Warning: Permanently added '[localhost]:31877' (ECDSA) to the list of known hosts. 2023/02/24 11:01:07 fuzzer started 2023/02/24 11:01:07 dialing manager at localhost:41417 syzkaller login: [ 36.255686] cgroup: Unknown subsys name 'net' [ 36.354592] cgroup: Unknown subsys name 'rlimit' 2023/02/24 11:01:21 syscalls: 2217 2023/02/24 11:01:21 code coverage: enabled 2023/02/24 11:01:21 comparison tracing: enabled 2023/02/24 11:01:21 extra coverage: enabled 2023/02/24 11:01:21 setuid sandbox: enabled 2023/02/24 11:01:21 namespace sandbox: enabled 2023/02/24 11:01:21 Android sandbox: enabled 2023/02/24 11:01:21 fault injection: enabled 2023/02/24 11:01:21 leak checking: enabled 2023/02/24 11:01:21 net packet injection: enabled 2023/02/24 11:01:21 net device setup: enabled 2023/02/24 11:01:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 11:01:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 11:01:21 USB emulation: enabled 2023/02/24 11:01:21 hci packet injection: enabled 2023/02/24 11:01:21 wifi device emulation: enabled 2023/02/24 11:01:21 802.15.4 emulation: enabled 2023/02/24 11:01:21 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/24 11:01:21 fetching corpus: 25, signal 27890/31282 (executing program) 2023/02/24 11:01:21 fetching corpus: 60, signal 38062/42796 (executing program) 2023/02/24 11:01:21 fetching corpus: 109, signal 50833/56518 (executing program) 2023/02/24 11:01:21 fetching corpus: 159, signal 59320/65941 (executing program) 2023/02/24 11:01:22 fetching corpus: 209, signal 67129/74506 (executing program) 2023/02/24 11:01:22 fetching corpus: 259, signal 72966/81134 (executing program) 2023/02/24 11:01:22 fetching corpus: 309, signal 79586/88315 (executing program) 2023/02/24 11:01:22 fetching corpus: 358, signal 84611/93928 (executing program) 2023/02/24 11:01:22 fetching corpus: 408, signal 88826/98628 (executing program) 2023/02/24 11:01:22 fetching corpus: 455, signal 94123/104246 (executing program) 2023/02/24 11:01:22 fetching corpus: 505, signal 100655/110779 (executing program) 2023/02/24 11:01:23 fetching corpus: 555, signal 104465/114840 (executing program) 2023/02/24 11:01:23 fetching corpus: 605, signal 108145/118731 (executing program) 2023/02/24 11:01:23 fetching corpus: 653, signal 113042/123532 (executing program) 2023/02/24 11:01:23 fetching corpus: 703, signal 116742/127220 (executing program) 2023/02/24 11:01:23 fetching corpus: 753, signal 120380/130810 (executing program) 2023/02/24 11:01:23 fetching corpus: 802, signal 122887/133439 (executing program) 2023/02/24 11:01:24 fetching corpus: 852, signal 125463/135994 (executing program) 2023/02/24 11:01:24 fetching corpus: 902, signal 127029/137720 (executing program) 2023/02/24 11:01:24 fetching corpus: 952, signal 129591/140184 (executing program) 2023/02/24 11:01:24 fetching corpus: 1002, signal 131803/142306 (executing program) 2023/02/24 11:01:24 fetching corpus: 1052, signal 133654/144173 (executing program) 2023/02/24 11:01:24 fetching corpus: 1102, signal 135869/146213 (executing program) 2023/02/24 11:01:24 fetching corpus: 1152, signal 137150/147540 (executing program) 2023/02/24 11:01:25 fetching corpus: 1202, signal 138927/149192 (executing program) 2023/02/24 11:01:25 fetching corpus: 1252, signal 140292/150530 (executing program) 2023/02/24 11:01:25 fetching corpus: 1302, signal 141998/152068 (executing program) 2023/02/24 11:01:25 fetching corpus: 1351, signal 143625/153526 (executing program) 2023/02/24 11:01:25 fetching corpus: 1401, signal 146705/155847 (executing program) 2023/02/24 11:01:25 fetching corpus: 1449, signal 148609/157361 (executing program) 2023/02/24 11:01:25 fetching corpus: 1499, signal 150600/158898 (executing program) 2023/02/24 11:01:26 fetching corpus: 1549, signal 152505/160371 (executing program) 2023/02/24 11:01:26 fetching corpus: 1596, signal 153816/161423 (executing program) 2023/02/24 11:01:26 fetching corpus: 1646, signal 155073/162395 (executing program) 2023/02/24 11:01:26 fetching corpus: 1696, signal 157243/163884 (executing program) 2023/02/24 11:01:26 fetching corpus: 1746, signal 158495/164804 (executing program) 2023/02/24 11:01:26 fetching corpus: 1796, signal 159689/165651 (executing program) 2023/02/24 11:01:27 fetching corpus: 1846, signal 161438/166740 (executing program) 2023/02/24 11:01:27 fetching corpus: 1896, signal 162664/167529 (executing program) 2023/02/24 11:01:27 fetching corpus: 1946, signal 163585/168124 (executing program) 2023/02/24 11:01:27 fetching corpus: 1996, signal 164870/168911 (executing program) 2023/02/24 11:01:27 fetching corpus: 2046, signal 167231/170165 (executing program) 2023/02/24 11:01:28 fetching corpus: 2095, signal 168556/170903 (executing program) 2023/02/24 11:01:28 fetching corpus: 2145, signal 169662/171493 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/171674 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/171712 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/171769 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/171806 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/171845 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/171889 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/171923 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/171950 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/171987 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/172042 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/172086 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/172132 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/172176 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/172227 (executing program) 2023/02/24 11:01:28 fetching corpus: 2159, signal 169945/172277 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172326 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172363 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172406 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172448 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172484 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172520 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172564 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172618 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172645 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172679 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172714 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172759 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172802 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172840 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172882 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172913 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172947 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/172981 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/173024 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/173065 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/173107 (executing program) 2023/02/24 11:01:28 fetching corpus: 2160, signal 169965/173147 (executing program) 2023/02/24 11:01:28 fetching corpus: 2161, signal 169966/173204 (executing program) 2023/02/24 11:01:28 fetching corpus: 2161, signal 169966/173247 (executing program) 2023/02/24 11:01:28 fetching corpus: 2161, signal 169966/173287 (executing program) 2023/02/24 11:01:28 fetching corpus: 2161, signal 169966/173329 (executing program) 2023/02/24 11:01:28 fetching corpus: 2161, signal 169966/173353 (executing program) 2023/02/24 11:01:28 fetching corpus: 2161, signal 169966/173353 (executing program) 2023/02/24 11:01:31 starting 8 fuzzer processes 11:01:31 executing program 0: futex(0x0, 0x86, 0x0, &(0x7f0000001d80)={0x0, 0x989680}, 0x0, 0x0) 11:01:31 executing program 4: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, &(0x7f00000004c0)) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:01:31 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x7) 11:01:31 executing program 2: syz_emit_ethernet(0x4e, &(0x7f0000000180)={@local, @random="2722b090ea1b", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "d138be", 0x18, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, {[@dstopts={0x0, 0x2, '\x00', [@calipso={0x5, 0x2}, @pad1, @enc_lim]}]}}}}}, 0x0) 11:01:31 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socketpair(0x1, 0x1, 0x200, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_setup(0x3b2, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r4, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000940)=ANY=[@ANYRES32=r4, @ANYBLOB]) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000540)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r5, r0, 0x0, 0xfffffdef) [ 58.935098] audit: type=1400 audit(1677236491.177:6): avc: denied { execmem } for pid=262 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:01:31 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x11}}) 11:01:31 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) 11:01:31 executing program 7: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) [ 60.165315] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.167681] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.176004] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.185352] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.187203] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 60.189154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.254370] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 60.256549] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 60.257873] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 60.260272] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 60.264032] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 60.269772] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 60.272280] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 60.273497] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 60.274486] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 60.275514] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 60.277135] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 60.278992] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 60.280094] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 60.281148] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 60.282125] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 60.283071] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 60.284014] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 60.285424] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 60.287826] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 60.290558] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 60.291926] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 60.298104] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 60.299136] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 60.300321] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 60.301658] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 60.312647] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 60.314598] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 60.316369] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 60.318179] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 60.319919] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 60.322580] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 60.324178] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 60.325930] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 60.327053] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 60.327997] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 60.329549] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 60.330855] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 60.332030] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 60.333140] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 60.334076] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 60.341101] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 60.381610] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.249958] Bluetooth: hci0: command 0x0409 tx timeout [ 62.313545] Bluetooth: hci6: command 0x0409 tx timeout [ 62.377598] Bluetooth: hci4: command 0x0409 tx timeout [ 62.378761] Bluetooth: hci5: command 0x0409 tx timeout [ 62.379728] Bluetooth: hci7: command 0x0409 tx timeout [ 62.380644] Bluetooth: hci2: command 0x0409 tx timeout [ 62.441582] Bluetooth: hci3: command 0x0409 tx timeout [ 62.442550] Bluetooth: hci1: command 0x0409 tx timeout [ 64.297453] Bluetooth: hci0: command 0x041b tx timeout [ 64.361460] Bluetooth: hci6: command 0x041b tx timeout [ 64.426519] Bluetooth: hci2: command 0x041b tx timeout [ 64.426954] Bluetooth: hci7: command 0x041b tx timeout [ 64.427324] Bluetooth: hci5: command 0x041b tx timeout [ 64.427720] Bluetooth: hci4: command 0x041b tx timeout [ 64.489445] Bluetooth: hci1: command 0x041b tx timeout [ 64.489879] Bluetooth: hci3: command 0x041b tx timeout [ 66.346460] Bluetooth: hci0: command 0x040f tx timeout [ 66.411656] Bluetooth: hci6: command 0x040f tx timeout [ 66.474523] Bluetooth: hci4: command 0x040f tx timeout [ 66.474971] Bluetooth: hci5: command 0x040f tx timeout [ 66.475349] Bluetooth: hci7: command 0x040f tx timeout [ 66.475758] Bluetooth: hci2: command 0x040f tx timeout [ 66.538492] Bluetooth: hci3: command 0x040f tx timeout [ 66.538935] Bluetooth: hci1: command 0x040f tx timeout [ 68.394481] Bluetooth: hci0: command 0x0419 tx timeout [ 68.458481] Bluetooth: hci6: command 0x0419 tx timeout [ 68.522478] Bluetooth: hci2: command 0x0419 tx timeout [ 68.522922] Bluetooth: hci7: command 0x0419 tx timeout [ 68.523287] Bluetooth: hci5: command 0x0419 tx timeout [ 68.523856] Bluetooth: hci4: command 0x0419 tx timeout [ 68.586450] Bluetooth: hci1: command 0x0419 tx timeout [ 68.586888] Bluetooth: hci3: command 0x0419 tx timeout [ 104.144835] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.145673] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.148123] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 104.431041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.432312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.433817] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 104.816595] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.817324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.818866] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 105.018795] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.019511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.020991] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 105.515107] audit: type=1400 audit(1677236537.758:7): avc: denied { open } for pid=3759 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 105.516739] audit: type=1400 audit(1677236537.758:8): avc: denied { kernel } for pid=3759 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 105.569402] hrtimer: interrupt took 19667 ns [ 106.507316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.508023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.509289] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 106.553155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.553922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.555171] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 106.617303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.618257] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.645301] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 106.693620] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.694476] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.696266] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 106.727098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.728290] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.731292] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 106.842475] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.843287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.844996] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 107.074372] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.075235] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.090874] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 107.163582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.164203] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.165621] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 107.415355] audit: type=1400 audit(1677236539.658:9): avc: denied { write } for pid=3890 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 107.800750] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.801636] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.803830] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 107.852250] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.853341] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.854863] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 108.392423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.393005] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.399718] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 108.415689] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.416227] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.417576] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 108.930783] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=3935 'syz-executor.3' [ 108.938042] loop3: detected capacity change from 0 to 40 [ 109.677314] syz-executor.3: attempt to access beyond end of device [ 109.677314] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 109.679163] Buffer I/O error on dev loop3, logical block 10, lost async page write 11:02:21 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x7) 11:02:22 executing program 7: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:22 executing program 2: syz_emit_ethernet(0x4e, &(0x7f0000000180)={@local, @random="2722b090ea1b", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "d138be", 0x18, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, {[@dstopts={0x0, 0x2, '\x00', [@calipso={0x5, 0x2}, @pad1, @enc_lim]}]}}}}}, 0x0) 11:02:22 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) 11:02:22 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x11}}) 11:02:22 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socketpair(0x1, 0x1, 0x200, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_setup(0x3b2, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r4, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000940)=ANY=[@ANYRES32=r4, @ANYBLOB]) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000540)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r5, r0, 0x0, 0xfffffdef) 11:02:22 executing program 4: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, &(0x7f00000004c0)) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:02:22 executing program 0: futex(0x0, 0x86, 0x0, &(0x7f0000001d80)={0x0, 0x989680}, 0x0, 0x0) 11:02:22 executing program 0: futex(0x0, 0x86, 0x0, &(0x7f0000001d80)={0x0, 0x989680}, 0x0, 0x0) 11:02:22 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x7) 11:02:22 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) 11:02:22 executing program 2: syz_emit_ethernet(0x4e, &(0x7f0000000180)={@local, @random="2722b090ea1b", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "d138be", 0x18, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, {[@dstopts={0x0, 0x2, '\x00', [@calipso={0x5, 0x2}, @pad1, @enc_lim]}]}}}}}, 0x0) 11:02:22 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x11}}) [ 109.871319] loop3: detected capacity change from 0 to 40 [ 109.985819] syz-executor.3: attempt to access beyond end of device [ 109.985819] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 109.987467] Buffer I/O error on dev loop3, logical block 10, lost async page write [ 110.643022] loop3: detected capacity change from 0 to 40 11:02:22 executing program 0: futex(0x0, 0x86, 0x0, &(0x7f0000001d80)={0x0, 0x989680}, 0x0, 0x0) 11:02:22 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x7) 11:02:22 executing program 7: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:22 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x11}}) 11:02:22 executing program 2: syz_emit_ethernet(0x4e, &(0x7f0000000180)={@local, @random="2722b090ea1b", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "d138be", 0x18, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, {[@dstopts={0x0, 0x2, '\x00', [@calipso={0x5, 0x2}, @pad1, @enc_lim]}]}}}}}, 0x0) 11:02:22 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socketpair(0x1, 0x1, 0x200, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_setup(0x3b2, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r4, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000940)=ANY=[@ANYRES32=r4, @ANYBLOB]) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000540)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r5, r0, 0x0, 0xfffffdef) 11:02:22 executing program 4: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, &(0x7f00000004c0)) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:02:22 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) 11:02:22 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socketpair(0x1, 0x1, 0x200, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_setup(0x3b2, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r4, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000940)=ANY=[@ANYRES32=r4, @ANYBLOB]) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000540)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r5, r0, 0x0, 0xfffffdef) 11:02:22 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) 11:02:22 executing program 6: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:22 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:23 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) [ 110.787890] loop2: detected capacity change from 0 to 40 11:02:23 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) [ 110.897144] syz-executor.3: attempt to access beyond end of device [ 110.897144] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 110.899063] Buffer I/O error on dev loop3, logical block 10, lost async page write 11:02:23 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) 11:02:23 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socketpair(0x1, 0x1, 0x200, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_setup(0x3b2, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r4, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000940)=ANY=[@ANYRES32=r4, @ANYBLOB]) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000540)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r5, r0, 0x0, 0xfffffdef) [ 110.975838] loop3: detected capacity change from 0 to 40 [ 111.000764] syz-executor.2: attempt to access beyond end of device [ 111.000764] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 111.002343] Buffer I/O error on dev loop2, logical block 10, lost async page write 11:02:23 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socketpair(0x1, 0x1, 0x200, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_setup(0x3b2, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r4, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000940)=ANY=[@ANYRES32=r4, @ANYBLOB]) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000540)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r5, r0, 0x0, 0xfffffdef) [ 111.080731] loop2: detected capacity change from 0 to 40 [ 111.107948] syz-executor.3: attempt to access beyond end of device [ 111.107948] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 111.108998] Buffer I/O error on dev loop3, logical block 10, lost async page write [ 111.159295] syz-executor.2: attempt to access beyond end of device [ 111.159295] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 111.160545] Buffer I/O error on dev loop2, logical block 10, lost async page write 11:02:23 executing program 7: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) socketpair(0x1, 0x1, 0x200, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_setup(0x3b2, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r4, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000940)=ANY=[@ANYRES32=r4, @ANYBLOB]) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000540)={0x50, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x26004814}, 0x20000840) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x48000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r5, r0, 0x0, 0xfffffdef) 11:02:23 executing program 3: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000006c0)=@IORING_OP_SENDMSG={0x9, 0x2bb64ebd7e4dd765, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000500)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 11:02:23 executing program 4: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, &(0x7f00000004c0)) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 111.581848] loop2: detected capacity change from 0 to 40 [ 111.664330] syz-executor.2: attempt to access beyond end of device [ 111.664330] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 111.666059] Buffer I/O error on dev loop2, logical block 10, lost async page write 11:02:24 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:24 executing program 6: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:24 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:24 executing program 3: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000006c0)=@IORING_OP_SENDMSG={0x9, 0x2bb64ebd7e4dd765, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000500)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 11:02:24 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:24 executing program 2: perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000140)=[{0x26, 0x0, 0x0, 0x0, @tick, {}, {}, @control}], 0xfffffdcd) 11:02:24 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x163008, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa8, &(0x7f0000000180)={[{@resgid}]}) 11:02:24 executing program 7: keyctl$join(0x1, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000340)={0x0, 0x3, 0x2417c884, 0x6, 0x0, "6567881425d40bc61e42cef02b4c6944bb40d5", 0x1f, 0x5}) syncfs(0xffffffffffffffff) r1 = dup2(0xffffffffffffffff, r0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000640)={{0x1, 0x1, 0x18}, './file0\x00'}) 11:02:24 executing program 2: perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000140)=[{0x26, 0x0, 0x0, 0x0, @tick, {}, {}, @control}], 0xfffffdcd) 11:02:24 executing program 3: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000006c0)=@IORING_OP_SENDMSG={0x9, 0x2bb64ebd7e4dd765, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000500)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) [ 112.628444] EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8. Quota mode: none. [ 112.633666] EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8. Quota mode: none. 11:02:24 executing program 7: keyctl$join(0x1, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000340)={0x0, 0x3, 0x2417c884, 0x6, 0x0, "6567881425d40bc61e42cef02b4c6944bb40d5", 0x1f, 0x5}) syncfs(0xffffffffffffffff) r1 = dup2(0xffffffffffffffff, r0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000640)={{0x1, 0x1, 0x18}, './file0\x00'}) 11:02:25 executing program 7: keyctl$join(0x1, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000340)={0x0, 0x3, 0x2417c884, 0x6, 0x0, "6567881425d40bc61e42cef02b4c6944bb40d5", 0x1f, 0x5}) syncfs(0xffffffffffffffff) r1 = dup2(0xffffffffffffffff, r0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000640)={{0x1, 0x1, 0x18}, './file0\x00'}) 11:02:25 executing program 2: perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000140)=[{0x26, 0x0, 0x0, 0x0, @tick, {}, {}, @control}], 0xfffffdcd) 11:02:25 executing program 3: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000006c0)=@IORING_OP_SENDMSG={0x9, 0x2bb64ebd7e4dd765, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000500)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 11:02:25 executing program 6: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:25 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:25 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) 11:02:25 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x163008, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa8, &(0x7f0000000180)={[{@resgid}]}) 11:02:25 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)='m', 0x1}], 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xbe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) sigaltstack(&(0x7f0000ff7000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}, 0x0, 0x0, 0x8, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x293f, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000300)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) [ 113.613507] EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8. Quota mode: none. 11:02:25 executing program 7: keyctl$join(0x1, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000340)={0x0, 0x3, 0x2417c884, 0x6, 0x0, "6567881425d40bc61e42cef02b4c6944bb40d5", 0x1f, 0x5}) syncfs(0xffffffffffffffff) r1 = dup2(0xffffffffffffffff, r0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000640)={{0x1, 0x1, 0x18}, './file0\x00'}) 11:02:25 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x163008, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa8, &(0x7f0000000180)={[{@resgid}]}) 11:02:25 executing program 2: perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000140)=[{0x26, 0x0, 0x0, 0x0, @tick, {}, {}, @control}], 0xfffffdcd) 11:02:25 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(&(0x7f0000000340)=@device_b, &(0x7f0000000380)=ANY=[], 0x1f) [ 113.734214] EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8. Quota mode: none. 11:02:25 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000100)={0x24, 0x2a, 0x101, 0x0, 0x0, "", [@nested={0x14, 0x0, 0x0, 0x1, [@typed={0x4}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}]}]}, 0x24}], 0x1}, 0x0) [ 113.788941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 11:02:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x20, 0x18, 0x0, 0x101, 0x0, 0x0, {0xa, 0x0, 0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@multicast1}, @generic="ad"]}, 0x20}}, 0x0) 11:02:26 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x163008, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa8, &(0x7f0000000180)={[{@resgid}]}) 11:02:26 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(&(0x7f0000000340)=@device_b, &(0x7f0000000380)=ANY=[], 0x1f) 11:02:26 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000100)={0x24, 0x2a, 0x101, 0x0, 0x0, "", [@nested={0x14, 0x0, 0x0, 0x1, [@typed={0x4}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}]}]}, 0x24}], 0x1}, 0x0) 11:02:26 executing program 6: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(&(0x7f0000000340)=@device_b, &(0x7f0000000380)=ANY=[], 0x1f) [ 114.598982] EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8. Quota mode: none. 11:02:26 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xca, 0x0, 0x0, 0x20, 0x0, 0x3f, 0x8800, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b4, 0x0, @perf_config_ext, 0x48042, 0x2, 0x2002, 0x5, 0x4, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xe, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x1) r0 = epoll_create(0x4) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0x4}) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) io_submit(0x0, 0x30, &(0x7f0000001340)) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000100)={0x7, &(0x7f0000000000)=[{0x3, 0x7fff}, {0x5, 0x8000}, {0x4, 0x7d}, {0x7}, {0xc, 0x400}, {0x81, 0x200}, {0x81, 0x9}]}) dup2(r2, r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r4, &(0x7f0000000040)=[{&(0x7f0000000300)="0342edecebdd40", 0x7}, {&(0x7f0000000180)}, {&(0x7f0000000440)="cb59080af0522b7a097ad2d9fa8c0fa2d6e144bcee5c6c3602af9b34e557025a12b76979fd75c1670677d807ae4bc46df2437d1e489bcd0d42376be2a82cc11b19c2fe9ad547d82806a8a2759cf7a9e4356014c8795e0de13fbf8b0f92c7f6ef4942c13ce63e0839fb02bbdf91731c5269a21b7d2208fe28b8f12938081f983f4eeae13caabb00ef288b2868c7fd89dd6d879f095c2b711d65569f0bab369c64f9963083a8334d25640fa38b65a3e7d21434be46f03d683afdcde3f6add3ffe7337d6865b420cf4ecc0920effd2efb4991c0a61d5ef78a3d1b3909393f4d52f519e31040d1a2b6bbe3057f62d6137c6c0294eb1ba47697ddb0cf0cf123ae93834de351c483b1f01e4afb68c45dc5e44235b6354cbe2b45a85a1d134b2a499dff3fe5df675c7c35828b7f10afc6c8faaf0266a0cbbec9c80076cf8fadea", 0x13d}], 0x3, 0x9e74, 0x2) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000080)) pwritev(r3, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) 11:02:26 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwrite64(r2, &(0x7f0000000840)='2', 0x1, 0x83b2) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) pwrite64(r3, &(0x7f0000000140)="c0", 0x1, 0x75d6) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r1, 0x1, 0x6}) 11:02:26 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x1c, r1, 0x303, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) [ 114.638127] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 11:02:26 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000100)={0x24, 0x2a, 0x101, 0x0, 0x0, "", [@nested={0x14, 0x0, 0x0, 0x1, [@typed={0x4}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}]}]}, 0x24}], 0x1}, 0x0) [ 114.673347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 11:02:26 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000100)={0x24, 0x2a, 0x101, 0x0, 0x0, "", [@nested={0x14, 0x0, 0x0, 0x1, [@typed={0x4}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}]}]}, 0x24}], 0x1}, 0x0) 11:02:26 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwrite64(r2, &(0x7f0000000840)='2', 0x1, 0x83b2) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) pwrite64(r3, &(0x7f0000000140)="c0", 0x1, 0x75d6) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r1, 0x1, 0x6}) 11:02:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x20, 0x18, 0x0, 0x101, 0x0, 0x0, {0xa, 0x0, 0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@multicast1}, @generic="ad"]}, 0x20}}, 0x0) [ 114.778774] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 11:02:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x20, 0x18, 0x0, 0x101, 0x0, 0x0, {0xa, 0x0, 0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@multicast1}, @generic="ad"]}, 0x20}}, 0x0) [ 114.817086] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 11:02:27 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x1c, r1, 0x303, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) 11:02:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x20, 0x18, 0x0, 0x101, 0x0, 0x0, {0xa, 0x0, 0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@multicast1}, @generic="ad"]}, 0x20}}, 0x0) 11:02:27 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc042, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000300)={0x0, 0x3}) [ 114.891128] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 11:02:27 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x15f) write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file1', [{0x20, '#! \xa1\xd3\xd2\x9b\x8a\x8f6J\xca\\~\x18\xa8\x98$\xe0`\x89\x8c\xfa\'\x89[i\x98\\\xe74\x14\xb3\x1b\x9f\xa0\xe0a\'\xd2\xbe\xda({\x02\x18\xae|\xec\xb2\'X\x882\xea\xfd\x8a\xc6\x8aP\x84\x93\f\xb3\xd49f\x01g\xa1F\xda\xf1t\x8d\x0e\x89{1\x1f\x87\xdb\xe6\xd8\xf24[\x02H\x8d\x11\x87\xef\xd9\xa1,\xbb\xe9+\x83~r\x9dHY!Tn\x119\x159 \xa0\xd5b;\xf1\x03\x1aifLa\xcd\xb4\x87\xeal\x00\x84m\x91\x8b72p\xe21+\"2\x8f\xae\x82v\xac\xc08A\x9b6'}]}, 0xa4) close(r0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) [ 114.979490] process 'syz-executor.7' launched './file1' with NULL argv: empty string added [ 115.484594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 11:02:28 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x1c, r1, 0x303, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) 11:02:28 executing program 5: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000080)={0x0, 0x0, 0x4d, 0x0, '\x00', [{}, {0x800, 0x0, 0x80000000000}]}) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000140)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='clear_refs\x00') perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x68, 0x2, 0x6, 0x9, 0x0, 0x0, 0x48108, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x7fffffff}, 0x2001, 0x7, 0xfff, 0x9, 0x8, 0xffffffff, 0xffff, 0x0, 0xfff, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x5) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, 0x0, 0x0) 11:02:28 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwrite64(r2, &(0x7f0000000840)='2', 0x1, 0x83b2) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) pwrite64(r3, &(0x7f0000000140)="c0", 0x1, 0x75d6) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r1, 0x1, 0x6}) 11:02:28 executing program 6: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(&(0x7f0000000340)=@device_b, &(0x7f0000000380)=ANY=[], 0x1f) 11:02:28 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc042, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000300)={0x0, 0x3}) 11:02:28 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x15f) write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file1', [{0x20, '#! \xa1\xd3\xd2\x9b\x8a\x8f6J\xca\\~\x18\xa8\x98$\xe0`\x89\x8c\xfa\'\x89[i\x98\\\xe74\x14\xb3\x1b\x9f\xa0\xe0a\'\xd2\xbe\xda({\x02\x18\xae|\xec\xb2\'X\x882\xea\xfd\x8a\xc6\x8aP\x84\x93\f\xb3\xd49f\x01g\xa1F\xda\xf1t\x8d\x0e\x89{1\x1f\x87\xdb\xe6\xd8\xf24[\x02H\x8d\x11\x87\xef\xd9\xa1,\xbb\xe9+\x83~r\x9dHY!Tn\x119\x159 \xa0\xd5b;\xf1\x03\x1aifLa\xcd\xb4\x87\xeal\x00\x84m\x91\x8b72p\xe21+\"2\x8f\xae\x82v\xac\xc08A\x9b6'}]}, 0xa4) close(r0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 11:02:28 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(&(0x7f0000000340)=@device_b, &(0x7f0000000380)=ANY=[], 0x1f) 11:02:28 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xca, 0x0, 0x0, 0x20, 0x0, 0x3f, 0x8800, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b4, 0x0, @perf_config_ext, 0x48042, 0x2, 0x2002, 0x5, 0x4, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xe, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x1) r0 = epoll_create(0x4) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0x4}) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) io_submit(0x0, 0x30, &(0x7f0000001340)) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000100)={0x7, &(0x7f0000000000)=[{0x3, 0x7fff}, {0x5, 0x8000}, {0x4, 0x7d}, {0x7}, {0xc, 0x400}, {0x81, 0x200}, {0x81, 0x9}]}) dup2(r2, r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r4, &(0x7f0000000040)=[{&(0x7f0000000300)="0342edecebdd40", 0x7}, {&(0x7f0000000180)}, {&(0x7f0000000440)="cb59080af0522b7a097ad2d9fa8c0fa2d6e144bcee5c6c3602af9b34e557025a12b76979fd75c1670677d807ae4bc46df2437d1e489bcd0d42376be2a82cc11b19c2fe9ad547d82806a8a2759cf7a9e4356014c8795e0de13fbf8b0f92c7f6ef4942c13ce63e0839fb02bbdf91731c5269a21b7d2208fe28b8f12938081f983f4eeae13caabb00ef288b2868c7fd89dd6d879f095c2b711d65569f0bab369c64f9963083a8334d25640fa38b65a3e7d21434be46f03d683afdcde3f6add3ffe7337d6865b420cf4ecc0920effd2efb4991c0a61d5ef78a3d1b3909393f4d52f519e31040d1a2b6bbe3057f62d6137c6c0294eb1ba47697ddb0cf0cf123ae93834de351c483b1f01e4afb68c45dc5e44235b6354cbe2b45a85a1d134b2a499dff3fe5df675c7c35828b7f10afc6c8faaf0266a0cbbec9c80076cf8fadea", 0x13d}], 0x3, 0x9e74, 0x2) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000080)) pwritev(r3, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) [ 115.840604] audit: type=1400 audit(1677236548.083:10): avc: denied { block_suspend } for pid=4155 comm="syz-executor.1" capability=36 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 11:02:28 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x1c, r1, 0x303, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) 11:02:28 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc042, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000300)={0x0, 0x3}) 11:02:28 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwrite64(r2, &(0x7f0000000840)='2', 0x1, 0x83b2) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) pwrite64(r3, &(0x7f0000000140)="c0", 0x1, 0x75d6) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r1, 0x1, 0x6}) 11:02:28 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xca, 0x0, 0x0, 0x20, 0x0, 0x3f, 0x8800, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b4, 0x0, @perf_config_ext, 0x48042, 0x2, 0x2002, 0x5, 0x4, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xe, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x1) r0 = epoll_create(0x4) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0x4}) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) io_submit(0x0, 0x30, &(0x7f0000001340)) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000100)={0x7, &(0x7f0000000000)=[{0x3, 0x7fff}, {0x5, 0x8000}, {0x4, 0x7d}, {0x7}, {0xc, 0x400}, {0x81, 0x200}, {0x81, 0x9}]}) dup2(r2, r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r4, &(0x7f0000000040)=[{&(0x7f0000000300)="0342edecebdd40", 0x7}, {&(0x7f0000000180)}, {&(0x7f0000000440)="cb59080af0522b7a097ad2d9fa8c0fa2d6e144bcee5c6c3602af9b34e557025a12b76979fd75c1670677d807ae4bc46df2437d1e489bcd0d42376be2a82cc11b19c2fe9ad547d82806a8a2759cf7a9e4356014c8795e0de13fbf8b0f92c7f6ef4942c13ce63e0839fb02bbdf91731c5269a21b7d2208fe28b8f12938081f983f4eeae13caabb00ef288b2868c7fd89dd6d879f095c2b711d65569f0bab369c64f9963083a8334d25640fa38b65a3e7d21434be46f03d683afdcde3f6add3ffe7337d6865b420cf4ecc0920effd2efb4991c0a61d5ef78a3d1b3909393f4d52f519e31040d1a2b6bbe3057f62d6137c6c0294eb1ba47697ddb0cf0cf123ae93834de351c483b1f01e4afb68c45dc5e44235b6354cbe2b45a85a1d134b2a499dff3fe5df675c7c35828b7f10afc6c8faaf0266a0cbbec9c80076cf8fadea", 0x13d}], 0x3, 0x9e74, 0x2) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000080)) pwritev(r3, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) 11:02:28 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xca, 0x0, 0x0, 0x20, 0x0, 0x3f, 0x8800, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b4, 0x0, @perf_config_ext, 0x48042, 0x2, 0x2002, 0x5, 0x4, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xe, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x1) r0 = epoll_create(0x4) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0x4}) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) io_submit(0x0, 0x30, &(0x7f0000001340)) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000100)={0x7, &(0x7f0000000000)=[{0x3, 0x7fff}, {0x5, 0x8000}, {0x4, 0x7d}, {0x7}, {0xc, 0x400}, {0x81, 0x200}, {0x81, 0x9}]}) dup2(r2, r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r4, &(0x7f0000000040)=[{&(0x7f0000000300)="0342edecebdd40", 0x7}, {&(0x7f0000000180)}, {&(0x7f0000000440)="cb59080af0522b7a097ad2d9fa8c0fa2d6e144bcee5c6c3602af9b34e557025a12b76979fd75c1670677d807ae4bc46df2437d1e489bcd0d42376be2a82cc11b19c2fe9ad547d82806a8a2759cf7a9e4356014c8795e0de13fbf8b0f92c7f6ef4942c13ce63e0839fb02bbdf91731c5269a21b7d2208fe28b8f12938081f983f4eeae13caabb00ef288b2868c7fd89dd6d879f095c2b711d65569f0bab369c64f9963083a8334d25640fa38b65a3e7d21434be46f03d683afdcde3f6add3ffe7337d6865b420cf4ecc0920effd2efb4991c0a61d5ef78a3d1b3909393f4d52f519e31040d1a2b6bbe3057f62d6137c6c0294eb1ba47697ddb0cf0cf123ae93834de351c483b1f01e4afb68c45dc5e44235b6354cbe2b45a85a1d134b2a499dff3fe5df675c7c35828b7f10afc6c8faaf0266a0cbbec9c80076cf8fadea", 0x13d}], 0x3, 0x9e74, 0x2) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000080)) pwritev(r3, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) 11:02:28 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc042, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000300)={0x0, 0x3}) [ 116.158260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 11:02:28 executing program 5: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000080)={0x0, 0x0, 0x4d, 0x0, '\x00', [{}, {0x800, 0x0, 0x80000000000}]}) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000140)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='clear_refs\x00') perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x68, 0x2, 0x6, 0x9, 0x0, 0x0, 0x48108, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x7fffffff}, 0x2001, 0x7, 0xfff, 0x9, 0x8, 0xffffffff, 0xffff, 0x0, 0xfff, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x5) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, 0x0, 0x0) 11:02:28 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000080)={0x0, 0x0, 0x4d, 0x0, '\x00', [{}, {0x800, 0x0, 0x80000000000}]}) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000140)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='clear_refs\x00') perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x68, 0x2, 0x6, 0x9, 0x0, 0x0, 0x48108, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x7fffffff}, 0x2001, 0x7, 0xfff, 0x9, 0x8, 0xffffffff, 0xffff, 0x0, 0xfff, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x5) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, 0x0, 0x0) [ 116.356789] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 11:02:28 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xca, 0x0, 0x0, 0x20, 0x0, 0x3f, 0x8800, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b4, 0x0, @perf_config_ext, 0x48042, 0x2, 0x2002, 0x5, 0x4, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xe, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x1) r0 = epoll_create(0x4) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0x4}) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) io_submit(0x0, 0x30, &(0x7f0000001340)) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000100)={0x7, &(0x7f0000000000)=[{0x3, 0x7fff}, {0x5, 0x8000}, {0x4, 0x7d}, {0x7}, {0xc, 0x400}, {0x81, 0x200}, {0x81, 0x9}]}) dup2(r2, r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r4, &(0x7f0000000040)=[{&(0x7f0000000300)="0342edecebdd40", 0x7}, {&(0x7f0000000180)}, {&(0x7f0000000440)="cb59080af0522b7a097ad2d9fa8c0fa2d6e144bcee5c6c3602af9b34e557025a12b76979fd75c1670677d807ae4bc46df2437d1e489bcd0d42376be2a82cc11b19c2fe9ad547d82806a8a2759cf7a9e4356014c8795e0de13fbf8b0f92c7f6ef4942c13ce63e0839fb02bbdf91731c5269a21b7d2208fe28b8f12938081f983f4eeae13caabb00ef288b2868c7fd89dd6d879f095c2b711d65569f0bab369c64f9963083a8334d25640fa38b65a3e7d21434be46f03d683afdcde3f6add3ffe7337d6865b420cf4ecc0920effd2efb4991c0a61d5ef78a3d1b3909393f4d52f519e31040d1a2b6bbe3057f62d6137c6c0294eb1ba47697ddb0cf0cf123ae93834de351c483b1f01e4afb68c45dc5e44235b6354cbe2b45a85a1d134b2a499dff3fe5df675c7c35828b7f10afc6c8faaf0266a0cbbec9c80076cf8fadea", 0x13d}], 0x3, 0x9e74, 0x2) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000080)) pwritev(r3, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) 11:02:29 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xca, 0x0, 0x0, 0x20, 0x0, 0x3f, 0x8800, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b4, 0x0, @perf_config_ext, 0x48042, 0x2, 0x2002, 0x5, 0x4, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xe, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x1) r0 = epoll_create(0x4) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0x4}) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) io_submit(0x0, 0x30, &(0x7f0000001340)) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000100)={0x7, &(0x7f0000000000)=[{0x3, 0x7fff}, {0x5, 0x8000}, {0x4, 0x7d}, {0x7}, {0xc, 0x400}, {0x81, 0x200}, {0x81, 0x9}]}) dup2(r2, r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r4, &(0x7f0000000040)=[{&(0x7f0000000300)="0342edecebdd40", 0x7}, {&(0x7f0000000180)}, {&(0x7f0000000440)="cb59080af0522b7a097ad2d9fa8c0fa2d6e144bcee5c6c3602af9b34e557025a12b76979fd75c1670677d807ae4bc46df2437d1e489bcd0d42376be2a82cc11b19c2fe9ad547d82806a8a2759cf7a9e4356014c8795e0de13fbf8b0f92c7f6ef4942c13ce63e0839fb02bbdf91731c5269a21b7d2208fe28b8f12938081f983f4eeae13caabb00ef288b2868c7fd89dd6d879f095c2b711d65569f0bab369c64f9963083a8334d25640fa38b65a3e7d21434be46f03d683afdcde3f6add3ffe7337d6865b420cf4ecc0920effd2efb4991c0a61d5ef78a3d1b3909393f4d52f519e31040d1a2b6bbe3057f62d6137c6c0294eb1ba47697ddb0cf0cf123ae93834de351c483b1f01e4afb68c45dc5e44235b6354cbe2b45a85a1d134b2a499dff3fe5df675c7c35828b7f10afc6c8faaf0266a0cbbec9c80076cf8fadea", 0x13d}], 0x3, 0x9e74, 0x2) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000080)) pwritev(r3, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) 11:02:29 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc042, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000300)={0x0, 0x3}) 11:02:29 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000080)={0x0, 0x0, 0x4d, 0x0, '\x00', [{}, {0x800, 0x0, 0x80000000000}]}) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000140)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='clear_refs\x00') perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x68, 0x2, 0x6, 0x9, 0x0, 0x0, 0x48108, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x7fffffff}, 0x2001, 0x7, 0xfff, 0x9, 0x8, 0xffffffff, 0xffff, 0x0, 0xfff, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x5) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, 0x0, 0x0) 11:02:29 executing program 6: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(&(0x7f0000000340)=@device_b, &(0x7f0000000380)=ANY=[], 0x1f) 11:02:29 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x15f) write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file1', [{0x20, '#! \xa1\xd3\xd2\x9b\x8a\x8f6J\xca\\~\x18\xa8\x98$\xe0`\x89\x8c\xfa\'\x89[i\x98\\\xe74\x14\xb3\x1b\x9f\xa0\xe0a\'\xd2\xbe\xda({\x02\x18\xae|\xec\xb2\'X\x882\xea\xfd\x8a\xc6\x8aP\x84\x93\f\xb3\xd49f\x01g\xa1F\xda\xf1t\x8d\x0e\x89{1\x1f\x87\xdb\xe6\xd8\xf24[\x02H\x8d\x11\x87\xef\xd9\xa1,\xbb\xe9+\x83~r\x9dHY!Tn\x119\x159 \xa0\xd5b;\xf1\x03\x1aifLa\xcd\xb4\x87\xeal\x00\x84m\x91\x8b72p\xe21+\"2\x8f\xae\x82v\xac\xc08A\x9b6'}]}, 0xa4) close(r0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 11:02:29 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(&(0x7f0000000340)=@device_b, &(0x7f0000000380)=ANY=[], 0x1f) 11:02:29 executing program 5: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000080)={0x0, 0x0, 0x4d, 0x0, '\x00', [{}, {0x800, 0x0, 0x80000000000}]}) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000140)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='clear_refs\x00') perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x68, 0x2, 0x6, 0x9, 0x0, 0x0, 0x48108, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x7fffffff}, 0x2001, 0x7, 0xfff, 0x9, 0x8, 0xffffffff, 0xffff, 0x0, 0xfff, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x5) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, 0x0, 0x0) 11:02:29 executing program 1: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000000)) 11:02:29 executing program 1: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000000)) [ 117.013048] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 11:02:29 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc042, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000300)={0x0, 0x3}) 11:02:29 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x15f) write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file1', [{0x20, '#! \xa1\xd3\xd2\x9b\x8a\x8f6J\xca\\~\x18\xa8\x98$\xe0`\x89\x8c\xfa\'\x89[i\x98\\\xe74\x14\xb3\x1b\x9f\xa0\xe0a\'\xd2\xbe\xda({\x02\x18\xae|\xec\xb2\'X\x882\xea\xfd\x8a\xc6\x8aP\x84\x93\f\xb3\xd49f\x01g\xa1F\xda\xf1t\x8d\x0e\x89{1\x1f\x87\xdb\xe6\xd8\xf24[\x02H\x8d\x11\x87\xef\xd9\xa1,\xbb\xe9+\x83~r\x9dHY!Tn\x119\x159 \xa0\xd5b;\xf1\x03\x1aifLa\xcd\xb4\x87\xeal\x00\x84m\x91\x8b72p\xe21+\"2\x8f\xae\x82v\xac\xc08A\x9b6'}]}, 0xa4) close(r0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 11:02:29 executing program 1: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000000)) 11:02:29 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xca, 0x0, 0x0, 0x20, 0x0, 0x3f, 0x8800, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b4, 0x0, @perf_config_ext, 0x48042, 0x2, 0x2002, 0x5, 0x4, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xe, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x1) r0 = epoll_create(0x4) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0x4}) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) io_submit(0x0, 0x30, &(0x7f0000001340)) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000100)={0x7, &(0x7f0000000000)=[{0x3, 0x7fff}, {0x5, 0x8000}, {0x4, 0x7d}, {0x7}, {0xc, 0x400}, {0x81, 0x200}, {0x81, 0x9}]}) dup2(r2, r0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r4, &(0x7f0000000040)=[{&(0x7f0000000300)="0342edecebdd40", 0x7}, {&(0x7f0000000180)}, {&(0x7f0000000440)="cb59080af0522b7a097ad2d9fa8c0fa2d6e144bcee5c6c3602af9b34e557025a12b76979fd75c1670677d807ae4bc46df2437d1e489bcd0d42376be2a82cc11b19c2fe9ad547d82806a8a2759cf7a9e4356014c8795e0de13fbf8b0f92c7f6ef4942c13ce63e0839fb02bbdf91731c5269a21b7d2208fe28b8f12938081f983f4eeae13caabb00ef288b2868c7fd89dd6d879f095c2b711d65569f0bab369c64f9963083a8334d25640fa38b65a3e7d21434be46f03d683afdcde3f6add3ffe7337d6865b420cf4ecc0920effd2efb4991c0a61d5ef78a3d1b3909393f4d52f519e31040d1a2b6bbe3057f62d6137c6c0294eb1ba47697ddb0cf0cf123ae93834de351c483b1f01e4afb68c45dc5e44235b6354cbe2b45a85a1d134b2a499dff3fe5df675c7c35828b7f10afc6c8faaf0266a0cbbec9c80076cf8fadea", 0x13d}], 0x3, 0x9e74, 0x2) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000080)) pwritev(r3, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) 11:02:29 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc042, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000300)={0x0, 0x3}) 11:02:29 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000080)={0x0, 0x0, 0x4d, 0x0, '\x00', [{}, {0x800, 0x0, 0x80000000000}]}) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000140)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='clear_refs\x00') perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x68, 0x2, 0x6, 0x9, 0x0, 0x0, 0x48108, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x7fffffff}, 0x2001, 0x7, 0xfff, 0x9, 0x8, 0xffffffff, 0xffff, 0x0, 0xfff, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x5) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, 0x0, 0x0) [ 117.291541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 117.312940] [ 117.313085] ====================================================== [ 117.313528] WARNING: possible circular locking dependency detected [ 117.314007] 6.2.0-next-20230224 #1 Not tainted [ 117.314343] ------------------------------------------------------ [ 117.314787] syz-executor.3/275 is trying to acquire lock: [ 117.315183] ffff8880163bc880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 117.319879] [ 117.319879] but task is already holding lock: [ 117.320749] ffff8880163bc920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 117.322308] [ 117.322308] which lock already depends on the new lock. [ 117.322308] [ 117.323586] [ 117.323586] the existing dependency chain (in reverse order) is: [ 117.324969] [ 117.324969] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 117.326113] __mutex_lock+0x133/0x14a0 [ 117.326870] hci_cmd_sync_work+0x1e6/0x320 [ 117.327690] process_one_work+0xa0f/0x1790 [ 117.328389] worker_thread+0x63b/0x1260 [ 117.328976] kthread+0x2e9/0x3a0 [ 117.329479] ret_from_fork+0x2c/0x50 [ 117.330015] [ 117.330015] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 117.331024] __lock_acquire+0x2d56/0x6380 [ 117.331653] lock_acquire.part.0+0xea/0x320 [ 117.332278] __flush_work+0x109/0xd80 [ 117.332846] __cancel_work_timer+0x39c/0x4e0 [ 117.333477] hci_cmd_sync_clear+0x52/0x250 [ 117.334094] hci_unregister_dev+0xf9/0x410 [ 117.334711] vhci_release+0x80/0x100 [ 117.335267] __fput+0x263/0xa40 [ 117.335795] task_work_run+0x174/0x280 [ 117.336378] do_exit+0xad8/0x2800 [ 117.336900] do_group_exit+0xd4/0x2a0 [ 117.337465] __x64_sys_exit_group+0x3e/0x50 [ 117.338090] do_syscall_64+0x3f/0x90 [ 117.338637] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 117.339369] [ 117.339369] other info that might help us debug this: [ 117.339369] [ 117.340355] Possible unsafe locking scenario: [ 117.340355] [ 117.341100] CPU0 CPU1 [ 117.341679] ---- ---- [ 117.342250] lock(&hdev->cmd_sync_work_lock); [ 117.342837] lock((work_completion)(&hdev->cmd_sync_work)); [ 117.343864] lock(&hdev->cmd_sync_work_lock); [ 117.344737] lock((work_completion)(&hdev->cmd_sync_work)); [ 117.345461] [ 117.345461] *** DEADLOCK *** [ 117.345461] [ 117.346193] 1 lock held by syz-executor.3/275: [ 117.346759] #0: ffff8880163bc920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 117.348025] [ 117.348025] stack backtrace: [ 117.348579] CPU: 0 PID: 275 Comm: syz-executor.3 Not tainted 6.2.0-next-20230224 #1 [ 117.349511] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.350502] Call Trace: [ 117.350828] [ 117.351117] dump_stack_lvl+0x91/0xf0 [ 117.351611] check_noncircular+0x263/0x2e0 [ 117.352156] ? __pfx_check_noncircular+0x10/0x10 [ 117.352770] ? save_trace+0x285/0xcb0 [ 117.353266] ? __pfx_register_lock_class+0x10/0x10 [ 117.353905] __lock_acquire+0x2d56/0x6380 [ 117.354456] ? __pfx___lock_acquire+0x10/0x10 [ 117.355042] ? __pfx___lock_acquire+0x10/0x10 [ 117.355649] ? __pfx___lock_acquire+0x10/0x10 [ 117.356243] lock_acquire.part.0+0xea/0x320 [ 117.356802] ? __flush_work+0xdd/0xd80 [ 117.357318] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 117.357952] ? __flush_work+0xdd/0xd80 [ 117.358469] ? rcu_read_lock_sched_held+0x42/0x80 [ 117.359069] ? trace_lock_acquire+0x170/0x1e0 [ 117.359663] ? __flush_work+0xdd/0xd80 [ 117.360163] ? lock_acquire+0x32/0xc0 [ 117.360654] ? __flush_work+0xdd/0xd80 [ 117.361166] __flush_work+0x109/0xd80 [ 117.361682] ? __flush_work+0xdd/0xd80 [ 117.362186] ? __pfx_mark_lock.part.0+0x10/0x10 [ 117.362782] ? __pfx___flush_work+0x10/0x10 [ 117.363337] ? lock_acquire.part.0+0xea/0x320 [ 117.363909] ? hci_cmd_sync_clear+0x45/0x250 [ 117.364470] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 117.365088] ? hci_cmd_sync_clear+0x45/0x250 [ 117.365641] ? rcu_read_lock_sched_held+0x42/0x80 [ 117.366241] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.366964] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.367708] ? mark_held_locks+0x9e/0xe0 [ 117.368227] __cancel_work_timer+0x39c/0x4e0 [ 117.368774] ? __pfx___cancel_work_timer+0x10/0x10 [ 117.369379] ? __cancel_work_timer+0x2aa/0x4e0 [ 117.369952] ? __pfx___cancel_work_timer+0x10/0x10 [ 117.370563] ? lock_release+0x1e3/0x710 [ 117.371085] ? __pfx_lock_release+0x10/0x10 [ 117.371657] ? do_raw_write_lock+0x11e/0x3b0 [ 117.372213] ? __pfx_vhci_release+0x10/0x10 [ 117.372760] hci_cmd_sync_clear+0x52/0x250 [ 117.373298] ? __pfx_vhci_release+0x10/0x10 [ 117.373847] hci_unregister_dev+0xf9/0x410 [ 117.374386] vhci_release+0x80/0x100 [ 117.374872] __fput+0x263/0xa40 [ 117.375321] task_work_run+0x174/0x280 [ 117.375831] ? __pfx_task_work_run+0x10/0x10 [ 117.376404] ? switch_task_namespaces+0xb1/0xd0 [ 117.376990] ? kmem_cache_free+0xff/0x510 [ 117.377518] do_exit+0xad8/0x2800 [ 117.377964] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.378703] ? __pfx_lock_release+0x10/0x10 [ 117.379265] ? do_raw_spin_lock+0x125/0x270 [ 117.379814] ? __pfx_do_exit+0x10/0x10 [ 117.380312] ? _raw_spin_unlock_irq+0x23/0x40 [ 117.380891] do_group_exit+0xd4/0x2a0 [ 117.381390] __x64_sys_exit_group+0x3e/0x50 [ 117.381937] do_syscall_64+0x3f/0x90 [ 117.382416] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 117.383054] RIP: 0033:0x7fc32bfddb19 [ 117.383520] Code: Unable to access opcode bytes at 0x7fc32bfddaef. [ 117.384271] RSP: 002b:00007ffe30d2cf38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 117.385193] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 00007fc32bfddb19 [ 117.386071] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000043 [ 117.386939] RBP: 0000000000000000 R08: 0000000000000014 R09: 000000000000001c [ 117.387819] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc32c0380c3 [ 117.388684] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe30d2d120 [ 117.389559] [ 121.833495] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 126.057501] Bluetooth: hci2: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 11:02:29 Registers: info registers vcpu 0 RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff888015af7100 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000062 R11=0000000000000001 R12=0000000000000062 R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe046a8a6000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe046a8a4000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2c22d000 CR3=000000003c034000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=ffff88803ec6f530 RCX=0000000000000000 RDX=0000000000000001 RSI=0000000000000016 RDI=ffff88800c0b98b8 RBP=0000000000000016 RSP=ffff88803ec6f408 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffff88800c0b98b8 R13=0000000000000001 R14=0000000000000000 R15=000000000000000c RIP=ffffffff8164ca67 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f907aa56700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe2be4953000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe2be4951000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020001000 CR3=000000000ce60000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000004154921200000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000