6, 0x9, 0x9, 0x4, 0xfffffff8, 0x8217, 0x0, 0x6, 0x0, 0x500000000000000}, 0x0, 0x2, 0xffffffffffffffff, 0x8) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000780)={0x2}) lseek(r3, 0x0, 0x3) [ 133.850379] process 'syz-executor.3' launched './file1' with NULL argv: empty string added 18:23:50 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0x9, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x0, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0x7eb7c92c}, 0x0, 0xe, r1, 0x8) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000b, 0x4010, 0xffffffffffffffff, 0xf871a000) r4 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x10001, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) sendmsg$netlink(r4, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="1b00"/12], 0x1c}], 0x1}, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000000)=0x501) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x4000, 0x7, &(0x7f0000ff7000/0x4000)=nil) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305) 18:23:50 executing program 2: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001280)) r1 = getpid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)=0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) clone3(&(0x7f0000000440)={0x80000800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100), {0x37}, &(0x7f0000000180)=""/79, 0x4f, &(0x7f0000004c80)=""/102400, &(0x7f0000000380)=[r2, 0x0, r2], 0x3}, 0x58) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r3, 0x80047213, &(0x7f00000004c0)) r4 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(r1, 0x0, 0x7, r5, &(0x7f0000000140)={r4, 0xffffffffffffffff, 0x3d}) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r6, 0x0, 0x10000027f) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) perf_event_open(&(0x7f0000000580)={0x3, 0x80, 0x4, 0x85, 0xf, 0x9, 0x0, 0xb6, 0x40121, 0x4ce85b42c354d306, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x6, @perf_bp={&(0x7f0000000540), 0x2}, 0x4000, 0x100, 0x0, 0x8, 0x3195, 0x9, 0xfffa, 0x0, 0xfac, 0x0, 0x5}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x3) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 18:23:50 executing program 5: mlock2(&(0x7f0000ff4000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='smaps_rollup\x00') r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0xe, 0xfffffffffffffff9}) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) mlock(&(0x7f0000ff5000/0x4000)=nil, 0x4000) 18:23:51 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000280)=@polexpire={0xc8, 0x1b, 0x1, 0x0, 0x0, {{{@in=@multicast1, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@XFRMA_IF_ID={0x8}]}, 0xc8}}, 0x0) 18:23:51 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r1, &(0x7f0000000240)="01", 0x1) close(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) write(r0, &(0x7f0000000000)='B&8a', 0x4) close(r2) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 18:23:51 executing program 6: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x400540, 0x1) fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x3, 0x1, 0x5, 0x7eaab1a6, 0xffffffffffffffff}) ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000080)) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) getsockname(r1, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f00000001c0)=0x80) getegid() getuid() openat$cgroup_type(r1, &(0x7f0000001880), 0x2, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f00000018c0), 0x410000, 0x0) syz_open_dev$loop(&(0x7f0000001d80), 0x8b, 0x40000) syz_open_procfs$namespace(0x0, &(0x7f0000001e00)='ns/ipc\x00') getresuid(&(0x7f0000001e40), &(0x7f0000001e80), &(0x7f0000001ec0)) getresuid(&(0x7f0000001fc0), &(0x7f0000002000), &(0x7f0000002040)) 18:23:51 executing program 5: mlock2(&(0x7f0000ff4000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='smaps_rollup\x00') r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0xe, 0xfffffffffffffff9}) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) mlock(&(0x7f0000ff5000/0x4000)=nil, 0x4000) 18:23:51 executing program 2: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001280)) r1 = getpid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)=0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) clone3(&(0x7f0000000440)={0x80000800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100), {0x37}, &(0x7f0000000180)=""/79, 0x4f, &(0x7f0000004c80)=""/102400, &(0x7f0000000380)=[r2, 0x0, r2], 0x3}, 0x58) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r3, 0x80047213, &(0x7f00000004c0)) r4 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(r1, 0x0, 0x7, r5, &(0x7f0000000140)={r4, 0xffffffffffffffff, 0x3d}) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r6, 0x0, 0x10000027f) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) perf_event_open(&(0x7f0000000580)={0x3, 0x80, 0x4, 0x85, 0xf, 0x9, 0x0, 0xb6, 0x40121, 0x4ce85b42c354d306, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x6, @perf_bp={&(0x7f0000000540), 0x2}, 0x4000, 0x100, 0x0, 0x8, 0x3195, 0x9, 0xfffa, 0x0, 0xfac, 0x0, 0x5}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x3) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 18:23:51 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0x9, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x0, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0x7eb7c92c}, 0x0, 0xe, r1, 0x8) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000b, 0x4010, 0xffffffffffffffff, 0xf871a000) r4 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x10001, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) sendmsg$netlink(r4, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="1b00"/12], 0x1c}], 0x1}, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000000)=0x501) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x4000, 0x7, &(0x7f0000ff7000/0x4000)=nil) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305) 18:23:51 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:51 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, 0x0) dup(r0) preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000600)=""/63, 0x3d}, {&(0x7f0000000540)=""/105}, {&(0x7f0000000240)=""/46}, {&(0x7f0000000840)=""/4096}], 0x3d, 0x0, 0xfff80000) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000640)='./binderfs/custom1\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000001840)={0x0, 0xffffffffffffffff, 0xaba, 0x1}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001dc0)=ANY=[@ANYBLOB="b80000001900010000000000000006000000000000000000000011d47bc3938200000000000000000000000000000000000a00000000000000000000000000000000009ca43950179cfb9a9f5fd37f82818f92b4bb5bf8273dae8100000000000000c6d64b33a60ebfd79500738b20ba0c461a0915136246ce2efeead48d617d384864f63475d9d67971e2bae69cc316b8418d3a7eb37152ff7fcc50196f6317cdbf6caff91416877a0500cb2414a3ff16fc2d34f3b58af10047a07872dbfa99cbd9a746c417d06c82119741e39e0a9acaab0acfba3491fdafce738a2f90cc11e739217d11d42760a499234f39b943cbefce18629a03a8d3b0d485ee000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000e0000000000000000000000b952781cebcdde7700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1e13d30c761ef"], 0xb8}}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) pwritev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)="1c", 0x1}], 0x1, 0x7fffffc, 0x6) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0x69, 0x2, 0xf9, 0x81, 0x0, 0x0, 0x201, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x9a6, 0x4, @perf_config_ext={0x8, 0x3}, 0x18020, 0x6, 0x9, 0x9, 0x4, 0xfffffff8, 0x8217, 0x0, 0x6, 0x0, 0x500000000000000}, 0x0, 0x2, 0xffffffffffffffff, 0x8) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000780)={0x2}) lseek(r3, 0x0, 0x3) [ 134.830194] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4006 comm=syz-executor.7 18:23:51 executing program 6: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x400540, 0x1) fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x3, 0x1, 0x5, 0x7eaab1a6, 0xffffffffffffffff}) ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000080)) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) getsockname(r1, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f00000001c0)=0x80) getegid() getuid() openat$cgroup_type(r1, &(0x7f0000001880), 0x2, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f00000018c0), 0x410000, 0x0) syz_open_dev$loop(&(0x7f0000001d80), 0x8b, 0x40000) syz_open_procfs$namespace(0x0, &(0x7f0000001e00)='ns/ipc\x00') getresuid(&(0x7f0000001e40), &(0x7f0000001e80), &(0x7f0000001ec0)) getresuid(&(0x7f0000001fc0), &(0x7f0000002000), &(0x7f0000002040)) 18:23:51 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000280)=@polexpire={0xc8, 0x1b, 0x1, 0x0, 0x0, {{{@in=@multicast1, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@XFRMA_IF_ID={0x8}]}, 0xc8}}, 0x0) 18:23:51 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r1, &(0x7f0000000240)="01", 0x1) close(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) write(r0, &(0x7f0000000000)='B&8a', 0x4) close(r2) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 18:23:51 executing program 5: mlock2(&(0x7f0000ff4000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='smaps_rollup\x00') r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0xe, 0xfffffffffffffff9}) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) mlock(&(0x7f0000ff5000/0x4000)=nil, 0x4000) 18:23:51 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0x9, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x0, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0x7eb7c92c}, 0x0, 0xe, r1, 0x8) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000b, 0x4010, 0xffffffffffffffff, 0xf871a000) r4 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x10001, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) sendmsg$netlink(r4, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="1b00"/12], 0x1c}], 0x1}, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000000)=0x501) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x4000, 0x7, &(0x7f0000ff7000/0x4000)=nil) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305) 18:23:51 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000280)=@polexpire={0xc8, 0x1b, 0x1, 0x0, 0x0, {{{@in=@multicast1, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@XFRMA_IF_ID={0x8}]}, 0xc8}}, 0x0) [ 135.022170] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4021 comm=syz-executor.7 [ 135.735083] syz-executor.0 (4024) used greatest stack depth: 24384 bytes left 18:23:52 executing program 5: mlock2(&(0x7f0000ff4000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='smaps_rollup\x00') r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0xe, 0xfffffffffffffff9}) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) mlock(&(0x7f0000ff5000/0x4000)=nil, 0x4000) 18:23:52 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 135.753438] loop6: detected capacity change from 0 to 264192 18:23:52 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, 0x0) dup(r0) preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000600)=""/63, 0x3d}, {&(0x7f0000000540)=""/105}, {&(0x7f0000000240)=""/46}, {&(0x7f0000000840)=""/4096}], 0x3d, 0x0, 0xfff80000) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000640)='./binderfs/custom1\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000001840)={0x0, 0xffffffffffffffff, 0xaba, 0x1}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001dc0)=ANY=[@ANYBLOB="b80000001900010000000000000006000000000000000000000011d47bc3938200000000000000000000000000000000000a00000000000000000000000000000000009ca43950179cfb9a9f5fd37f82818f92b4bb5bf8273dae8100000000000000c6d64b33a60ebfd79500738b20ba0c461a0915136246ce2efeead48d617d384864f63475d9d67971e2bae69cc316b8418d3a7eb37152ff7fcc50196f6317cdbf6caff91416877a0500cb2414a3ff16fc2d34f3b58af10047a07872dbfa99cbd9a746c417d06c82119741e39e0a9acaab0acfba3491fdafce738a2f90cc11e739217d11d42760a499234f39b943cbefce18629a03a8d3b0d485ee000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000e0000000000000000000000b952781cebcdde7700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1e13d30c761ef"], 0xb8}}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) pwritev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)="1c", 0x1}], 0x1, 0x7fffffc, 0x6) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0x69, 0x2, 0xf9, 0x81, 0x0, 0x0, 0x201, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x9a6, 0x4, @perf_config_ext={0x8, 0x3}, 0x18020, 0x6, 0x9, 0x9, 0x4, 0xfffffff8, 0x8217, 0x0, 0x6, 0x0, 0x500000000000000}, 0x0, 0x2, 0xffffffffffffffff, 0x8) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000780)={0x2}) lseek(r3, 0x0, 0x3) 18:23:52 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r1, &(0x7f0000000240)="01", 0x1) close(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) write(r0, &(0x7f0000000000)='B&8a', 0x4) close(r2) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 18:23:52 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:52 executing program 7: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:52 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:52 executing program 2: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001280)) r1 = getpid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)=0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) clone3(&(0x7f0000000440)={0x80000800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100), {0x37}, &(0x7f0000000180)=""/79, 0x4f, &(0x7f0000004c80)=""/102400, &(0x7f0000000380)=[r2, 0x0, r2], 0x3}, 0x58) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r3, 0x80047213, &(0x7f00000004c0)) r4 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(r1, 0x0, 0x7, r5, &(0x7f0000000140)={r4, 0xffffffffffffffff, 0x3d}) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r6, 0x0, 0x10000027f) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) perf_event_open(&(0x7f0000000580)={0x3, 0x80, 0x4, 0x85, 0xf, 0x9, 0x0, 0xb6, 0x40121, 0x4ce85b42c354d306, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x6, @perf_bp={&(0x7f0000000540), 0x2}, 0x4000, 0x100, 0x0, 0x8, 0x3195, 0x9, 0xfffa, 0x0, 0xfac, 0x0, 0x5}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x3) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 135.785647] loop7: detected capacity change from 0 to 264192 18:23:52 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:52 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:52 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 136.118183] loop4: detected capacity change from 0 to 264192 [ 136.128465] loop5: detected capacity change from 0 to 264192 18:23:53 executing program 7: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 136.537086] loop7: detected capacity change from 0 to 264192 18:23:53 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 136.703962] loop6: detected capacity change from 0 to 264192 [ 136.730274] syz-executor.1 (4039) used greatest stack depth: 24216 bytes left 18:23:53 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:53 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:53 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:53 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r1, &(0x7f0000000240)="01", 0x1) close(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) write(r0, &(0x7f0000000000)='B&8a', 0x4) close(r2) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) [ 137.098848] loop4: detected capacity change from 0 to 264192 18:23:53 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:53 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r1, &(0x7f0000000240)="01", 0x1) close(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) write(r0, &(0x7f0000000000)='B&8a', 0x4) close(r2) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 18:23:53 executing program 7: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 137.277739] loop5: detected capacity change from 0 to 264192 [ 137.325505] loop7: detected capacity change from 0 to 264192 18:23:53 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r1, &(0x7f0000000240)="01", 0x1) close(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) write(r0, &(0x7f0000000000)='B&8a', 0x4) close(r2) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 18:23:54 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 137.483273] loop6: detected capacity change from 0 to 264192 18:23:54 executing program 2: mlock2(&(0x7f0000ff4000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='smaps_rollup\x00') r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0xe, 0xfffffffffffffff9}) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) mlock(&(0x7f0000ff5000/0x4000)=nil, 0x4000) 18:23:54 executing program 2: mlock2(&(0x7f0000ff4000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='smaps_rollup\x00') r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0xe, 0xfffffffffffffff9}) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) mlock(&(0x7f0000ff5000/0x4000)=nil, 0x4000) 18:23:54 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 138.067685] loop5: detected capacity change from 0 to 264192 [ 138.145812] syz-executor.3 (4077) used greatest stack depth: 23616 bytes left 18:23:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:54 executing program 2: mlock2(&(0x7f0000ff4000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='smaps_rollup\x00') r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0xe, 0xfffffffffffffff9}) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) mlock(&(0x7f0000ff5000/0x4000)=nil, 0x4000) 18:23:54 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 18:23:54 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x5}, 0x7) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, 0x200400, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@dont_appraise}, {@obj_user={'obj_user', 0x3d, '^'}}, {@dont_appraise}, {@euid_lt={'euid<', 0xee01}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) write$binfmt_aout(r4, &(0x7f0000000c40)=ANY=[], 0x820) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 138.282702] loop4: detected capacity change from 0 to 264192 18:23:56 executing program 0: r0 = fork() ptrace$setopts(0x4206, r0, 0x0, 0x0) wait4(r0, &(0x7f0000002bc0), 0x20000000, &(0x7f0000002c00)) 18:23:56 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 18:23:56 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000", 0x15}, {0x0}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000300)=0x20) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x8, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="8272616e733d66642c8f66646e6f3d", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000240)={0xc0000008}) acct(&(0x7f00000001c0)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000480)=""/184, 0xb8, 0x800) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) 18:23:56 executing program 2: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0xa83}, 0x2308, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') pread64(r4, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(r5, &(0x7f0000ff9000/0x4000)=nil, 0x1000) shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) write(r4, &(0x7f0000000140)="90e45c77a9262d19f24754389003c4245182f02ed7b392eea7e6642dc86a48c82f48c3b5f57a71c67a24a860032faaa9c1a92efba1da04d3efa692b2f8de9e89faaea7cbab8f359508a195b5c263d0154f018fa87cced403ef966c7645cfff63", 0x60) [ 139.678486] FAT-fs (loop7): bogus number of reserved sectors [ 139.679005] FAT-fs (loop7): Can't find a valid FAT filesystem 18:23:56 executing program 5: r0 = io_uring_setup(0x7edc, &(0x7f0000000180)) io_uring_register$IORING_UNREGISTER_FILES(r0, 0x12, 0x0, 0x0) 18:23:56 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 18:23:56 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0) 18:23:56 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x1d, 0x4) sendmmsg$inet6(r0, &(0x7f0000002e00)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c, 0x0}}, {{&(0x7f0000000080)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x2, 0x0) [ 139.712415] FAT-fs (loop7): Unrecognized mount option "9p" or missing value [ 139.720216] Process accounting resumed [ 139.753618] Process accounting resumed 18:23:56 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000", 0x15}, {0x0}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000300)=0x20) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x8, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="8272616e733d66642c8f66646e6f3d", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000240)={0xc0000008}) acct(&(0x7f00000001c0)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000480)=""/184, 0xb8, 0x800) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) 18:23:56 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000", 0x15}, {0x0}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000300)=0x20) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x8, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="8272616e733d66642c8f66646e6f3d", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000240)={0xc0000008}) acct(&(0x7f00000001c0)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000480)=""/184, 0xb8, 0x800) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) 18:23:56 executing program 1: getgroups(0xfffffffffffffd49, &(0x7f0000000340)) 18:23:56 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 18:23:56 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 18:23:56 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 139.823593] FAT-fs (loop7): bogus number of reserved sectors [ 139.824449] FAT-fs (loop7): Can't find a valid FAT filesystem [ 139.825702] FAT-fs (loop5): bogus number of reserved sectors [ 139.826161] FAT-fs (loop5): Can't find a valid FAT filesystem 18:23:56 executing program 2: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0xa83}, 0x2308, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') pread64(r4, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(r5, &(0x7f0000ff9000/0x4000)=nil, 0x1000) shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) write(r4, &(0x7f0000000140)="90e45c77a9262d19f24754389003c4245182f02ed7b392eea7e6642dc86a48c82f48c3b5f57a71c67a24a860032faaa9c1a92efba1da04d3efa692b2f8de9e89faaea7cbab8f359508a195b5c263d0154f018fa87cced403ef966c7645cfff63", 0x60) [ 139.881156] Process accounting resumed 18:23:56 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000", 0x15}, {0x0}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000300)=0x20) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x8, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="8272616e733d66642c8f66646e6f3d", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000240)={0xc0000008}) acct(&(0x7f00000001c0)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000480)=""/184, 0xb8, 0x800) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) [ 139.926664] FAT-fs (loop5): bogus number of reserved sectors [ 139.927125] FAT-fs (loop5): Can't find a valid FAT filesystem [ 139.978111] Process accounting resumed [ 140.037635] Process accounting resumed 18:23:57 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000", 0x15}, {0x0}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000300)=0x20) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x8, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="8272616e733d66642c8f66646e6f3d", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000240)={0xc0000008}) acct(&(0x7f00000001c0)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000480)=""/184, 0xb8, 0x800) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) 18:23:57 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000", 0x15}, {0x0}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000300)=0x20) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x8, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="8272616e733d66642c8f66646e6f3d", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000240)={0xc0000008}) acct(&(0x7f00000001c0)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000480)=""/184, 0xb8, 0x800) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) 18:23:57 executing program 2: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0xa83}, 0x2308, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') pread64(r4, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(r5, &(0x7f0000ff9000/0x4000)=nil, 0x1000) shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) write(r4, &(0x7f0000000140)="90e45c77a9262d19f24754389003c4245182f02ed7b392eea7e6642dc86a48c82f48c3b5f57a71c67a24a860032faaa9c1a92efba1da04d3efa692b2f8de9e89faaea7cbab8f359508a195b5c263d0154f018fa87cced403ef966c7645cfff63", 0x60) 18:23:57 executing program 0: r0 = fork() ptrace$setopts(0x4206, r0, 0x0, 0x0) wait4(r0, &(0x7f0000002bc0), 0x20000000, &(0x7f0000002c00)) 18:23:57 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 18:23:57 executing program 1: getgroups(0xfffffffffffffd49, &(0x7f0000000340)) 18:23:57 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 18:23:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 140.748306] FAT-fs (loop5): bogus number of reserved sectors [ 140.748772] FAT-fs (loop5): Can't find a valid FAT filesystem [ 140.755252] FAT-fs (loop7): bogus number of reserved sectors [ 140.756022] FAT-fs (loop7): Can't find a valid FAT filesystem 18:23:57 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 18:23:57 executing program 1: getgroups(0xfffffffffffffd49, &(0x7f0000000340)) 18:23:57 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 140.861929] Process accounting resumed 18:23:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 18:23:57 executing program 5: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0xa83}, 0x2308, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') pread64(r4, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(r5, &(0x7f0000ff9000/0x4000)=nil, 0x1000) shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) write(r4, &(0x7f0000000140)="90e45c77a9262d19f24754389003c4245182f02ed7b392eea7e6642dc86a48c82f48c3b5f57a71c67a24a860032faaa9c1a92efba1da04d3efa692b2f8de9e89faaea7cbab8f359508a195b5c263d0154f018fa87cced403ef966c7645cfff63", 0x60) [ 140.916465] Process accounting resumed 18:23:57 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000", 0x15}, {0x0}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000300)=0x20) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x8, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="8272616e733d66642c8f66646e6f3d", @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000240)={0xc0000008}) acct(&(0x7f00000001c0)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000480)=""/184, 0xb8, 0x800) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) 18:23:57 executing program 6: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0xa83}, 0x2308, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') pread64(r4, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(r5, &(0x7f0000ff9000/0x4000)=nil, 0x1000) shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) write(r4, &(0x7f0000000140)="90e45c77a9262d19f24754389003c4245182f02ed7b392eea7e6642dc86a48c82f48c3b5f57a71c67a24a860032faaa9c1a92efba1da04d3efa692b2f8de9e89faaea7cbab8f359508a195b5c263d0154f018fa87cced403ef966c7645cfff63", 0x60) 18:23:57 executing program 2: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0xa83}, 0x2308, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') pread64(r4, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(r5, &(0x7f0000ff9000/0x4000)=nil, 0x1000) shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) write(r4, &(0x7f0000000140)="90e45c77a9262d19f24754389003c4245182f02ed7b392eea7e6642dc86a48c82f48c3b5f57a71c67a24a860032faaa9c1a92efba1da04d3efa692b2f8de9e89faaea7cbab8f359508a195b5c263d0154f018fa87cced403ef966c7645cfff63", 0x60) 18:23:57 executing program 1: getgroups(0xfffffffffffffd49, &(0x7f0000000340)) [ 140.990421] FAT-fs (loop7): bogus number of reserved sectors [ 140.991043] FAT-fs (loop7): Can't find a valid FAT filesystem 18:23:57 executing program 3: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0xa83}, 0x2308, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') pread64(r4, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(r5, &(0x7f0000ff9000/0x4000)=nil, 0x1000) shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) write(r4, &(0x7f0000000140)="90e45c77a9262d19f24754389003c4245182f02ed7b392eea7e6642dc86a48c82f48c3b5f57a71c67a24a860032faaa9c1a92efba1da04d3efa692b2f8de9e89faaea7cbab8f359508a195b5c263d0154f018fa87cced403ef966c7645cfff63", 0x60) 18:23:57 executing program 4: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0xa83}, 0x2308, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') pread64(r4, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(r5, &(0x7f0000ff9000/0x4000)=nil, 0x1000) shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) write(r4, &(0x7f0000000140)="90e45c77a9262d19f24754389003c4245182f02ed7b392eea7e6642dc86a48c82f48c3b5f57a71c67a24a860032faaa9c1a92efba1da04d3efa692b2f8de9e89faaea7cbab8f359508a195b5c263d0154f018fa87cced403ef966c7645cfff63", 0x60) [ 141.115828] Process accounting resumed 18:23:58 executing program 5: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0xa83}, 0x2308, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') pread64(r4, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(r5, &(0x7f0000ff9000/0x4000)=nil, 0x1000) shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) write(r4, &(0x7f0000000140)="90e45c77a9262d19f24754389003c4245182f02ed7b392eea7e6642dc86a48c82f48c3b5f57a71c67a24a860032faaa9c1a92efba1da04d3efa692b2f8de9e89faaea7cbab8f359508a195b5c263d0154f018fa87cced403ef966c7645cfff63", 0x60) 18:23:58 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f000000c340)={0x0, 0x0, &(0x7f000000c280)=[{&(0x7f0000006fc0)={0x214, 0x14, 0x1, 0x0, 0x0, "", [@nested={0x202, 0x0, 0x0, 0x1, [@generic="58f4db24ff596a629b0dc8a7e568fe2b0f23f18e2f6d4200b3bdabe512e9c9a79d7b673561a300cc1f5694f4e0e817c3d70a9cedd8fa1829bea57f735eaabf87d23701a0c5d56732c4c3de5887f348e70e191fe2f34ac416912f79e7c5329c9702be9412211b0ebcbcde9e9a595a67b11894c0f50e34dfe57cd7c969d110d4bedb65cca183e4dc9b68f69212be0afbee3499f56f57d3dc094fbf58ef1b5f6313a9fe4d0d17dc2b0c06648590788b2a6747b5b9d61fd60b4cf93bd59896ba", @typed={0x8, 0x0, 0x0, 0x0, @uid}, @typed={0x8, 0x0, 0x0, 0x0, @ipv4=@multicast1}, @generic="bd69778dd1c571fe6ecf85bb9745e439c989a549247f076017c16ceaaf79e68c10a40ae634b58684db6415e92ebad8855488863b6fced6790f6a152af75263298345def1f033d18d4d487b7f90235cd348ba63d9c23c8be9ff302606aae9eebd384c2ba47776df267853575741a351a630469713726381c2c4836c0f89b81ede55a6b0530a73e6572a1939b5d972a9558590ca38cdb612ef661a4d6e16d8f5c7401e9475400932a05289a257ba58c30f4c87db347673ba", @generic="20e2b181b728117cc90470696bd97fd4653d63bb909a507245d82ccf61cb47ec836b92c4ef59020fbf547f1ad2f602d6ca3eafcc6cb15a17fc8a048797d08353747958d8a223c8a971efab3b1942276a59a4b0650c807c8147cf15c40e590c88ef67aee10a", @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@empty}]}]}, 0x214}], 0x1}, 0x0) 18:23:58 executing program 4: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0xa83}, 0x2308, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') pread64(r4, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(r5, &(0x7f0000ff9000/0x4000)=nil, 0x1000) shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) write(r4, &(0x7f0000000140)="90e45c77a9262d19f24754389003c4245182f02ed7b392eea7e6642dc86a48c82f48c3b5f57a71c67a24a860032faaa9c1a92efba1da04d3efa692b2f8de9e89faaea7cbab8f359508a195b5c263d0154f018fa87cced403ef966c7645cfff63", 0x60) 18:23:58 executing program 3: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0xa83}, 0x2308, 0x7fff, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') pread64(r4, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(r5, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(r5, &(0x7f0000ff9000/0x4000)=nil, 0x1000) shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil) write(r4, &(0x7f0000000140)="90e45c77a9262d19f24754389003c4245182f02ed7b392eea7e6642dc86a48c82f48c3b5f57a71c67a24a860032faaa9c1a92efba1da04d3efa692b2f8de9e89faaea7cbab8f359508a195b5c263d0154f018fa87cced403ef966c7645cfff63", 0x60) 18:23:58 executing program 0: r0 = fork() ptrace$setopts(0x4206, r0, 0x0, 0x0) wait4(r0, &(0x7f0000002bc0), 0x20000000, &(0x7f0000002c00)) 18:23:58 executing program 1: r0 = shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) r1 = shmget(0x2, 0x1000, 0x873c6edcc2f4f695, &(0x7f0000ffb000/0x1000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x0) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x0) shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x2000) r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMREADTOCENTRY(r3, 0x5306, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 VM DIAGNOSIS: 18:23:50 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000001 RCX=1ffff1100866beea RDX=dffffc0000000000 RSI=0000000000006c05 RDI=ffff88801d861360 RBP=ffff88804335f750 RSP=ffff88804335f678 R8 =ffffffff852c4640 R9 =ffffffff85ebe5fe R10=ffffed100866beec R11=000000000003603d R12=ffff88804335f739 R13=ffff88804335f758 R14=ffff88804335f6f8 R15=ffffffff816c052f RIP=ffffffff8111b480 RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb37d68c0d0 CR3=000000000e550000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f YMM01=0000000000000000 0000000000000000 00362e6f732e6362 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 ffff0000000000ff ffffffffffffffff YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=000000000000007b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b1e41 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff8880432c7698 R8 =0000000000000001 R9 =000000000000000a R10=000000000000007b R11=0000000000000001 R12=000000000000007b R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b1e30 RIP=ffffffff822b1e99 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f1455429700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd663f136f4 CR3=00000000174bc000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM01=0000000000000000 0000000000000000 2525252525252525 2525252525252525 YMM02=0000000000000000 0000000000000000 00007f1457f9a7e0 00007f1457f9a7c0 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000