Warning: Permanently added '[localhost]:2379' (ECDSA) to the list of known hosts. 2022/09/13 15:55:00 fuzzer started 2022/09/13 15:55:00 dialing manager at localhost:36597 syzkaller login: [ 36.729764] cgroup: Unknown subsys name 'net' [ 36.833142] cgroup: Unknown subsys name 'rlimit' 2022/09/13 15:55:15 syscalls: 2215 2022/09/13 15:55:15 code coverage: enabled 2022/09/13 15:55:15 comparison tracing: enabled 2022/09/13 15:55:15 extra coverage: enabled 2022/09/13 15:55:15 setuid sandbox: enabled 2022/09/13 15:55:15 namespace sandbox: enabled 2022/09/13 15:55:15 Android sandbox: enabled 2022/09/13 15:55:15 fault injection: enabled 2022/09/13 15:55:15 leak checking: enabled 2022/09/13 15:55:15 net packet injection: enabled 2022/09/13 15:55:15 net device setup: enabled 2022/09/13 15:55:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/13 15:55:15 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/13 15:55:15 USB emulation: enabled 2022/09/13 15:55:15 hci packet injection: enabled 2022/09/13 15:55:15 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220913) 2022/09/13 15:55:15 802.15.4 emulation: enabled 2022/09/13 15:55:15 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/13 15:55:15 fetching corpus: 50, signal 33914/37352 (executing program) 2022/09/13 15:55:16 fetching corpus: 100, signal 43779/48730 (executing program) 2022/09/13 15:55:16 fetching corpus: 150, signal 52532/58832 (executing program) 2022/09/13 15:55:16 fetching corpus: 200, signal 59629/67199 (executing program) 2022/09/13 15:55:16 fetching corpus: 250, signal 69332/77990 (executing program) 2022/09/13 15:55:16 fetching corpus: 300, signal 71629/81620 (executing program) 2022/09/13 15:55:16 fetching corpus: 350, signal 75840/86969 (executing program) 2022/09/13 15:55:16 fetching corpus: 400, signal 80036/92231 (executing program) 2022/09/13 15:55:16 fetching corpus: 450, signal 87339/100294 (executing program) 2022/09/13 15:55:16 fetching corpus: 500, signal 90627/104601 (executing program) 2022/09/13 15:55:17 fetching corpus: 550, signal 94533/109432 (executing program) 2022/09/13 15:55:17 fetching corpus: 600, signal 97817/113654 (executing program) 2022/09/13 15:55:17 fetching corpus: 650, signal 101686/118330 (executing program) 2022/09/13 15:55:17 fetching corpus: 700, signal 103896/121461 (executing program) 2022/09/13 15:55:17 fetching corpus: 750, signal 106532/124953 (executing program) 2022/09/13 15:55:17 fetching corpus: 800, signal 110312/129332 (executing program) 2022/09/13 15:55:18 fetching corpus: 850, signal 113599/133273 (executing program) 2022/09/13 15:55:18 fetching corpus: 900, signal 116506/136810 (executing program) 2022/09/13 15:55:18 fetching corpus: 950, signal 119314/140247 (executing program) 2022/09/13 15:55:18 fetching corpus: 1000, signal 122328/143809 (executing program) 2022/09/13 15:55:18 fetching corpus: 1050, signal 125591/147524 (executing program) 2022/09/13 15:55:18 fetching corpus: 1100, signal 128718/151067 (executing program) 2022/09/13 15:55:18 fetching corpus: 1150, signal 130265/153234 (executing program) 2022/09/13 15:55:19 fetching corpus: 1200, signal 133020/156353 (executing program) 2022/09/13 15:55:19 fetching corpus: 1250, signal 135031/158922 (executing program) 2022/09/13 15:55:19 fetching corpus: 1300, signal 137321/161658 (executing program) 2022/09/13 15:55:19 fetching corpus: 1350, signal 139553/164299 (executing program) 2022/09/13 15:55:19 fetching corpus: 1400, signal 140866/166169 (executing program) 2022/09/13 15:55:19 fetching corpus: 1450, signal 143276/168901 (executing program) 2022/09/13 15:55:19 fetching corpus: 1500, signal 145875/171686 (executing program) 2022/09/13 15:55:19 fetching corpus: 1550, signal 147383/173569 (executing program) 2022/09/13 15:55:20 fetching corpus: 1600, signal 149410/175920 (executing program) 2022/09/13 15:55:20 fetching corpus: 1650, signal 150526/177552 (executing program) 2022/09/13 15:55:20 fetching corpus: 1700, signal 152938/180068 (executing program) 2022/09/13 15:55:20 fetching corpus: 1750, signal 154685/182085 (executing program) 2022/09/13 15:55:20 fetching corpus: 1800, signal 156734/184289 (executing program) 2022/09/13 15:55:20 fetching corpus: 1850, signal 158399/186214 (executing program) 2022/09/13 15:55:20 fetching corpus: 1900, signal 160096/188236 (executing program) 2022/09/13 15:55:20 fetching corpus: 1950, signal 161417/189838 (executing program) 2022/09/13 15:55:21 fetching corpus: 2000, signal 162595/191365 (executing program) 2022/09/13 15:55:21 fetching corpus: 2050, signal 164228/193192 (executing program) 2022/09/13 15:55:21 fetching corpus: 2100, signal 165632/194819 (executing program) 2022/09/13 15:55:21 fetching corpus: 2150, signal 166973/196390 (executing program) 2022/09/13 15:55:21 fetching corpus: 2200, signal 167914/197656 (executing program) 2022/09/13 15:55:21 fetching corpus: 2250, signal 168596/198765 (executing program) 2022/09/13 15:55:21 fetching corpus: 2300, signal 170096/200325 (executing program) 2022/09/13 15:55:22 fetching corpus: 2350, signal 171142/201611 (executing program) 2022/09/13 15:55:22 fetching corpus: 2400, signal 172855/203257 (executing program) 2022/09/13 15:55:22 fetching corpus: 2450, signal 174054/204617 (executing program) 2022/09/13 15:55:22 fetching corpus: 2500, signal 174760/205657 (executing program) 2022/09/13 15:55:22 fetching corpus: 2550, signal 176728/207424 (executing program) 2022/09/13 15:55:22 fetching corpus: 2600, signal 177680/208519 (executing program) 2022/09/13 15:55:22 fetching corpus: 2650, signal 178691/209676 (executing program) 2022/09/13 15:55:22 fetching corpus: 2700, signal 179863/210878 (executing program) 2022/09/13 15:55:23 fetching corpus: 2750, signal 180851/211999 (executing program) 2022/09/13 15:55:23 fetching corpus: 2800, signal 181726/213059 (executing program) 2022/09/13 15:55:23 fetching corpus: 2850, signal 183247/214420 (executing program) 2022/09/13 15:55:23 fetching corpus: 2900, signal 184370/215556 (executing program) 2022/09/13 15:55:23 fetching corpus: 2950, signal 185106/216492 (executing program) 2022/09/13 15:55:23 fetching corpus: 3000, signal 186003/217469 (executing program) 2022/09/13 15:55:23 fetching corpus: 3050, signal 187538/218762 (executing program) 2022/09/13 15:55:24 fetching corpus: 3100, signal 188173/219602 (executing program) 2022/09/13 15:55:24 fetching corpus: 3150, signal 188997/220504 (executing program) 2022/09/13 15:55:24 fetching corpus: 3200, signal 189631/221319 (executing program) 2022/09/13 15:55:24 fetching corpus: 3250, signal 190407/222214 (executing program) 2022/09/13 15:55:24 fetching corpus: 3300, signal 191620/223259 (executing program) 2022/09/13 15:55:24 fetching corpus: 3350, signal 192727/224178 (executing program) 2022/09/13 15:55:25 fetching corpus: 3400, signal 193483/224977 (executing program) 2022/09/13 15:55:25 fetching corpus: 3450, signal 194914/226086 (executing program) 2022/09/13 15:55:25 fetching corpus: 3500, signal 195832/226995 (executing program) 2022/09/13 15:55:25 fetching corpus: 3550, signal 196612/227762 (executing program) 2022/09/13 15:55:25 fetching corpus: 3600, signal 197557/228624 (executing program) 2022/09/13 15:55:25 fetching corpus: 3650, signal 198830/229577 (executing program) 2022/09/13 15:55:25 fetching corpus: 3700, signal 199637/230304 (executing program) 2022/09/13 15:55:26 fetching corpus: 3750, signal 200458/231039 (executing program) 2022/09/13 15:55:26 fetching corpus: 3800, signal 201161/231714 (executing program) 2022/09/13 15:55:26 fetching corpus: 3850, signal 202236/232591 (executing program) 2022/09/13 15:55:26 fetching corpus: 3900, signal 203218/233319 (executing program) 2022/09/13 15:55:26 fetching corpus: 3950, signal 203625/233880 (executing program) 2022/09/13 15:55:26 fetching corpus: 4000, signal 204216/234495 (executing program) 2022/09/13 15:55:26 fetching corpus: 4050, signal 204877/235133 (executing program) 2022/09/13 15:55:27 fetching corpus: 4100, signal 205463/235679 (executing program) 2022/09/13 15:55:27 fetching corpus: 4150, signal 206279/236272 (executing program) 2022/09/13 15:55:27 fetching corpus: 4200, signal 207133/236948 (executing program) 2022/09/13 15:55:27 fetching corpus: 4250, signal 207754/237508 (executing program) 2022/09/13 15:55:27 fetching corpus: 4300, signal 208374/238039 (executing program) 2022/09/13 15:55:27 fetching corpus: 4350, signal 208978/238523 (executing program) 2022/09/13 15:55:27 fetching corpus: 4400, signal 209688/239069 (executing program) 2022/09/13 15:55:27 fetching corpus: 4450, signal 210174/239573 (executing program) 2022/09/13 15:55:28 fetching corpus: 4500, signal 211182/240168 (executing program) 2022/09/13 15:55:28 fetching corpus: 4550, signal 211896/240678 (executing program) 2022/09/13 15:55:28 fetching corpus: 4600, signal 213114/241298 (executing program) 2022/09/13 15:55:28 fetching corpus: 4650, signal 213774/241766 (executing program) 2022/09/13 15:55:28 fetching corpus: 4700, signal 214695/242292 (executing program) 2022/09/13 15:55:28 fetching corpus: 4750, signal 215075/242639 (executing program) 2022/09/13 15:55:29 fetching corpus: 4800, signal 215835/243083 (executing program) 2022/09/13 15:55:29 fetching corpus: 4850, signal 216648/243531 (executing program) 2022/09/13 15:55:29 fetching corpus: 4900, signal 217131/243909 (executing program) 2022/09/13 15:55:29 fetching corpus: 4950, signal 217934/244374 (executing program) 2022/09/13 15:55:29 fetching corpus: 5000, signal 218940/244807 (executing program) 2022/09/13 15:55:29 fetching corpus: 5050, signal 219694/245241 (executing program) 2022/09/13 15:55:30 fetching corpus: 5100, signal 220270/245557 (executing program) 2022/09/13 15:55:30 fetching corpus: 5150, signal 221220/245969 (executing program) 2022/09/13 15:55:30 fetching corpus: 5200, signal 221552/246259 (executing program) 2022/09/13 15:55:30 fetching corpus: 5250, signal 222140/246557 (executing program) 2022/09/13 15:55:30 fetching corpus: 5300, signal 222940/246939 (executing program) 2022/09/13 15:55:30 fetching corpus: 5350, signal 223647/247269 (executing program) 2022/09/13 15:55:30 fetching corpus: 5400, signal 224119/247536 (executing program) 2022/09/13 15:55:31 fetching corpus: 5450, signal 224795/247851 (executing program) 2022/09/13 15:55:31 fetching corpus: 5500, signal 225791/248184 (executing program) 2022/09/13 15:55:31 fetching corpus: 5550, signal 226408/248453 (executing program) 2022/09/13 15:55:31 fetching corpus: 5600, signal 226880/248727 (executing program) 2022/09/13 15:55:31 fetching corpus: 5650, signal 227608/248951 (executing program) 2022/09/13 15:55:31 fetching corpus: 5700, signal 228367/249268 (executing program) 2022/09/13 15:55:31 fetching corpus: 5750, signal 229099/249525 (executing program) 2022/09/13 15:55:32 fetching corpus: 5800, signal 229557/249731 (executing program) 2022/09/13 15:55:32 fetching corpus: 5850, signal 230252/249968 (executing program) 2022/09/13 15:55:32 fetching corpus: 5900, signal 230583/250136 (executing program) 2022/09/13 15:55:32 fetching corpus: 5950, signal 231617/250327 (executing program) 2022/09/13 15:55:32 fetching corpus: 6000, signal 232048/250470 (executing program) 2022/09/13 15:55:32 fetching corpus: 6050, signal 232757/250633 (executing program) 2022/09/13 15:55:32 fetching corpus: 6100, signal 233571/250647 (executing program) 2022/09/13 15:55:33 fetching corpus: 6150, signal 234364/250648 (executing program) 2022/09/13 15:55:33 fetching corpus: 6200, signal 234932/250649 (executing program) 2022/09/13 15:55:33 fetching corpus: 6250, signal 235458/250656 (executing program) 2022/09/13 15:55:33 fetching corpus: 6300, signal 236082/250663 (executing program) 2022/09/13 15:55:33 fetching corpus: 6350, signal 236698/250675 (executing program) 2022/09/13 15:55:33 fetching corpus: 6400, signal 237224/250685 (executing program) 2022/09/13 15:55:33 fetching corpus: 6450, signal 237596/250701 (executing program) 2022/09/13 15:55:33 fetching corpus: 6500, signal 238112/250762 (executing program) 2022/09/13 15:55:34 fetching corpus: 6550, signal 238532/250809 (executing program) 2022/09/13 15:55:34 fetching corpus: 6600, signal 239019/250833 (executing program) 2022/09/13 15:55:34 fetching corpus: 6650, signal 239383/250875 (executing program) 2022/09/13 15:55:34 fetching corpus: 6700, signal 239749/250916 (executing program) 2022/09/13 15:55:34 fetching corpus: 6750, signal 240185/250928 (executing program) 2022/09/13 15:55:34 fetching corpus: 6800, signal 240577/250958 (executing program) 2022/09/13 15:55:34 fetching corpus: 6850, signal 241292/250975 (executing program) 2022/09/13 15:55:35 fetching corpus: 6874, signal 241667/250984 (executing program) 2022/09/13 15:55:35 fetching corpus: 6874, signal 241667/250984 (executing program) 2022/09/13 15:55:37 starting 8 fuzzer processes 15:55:37 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:55:37 executing program 1: r0 = fsopen(&(0x7f0000000000)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) unlinkat(r1, &(0x7f0000000200)='./file0\x00', 0x0) 15:55:37 executing program 2: io_uring_setup(0x6f88, &(0x7f0000000000)={0x0, 0x7f60, 0x2, 0x0, 0x274}) ioctl$F2FS_IOC_WRITE_CHECKPOINT(0xffffffffffffffff, 0xf507, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x3) accept(0xffffffffffffffff, 0x0, 0x0) 15:55:37 executing program 4: ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f00000001c0)={0x0, 0x18, '\x00', 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x7ab681, 0x24) close_range(r0, r1, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x0, 0x0}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x217}, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000fee000/0x12000)=nil, 0x0, 0x0) [ 73.004621] audit: type=1400 audit(1663084537.261:6): avc: denied { execmem } for pid=284 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 15:55:37 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 15:55:37 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000080)) 15:55:37 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f00000004c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmmsg$inet6(r0, &(0x7f0000001b80)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) 15:55:37 executing program 7: r0 = socket$unix(0x1, 0x2, 0x0) io_setup(0x4e, &(0x7f0000000000)=0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) dup2(r2, r0) io_submit(r1, 0x1, &(0x7f0000001740)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) [ 74.325751] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.327676] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.329737] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.333377] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.337290] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 74.338918] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.342750] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.345844] Bluetooth: hci1: HCI_REQ-0x0c1a [ 74.348009] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.350068] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.365021] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.366762] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 74.368164] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.380053] Bluetooth: hci0: HCI_REQ-0x0c1a [ 74.402442] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.404048] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.405706] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 74.408345] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.409707] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 74.411040] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.412406] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.413721] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 74.416647] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.428109] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.452199] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 74.453574] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 74.455333] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 74.458309] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 74.459565] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.460612] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 74.461933] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 74.463125] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 74.487074] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.488550] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.489732] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 74.492219] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 74.492560] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 74.496419] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.502662] Bluetooth: hci3: HCI_REQ-0x0c1a [ 74.508900] Bluetooth: hci4: HCI_REQ-0x0c1a [ 74.529416] Bluetooth: hci2: HCI_REQ-0x0c1a [ 74.547062] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 74.548303] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 74.568096] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 74.569321] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 74.571636] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 74.573076] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 74.598149] Bluetooth: hci6: HCI_REQ-0x0c1a [ 74.607596] Bluetooth: hci5: HCI_REQ-0x0c1a [ 76.355260] Bluetooth: hci1: command 0x0409 tx timeout [ 76.419839] Bluetooth: hci0: command 0x0409 tx timeout [ 76.482840] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 76.546906] Bluetooth: hci2: command 0x0409 tx timeout [ 76.547493] Bluetooth: hci4: command 0x0409 tx timeout [ 76.548750] Bluetooth: hci3: command 0x0409 tx timeout [ 76.611857] Bluetooth: hci6: command 0x0409 tx timeout [ 76.674853] Bluetooth: hci5: command 0x0409 tx timeout [ 78.403881] Bluetooth: hci1: command 0x041b tx timeout [ 78.466867] Bluetooth: hci0: command 0x041b tx timeout [ 78.594879] Bluetooth: hci3: command 0x041b tx timeout [ 78.595376] Bluetooth: hci4: command 0x041b tx timeout [ 78.596953] Bluetooth: hci2: command 0x041b tx timeout [ 78.658847] Bluetooth: hci6: command 0x041b tx timeout [ 78.737516] Bluetooth: hci5: command 0x041b tx timeout [ 79.580757] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 79.584012] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 79.591270] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 79.607383] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 79.611912] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 79.613514] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 79.620635] Bluetooth: hci7: HCI_REQ-0x0c1a [ 80.450875] Bluetooth: hci1: command 0x040f tx timeout [ 80.514833] Bluetooth: hci0: command 0x040f tx timeout [ 80.642899] Bluetooth: hci2: command 0x040f tx timeout [ 80.643414] Bluetooth: hci4: command 0x040f tx timeout [ 80.643853] Bluetooth: hci3: command 0x040f tx timeout [ 80.706857] Bluetooth: hci6: command 0x040f tx timeout [ 80.770880] Bluetooth: hci5: command 0x040f tx timeout [ 81.666841] Bluetooth: hci7: command 0x0409 tx timeout [ 82.498941] Bluetooth: hci1: command 0x0419 tx timeout [ 82.563340] Bluetooth: hci0: command 0x0419 tx timeout [ 82.690847] Bluetooth: hci3: command 0x0419 tx timeout [ 82.691303] Bluetooth: hci4: command 0x0419 tx timeout [ 82.693119] Bluetooth: hci2: command 0x0419 tx timeout [ 82.754882] Bluetooth: hci6: command 0x0419 tx timeout [ 82.818874] Bluetooth: hci5: command 0x0419 tx timeout [ 83.714838] Bluetooth: hci7: command 0x041b tx timeout [ 85.762884] Bluetooth: hci7: command 0x040f tx timeout [ 87.810884] Bluetooth: hci7: command 0x0419 tx timeout 15:56:30 executing program 6: r0 = getpgid(0x0) r1 = perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0) r2 = getpgid(0x0) perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r2, 0x0, r1, 0x0) [ 126.205399] audit: type=1400 audit(1663084590.462:7): avc: denied { open } for pid=3790 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 126.207012] audit: type=1400 audit(1663084590.462:8): avc: denied { kernel } for pid=3790 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 126.226919] ------------[ cut here ]------------ [ 126.227458] WARNING: CPU: 1 PID: 3791 at arch/x86/events/core.c:1200 collect_events+0x500/0x870 [ 126.228227] Modules linked in: [ 126.228526] CPU: 1 PID: 3791 Comm: syz-executor.6 Not tainted 6.0.0-rc5-next-20220913 #1 [ 126.229248] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 126.230252] RIP: 0010:collect_events+0x500/0x870 [ 126.230754] Code: 85 db 0f 85 4d fe ff ff e8 ad 65 45 00 65 8b 1d 22 c4 01 7f 31 ff 89 de e8 4d 62 45 00 85 db 0f 84 4c 02 00 00 e8 90 65 45 00 <0f> 0b e9 24 fe ff ff e8 84 65 45 00 49 8d bc 24 48 13 00 00 48 b8 [ 126.233127] RSP: 0018:ffff8880188cfbd8 EFLAGS: 00010206 [ 126.233562] RAX: 0000000000001a00 RBX: 0000000000000001 RCX: ffffc90006a04000 [ 126.234193] RDX: 0000000000040000 RSI: ffffffff8100b1b0 RDI: 0000000000000005 [ 126.234793] RBP: ffff888041ea8000 R08: 0000000000000005 R09: 0000000000000000 [ 126.235372] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888041eb4000 [ 126.235969] R13: 0000000000000006 R14: 0000000000000001 R15: 0000000000000001 [ 126.236557] FS: 00007f920ff2f700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 126.237230] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.237705] CR2: 0000001b2e021000 CR3: 0000000041086000 CR4: 0000000000350ee0 [ 126.238316] Call Trace: [ 126.238535] [ 126.238737] x86_pmu_event_init+0x4b9/0xbc0 [ 126.239135] perf_try_init_event+0x202/0x570 [ 126.239521] perf_event_alloc.part.0+0xff8/0x3bc0 [ 126.239941] ? lock_downgrade+0x6d0/0x6d0 [ 126.240305] ? lock_is_held_type+0xd7/0x130 [ 126.240682] __do_sys_perf_event_open+0x4c6/0x32c0 [ 126.241127] ? perf_compat_ioctl+0x130/0x130 [ 126.241498] ? xfd_validate_state+0x59/0x180 [ 126.241914] ? syscall_enter_from_user_mode+0x1d/0x50 [ 126.242382] ? syscall_enter_from_user_mode+0x1d/0x50 [ 126.242859] do_syscall_64+0x3b/0x90 [ 126.243184] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.243648] RIP: 0033:0x7f92129b9b19 [ 126.243965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.245351] RSP: 002b:00007f920ff2f188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 126.245954] RAX: ffffffffffffffda RBX: 00007f9212accf60 RCX: 00007f92129b9b19 [ 126.246522] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 00000000200038c0 [ 126.247090] RBP: 00007f9212a13f6d R08: 0000000000000000 R09: 0000000000000000 [ 126.247643] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 126.248209] R13: 00007ffdd2633e8f R14: 00007f920ff2f300 R15: 0000000000022000 [ 126.248788] [ 126.248979] irq event stamp: 1079 [ 126.249248] hardirqs last enabled at (1089): [] __up_console_sem+0x78/0x80 [ 126.249921] hardirqs last disabled at (1100): [] __up_console_sem+0x5d/0x80 [ 126.250590] softirqs last enabled at (646): [] __irq_exit_rcu+0x11b/0x180 [ 126.251258] softirqs last disabled at (641): [] __irq_exit_rcu+0x11b/0x180 [ 126.251929] ---[ end trace 0000000000000000 ]--- 15:56:30 executing program 6: r0 = getpgid(0x0) r1 = perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0) r2 = getpgid(0x0) perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r2, 0x0, r1, 0x0) [ 126.438952] ------------[ cut here ]------------ [ 126.438986] [ 126.438990] ====================================================== [ 126.438994] WARNING: possible circular locking dependency detected [ 126.438999] 6.0.0-rc5-next-20220913 #1 Tainted: G W [ 126.439006] ------------------------------------------------------ [ 126.439010] syz-executor.6/3802 is trying to acquire lock: [ 126.439016] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 126.439056] [ 126.439056] but task is already holding lock: [ 126.439059] ffff88800ecc8820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_in+0x2a0/0x6e0 [ 126.439086] [ 126.439086] which lock already depends on the new lock. [ 126.439086] [ 126.439089] [ 126.439089] the existing dependency chain (in reverse order) is: [ 126.439093] [ 126.439093] -> #3 (&ctx->lock){....}-{2:2}: [ 126.439107] _raw_spin_lock+0x2a/0x40 [ 126.439125] __perf_event_task_sched_out+0x53b/0x18d0 [ 126.439138] __schedule+0xedd/0x2470 [ 126.439148] schedule+0xda/0x1b0 [ 126.439158] futex_wait_queue+0xf5/0x1e0 [ 126.439169] futex_wait+0x28e/0x690 [ 126.439179] do_futex+0x2ff/0x380 [ 126.439189] __x64_sys_futex+0x1c6/0x4d0 [ 126.439198] do_syscall_64+0x3b/0x90 [ 126.439213] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.439231] [ 126.439231] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 126.439245] _raw_spin_lock_nested+0x30/0x40 [ 126.439260] raw_spin_rq_lock_nested+0x1e/0x30 [ 126.439273] task_fork_fair+0x63/0x4d0 [ 126.439291] sched_cgroup_fork+0x3d0/0x540 [ 126.439305] copy_process+0x3f9e/0x6df0 [ 126.439316] kernel_clone+0xe7/0x890 [ 126.439325] user_mode_thread+0xad/0xf0 [ 126.439335] rest_init+0x24/0x250 [ 126.439352] arch_call_rest_init+0xf/0x14 [ 126.439372] start_kernel+0x4c1/0x4e6 [ 126.439389] secondary_startup_64_no_verify+0xe0/0xeb [ 126.439404] [ 126.439404] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 126.439417] _raw_spin_lock_irqsave+0x39/0x60 [ 126.439432] try_to_wake_up+0xab/0x1920 [ 126.439446] up+0x75/0xb0 [ 126.439457] __up_console_sem+0x6e/0x80 [ 126.439474] console_unlock+0x46a/0x590 [ 126.439490] vprintk_emit+0x1bd/0x560 [ 126.439506] vprintk+0x84/0xa0 [ 126.439523] _printk+0xba/0xf1 [ 126.439541] kauditd_hold_skb.cold+0x3f/0x4e [ 126.439555] kauditd_send_queue+0x233/0x290 [ 126.439570] kauditd_thread+0x5da/0x9a0 [ 126.439584] kthread+0x2ed/0x3a0 [ 126.439600] ret_from_fork+0x22/0x30 [ 126.439612] [ 126.439612] -> #0 ((console_sem).lock){....}-{2:2}: [ 126.439626] __lock_acquire+0x2a02/0x5e70 [ 126.439642] lock_acquire+0x1a2/0x530 [ 126.439659] _raw_spin_lock_irqsave+0x39/0x60 [ 126.439673] down_trylock+0xe/0x70 [ 126.439686] __down_trylock_console_sem+0x3b/0xd0 [ 126.439702] vprintk_emit+0x16b/0x560 [ 126.439719] vprintk+0x84/0xa0 [ 126.439735] _printk+0xba/0xf1 [ 126.439751] report_bug.cold+0x72/0xab [ 126.439764] handle_bug+0x3c/0x70 [ 126.439779] exc_invalid_op+0x14/0x50 [ 126.439792] asm_exc_invalid_op+0x16/0x20 [ 126.439809] event_filter_match+0x422/0x660 [ 126.439826] merge_sched_in+0x107/0x1110 [ 126.439836] visit_groups_merge.constprop.0.isra.0+0x4fc/0xef0 [ 126.439849] ctx_sched_in+0x2e6/0x770 [ 126.439859] perf_event_sched_in+0x58/0x80 [ 126.439870] __perf_event_task_sched_in+0x408/0x6e0 [ 126.439882] finish_task_switch.isra.0+0x46d/0x8a0 [ 126.439893] __schedule+0x89b/0x2470 [ 126.439903] schedule+0xda/0x1b0 [ 126.439912] futex_wait_queue+0xf5/0x1e0 [ 126.439922] futex_wait+0x28e/0x690 [ 126.439932] do_futex+0x2ff/0x380 [ 126.439941] __x64_sys_futex+0x1c6/0x4d0 [ 126.439951] do_syscall_64+0x3b/0x90 [ 126.439963] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.439980] [ 126.439980] other info that might help us debug this: [ 126.439980] [ 126.439983] Chain exists of: [ 126.439983] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 126.439983] [ 126.439998] Possible unsafe locking scenario: [ 126.439998] [ 126.440001] CPU0 CPU1 [ 126.440004] ---- ---- [ 126.440006] lock(&ctx->lock); [ 126.440012] lock(&rq->__lock); [ 126.440018] lock(&ctx->lock); [ 126.440024] lock((console_sem).lock); [ 126.440030] [ 126.440030] *** DEADLOCK *** [ 126.440030] [ 126.440032] 2 locks held by syz-executor.6/3802: [ 126.440039] #0: ffff88806ce3ef20 (&cpuctx_lock){....}-{2:2}, at: __perf_event_task_sched_in+0x28f/0x6e0 [ 126.440066] #1: ffff88800ecc8820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_in+0x2a0/0x6e0 [ 126.440094] [ 126.440094] stack backtrace: [ 126.440097] CPU: 0 PID: 3802 Comm: syz-executor.6 Tainted: G W 6.0.0-rc5-next-20220913 #1 [ 126.440110] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 126.440119] Call Trace: [ 126.440122] [ 126.440127] dump_stack_lvl+0x8b/0xb3 [ 126.440142] check_noncircular+0x263/0x2e0 [ 126.440159] ? format_decode+0x26c/0xb50 [ 126.440174] ? print_circular_bug+0x450/0x450 [ 126.440192] ? enable_ptr_key_workfn+0x20/0x20 [ 126.440206] ? mark_lock.part.0+0xef/0x2f70 [ 126.440224] ? format_decode+0x26c/0xb50 [ 126.440239] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 126.440257] __lock_acquire+0x2a02/0x5e70 [ 126.440279] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 126.440302] lock_acquire+0x1a2/0x530 [ 126.440319] ? down_trylock+0xe/0x70 [ 126.440333] ? rcu_read_unlock+0x40/0x40 [ 126.440350] ? mark_lock.part.0+0xef/0x2f70 [ 126.440369] ? lock_chain_count+0x20/0x20 [ 126.440387] ? vprintk+0x84/0xa0 [ 126.440406] _raw_spin_lock_irqsave+0x39/0x60 [ 126.440421] ? down_trylock+0xe/0x70 [ 126.440435] down_trylock+0xe/0x70 [ 126.440448] ? vprintk+0x84/0xa0 [ 126.440466] __down_trylock_console_sem+0x3b/0xd0 [ 126.440483] vprintk_emit+0x16b/0x560 [ 126.440503] vprintk+0x84/0xa0 [ 126.440521] _printk+0xba/0xf1 [ 126.440538] ? record_print_text.cold+0x16/0x16 [ 126.440560] ? mark_lock.part.0+0xef/0x2f70 [ 126.440577] ? __lock_acquire+0xbad/0x5e70 [ 126.440594] ? report_bug.cold+0x66/0xab [ 126.440608] ? event_filter_match+0x422/0x660 [ 126.440626] report_bug.cold+0x72/0xab [ 126.440641] handle_bug+0x3c/0x70 [ 126.440654] exc_invalid_op+0x14/0x50 [ 126.440669] asm_exc_invalid_op+0x16/0x20 [ 126.440686] RIP: 0010:event_filter_match+0x422/0x660 [ 126.440706] Code: 00 00 00 e9 7c fc ff ff e8 4b 15 f1 ff 65 8b 2d c0 73 ad 7e 31 ff 89 ee e8 eb 11 f1 ff 85 ed 0f 84 ef 00 00 00 e8 2e 15 f1 ff <0f> 0b eb 9f e8 45 80 23 00 e9 17 fc ff ff e8 1b 15 f1 ff 48 8d 7b [ 126.440717] RSP: 0018:ffff888041f4f700 EFLAGS: 00010012 [ 126.440726] RAX: 0000000040000000 RBX: ffff888041ea9158 RCX: 0000000000000000 [ 126.440734] RDX: ffff88801aee9ac0 RSI: ffffffff81550212 RDI: 0000000000000005 [ 126.440742] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001 [ 126.440749] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff888041ea9378 [ 126.440757] R13: 0000000000000000 R14: ffff888041ea9200 R15: ffff888041ea9378 [ 126.440768] ? event_filter_match+0x422/0x660 [ 126.440789] merge_sched_in+0x107/0x1110 [ 126.440803] visit_groups_merge.constprop.0.isra.0+0x4fc/0xef0 [ 126.440816] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 126.440837] ? merge_sched_in+0x1110/0x1110 [ 126.440852] ctx_sched_in+0x2e6/0x770 [ 126.440865] ? visit_groups_merge.constprop.0.isra.0+0xef0/0xef0 [ 126.440880] ? amd_pmu_check_overflow+0x17b/0x1c0 [ 126.440902] perf_event_sched_in+0x58/0x80 [ 126.440914] __perf_event_task_sched_in+0x408/0x6e0 [ 126.440929] ? perf_mux_hrtimer_handler+0xe80/0xe80 [ 126.440942] ? lock_release+0x3b2/0x750 [ 126.440959] ? __schedule+0x839/0x2470 [ 126.440970] ? lock_downgrade+0x6d0/0x6d0 [ 126.440989] finish_task_switch.isra.0+0x46d/0x8a0 [ 126.441002] ? __switch_to+0x5bf/0xf20 [ 126.441014] __schedule+0x89b/0x2470 [ 126.441027] ? io_schedule_timeout+0x150/0x150 [ 126.441040] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 126.441058] schedule+0xda/0x1b0 [ 126.441069] futex_wait_queue+0xf5/0x1e0 [ 126.441081] futex_wait+0x28e/0x690 [ 126.441093] ? futex_wait_setup+0x230/0x230 [ 126.441107] ? __hrtimer_init+0x270/0x270 [ 126.441125] ? lock_release+0x3b2/0x750 [ 126.441142] ? __x64_sys_futex+0x3a9/0x4d0 [ 126.441155] do_futex+0x2ff/0x380 [ 126.441166] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 126.441178] ? lockdep_hardirqs_on+0x79/0x100 [ 126.441196] ? recalibrate_cpu_khz+0x10/0x10 [ 126.441209] ? ktime_get+0x153/0x1f0 [ 126.441225] __x64_sys_futex+0x1c6/0x4d0 [ 126.441237] ? __x64_sys_futex_time32+0x480/0x480 [ 126.441250] ? syscall_enter_from_user_mode+0x1d/0x50 [ 126.441271] do_syscall_64+0x3b/0x90 [ 126.441285] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.441303] RIP: 0033:0x7f92129b9b19 [ 126.441311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.441322] RSP: 002b:00007ffdd2633f08 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 126.441333] RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 00007f92129b9b19 [ 126.441341] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9212accf6c [ 126.441348] RBP: 00007f9212accf6c R08: 00007ffdd2747080 R09: 0000000000000000 [ 126.441356] R10: 00007ffdd2633fe0 R11: 0000000000000246 R12: 000000000001ed20 [ 126.441363] R13: 00000000000003e8 R14: 00007f9212accf60 R15: 000000000001ed16 [ 126.441376] [ 126.506819] WARNING: CPU: 0 PID: 3802 at kernel/events/core.c:2233 event_filter_match+0x422/0x660 [ 126.507470] Modules linked in: [ 126.507706] CPU: 0 PID: 3802 Comm: syz-executor.6 Tainted: G W 6.0.0-rc5-next-20220913 #1 [ 126.508401] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 126.509207] RIP: 0010:event_filter_match+0x422/0x660 [ 126.509593] Code: 00 00 00 e9 7c fc ff ff e8 4b 15 f1 ff 65 8b 2d c0 73 ad 7e 31 ff 89 ee e8 eb 11 f1 ff 85 ed 0f 84 ef 00 00 00 e8 2e 15 f1 ff <0f> 0b eb 9f e8 45 80 23 00 e9 17 fc ff ff e8 1b 15 f1 ff 48 8d 7b [ 126.510941] RSP: 0018:ffff888041f4f700 EFLAGS: 00010012 [ 126.511333] RAX: 0000000040000000 RBX: ffff888041ea9158 RCX: 0000000000000000 [ 126.511854] RDX: ffff88801aee9ac0 RSI: ffffffff81550212 RDI: 0000000000000005 [ 126.512381] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001 [ 126.512911] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff888041ea9378 [ 126.513434] R13: 0000000000000000 R14: ffff888041ea9200 R15: ffff888041ea9378 [ 126.513960] FS: 0000555556fd9400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 126.514550] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.514975] CR2: 00007f65c01458e0 CR3: 0000000041086000 CR4: 0000000000350ef0 [ 126.515503] Call Trace: [ 126.515696] [ 126.515863] merge_sched_in+0x107/0x1110 [ 126.516162] visit_groups_merge.constprop.0.isra.0+0x4fc/0xef0 [ 126.516596] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 126.517001] ? merge_sched_in+0x1110/0x1110 [ 126.517321] ctx_sched_in+0x2e6/0x770 [ 126.517614] ? visit_groups_merge.constprop.0.isra.0+0xef0/0xef0 [ 126.518076] ? amd_pmu_check_overflow+0x17b/0x1c0 [ 126.518446] perf_event_sched_in+0x58/0x80 [ 126.518757] __perf_event_task_sched_in+0x408/0x6e0 [ 126.519137] ? perf_mux_hrtimer_handler+0xe80/0xe80 [ 126.519503] ? lock_release+0x3b2/0x750 [ 126.519817] ? __schedule+0x839/0x2470 [ 126.520106] ? lock_downgrade+0x6d0/0x6d0 [ 126.520422] finish_task_switch.isra.0+0x46d/0x8a0 [ 126.520781] ? __switch_to+0x5bf/0xf20 [ 126.521073] __schedule+0x89b/0x2470 [ 126.521350] ? io_schedule_timeout+0x150/0x150 [ 126.521701] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 126.522088] schedule+0xda/0x1b0 [ 126.522343] futex_wait_queue+0xf5/0x1e0 [ 126.522650] futex_wait+0x28e/0x690 [ 126.522926] ? futex_wait_setup+0x230/0x230 [ 126.523251] ? __hrtimer_init+0x270/0x270 [ 126.523556] ? lock_release+0x3b2/0x750 [ 126.523852] ? __x64_sys_futex+0x3a9/0x4d0 [ 126.524152] do_futex+0x2ff/0x380 [ 126.524405] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 126.524814] ? lockdep_hardirqs_on+0x79/0x100 [ 126.525143] ? recalibrate_cpu_khz+0x10/0x10 [ 126.525460] ? ktime_get+0x153/0x1f0 [ 126.525743] __x64_sys_futex+0x1c6/0x4d0 [ 126.526049] ? __x64_sys_futex_time32+0x480/0x480 [ 126.526405] ? syscall_enter_from_user_mode+0x1d/0x50 [ 126.526793] do_syscall_64+0x3b/0x90 [ 126.527072] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.527447] RIP: 0033:0x7f92129b9b19 [ 126.527719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.528997] RSP: 002b:00007ffdd2633f08 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 126.529554] RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 00007f92129b9b19 [ 126.530105] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9212accf6c [ 126.530635] RBP: 00007f9212accf6c R08: 00007ffdd2747080 R09: 0000000000000000 [ 126.531172] R10: 00007ffdd2633fe0 R11: 0000000000000246 R12: 000000000001ed20 [ 126.531714] R13: 00000000000003e8 R14: 00007f9212accf60 R15: 000000000001ed16 [ 126.532266] [ 126.532450] irq event stamp: 2320 [ 126.532705] hardirqs last enabled at (2319): [] _raw_spin_unlock_irqrestore+0x28/0x60 [ 126.533421] hardirqs last disabled at (2320): [] __schedule+0x1225/0x2470 [ 126.534051] softirqs last enabled at (2020): [] fpu_clone+0x3c2/0xb00 [ 126.534671] softirqs last disabled at (2018): [] fpu_clone+0x335/0xb00 [ 126.535294] ---[ end trace 0000000000000000 ]--- 15:56:31 executing program 3: r0 = getpgid(0x0) r1 = perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0) r2 = getpgid(0x0) perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r2, 0x0, r1, 0x0) 15:56:31 executing program 3: r0 = getpgid(0x0) r1 = perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0) r2 = getpgid(0x0) perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r2, 0x0, r1, 0x0) 15:56:31 executing program 6: r0 = getpgid(0x0) r1 = perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0) r2 = getpgid(0x0) perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r2, 0x0, r1, 0x0) 15:56:31 executing program 1: r0 = fsopen(&(0x7f0000000000)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) unlinkat(r1, &(0x7f0000000200)='./file0\x00', 0x0) 15:56:31 executing program 3: r0 = getpgid(0x0) r1 = perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0) r2 = getpgid(0x0) perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r2, 0x0, r1, 0x0) 15:56:31 executing program 6: r0 = getpgid(0x0) r1 = perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0) r2 = getpgid(0x0) perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r2, 0x0, r1, 0x0) 15:56:34 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x3, 0x1, 0xd6c3}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000140)=0x100, 0x4) sendmsg$NFT_MSG_GETTABLE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4850}, 0x0) 15:56:34 executing program 1: r0 = fsopen(&(0x7f0000000000)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) unlinkat(r1, &(0x7f0000000200)='./file0\x00', 0x0) 15:56:34 executing program 6: syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x7, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @remote, {[@cipso={0x86, 0x6}]}}, @source_quench={0x2b, 0x0, 0x0, 0x7f00, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @broadcast}}}}}}, 0x0) 15:56:34 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fchmod(r0, 0x0) 15:56:34 executing program 4: ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f00000001c0)={0x0, 0x18, '\x00', 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x7ab681, 0x24) close_range(r0, r1, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x0, 0x0}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x217}, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000fee000/0x12000)=nil, 0x0, 0x0) 15:56:34 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:34 executing program 5: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000002800), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, 0x2}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 15:56:34 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x21, &(0x7f0000000080)={@broadcast, @private}, 0xc) 15:56:34 executing program 6: syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x7, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @remote, {[@cipso={0x86, 0x6}]}}, @source_quench={0x2b, 0x0, 0x0, 0x7f00, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @broadcast}}}}}}, 0x0) 15:56:34 executing program 1: r0 = fsopen(&(0x7f0000000000)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) unlinkat(r1, &(0x7f0000000200)='./file0\x00', 0x0) 15:56:34 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x21, &(0x7f0000000080)={@broadcast, @private}, 0xc) 15:56:34 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fchmod(r0, 0x0) 15:56:34 executing program 4: ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f00000001c0)={0x0, 0x18, '\x00', 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x7ab681, 0x24) close_range(r0, r1, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x0, 0x0}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x217}, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000fee000/0x12000)=nil, 0x0, 0x0) 15:56:34 executing program 5: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000002800), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, 0x2}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 15:56:34 executing program 6: syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x7, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @remote, {[@cipso={0x86, 0x6}]}}, @source_quench={0x2b, 0x0, 0x0, 0x7f00, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @broadcast}}}}}}, 0x0) 15:56:34 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fchmod(r0, 0x0) 15:56:34 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x3, 0x1, 0xd6c3}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000140)=0x100, 0x4) sendmsg$NFT_MSG_GETTABLE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4850}, 0x0) 15:56:34 executing program 1: ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f00000001c0)={0x0, 0x18, '\x00', 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x7ab681, 0x24) close_range(r0, r1, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x0, 0x0}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x217}, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000fee000/0x12000)=nil, 0x0, 0x0) 15:56:34 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x21, &(0x7f0000000080)={@broadcast, @private}, 0xc) 15:56:34 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:34 executing program 6: syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x7, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @remote, {[@cipso={0x86, 0x6}]}}, @source_quench={0x2b, 0x0, 0x0, 0x7f00, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @broadcast}}}}}}, 0x0) 15:56:34 executing program 5: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000002800), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, 0x2}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 15:56:34 executing program 4: ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f00000001c0)={0x0, 0x18, '\x00', 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x7ab681, 0x24) close_range(r0, r1, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x0, 0x0}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x217}, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000fee000/0x12000)=nil, 0x0, 0x0) 15:56:34 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fchmod(r0, 0x0) 15:56:34 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x21, &(0x7f0000000080)={@broadcast, @private}, 0xc) 15:56:34 executing program 3: ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f00000001c0)={0x0, 0x18, '\x00', 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x7ab681, 0x24) close_range(r0, r1, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x0, 0x0}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x217}, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000fee000/0x12000)=nil, 0x0, 0x0) [ 130.667113] blktrace: Concurrent blktraces are not allowed on sg0 15:56:34 executing program 5: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000002800), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, 0x2}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 15:56:34 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:34 executing program 1: ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f00000001c0)={0x0, 0x18, '\x00', 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x7ab681, 0x24) close_range(r0, r1, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x0, 0x0}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x217}, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000fee000/0x12000)=nil, 0x0, 0x0) 15:56:35 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:35 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x3, 0x1, 0xd6c3}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000140)=0x100, 0x4) sendmsg$NFT_MSG_GETTABLE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4850}, 0x0) 15:56:35 executing program 3: ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f00000001c0)={0x0, 0x18, '\x00', 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x7ab681, 0x24) close_range(r0, r1, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x0, 0x0}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x217}, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000fee000/0x12000)=nil, 0x0, 0x0) 15:56:35 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:35 executing program 1: ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f00000001c0)={0x0, 0x18, '\x00', 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x7ab681, 0x24) close_range(r0, r1, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x0, 0x0}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x217}, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000fee000/0x12000)=nil, 0x0, 0x0) 15:56:35 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:35 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:35 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:35 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:35 executing program 3: ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f00000001c0)={0x0, 0x18, '\x00', 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x7ab681, 0x24) close_range(r0, r1, 0x0) write(0xffffffffffffffff, &(0x7f0000000180), 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x0, 0x0}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x217}, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000fee000/0x12000)=nil, 0x0, 0x0) 15:56:35 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0xf1887000) chroot(0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="0180a5a268fbd7bbacb70aa9533c5b2b41783b151ad07e5d3ceed7bcdee5006dc37b469f", @ANYRES32, @ANYRES64=r0]) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r1, 0x0, 0xfffffdef) [ 131.068352] loop1: detected capacity change from 0 to 40 15:56:35 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x3, 0x1, 0xd6c3}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000140)=0x100, 0x4) sendmsg$NFT_MSG_GETTABLE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4850}, 0x0) [ 131.163775] syz-executor.1: attempt to access beyond end of device [ 131.163775] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 131.165522] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 131.195093] syz-executor.1: attempt to access beyond end of device [ 131.195093] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 131.196035] Buffer I/O error on dev loop1, logical block 10, lost async page write 15:56:35 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:35 executing program 3: r0 = syz_io_uring_setup(0xeb3, &(0x7f0000000000), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) io_uring_setup(0x454c, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x0, 0x0, 0x0, 0x4) 15:56:35 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:35 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0xf1887000) chroot(0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="0180a5a268fbd7bbacb70aa9533c5b2b41783b151ad07e5d3ceed7bcdee5006dc37b469f", @ANYRES32, @ANYRES64=r0]) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r1, 0x0, 0xfffffdef) [ 131.328677] loop1: detected capacity change from 0 to 40 15:56:35 executing program 0: socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) 15:56:35 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:35 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:35 executing program 0: socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) 15:56:35 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0xf1887000) chroot(0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="0180a5a268fbd7bbacb70aa9533c5b2b41783b151ad07e5d3ceed7bcdee5006dc37b469f", @ANYRES32, @ANYRES64=r0]) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r1, 0x0, 0xfffffdef) [ 131.414344] syz-executor.1: attempt to access beyond end of device [ 131.414344] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 131.415745] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 131.430795] hrtimer: interrupt took 27391 ns [ 131.442751] loop2: detected capacity change from 0 to 40 15:56:35 executing program 3: r0 = syz_io_uring_setup(0xeb3, &(0x7f0000000000), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) io_uring_setup(0x454c, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x0, 0x0, 0x0, 0x4) 15:56:35 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0xf1887000) chroot(0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="0180a5a268fbd7bbacb70aa9533c5b2b41783b151ad07e5d3ceed7bcdee5006dc37b469f", @ANYRES32, @ANYRES64=r0]) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r1, 0x0, 0xfffffdef) [ 131.548389] loop1: detected capacity change from 0 to 40 [ 131.736208] syz-executor.2: attempt to access beyond end of device [ 131.736208] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 131.737265] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 132.463851] syz-executor.1 (4098) used greatest stack depth: 24152 bytes left 15:56:36 executing program 0: socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) 15:56:36 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 15:56:36 executing program 3: r0 = syz_io_uring_setup(0xeb3, &(0x7f0000000000), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) io_uring_setup(0x454c, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x0, 0x0, 0x0, 0x4) 15:56:36 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0xf1887000) chroot(0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="0180a5a268fbd7bbacb70aa9533c5b2b41783b151ad07e5d3ceed7bcdee5006dc37b469f", @ANYRES32, @ANYRES64=r0]) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r1, 0x0, 0xfffffdef) 15:56:36 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0xf1887000) chroot(0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="0180a5a268fbd7bbacb70aa9533c5b2b41783b151ad07e5d3ceed7bcdee5006dc37b469f", @ANYRES32, @ANYRES64=r0]) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r1, 0x0, 0xfffffdef) [ 132.542501] loop6: detected capacity change from 0 to 40 15:56:36 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0xf1887000) chroot(0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="0180a5a268fbd7bbacb70aa9533c5b2b41783b151ad07e5d3ceed7bcdee5006dc37b469f", @ANYRES32, @ANYRES64=r0]) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r1, 0x0, 0xfffffdef) 15:56:36 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000001b80)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c, 0x0}}], 0x2, 0x0) 15:56:36 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) [ 132.557426] loop2: detected capacity change from 0 to 40 [ 132.581896] loop1: detected capacity change from 0 to 40 15:56:36 executing program 0: socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) 15:56:36 executing program 7: syz_mount_image$vfat(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000012c0)=""/4093, 0xffd) read$hiddev(r0, &(0x7f0000000100)=""/220, 0xdc) 15:56:36 executing program 3: r0 = syz_io_uring_setup(0xeb3, &(0x7f0000000000), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) io_uring_setup(0x454c, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x0, 0x0, 0x0, 0x4) [ 132.758992] syz-executor.6: attempt to access beyond end of device [ 132.758992] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 132.760689] Buffer I/O error on dev loop6, logical block 10, lost async page write 15:56:37 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x0) 15:56:37 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0xf1887000) chroot(0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="0180a5a268fbd7bbacb70aa9533c5b2b41783b151ad07e5d3ceed7bcdee5006dc37b469f", @ANYRES32, @ANYRES64=r0]) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r1, 0x0, 0xfffffdef) [ 132.887226] audit: type=1400 audit(1663084597.143:9): avc: denied { write } for pid=4125 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 15:56:37 executing program 3: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000001640)) 15:56:37 executing program 7: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000080)='\\\x00') r1 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0) mq_timedsend(r1, &(0x7f0000000000)="5ca0c83a142e355de0cc3f0f546f23b0f7b9b6bee977901b8095028bc0a56a3e20bdd99e2c07b030a923562b71f208add7a5e912a10882eebbd07ecfb12ed75202766f9f52aa77e7013118d833", 0x4d, 0x5, &(0x7f00000000c0)={0x0, 0x989680}) [ 132.954402] loop6: detected capacity change from 0 to 40 [ 132.957745] syz-executor.2: attempt to access beyond end of device [ 132.957745] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 132.959692] Buffer I/O error on dev loop2, logical block 10, lost async page write 15:56:37 executing program 0: mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x7, 0x4) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2, &(0x7f0000000040)=0x80000001, 0x0, 0x0) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000080)=0x6, 0x1000, 0x1) mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, &(0x7f00000000c0), 0x7, 0x1) mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) syz_io_uring_setup(0x6559, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000180), 0x0) r0 = shmget(0x3, 0x1000, 0x400, &(0x7f0000ffe000/0x1000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x4000) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) mbind(&(0x7f0000ff1000/0xd000)=nil, 0xd000, 0x0, 0x0, 0xffffffffffffff26, 0x4) get_mempolicy(0x0, &(0x7f0000000280), 0x1, &(0x7f0000ff1000/0x2000)=nil, 0x5) remap_file_pages(&(0x7f0000a73000/0x2000)=nil, 0x2000, 0x0, 0x8d, 0x40000) 15:56:37 executing program 7: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000080)='\\\x00') r1 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0) mq_timedsend(r1, &(0x7f0000000000)="5ca0c83a142e355de0cc3f0f546f23b0f7b9b6bee977901b8095028bc0a56a3e20bdd99e2c07b030a923562b71f208add7a5e912a10882eebbd07ecfb12ed75202766f9f52aa77e7013118d833", 0x4d, 0x5, &(0x7f00000000c0)={0x0, 0x989680}) [ 133.062346] mmap: syz-executor.0 (4135) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 133.180356] syz-executor.1: attempt to access beyond end of device [ 133.180356] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 133.182262] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 133.212453] syz-executor.6: attempt to access beyond end of device [ 133.212453] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 133.214153] Buffer I/O error on dev loop6, logical block 10, lost async page write 15:56:37 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0xf1887000) chroot(0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="0180a5a268fbd7bbacb70aa9533c5b2b41783b151ad07e5d3ceed7bcdee5006dc37b469f", @ANYRES32, @ANYRES64=r0]) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r1, 0x0, 0xfffffdef) 15:56:37 executing program 0: mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x7, 0x4) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2, &(0x7f0000000040)=0x80000001, 0x0, 0x0) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000080)=0x6, 0x1000, 0x1) mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, &(0x7f00000000c0), 0x7, 0x1) mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) syz_io_uring_setup(0x6559, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000180), 0x0) r0 = shmget(0x3, 0x1000, 0x400, &(0x7f0000ffe000/0x1000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x4000) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) mbind(&(0x7f0000ff1000/0xd000)=nil, 0xd000, 0x0, 0x0, 0xffffffffffffff26, 0x4) get_mempolicy(0x0, &(0x7f0000000280), 0x1, &(0x7f0000ff1000/0x2000)=nil, 0x5) remap_file_pages(&(0x7f0000a73000/0x2000)=nil, 0x2000, 0x0, 0x8d, 0x40000) 15:56:37 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0xf1887000) chroot(0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="0180a5a268fbd7bbacb70aa9533c5b2b41783b151ad07e5d3ceed7bcdee5006dc37b469f", @ANYRES32, @ANYRES64=r0]) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r1, 0x0, 0xfffffdef) 15:56:37 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x0, 0x2, &(0x7f0000000380)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x73}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000011200)=ANY=[]) chdir(&(0x7f00000000c0)='./file0\x00') io_setup(0x6, &(0x7f0000000040)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105241, 0x0) io_submit(r0, 0x4000, &(0x7f00000004c0)=[&(0x7f0000000200)={0xeffdffff, 0x8008, 0x10, 0x1, 0x0, r1, &(0x7f00000001c0)="10", 0x4000}]) 15:56:37 executing program 5: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000be000000000000be000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000010600)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d002000200020002000200020002000200020002000200000000000000000be000000000000be252f", 0x5a, 0x8800}], 0x0, &(0x7f0000011e00)) 15:56:37 executing program 7: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000080)='\\\x00') r1 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0) mq_timedsend(r1, &(0x7f0000000000)="5ca0c83a142e355de0cc3f0f546f23b0f7b9b6bee977901b8095028bc0a56a3e20bdd99e2c07b030a923562b71f208add7a5e912a10882eebbd07ecfb12ed75202766f9f52aa77e7013118d833", 0x4d, 0x5, &(0x7f00000000c0)={0x0, 0x989680}) [ 133.323998] loop2: detected capacity change from 0 to 40 [ 133.328898] loop3: detected capacity change from 0 to 256 [ 133.332454] loop5: detected capacity change from 0 to 136 [ 133.333680] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 133.334174] loop6: detected capacity change from 0 to 40 [ 133.338711] ISO 9660 Extensions: Microsoft Joliet Level 0 [ 133.341608] isofs_fill_super: get root inode failed 15:56:37 executing program 0: mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x7, 0x4) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2, &(0x7f0000000040)=0x80000001, 0x0, 0x0) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000080)=0x6, 0x1000, 0x1) mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, &(0x7f00000000c0), 0x7, 0x1) mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) syz_io_uring_setup(0x6559, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000180), 0x0) r0 = shmget(0x3, 0x1000, 0x400, &(0x7f0000ffe000/0x1000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x4000) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) mbind(&(0x7f0000ff1000/0xd000)=nil, 0xd000, 0x0, 0x0, 0xffffffffffffff26, 0x4) get_mempolicy(0x0, &(0x7f0000000280), 0x1, &(0x7f0000ff1000/0x2000)=nil, 0x5) remap_file_pages(&(0x7f0000a73000/0x2000)=nil, 0x2000, 0x0, 0x8d, 0x40000) [ 133.396471] loop5: detected capacity change from 0 to 136 15:56:37 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f00000000c0), 0x4) [ 133.400254] ISO 9660 Extensions: Microsoft Joliet Level 0 [ 133.402192] isofs_fill_super: get root inode failed 15:56:37 executing program 4: execveat(0xffffffffffffffff, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1200) 15:56:37 executing program 7: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000080)='\\\x00') r1 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0) mq_timedsend(r1, &(0x7f0000000000)="5ca0c83a142e355de0cc3f0f546f23b0f7b9b6bee977901b8095028bc0a56a3e20bdd99e2c07b030a923562b71f208add7a5e912a10882eebbd07ecfb12ed75202766f9f52aa77e7013118d833", 0x4d, 0x5, &(0x7f00000000c0)={0x0, 0x989680}) [ 133.428548] process 'syz-executor.4' launched '/dev/fd/-1' with NULL argv: empty string added [ 133.464934] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:56:37 executing program 5: mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x3000, 0x6, &(0x7f0000ffb000/0x3000)=nil) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x2) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x4, &(0x7f0000ffc000/0x4000)=nil) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x6000) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmat(r0, &(0x7f0000ffa000/0x1000)=nil, 0x7000) r1 = shmget$private(0x0, 0x1000, 0x4, &(0x7f0000ffa000/0x1000)=nil) shmat(r1, &(0x7f0000ffa000/0x1000)=nil, 0x4000) 15:56:37 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f00000015c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) gettid() 15:56:37 executing program 4: clock_nanosleep(0x2, 0x0, &(0x7f0000002700)={0x77359400}, 0x0) clock_nanosleep(0x7, 0x0, 0x0, &(0x7f0000008a80)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) bind$unix(r1, &(0x7f00000000c0)=@abs={0x1}, 0x6e) futex(&(0x7f0000008980)=0x2, 0xa, 0x0, &(0x7f00000089c0)={0x77359400}, &(0x7f0000008a00)=0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ppoll(&(0x7f0000003900)=[{r0, 0x200}, {0xffffffffffffffff, 0x120}, {0xffffffffffffffff, 0x4}, {r1, 0x500}, {0xffffffffffffffff, 0x120}, {0xffffffffffffffff, 0x40}, {r2, 0x10}, {0xffffffffffffffff, 0x2}], 0x8, &(0x7f0000008900)={0x0, 0x3938700}, &(0x7f0000008940)={[0x401]}, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)) 15:56:37 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 15:56:37 executing program 0: mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x7, 0x4) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2, &(0x7f0000000040)=0x80000001, 0x0, 0x0) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000080)=0x6, 0x1000, 0x1) mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, &(0x7f00000000c0), 0x7, 0x1) mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) syz_io_uring_setup(0x6559, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000180), 0x0) r0 = shmget(0x3, 0x1000, 0x400, &(0x7f0000ffe000/0x1000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x4000) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) mbind(&(0x7f0000ff1000/0xd000)=nil, 0xd000, 0x0, 0x0, 0xffffffffffffff26, 0x4) get_mempolicy(0x0, &(0x7f0000000280), 0x1, &(0x7f0000ff1000/0x2000)=nil, 0x5) remap_file_pages(&(0x7f0000a73000/0x2000)=nil, 0x2000, 0x0, 0x8d, 0x40000) [ 133.583666] syz-executor.6: attempt to access beyond end of device [ 133.583666] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 133.585862] Buffer I/O error on dev loop6, logical block 10, lost async page write 15:56:37 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_GETPARAMS(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000780)={0x14}, 0x14}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_START_REQ(r1, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x14}, 0x14}}, 0x0) [ 133.791092] syz-executor.2: attempt to access beyond end of device [ 133.791092] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 133.792348] Buffer I/O error on dev loop2, logical block 10, lost async page write 15:56:38 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f00000015c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) gettid() 15:56:38 executing program 5: mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x3000, 0x6, &(0x7f0000ffb000/0x3000)=nil) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x2) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x4, &(0x7f0000ffc000/0x4000)=nil) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x6000) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmat(r0, &(0x7f0000ffa000/0x1000)=nil, 0x7000) r1 = shmget$private(0x0, 0x1000, 0x4, &(0x7f0000ffa000/0x1000)=nil) shmat(r1, &(0x7f0000ffa000/0x1000)=nil, 0x4000) 15:56:38 executing program 1: mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x3000, 0x6, &(0x7f0000ffb000/0x3000)=nil) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x2) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x4, &(0x7f0000ffc000/0x4000)=nil) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x6000) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmat(r0, &(0x7f0000ffa000/0x1000)=nil, 0x7000) r1 = shmget$private(0x0, 0x1000, 0x4, &(0x7f0000ffa000/0x1000)=nil) shmat(r1, &(0x7f0000ffa000/0x1000)=nil, 0x4000) 15:56:38 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x1, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 15:56:38 executing program 6: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x16, &(0x7f0000002400), 0x8) 15:56:38 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 15:56:38 executing program 4: clock_nanosleep(0x2, 0x0, &(0x7f0000002700)={0x77359400}, 0x0) clock_nanosleep(0x7, 0x0, 0x0, &(0x7f0000008a80)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) bind$unix(r1, &(0x7f00000000c0)=@abs={0x1}, 0x6e) futex(&(0x7f0000008980)=0x2, 0xa, 0x0, &(0x7f00000089c0)={0x77359400}, &(0x7f0000008a00)=0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ppoll(&(0x7f0000003900)=[{r0, 0x200}, {0xffffffffffffffff, 0x120}, {0xffffffffffffffff, 0x4}, {r1, 0x500}, {0xffffffffffffffff, 0x120}, {0xffffffffffffffff, 0x40}, {r2, 0x10}, {0xffffffffffffffff, 0x2}], 0x8, &(0x7f0000008900)={0x0, 0x3938700}, &(0x7f0000008940)={[0x401]}, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)) 15:56:38 executing program 7: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89b0, &(0x7f0000000000)={'sit0\x00'}) 15:56:38 executing program 1: mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x3000, 0x6, &(0x7f0000ffb000/0x3000)=nil) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x2) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x4, &(0x7f0000ffc000/0x4000)=nil) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x6000) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmat(r0, &(0x7f0000ffa000/0x1000)=nil, 0x7000) r1 = shmget$private(0x0, 0x1000, 0x4, &(0x7f0000ffa000/0x1000)=nil) shmat(r1, &(0x7f0000ffa000/0x1000)=nil, 0x4000) 15:56:38 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f00000015c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) gettid() 15:56:38 executing program 7: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89b0, &(0x7f0000000000)={'sit0\x00'}) 15:56:38 executing program 5: mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x3000, 0x6, &(0x7f0000ffb000/0x3000)=nil) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x2) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x4, &(0x7f0000ffc000/0x4000)=nil) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x6000) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmat(r0, &(0x7f0000ffa000/0x1000)=nil, 0x7000) r1 = shmget$private(0x0, 0x1000, 0x4, &(0x7f0000ffa000/0x1000)=nil) shmat(r1, &(0x7f0000ffa000/0x1000)=nil, 0x4000) 15:56:38 executing program 6: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x16, &(0x7f0000002400), 0x8) 15:56:38 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x1, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 15:56:38 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f00000015c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) gettid() 15:56:39 executing program 5: mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x3000, 0x6, &(0x7f0000ffb000/0x3000)=nil) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x2) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x4, &(0x7f0000ffc000/0x4000)=nil) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x6000) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmat(r0, &(0x7f0000ffa000/0x1000)=nil, 0x7000) r1 = shmget$private(0x0, 0x1000, 0x4, &(0x7f0000ffa000/0x1000)=nil) shmat(r1, &(0x7f0000ffa000/0x1000)=nil, 0x4000) 15:56:39 executing program 1: mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x3000, 0x6, &(0x7f0000ffb000/0x3000)=nil) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x2) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x4, &(0x7f0000ffc000/0x4000)=nil) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x6000) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmat(r0, &(0x7f0000ffa000/0x1000)=nil, 0x7000) r1 = shmget$private(0x0, 0x1000, 0x4, &(0x7f0000ffa000/0x1000)=nil) shmat(r1, &(0x7f0000ffa000/0x1000)=nil, 0x4000) 15:56:39 executing program 7: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89b0, &(0x7f0000000000)={'sit0\x00'}) 15:56:39 executing program 6: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x16, &(0x7f0000002400), 0x8) 15:56:39 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x1, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 15:56:39 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f00000015c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) gettid() 15:56:39 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB], 0x100}}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000004c0)) socket$inet6_udplite(0xa, 0x2, 0x88) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x88000, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 15:56:39 executing program 7: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89b0, &(0x7f0000000000)={'sit0\x00'}) 15:56:39 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) fcntl$setlease(r0, 0x400, 0x1) 15:56:39 executing program 4: clock_nanosleep(0x2, 0x0, &(0x7f0000002700)={0x77359400}, 0x0) clock_nanosleep(0x7, 0x0, 0x0, &(0x7f0000008a80)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) bind$unix(r1, &(0x7f00000000c0)=@abs={0x1}, 0x6e) futex(&(0x7f0000008980)=0x2, 0xa, 0x0, &(0x7f00000089c0)={0x77359400}, &(0x7f0000008a00)=0x1, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ppoll(&(0x7f0000003900)=[{r0, 0x200}, {0xffffffffffffffff, 0x120}, {0xffffffffffffffff, 0x4}, {r1, 0x500}, {0xffffffffffffffff, 0x120}, {0xffffffffffffffff, 0x40}, {r2, 0x10}, {0xffffffffffffffff, 0x2}], 0x8, &(0x7f0000008900)={0x0, 0x3938700}, &(0x7f0000008940)={[0x401]}, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)) 15:56:39 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 15:56:39 executing program 6: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x16, &(0x7f0000002400), 0x8) 15:56:39 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x1, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 15:56:39 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) fcntl$setlease(r0, 0x400, 0x1) 15:56:39 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f00000015c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) gettid() 15:56:39 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 15:56:39 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) fcntl$setlease(r0, 0x400, 0x1) VM DIAGNOSIS: 15:56:30 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000001 RCX=0000000000000000 RDX=1ffff11002027016 RSI=ffffffff81a1e17e RDI=ffff888010138038 RBP=ffff888010106000 RSP=ffff888018807670 R8 =0000000000000004 R9 =0000000000000001 R10=0000000000000010 R11=0000000000000001 R12=ffff888010138000 R13=0000000000000000 R14=ffff888010106650 R15=0000000000000010 RIP=ffffffff81a1e1ac RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f6d5bb03900 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6d5af519b0 CR3=000000000f614000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 313030203a504952 3d4547415353454d YMM01=0000000000000000 0000000000000000 76655f7463656c6c 6f633a3031303020 YMM02=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM03=0000000000000000 0000000000000000 2f6c616e72756f6a 2f676f6c2f6e7572 YMM04=0000000000000000 0000000000000000 b22508569b4654b6 00000000001368f0 YMM05=0000000000000000 0000000000000000 d3fdd5f48436fbd7 00000000000aead0 YMM06=0000000000000000 0000000000000000 98c3bddbb26ac45d 00000000000ae988 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 44495f474f4c5359 530069253d595449 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0020000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000039 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b25c1 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff8880188cf4f8 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000039 R11=0000000000000001 R12=0000000000000039 R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b25b0 RIP=ffffffff822b2619 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f920ff2f700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2e021000 CR3=0000000041086000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f9212aa07c0 00007f9212aa07c8 YMM02=0000000000000000 0000000000000000 00007f9212aa07e0 00007f9212aa07c0 YMM03=0000000000000000 0000000000000000 00007f9212aa07c8 00007f9212aa07c0 YMM04=0000000000000000 0000000000000000 ffffffffffffff00 ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000