Warning: Permanently added '[localhost]:41451' (ECDSA) to the list of known hosts. 2022/09/13 15:18:12 fuzzer started 2022/09/13 15:18:12 dialing manager at localhost:36597 syzkaller login: [ 43.970468] cgroup: Unknown subsys name 'net' [ 44.049704] cgroup: Unknown subsys name 'rlimit' 2022/09/13 15:18:27 syscalls: 2215 2022/09/13 15:18:27 code coverage: enabled 2022/09/13 15:18:27 comparison tracing: enabled 2022/09/13 15:18:27 extra coverage: enabled 2022/09/13 15:18:27 setuid sandbox: enabled 2022/09/13 15:18:27 namespace sandbox: enabled 2022/09/13 15:18:27 Android sandbox: enabled 2022/09/13 15:18:27 fault injection: enabled 2022/09/13 15:18:27 leak checking: enabled 2022/09/13 15:18:27 net packet injection: enabled 2022/09/13 15:18:27 net device setup: enabled 2022/09/13 15:18:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/13 15:18:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/13 15:18:27 USB emulation: enabled 2022/09/13 15:18:27 hci packet injection: enabled 2022/09/13 15:18:27 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220913) 2022/09/13 15:18:27 802.15.4 emulation: enabled 2022/09/13 15:18:27 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/13 15:18:27 fetching corpus: 48, signal 33295/36739 (executing program) 2022/09/13 15:18:27 fetching corpus: 98, signal 45751/50568 (executing program) 2022/09/13 15:18:27 fetching corpus: 148, signal 53638/59792 (executing program) 2022/09/13 15:18:27 fetching corpus: 198, signal 62184/69507 (executing program) 2022/09/13 15:18:27 fetching corpus: 248, signal 69192/77626 (executing program) 2022/09/13 15:18:27 fetching corpus: 298, signal 74023/83594 (executing program) 2022/09/13 15:18:28 fetching corpus: 348, signal 79736/90268 (executing program) 2022/09/13 15:18:28 fetching corpus: 398, signal 86302/97649 (executing program) 2022/09/13 15:18:28 fetching corpus: 448, signal 89548/101906 (executing program) 2022/09/13 15:18:28 fetching corpus: 498, signal 95079/108196 (executing program) 2022/09/13 15:18:28 fetching corpus: 548, signal 97111/111243 (executing program) 2022/09/13 15:18:28 fetching corpus: 598, signal 101286/116155 (executing program) 2022/09/13 15:18:28 fetching corpus: 648, signal 105052/120646 (executing program) 2022/09/13 15:18:29 fetching corpus: 698, signal 107837/124120 (executing program) 2022/09/13 15:18:29 fetching corpus: 748, signal 111403/128288 (executing program) 2022/09/13 15:18:29 fetching corpus: 798, signal 114438/131944 (executing program) 2022/09/13 15:18:29 fetching corpus: 848, signal 116528/134750 (executing program) 2022/09/13 15:18:29 fetching corpus: 898, signal 118573/137482 (executing program) 2022/09/13 15:18:29 fetching corpus: 948, signal 121968/141250 (executing program) 2022/09/13 15:18:29 fetching corpus: 998, signal 124331/144148 (executing program) 2022/09/13 15:18:30 fetching corpus: 1048, signal 126020/146518 (executing program) 2022/09/13 15:18:30 fetching corpus: 1098, signal 128318/149229 (executing program) 2022/09/13 15:18:30 fetching corpus: 1148, signal 130636/152012 (executing program) 2022/09/13 15:18:30 fetching corpus: 1198, signal 132791/154630 (executing program) 2022/09/13 15:18:30 fetching corpus: 1248, signal 134067/156475 (executing program) 2022/09/13 15:18:30 fetching corpus: 1298, signal 135668/158592 (executing program) 2022/09/13 15:18:30 fetching corpus: 1348, signal 138118/161291 (executing program) 2022/09/13 15:18:30 fetching corpus: 1398, signal 139809/163381 (executing program) 2022/09/13 15:18:31 fetching corpus: 1448, signal 141277/165348 (executing program) 2022/09/13 15:18:31 fetching corpus: 1498, signal 142673/167149 (executing program) 2022/09/13 15:18:31 fetching corpus: 1548, signal 143607/168645 (executing program) 2022/09/13 15:18:31 fetching corpus: 1598, signal 145862/171079 (executing program) 2022/09/13 15:18:31 fetching corpus: 1648, signal 147318/172897 (executing program) 2022/09/13 15:18:31 fetching corpus: 1698, signal 148585/174492 (executing program) 2022/09/13 15:18:31 fetching corpus: 1748, signal 150483/176556 (executing program) 2022/09/13 15:18:32 fetching corpus: 1798, signal 151930/178316 (executing program) 2022/09/13 15:18:32 fetching corpus: 1848, signal 153052/179793 (executing program) 2022/09/13 15:18:32 fetching corpus: 1898, signal 155209/181844 (executing program) 2022/09/13 15:18:32 fetching corpus: 1948, signal 157416/183929 (executing program) 2022/09/13 15:18:32 fetching corpus: 1998, signal 158555/185335 (executing program) 2022/09/13 15:18:32 fetching corpus: 2048, signal 160370/187164 (executing program) 2022/09/13 15:18:32 fetching corpus: 2098, signal 161462/188478 (executing program) 2022/09/13 15:18:33 fetching corpus: 2148, signal 162987/190064 (executing program) 2022/09/13 15:18:33 fetching corpus: 2198, signal 165470/192242 (executing program) 2022/09/13 15:18:33 fetching corpus: 2248, signal 167030/193789 (executing program) 2022/09/13 15:18:33 fetching corpus: 2298, signal 168208/195072 (executing program) 2022/09/13 15:18:33 fetching corpus: 2348, signal 169176/196161 (executing program) 2022/09/13 15:18:33 fetching corpus: 2398, signal 171130/197861 (executing program) 2022/09/13 15:18:33 fetching corpus: 2448, signal 171843/198821 (executing program) 2022/09/13 15:18:33 fetching corpus: 2498, signal 173071/200022 (executing program) 2022/09/13 15:18:34 fetching corpus: 2548, signal 174059/201102 (executing program) 2022/09/13 15:18:34 fetching corpus: 2598, signal 174922/202084 (executing program) 2022/09/13 15:18:34 fetching corpus: 2648, signal 176126/203252 (executing program) 2022/09/13 15:18:34 fetching corpus: 2698, signal 177817/204660 (executing program) 2022/09/13 15:18:34 fetching corpus: 2748, signal 179023/205852 (executing program) 2022/09/13 15:18:34 fetching corpus: 2798, signal 180179/206930 (executing program) 2022/09/13 15:18:34 fetching corpus: 2848, signal 182268/208445 (executing program) 2022/09/13 15:18:35 fetching corpus: 2898, signal 182929/209157 (executing program) 2022/09/13 15:18:35 fetching corpus: 2948, signal 184117/210203 (executing program) 2022/09/13 15:18:35 fetching corpus: 2998, signal 184770/211014 (executing program) 2022/09/13 15:18:35 fetching corpus: 3048, signal 185375/211731 (executing program) 2022/09/13 15:18:35 fetching corpus: 3098, signal 186311/212605 (executing program) 2022/09/13 15:18:35 fetching corpus: 3148, signal 186975/213316 (executing program) 2022/09/13 15:18:35 fetching corpus: 3198, signal 188142/214201 (executing program) 2022/09/13 15:18:35 fetching corpus: 3247, signal 189062/214970 (executing program) 2022/09/13 15:18:35 fetching corpus: 3297, signal 190457/215968 (executing program) 2022/09/13 15:18:36 fetching corpus: 3347, signal 191695/216879 (executing program) 2022/09/13 15:18:36 fetching corpus: 3397, signal 192821/217708 (executing program) 2022/09/13 15:18:36 fetching corpus: 3447, signal 193453/218345 (executing program) 2022/09/13 15:18:36 fetching corpus: 3497, signal 194659/219157 (executing program) 2022/09/13 15:18:36 fetching corpus: 3547, signal 195618/219900 (executing program) 2022/09/13 15:18:36 fetching corpus: 3597, signal 196476/220593 (executing program) 2022/09/13 15:18:36 fetching corpus: 3647, signal 197199/221220 (executing program) 2022/09/13 15:18:37 fetching corpus: 3696, signal 197857/221823 (executing program) 2022/09/13 15:18:37 fetching corpus: 3746, signal 198554/222391 (executing program) 2022/09/13 15:18:37 fetching corpus: 3796, signal 199831/223150 (executing program) 2022/09/13 15:18:37 fetching corpus: 3846, signal 200577/223802 (executing program) 2022/09/13 15:18:37 fetching corpus: 3896, signal 201274/224333 (executing program) 2022/09/13 15:18:37 fetching corpus: 3946, signal 202337/224970 (executing program) 2022/09/13 15:18:37 fetching corpus: 3996, signal 203107/225500 (executing program) 2022/09/13 15:18:38 fetching corpus: 4046, signal 204139/226200 (executing program) 2022/09/13 15:18:38 fetching corpus: 4095, signal 204821/226664 (executing program) 2022/09/13 15:18:38 fetching corpus: 4145, signal 205368/227068 (executing program) 2022/09/13 15:18:38 fetching corpus: 4195, signal 206099/227633 (executing program) 2022/09/13 15:18:38 fetching corpus: 4245, signal 206944/228119 (executing program) 2022/09/13 15:18:38 fetching corpus: 4295, signal 207666/228561 (executing program) 2022/09/13 15:18:39 fetching corpus: 4345, signal 208288/228946 (executing program) 2022/09/13 15:18:39 fetching corpus: 4395, signal 209160/229400 (executing program) 2022/09/13 15:18:40 fetching corpus: 4442, signal 210195/229952 (executing program) 2022/09/13 15:18:40 fetching corpus: 4492, signal 210839/230320 (executing program) 2022/09/13 15:18:40 fetching corpus: 4542, signal 211381/230673 (executing program) 2022/09/13 15:18:40 fetching corpus: 4592, signal 212011/231018 (executing program) 2022/09/13 15:18:40 fetching corpus: 4642, signal 212425/231323 (executing program) 2022/09/13 15:18:41 fetching corpus: 4692, signal 212959/231703 (executing program) 2022/09/13 15:18:41 fetching corpus: 4742, signal 213653/232082 (executing program) 2022/09/13 15:18:41 fetching corpus: 4792, signal 214482/232426 (executing program) 2022/09/13 15:18:41 fetching corpus: 4840, signal 215335/232806 (executing program) 2022/09/13 15:18:41 fetching corpus: 4888, signal 215895/233114 (executing program) 2022/09/13 15:18:41 fetching corpus: 4937, signal 216438/233338 (executing program) 2022/09/13 15:18:41 fetching corpus: 4987, signal 216989/233592 (executing program) 2022/09/13 15:18:42 fetching corpus: 5036, signal 217538/233826 (executing program) 2022/09/13 15:18:42 fetching corpus: 5085, signal 218275/234077 (executing program) 2022/09/13 15:18:42 fetching corpus: 5135, signal 218782/234331 (executing program) 2022/09/13 15:18:42 fetching corpus: 5183, signal 219280/234546 (executing program) 2022/09/13 15:18:42 fetching corpus: 5232, signal 219829/234756 (executing program) 2022/09/13 15:18:42 fetching corpus: 5282, signal 220826/235010 (executing program) 2022/09/13 15:18:42 fetching corpus: 5332, signal 221403/235179 (executing program) 2022/09/13 15:18:43 fetching corpus: 5382, signal 221839/235355 (executing program) 2022/09/13 15:18:43 fetching corpus: 5432, signal 222572/235524 (executing program) 2022/09/13 15:18:43 fetching corpus: 5482, signal 222950/235660 (executing program) 2022/09/13 15:18:43 fetching corpus: 5532, signal 223459/235787 (executing program) 2022/09/13 15:18:43 fetching corpus: 5582, signal 224269/235925 (executing program) 2022/09/13 15:18:43 fetching corpus: 5632, signal 224692/236080 (executing program) 2022/09/13 15:18:43 fetching corpus: 5682, signal 225196/236166 (executing program) 2022/09/13 15:18:44 fetching corpus: 5732, signal 226035/236252 (executing program) 2022/09/13 15:18:44 fetching corpus: 5780, signal 226561/236484 (executing program) 2022/09/13 15:18:44 fetching corpus: 5829, signal 227098/236499 (executing program) 2022/09/13 15:18:44 fetching corpus: 5855, signal 227494/236520 (executing program) 2022/09/13 15:18:44 fetching corpus: 5855, signal 227497/236520 (executing program) 2022/09/13 15:18:44 fetching corpus: 5855, signal 227497/236520 (executing program) 2022/09/13 15:18:46 starting 8 fuzzer processes 15:18:46 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x1d, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000018000000c20500002b0200000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e32343530303330383600"/192, 0xc0, 0x400}, {&(0x7f0000010100)="000000000000000000000000b138543112eb43ac9dbc7e1411f64d55010040000c00000000000000d7f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="0100000000000500400000000000000000000000000000003400000000000000", 0x20, 0x560}, {&(0x7f0000010300)="03000000040000000500000015000f0003000400"/32, 0x20, 0x800}, {&(0x7f0000010400)="ff070000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d7f4655fd7f4655fd7f4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x1480}, {&(0x7f0000010e00)="8081000000300404d7f4655fd7f4655fd7f4655f00000000000001002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000", 0x60, 0x1700}, {&(0x7f0000010f00)="c041000000300000d7f4655fd7f4655fd7f4655f00000000000002002000000000000800000000000af301000400000000000000000000000c00000020000000", 0x40, 0x1900}, {&(0x7f0000011000)="ed41000000040000d8f4655fd8f4655fd8f4655f00000000000002002000000000000800030000000af30100040000000000000000000000010000005000000000000000000000000000000000000000000000000000000000000000000000000000000011c938eb000000000000000000000000000000000000000000000000ed8100001a040000d8f4655fd8f4655fd8f4655f00000000000001002000000000000800010000000af3010004000000000000000000000002000000600000000000000000000000000000000000000000000000000000000000000000000000000000006718be5a000000000000000000000000000000000000000000000000ffa1000026000000d8f4655fd8f4655fd8f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3234353030333038362f66696c65302f66696c65300000000000000000000000000000000000000000000069f94ae3000000000000000000000000000000000000000000000000ed8100000a000000d8f4655fd8f4655fd8f4655f00000000000001004000000000000800010000000af3010004000000000000000000000001000000700000000000000000000000000000000000000000000000000000000000000000000000000000009ea5744c800000000000000000000000000000000000000000000000ed81000028230000d8f4655fd8f4655fd8f4655f00000000000002002000000000000800010000000af3010004000000000000000000000009000000900000000000000000000000000000000000000000000000000000000000000000000000000000007cd46898000000000000000000000000000000000000000000000000ed81000064000000d8f4655fd8f4655fd8f4655f00000000000001002000000000000800010000000af3010004000000000000000000000001000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000029d245d00"/768, 0x300, 0x1980}, {&(0x7f0000011300)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0x4000}, {&(0x7f0000011400)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x8000}, {&(0x7f0000011500)="00000000000400"/32, 0x20, 0x8400}, {&(0x7f0000011600)="00000000000400"/32, 0x20, 0x8800}, {&(0x7f0000011700)="00000000000400"/32, 0x20, 0x8c00}, {&(0x7f0000011800)="00000000000400"/32, 0x20, 0x9000}, {&(0x7f0000011900)="00000000000400"/32, 0x20, 0x9400}, {&(0x7f0000011a00)="00000000000400"/32, 0x20, 0x9800}, {&(0x7f0000011b00)="00000000000400"/32, 0x20, 0x9c00}, {&(0x7f0000011c00)="00000000000400"/32, 0x20, 0xa000}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0xa400}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0xa800}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0xac00}, {&(0x7f0000012000)="504d4d00504d4dffd8f4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7032390075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x10000}, {&(0x7f0000012100)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x14000}, {&(0x7f0000012200)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x18000}, {&(0x7f0000012700)='syzkallers\x00'/32, 0x20, 0x1c000}, {&(0x7f0000012800)="000002ea0100000001000000270f240c000000000000000000000000000000000601f8030000000006000000779b539778617474723100000601f00300000000060000007498539778617474723200"/96, 0x60, 0x20000}, {&(0x7f0000012900)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xattr2\x00\x00xattr1\x00\x00', 0x20, 0x203e0}, {&(0x7f0000012a00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x28000}], 0x0, &(0x7f0000012b00)) 15:18:46 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendfile(r1, r0, 0x0, 0xa000000000) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @dev}, 0xc) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 15:18:46 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x28}}, 0x0) 15:18:46 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) readv(r1, &(0x7f0000000ac0)=[{&(0x7f0000000340)=""/3, 0x3}, {&(0x7f0000000380)=""/75, 0x4b}, {&(0x7f00000007c0)=""/253, 0xfd}, {&(0x7f00000006c0)=""/84, 0x54}, {&(0x7f00000008c0)=""/126, 0x7e}, {&(0x7f0000000940)=""/113, 0x71}, {&(0x7f0000000b80)=""/20, 0x14}, {&(0x7f0000000bc0)=""/171, 0xab}, {&(0x7f0000000740)=""/26, 0x1a}, {&(0x7f0000000a80)=""/60, 0x3c}], 0xa) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x1, 0x1, 0x0, 'queue1\x00', 0x1000}) ioctl$EXT4_IOC_CHECKPOINT(r2, 0x4004662b, &(0x7f0000000240)=0x1) r3 = epoll_create1(0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000440)='./file1\x00', 0x109042, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x0, r4, &(0x7f0000000000)="1c", 0xf}]) write$sndseq(r4, &(0x7f0000000400)=[{0x81, 0x1f, 0x2, 0x40, @time={0x40, 0xfffffffb}, {0x1a, 0xff}, {0x3f, 0x1f}, @connect={{0x2, 0x7f}, {0x7c, 0x1f}}}, {0xf8, 0x6, 0x3, 0x3, @tick=0x6, {0x69, 0x1}, {0x9, 0x3}, @raw8={"e36e2d888f0ecd381042c169"}}], 0x38) sendfile(r3, r0, &(0x7f0000000300)=0x8c9e, 0x10001) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x7f) 15:18:46 executing program 4: syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@random="dda978731a96", @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @broadcast}, @source_quench={0x8, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}, 0x0) 15:18:46 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x4bfa, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000040)) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x12354}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f00000003c0)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r2, 0x0, 0x0, 0x87ffffc) pwritev2(r1, &(0x7f0000000300)=[{&(0x7f0000000180)="3c05886344f6c1676463474261a3cd71268afe038e7d96f46fea5246194a21c0bca49aab4882c5e4b508f5caf019902800cc407c31ecca2126ec616e9ef51561c11fb6d5ad0dc0c03998e37daae333db1252ad0d6b210c26dc017bcd9eb7b3773f1ab930713c646093f3efac450fcd793d65bfca217cf1d1be3971f4b8bee2b4fd3876a9b065f04ff62603f3cffe0e3ead48226b756653faf696165c00c54890e8d4590f8c08e761926d1a367f7adaff0cd7a0a804aae86072e3866492eabdfbbf60d4a310dfda9cb5f679ca00946a01dd39236d72f2aa56bb3d9d47c042843926cfff2164e5df0e048b3a8d", 0xec}], 0x1, 0x6, 0x2, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="01000200000100002e2f7b696c653100"]) [ 78.158928] audit: type=1400 audit(1663082326.815:6): avc: denied { execmem } for pid=286 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 15:18:46 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='\'/]^(\x00') 15:18:46 executing program 7: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) readv(r0, &(0x7f0000000440)=[{&(0x7f0000000080)=""/141, 0x8d}], 0x1) [ 79.387576] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.388397] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.391703] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.392269] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.404089] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.404649] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.409534] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.410228] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.411117] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.412172] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.412796] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.413536] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.414372] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.420253] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.422567] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.423257] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.424393] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 79.425176] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 79.425724] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 79.426560] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.427222] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.430434] Bluetooth: hci2: HCI_REQ-0x0c1a [ 79.431413] Bluetooth: hci3: HCI_REQ-0x0c1a [ 79.433643] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.444423] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 79.453913] Bluetooth: hci1: HCI_REQ-0x0c1a [ 79.479049] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.490571] Bluetooth: hci0: HCI_REQ-0x0c1a [ 81.435484] Bluetooth: hci2: command 0x0409 tx timeout [ 81.498962] Bluetooth: hci0: command 0x0409 tx timeout [ 81.498995] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 81.500414] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 81.501455] Bluetooth: hci1: command 0x0409 tx timeout [ 81.502047] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 81.503134] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 81.503422] Bluetooth: hci3: command 0x0409 tx timeout [ 83.483018] Bluetooth: hci2: command 0x041b tx timeout [ 83.548504] Bluetooth: hci3: command 0x041b tx timeout [ 83.549476] Bluetooth: hci1: command 0x041b tx timeout [ 83.550327] Bluetooth: hci0: command 0x041b tx timeout [ 85.530952] Bluetooth: hci2: command 0x040f tx timeout [ 85.594989] Bluetooth: hci0: command 0x040f tx timeout [ 85.597550] Bluetooth: hci1: command 0x040f tx timeout [ 85.598430] Bluetooth: hci3: command 0x040f tx timeout [ 87.066997] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 87.068051] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 87.130978] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 87.131980] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 87.578964] Bluetooth: hci2: command 0x0419 tx timeout [ 87.643933] Bluetooth: hci3: command 0x0419 tx timeout [ 87.644430] Bluetooth: hci1: command 0x0419 tx timeout [ 87.644835] Bluetooth: hci0: command 0x0419 tx timeout [ 89.694225] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.696085] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.703049] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.720069] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.727035] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 89.727943] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.734564] Bluetooth: hci4: HCI_REQ-0x0c1a [ 90.078776] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 90.080133] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 90.081165] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 90.083684] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 90.084601] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 90.085503] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 90.088365] Bluetooth: hci5: HCI_REQ-0x0c1a [ 90.206703] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 90.207798] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 90.209886] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 90.227376] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 90.234065] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 90.240680] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 90.255908] Bluetooth: hci6: HCI_REQ-0x0c1a [ 90.343451] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 90.348683] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 90.355067] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 90.361754] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 90.363092] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 90.363820] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 90.375278] Bluetooth: hci7: HCI_REQ-0x0c1a [ 91.803956] Bluetooth: hci4: command 0x0409 tx timeout [ 92.124039] Bluetooth: hci5: command 0x0409 tx timeout [ 92.315957] Bluetooth: hci6: command 0x0409 tx timeout [ 92.443027] Bluetooth: hci7: command 0x0409 tx timeout [ 93.850956] Bluetooth: hci4: command 0x041b tx timeout [ 94.170910] Bluetooth: hci5: command 0x041b tx timeout [ 94.362968] Bluetooth: hci6: command 0x041b tx timeout [ 94.490908] Bluetooth: hci7: command 0x041b tx timeout [ 95.899963] Bluetooth: hci4: command 0x040f tx timeout [ 96.219938] Bluetooth: hci5: command 0x040f tx timeout [ 96.411918] Bluetooth: hci6: command 0x040f tx timeout [ 96.538914] Bluetooth: hci7: command 0x040f tx timeout [ 97.947918] Bluetooth: hci4: command 0x0419 tx timeout [ 98.267948] Bluetooth: hci5: command 0x0419 tx timeout [ 98.460016] Bluetooth: hci6: command 0x0419 tx timeout [ 98.587953] Bluetooth: hci7: command 0x0419 tx timeout 15:19:32 executing program 7: prctl$PR_SET_DUMPABLE(0x34, 0x2) 15:19:32 executing program 7: prctl$PR_SET_DUMPABLE(0x34, 0x2) 15:19:32 executing program 7: prctl$PR_SET_DUMPABLE(0x34, 0x2) 15:19:32 executing program 7: prctl$PR_SET_DUMPABLE(0x34, 0x2) 15:19:33 executing program 7: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) [ 124.538899] loop7: detected capacity change from 0 to 40 [ 124.663820] audit: type=1400 audit(1663082373.320:7): avc: denied { open } for pid=3220 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 124.665216] audit: type=1400 audit(1663082373.320:8): avc: denied { kernel } for pid=3220 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 124.675047] ------------[ cut here ]------------ [ 124.675071] [ 124.675073] ====================================================== [ 124.675077] WARNING: possible circular locking dependency detected [ 124.675082] 6.0.0-rc5-next-20220913 #1 Not tainted [ 124.675088] ------------------------------------------------------ [ 124.675092] syz-executor.7/3221 is trying to acquire lock: [ 124.675098] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 124.675137] [ 124.675137] but task is already holding lock: [ 124.675140] ffff88800da99420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 124.675168] [ 124.675168] which lock already depends on the new lock. [ 124.675168] [ 124.675171] [ 124.675171] the existing dependency chain (in reverse order) is: [ 124.675174] [ 124.675174] -> #3 (&ctx->lock){....}-{2:2}: [ 124.675188] _raw_spin_lock+0x2a/0x40 [ 124.675206] __perf_event_task_sched_out+0x53b/0x18d0 [ 124.675218] __schedule+0xedd/0x2470 [ 124.675228] schedule+0xda/0x1b0 [ 124.675237] futex_wait_queue+0xf5/0x1e0 [ 124.675249] futex_wait+0x28e/0x690 [ 124.675259] do_futex+0x2ff/0x380 [ 124.675268] __x64_sys_futex+0x1c6/0x4d0 [ 124.675278] do_syscall_64+0x3b/0x90 [ 124.675292] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.675311] [ 124.675311] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 124.675327] _raw_spin_lock_nested+0x30/0x40 [ 124.675342] raw_spin_rq_lock_nested+0x1e/0x30 [ 124.675354] task_fork_fair+0x63/0x4d0 [ 124.675371] sched_cgroup_fork+0x3d0/0x540 [ 124.675385] copy_process+0x3f9e/0x6df0 [ 124.675396] kernel_clone+0xe7/0x890 [ 124.675405] user_mode_thread+0xad/0xf0 [ 124.675415] rest_init+0x24/0x250 [ 124.675431] arch_call_rest_init+0xf/0x14 [ 124.675451] start_kernel+0x4c1/0x4e6 [ 124.675467] secondary_startup_64_no_verify+0xe0/0xeb [ 124.675481] [ 124.675481] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 124.675495] _raw_spin_lock_irqsave+0x39/0x60 [ 124.675509] try_to_wake_up+0xab/0x1920 [ 124.675522] up+0x75/0xb0 [ 124.675533] __up_console_sem+0x6e/0x80 [ 124.675549] console_unlock+0x46a/0x590 [ 124.675564] do_con_write+0xc05/0x1d50 [ 124.675576] con_write+0x21/0x40 [ 124.675585] n_tty_write+0x4d4/0xfe0 [ 124.675598] file_tty_write.constprop.0+0x49c/0x8f0 [ 124.675610] vfs_write+0x9c3/0xd90 [ 124.675629] ksys_write+0x127/0x250 [ 124.675645] do_syscall_64+0x3b/0x90 [ 124.675658] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.675674] [ 124.675674] -> #0 ((console_sem).lock){....}-{2:2}: [ 124.675688] __lock_acquire+0x2a02/0x5e70 [ 124.675704] lock_acquire+0x1a2/0x530 [ 124.675720] _raw_spin_lock_irqsave+0x39/0x60 [ 124.675734] down_trylock+0xe/0x70 [ 124.675746] __down_trylock_console_sem+0x3b/0xd0 [ 124.675762] vprintk_emit+0x16b/0x560 [ 124.675778] vprintk+0x84/0xa0 [ 124.675793] _printk+0xba/0xf1 [ 124.675811] report_bug.cold+0x72/0xab [ 124.675823] handle_bug+0x3c/0x70 [ 124.675835] exc_invalid_op+0x14/0x50 [ 124.675848] asm_exc_invalid_op+0x16/0x20 [ 124.675864] group_sched_out.part.0+0x2c7/0x460 [ 124.675874] ctx_sched_out+0x8f1/0xc10 [ 124.675884] __perf_event_task_sched_out+0x6d0/0x18d0 [ 124.675896] __schedule+0xedd/0x2470 [ 124.675905] schedule+0xda/0x1b0 [ 124.675915] futex_wait_queue+0xf5/0x1e0 [ 124.675925] futex_wait+0x28e/0x690 [ 124.675935] do_futex+0x2ff/0x380 [ 124.675943] __x64_sys_futex+0x1c6/0x4d0 [ 124.675953] do_syscall_64+0x3b/0x90 [ 124.675966] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.675982] [ 124.675982] other info that might help us debug this: [ 124.675982] [ 124.675985] Chain exists of: [ 124.675985] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 124.675985] [ 124.676001] Possible unsafe locking scenario: [ 124.676001] [ 124.676003] CPU0 CPU1 [ 124.676005] ---- ---- [ 124.676008] lock(&ctx->lock); [ 124.676013] lock(&rq->__lock); [ 124.676020] lock(&ctx->lock); [ 124.676026] lock((console_sem).lock); [ 124.676032] [ 124.676032] *** DEADLOCK *** [ 124.676032] [ 124.676034] 2 locks held by syz-executor.7/3221: [ 124.676041] #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 124.676066] #1: ffff88800da99420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 124.676094] [ 124.676094] stack backtrace: [ 124.676097] CPU: 1 PID: 3221 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220913 #1 [ 124.676110] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 124.676118] Call Trace: [ 124.676121] [ 124.676125] dump_stack_lvl+0x8b/0xb3 [ 124.676140] check_noncircular+0x263/0x2e0 [ 124.676156] ? format_decode+0x26c/0xb50 [ 124.676171] ? print_circular_bug+0x450/0x450 [ 124.676188] ? enable_ptr_key_workfn+0x20/0x20 [ 124.676201] ? __lockdep_reset_lock+0x180/0x180 [ 124.676218] ? format_decode+0x26c/0xb50 [ 124.676234] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 124.676251] __lock_acquire+0x2a02/0x5e70 [ 124.676272] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 124.676293] lock_acquire+0x1a2/0x530 [ 124.676310] ? down_trylock+0xe/0x70 [ 124.676324] ? rcu_read_unlock+0x40/0x40 [ 124.676342] ? find_held_lock+0x2c/0x110 [ 124.676359] ? vprintk+0x84/0xa0 [ 124.676377] _raw_spin_lock_irqsave+0x39/0x60 [ 124.676392] ? down_trylock+0xe/0x70 [ 124.676405] down_trylock+0xe/0x70 [ 124.676418] ? vprintk+0x84/0xa0 [ 124.676434] __down_trylock_console_sem+0x3b/0xd0 [ 124.676451] vprintk_emit+0x16b/0x560 [ 124.676470] vprintk+0x84/0xa0 [ 124.676487] _printk+0xba/0xf1 [ 124.676504] ? record_print_text.cold+0x16/0x16 [ 124.676523] ? hrtimer_try_to_cancel+0x163/0x2c0 [ 124.676537] ? lock_downgrade+0x6d0/0x6d0 [ 124.676554] ? report_bug.cold+0x66/0xab [ 124.676568] ? group_sched_out.part.0+0x2c7/0x460 [ 124.676579] report_bug.cold+0x72/0xab [ 124.676594] handle_bug+0x3c/0x70 [ 124.676607] exc_invalid_op+0x14/0x50 [ 124.676621] asm_exc_invalid_op+0x16/0x20 [ 124.676638] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 124.676651] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 124.676663] RSP: 0018:ffff888041e3f8f8 EFLAGS: 00010006 [ 124.676672] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 124.676680] RDX: ffff88801bfa5040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 124.676688] RBP: ffff888041e18000 R08: 0000000000000005 R09: 0000000000000001 [ 124.676695] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800da99400 [ 124.676703] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002 [ 124.676713] ? group_sched_out.part.0+0x2c7/0x460 [ 124.676726] ? group_sched_out.part.0+0x2c7/0x460 [ 124.676739] ctx_sched_out+0x8f1/0xc10 [ 124.676752] __perf_event_task_sched_out+0x6d0/0x18d0 [ 124.676767] ? lock_is_held_type+0xd7/0x130 [ 124.676785] ? __perf_cgroup_move+0x160/0x160 [ 124.676796] ? set_next_entity+0x304/0x550 [ 124.676816] ? lock_is_held_type+0xd7/0x130 [ 124.676834] __schedule+0xedd/0x2470 [ 124.676846] ? io_schedule_timeout+0x150/0x150 [ 124.676861] schedule+0xda/0x1b0 [ 124.676872] futex_wait_queue+0xf5/0x1e0 [ 124.676884] futex_wait+0x28e/0x690 [ 124.676897] ? futex_wait_setup+0x230/0x230 [ 124.676914] ? wake_up_q+0x8b/0xf0 [ 124.676927] ? do_raw_spin_unlock+0x4f/0x220 [ 124.676947] ? futex_wake+0x158/0x490 [ 124.676961] ? lock_downgrade+0x6d0/0x6d0 [ 124.676978] ? lock_is_held_type+0xd7/0x130 [ 124.676998] do_futex+0x2ff/0x380 [ 124.677009] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 124.677021] ? ktime_get+0x153/0x1f0 [ 124.677037] __x64_sys_futex+0x1c6/0x4d0 [ 124.677049] ? hrtimer_interrupt+0x5b0/0x770 [ 124.677062] ? __x64_sys_futex_time32+0x480/0x480 [ 124.677074] ? syscall_enter_from_user_mode+0x1d/0x50 [ 124.677093] ? syscall_enter_from_user_mode+0x1d/0x50 [ 124.677113] do_syscall_64+0x3b/0x90 [ 124.677127] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.677145] RIP: 0033:0x7f0be04b0b19 [ 124.677154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.677165] RSP: 002b:00007f0bdda26218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.677175] RAX: ffffffffffffffda RBX: 00007f0be05c3f68 RCX: 00007f0be04b0b19 [ 124.677183] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0be05c3f68 [ 124.677190] RBP: 00007f0be05c3f60 R08: 0000000000000000 R09: 0000000000000000 [ 124.677198] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0be05c3f6c [ 124.677205] R13: 00007fffeb7613ef R14: 00007f0bdda26300 R15: 0000000000022000 [ 124.677218] [ 124.695362] loop0: detected capacity change from 0 to 1024 [ 124.695411] WARNING: CPU: 1 PID: 3221 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 124.745471] Modules linked in: [ 124.745791] CPU: 1 PID: 3221 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220913 #1 [ 124.746567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 124.747679] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 124.748212] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 124.749948] RSP: 0018:ffff888041e3f8f8 EFLAGS: 00010006 [ 124.750475] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 124.751187] RDX: ffff88801bfa5040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 124.751830] RBP: ffff888041e18000 R08: 0000000000000005 R09: 0000000000000001 [ 124.752521] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800da99400 [ 124.753216] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002 [ 124.753904] FS: 00007f0bdda26700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 124.754689] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.755265] CR2: 00007f1bfb1321f0 CR3: 000000000c102000 CR4: 0000000000350ee0 [ 124.755956] Call Trace: [ 124.756211] [ 124.756435] ctx_sched_out+0x8f1/0xc10 [ 124.756826] __perf_event_task_sched_out+0x6d0/0x18d0 [ 124.757301] ? lock_is_held_type+0xd7/0x130 [ 124.757730] ? __perf_cgroup_move+0x160/0x160 [ 124.758173] ? set_next_entity+0x304/0x550 [ 124.758599] ? lock_is_held_type+0xd7/0x130 [ 124.759039] __schedule+0xedd/0x2470 [ 124.759414] ? io_schedule_timeout+0x150/0x150 [ 124.759843] schedule+0xda/0x1b0 [ 124.760173] futex_wait_queue+0xf5/0x1e0 [ 124.760573] futex_wait+0x28e/0x690 [ 124.760938] ? futex_wait_setup+0x230/0x230 [ 124.761363] ? wake_up_q+0x8b/0xf0 [ 124.761723] ? do_raw_spin_unlock+0x4f/0x220 [ 124.762159] ? futex_wake+0x158/0x490 [ 124.762546] ? lock_downgrade+0x6d0/0x6d0 [ 124.762965] ? lock_is_held_type+0xd7/0x130 [ 124.763394] do_futex+0x2ff/0x380 [ 124.763743] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 124.764304] ? ktime_get+0x153/0x1f0 [ 124.764680] __x64_sys_futex+0x1c6/0x4d0 [ 124.765077] ? hrtimer_interrupt+0x5b0/0x770 [ 124.765405] ? __x64_sys_futex_time32+0x480/0x480 [ 124.765855] ? syscall_enter_from_user_mode+0x1d/0x50 [ 124.766368] ? syscall_enter_from_user_mode+0x1d/0x50 [ 124.766848] do_syscall_64+0x3b/0x90 [ 124.767211] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.767721] RIP: 0033:0x7f0be04b0b19 [ 124.768084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.769821] RSP: 002b:00007f0bdda26218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.770546] RAX: ffffffffffffffda RBX: 00007f0be05c3f68 RCX: 00007f0be04b0b19 [ 124.771223] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0be05c3f68 [ 124.771897] RBP: 00007f0be05c3f60 R08: 0000000000000000 R09: 0000000000000000 [ 124.772563] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0be05c3f6c [ 124.773259] R13: 00007fffeb7613ef R14: 00007f0bdda26300 R15: 0000000000022000 [ 124.773934] [ 124.774174] irq event stamp: 3928 [ 124.774509] hardirqs last enabled at (3927): [] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 124.775445] hardirqs last disabled at (3928): [] __schedule+0x1225/0x2470 [ 124.776215] softirqs last enabled at (3312): [] __irq_exit_rcu+0x11b/0x180 [ 124.777010] softirqs last disabled at (3281): [] __irq_exit_rcu+0x11b/0x180 [ 124.777811] ---[ end trace 0000000000000000 ]--- [ 124.824231] syz-executor.7: attempt to access beyond end of device [ 124.824231] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 124.825390] Buffer I/O error on dev loop7, logical block 10, lost async page write [ 124.893781] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 124.896994] ext4 filesystem being mounted at /syzkaller-testdir824342618/syzkaller.UQyQbP/0/file0 supports timestamps until 2038 (0x7fffffff) 15:19:33 executing program 7: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) [ 124.913270] loop7: detected capacity change from 0 to 40 [ 124.966288] syz-executor.7: attempt to access beyond end of device [ 124.966288] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 124.967345] Buffer I/O error on dev loop7, logical block 10, lost async page write 15:19:33 executing program 7: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) [ 125.048519] loop7: detected capacity change from 0 to 40 [ 125.090297] syz-executor.7: attempt to access beyond end of device [ 125.090297] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 125.091304] Buffer I/O error on dev loop7, logical block 10, lost async page write [ 125.119107] EXT4-fs (loop0): unmounting filesystem. [ 126.759894] hrtimer: interrupt took 19416 ns [ 132.855984] audit: type=1400 audit(1663082381.512:9): avc: denied { write } for pid=3926 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 15:19:42 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x4bfa, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000040)) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x12354}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f00000003c0)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r2, 0x0, 0x0, 0x87ffffc) pwritev2(r1, &(0x7f0000000300)=[{&(0x7f0000000180)="3c05886344f6c1676463474261a3cd71268afe038e7d96f46fea5246194a21c0bca49aab4882c5e4b508f5caf019902800cc407c31ecca2126ec616e9ef51561c11fb6d5ad0dc0c03998e37daae333db1252ad0d6b210c26dc017bcd9eb7b3773f1ab930713c646093f3efac450fcd793d65bfca217cf1d1be3971f4b8bee2b4fd3876a9b065f04ff62603f3cffe0e3ead48226b756653faf696165c00c54890e8d4590f8c08e761926d1a367f7adaff0cd7a0a804aae86072e3866492eabdfbbf60d4a310dfda9cb5f679ca00946a01dd39236d72f2aa56bb3d9d47c042843926cfff2164e5df0e048b3a8d", 0xec}], 0x1, 0x6, 0x2, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="01000200000100002e2f7b696c653100"]) 15:19:42 executing program 7: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) [ 133.708240] loop7: detected capacity change from 0 to 40 15:19:42 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendfile(r1, r0, 0x0, 0xa000000000) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @dev}, 0xc) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 15:19:42 executing program 4: syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@random="dda978731a96", @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @broadcast}, @source_quench={0x8, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}, 0x0) 15:19:42 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='\'/]^(\x00') 15:19:42 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x28}}, 0x0) 15:19:42 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) readv(r1, &(0x7f0000000ac0)=[{&(0x7f0000000340)=""/3, 0x3}, {&(0x7f0000000380)=""/75, 0x4b}, {&(0x7f00000007c0)=""/253, 0xfd}, {&(0x7f00000006c0)=""/84, 0x54}, {&(0x7f00000008c0)=""/126, 0x7e}, {&(0x7f0000000940)=""/113, 0x71}, {&(0x7f0000000b80)=""/20, 0x14}, {&(0x7f0000000bc0)=""/171, 0xab}, {&(0x7f0000000740)=""/26, 0x1a}, {&(0x7f0000000a80)=""/60, 0x3c}], 0xa) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x1, 0x1, 0x0, 'queue1\x00', 0x1000}) ioctl$EXT4_IOC_CHECKPOINT(r2, 0x4004662b, &(0x7f0000000240)=0x1) r3 = epoll_create1(0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000440)='./file1\x00', 0x109042, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x0, r4, &(0x7f0000000000)="1c", 0xf}]) write$sndseq(r4, &(0x7f0000000400)=[{0x81, 0x1f, 0x2, 0x40, @time={0x40, 0xfffffffb}, {0x1a, 0xff}, {0x3f, 0x1f}, @connect={{0x2, 0x7f}, {0x7c, 0x1f}}}, {0xf8, 0x6, 0x3, 0x3, @tick=0x6, {0x69, 0x1}, {0x9, 0x3}, @raw8={"e36e2d888f0ecd381042c169"}}], 0x38) sendfile(r3, r0, &(0x7f0000000300)=0x8c9e, 0x10001) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x7f) 15:19:42 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) readv(r1, &(0x7f0000000ac0)=[{&(0x7f0000000340)=""/3, 0x3}, {&(0x7f0000000380)=""/75, 0x4b}, {&(0x7f00000007c0)=""/253, 0xfd}, {&(0x7f00000006c0)=""/84, 0x54}, {&(0x7f00000008c0)=""/126, 0x7e}, {&(0x7f0000000940)=""/113, 0x71}, {&(0x7f0000000b80)=""/20, 0x14}, {&(0x7f0000000bc0)=""/171, 0xab}, {&(0x7f0000000740)=""/26, 0x1a}, {&(0x7f0000000a80)=""/60, 0x3c}], 0xa) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x1, 0x1, 0x0, 'queue1\x00', 0x1000}) ioctl$EXT4_IOC_CHECKPOINT(r2, 0x4004662b, &(0x7f0000000240)=0x1) r3 = epoll_create1(0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000440)='./file1\x00', 0x109042, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x0, r4, &(0x7f0000000000)="1c", 0xf}]) write$sndseq(r4, &(0x7f0000000400)=[{0x81, 0x1f, 0x2, 0x40, @time={0x40, 0xfffffffb}, {0x1a, 0xff}, {0x3f, 0x1f}, @connect={{0x2, 0x7f}, {0x7c, 0x1f}}}, {0xf8, 0x6, 0x3, 0x3, @tick=0x6, {0x69, 0x1}, {0x9, 0x3}, @raw8={"e36e2d888f0ecd381042c169"}}], 0x38) sendfile(r3, r0, &(0x7f0000000300)=0x8c9e, 0x10001) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x7f) 15:19:42 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendfile(r1, r0, 0x0, 0xa000000000) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @dev}, 0xc) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 15:19:42 executing program 4: syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@random="dda978731a96", @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @broadcast}, @source_quench={0x8, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}, 0x0) 15:19:42 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='\'/]^(\x00') 15:19:42 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x28}}, 0x0) [ 133.787765] syz-executor.7: attempt to access beyond end of device [ 133.787765] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 133.789329] Buffer I/O error on dev loop7, logical block 10, lost async page write 15:19:43 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x28}}, 0x0) 15:19:43 executing program 4: syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@random="dda978731a96", @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @broadcast}, @source_quench={0x8, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}, 0x0) 15:19:43 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='\'/]^(\x00') 15:19:43 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) readv(r1, &(0x7f0000000ac0)=[{&(0x7f0000000340)=""/3, 0x3}, {&(0x7f0000000380)=""/75, 0x4b}, {&(0x7f00000007c0)=""/253, 0xfd}, {&(0x7f00000006c0)=""/84, 0x54}, {&(0x7f00000008c0)=""/126, 0x7e}, {&(0x7f0000000940)=""/113, 0x71}, {&(0x7f0000000b80)=""/20, 0x14}, {&(0x7f0000000bc0)=""/171, 0xab}, {&(0x7f0000000740)=""/26, 0x1a}, {&(0x7f0000000a80)=""/60, 0x3c}], 0xa) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x1, 0x1, 0x0, 'queue1\x00', 0x1000}) ioctl$EXT4_IOC_CHECKPOINT(r2, 0x4004662b, &(0x7f0000000240)=0x1) r3 = epoll_create1(0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000440)='./file1\x00', 0x109042, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x0, r4, &(0x7f0000000000)="1c", 0xf}]) write$sndseq(r4, &(0x7f0000000400)=[{0x81, 0x1f, 0x2, 0x40, @time={0x40, 0xfffffffb}, {0x1a, 0xff}, {0x3f, 0x1f}, @connect={{0x2, 0x7f}, {0x7c, 0x1f}}}, {0xf8, 0x6, 0x3, 0x3, @tick=0x6, {0x69, 0x1}, {0x9, 0x3}, @raw8={"e36e2d888f0ecd381042c169"}}], 0x38) sendfile(r3, r0, &(0x7f0000000300)=0x8c9e, 0x10001) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x7f) 15:19:43 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendfile(r1, r0, 0x0, 0xa000000000) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @dev}, 0xc) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 15:19:43 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) readv(r1, &(0x7f0000000ac0)=[{&(0x7f0000000340)=""/3, 0x3}, {&(0x7f0000000380)=""/75, 0x4b}, {&(0x7f00000007c0)=""/253, 0xfd}, {&(0x7f00000006c0)=""/84, 0x54}, {&(0x7f00000008c0)=""/126, 0x7e}, {&(0x7f0000000940)=""/113, 0x71}, {&(0x7f0000000b80)=""/20, 0x14}, {&(0x7f0000000bc0)=""/171, 0xab}, {&(0x7f0000000740)=""/26, 0x1a}, {&(0x7f0000000a80)=""/60, 0x3c}], 0xa) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x1, 0x1, 0x0, 'queue1\x00', 0x1000}) ioctl$EXT4_IOC_CHECKPOINT(r2, 0x4004662b, &(0x7f0000000240)=0x1) r3 = epoll_create1(0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000440)='./file1\x00', 0x109042, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x0, r4, &(0x7f0000000000)="1c", 0xf}]) write$sndseq(r4, &(0x7f0000000400)=[{0x81, 0x1f, 0x2, 0x40, @time={0x40, 0xfffffffb}, {0x1a, 0xff}, {0x3f, 0x1f}, @connect={{0x2, 0x7f}, {0x7c, 0x1f}}}, {0xf8, 0x6, 0x3, 0x3, @tick=0x6, {0x69, 0x1}, {0x9, 0x3}, @raw8={"e36e2d888f0ecd381042c169"}}], 0x38) sendfile(r3, r0, &(0x7f0000000300)=0x8c9e, 0x10001) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x7f) 15:19:43 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x4bfa, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000040)) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x12354}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f00000003c0)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r2, 0x0, 0x0, 0x87ffffc) pwritev2(r1, &(0x7f0000000300)=[{&(0x7f0000000180)="3c05886344f6c1676463474261a3cd71268afe038e7d96f46fea5246194a21c0bca49aab4882c5e4b508f5caf019902800cc407c31ecca2126ec616e9ef51561c11fb6d5ad0dc0c03998e37daae333db1252ad0d6b210c26dc017bcd9eb7b3773f1ab930713c646093f3efac450fcd793d65bfca217cf1d1be3971f4b8bee2b4fd3876a9b065f04ff62603f3cffe0e3ead48226b756653faf696165c00c54890e8d4590f8c08e761926d1a367f7adaff0cd7a0a804aae86072e3866492eabdfbbf60d4a310dfda9cb5f679ca00946a01dd39236d72f2aa56bb3d9d47c042843926cfff2164e5df0e048b3a8d", 0xec}], 0x1, 0x6, 0x2, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="01000200000100002e2f7b696c653100"]) 15:19:43 executing program 7: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) readv(r1, &(0x7f0000000ac0)=[{&(0x7f0000000340)=""/3, 0x3}, {&(0x7f0000000380)=""/75, 0x4b}, {&(0x7f00000007c0)=""/253, 0xfd}, {&(0x7f00000006c0)=""/84, 0x54}, {&(0x7f00000008c0)=""/126, 0x7e}, {&(0x7f0000000940)=""/113, 0x71}, {&(0x7f0000000b80)=""/20, 0x14}, {&(0x7f0000000bc0)=""/171, 0xab}, {&(0x7f0000000740)=""/26, 0x1a}, {&(0x7f0000000a80)=""/60, 0x3c}], 0xa) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x1, 0x1, 0x0, 'queue1\x00', 0x1000}) ioctl$EXT4_IOC_CHECKPOINT(r2, 0x4004662b, &(0x7f0000000240)=0x1) r3 = epoll_create1(0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000440)='./file1\x00', 0x109042, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x0, r4, &(0x7f0000000000)="1c", 0xf}]) write$sndseq(r4, &(0x7f0000000400)=[{0x81, 0x1f, 0x2, 0x40, @time={0x40, 0xfffffffb}, {0x1a, 0xff}, {0x3f, 0x1f}, @connect={{0x2, 0x7f}, {0x7c, 0x1f}}}, {0xf8, 0x6, 0x3, 0x3, @tick=0x6, {0x69, 0x1}, {0x9, 0x3}, @raw8={"e36e2d888f0ecd381042c169"}}], 0x38) sendfile(r3, r0, &(0x7f0000000300)=0x8c9e, 0x10001) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x7f) 15:19:43 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r2, r2, 0x0, 0x100000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) readv(r1, &(0x7f0000000ac0)=[{&(0x7f0000000340)=""/3, 0x3}, {&(0x7f0000000380)=""/75, 0x4b}, {&(0x7f00000007c0)=""/253, 0xfd}, {&(0x7f00000006c0)=""/84, 0x54}, {&(0x7f00000008c0)=""/126, 0x7e}, {&(0x7f0000000940)=""/113, 0x71}, {&(0x7f0000000b80)=""/20, 0x14}, {&(0x7f0000000bc0)=""/171, 0xab}, {&(0x7f0000000740)=""/26, 0x1a}, {&(0x7f0000000a80)=""/60, 0x3c}], 0xa) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x1, 0x1, 0x0, 'queue1\x00', 0x1000}) ioctl$EXT4_IOC_CHECKPOINT(r2, 0x4004662b, &(0x7f0000000240)=0x1) r3 = epoll_create1(0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000440)='./file1\x00', 0x109042, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x0, r4, &(0x7f0000000000)="1c", 0xf}]) write$sndseq(r4, &(0x7f0000000400)=[{0x81, 0x1f, 0x2, 0x40, @time={0x40, 0xfffffffb}, {0x1a, 0xff}, {0x3f, 0x1f}, @connect={{0x2, 0x7f}, {0x7c, 0x1f}}}, {0xf8, 0x6, 0x3, 0x3, @tick=0x6, {0x69, 0x1}, {0x9, 0x3}, @raw8={"e36e2d888f0ecd381042c169"}}], 0x38) sendfile(r3, r0, &(0x7f0000000300)=0x8c9e, 0x10001) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x7f) VM DIAGNOSIS: 15:19:33 Registers: info registers vcpu 0 RAX=0000000080000000 RBX=0000000000000002 RCX=ffffffff840d192e RDX=ffff88803cf40000 RSI=0000000000000000 RDI=0000000000000005 RBP=ffffffff84dfda20 RSP=ffff888041eb7818 R8 =0000000000000005 R9 =0000000000000002 R10=0000000000000001 R11=0000000000000001 R12=0000000000000001 R13=0000000000000005 R14=0000000000000003 R15=0000000000000001 RIP=ffffffff814612c1 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f986a427540 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f986a4f8710 CR3=000000003a054000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 ff00ffffffffffff 0000000000000000 YMM01=0000000000000000 0000000000000000 0100010001000000 ffffffffffffffff YMM02=0000000000000000 0000000000000000 0500050005000000 455441564952505f YMM03=0000000000000000 0000000000000000 0000000000000000 000000564952505f YMM04=0000000000000000 0000000000000000 0003000500050005 0005000000455441 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=000000000000002e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b25c1 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff888041e3f348 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002e R11=0000000000000001 R12=000000000000002e R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b25b0 RIP=ffffffff822b2619 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f0bdda26700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1bfb1321f0 CR3=000000000c102000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000