Warning: Permanently added '[localhost]:23713' (ECDSA) to the list of known hosts. 2022/09/16 12:59:57 fuzzer started 2022/09/16 12:59:58 dialing manager at localhost:36051 syzkaller login: [ 44.108504] cgroup: Unknown subsys name 'net' [ 44.212104] cgroup: Unknown subsys name 'rlimit' 2022/09/16 13:00:12 syscalls: 2215 2022/09/16 13:00:12 code coverage: enabled 2022/09/16 13:00:12 comparison tracing: enabled 2022/09/16 13:00:12 extra coverage: enabled 2022/09/16 13:00:12 setuid sandbox: enabled 2022/09/16 13:00:12 namespace sandbox: enabled 2022/09/16 13:00:12 Android sandbox: enabled 2022/09/16 13:00:12 fault injection: enabled 2022/09/16 13:00:12 leak checking: enabled 2022/09/16 13:00:12 net packet injection: enabled 2022/09/16 13:00:12 net device setup: enabled 2022/09/16 13:00:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/16 13:00:12 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/16 13:00:12 USB emulation: enabled 2022/09/16 13:00:12 hci packet injection: enabled 2022/09/16 13:00:12 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220916) 2022/09/16 13:00:12 802.15.4 emulation: enabled 2022/09/16 13:00:12 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/16 13:00:12 fetching corpus: 50, signal 22318/25931 (executing program) 2022/09/16 13:00:12 fetching corpus: 100, signal 37282/42318 (executing program) 2022/09/16 13:00:12 fetching corpus: 150, signal 50790/57040 (executing program) 2022/09/16 13:00:12 fetching corpus: 200, signal 61477/68862 (executing program) 2022/09/16 13:00:12 fetching corpus: 250, signal 69978/78373 (executing program) 2022/09/16 13:00:13 fetching corpus: 300, signal 75088/84562 (executing program) 2022/09/16 13:00:13 fetching corpus: 350, signal 79138/89695 (executing program) 2022/09/16 13:00:13 fetching corpus: 400, signal 84305/95784 (executing program) 2022/09/16 13:00:13 fetching corpus: 450, signal 88108/100553 (executing program) 2022/09/16 13:00:13 fetching corpus: 500, signal 91823/105194 (executing program) 2022/09/16 13:00:13 fetching corpus: 550, signal 94360/108630 (executing program) 2022/09/16 13:00:13 fetching corpus: 600, signal 98720/113719 (executing program) 2022/09/16 13:00:14 fetching corpus: 650, signal 103858/119336 (executing program) 2022/09/16 13:00:14 fetching corpus: 700, signal 107687/123770 (executing program) 2022/09/16 13:00:14 fetching corpus: 750, signal 110195/127040 (executing program) 2022/09/16 13:00:14 fetching corpus: 800, signal 112651/130190 (executing program) 2022/09/16 13:00:14 fetching corpus: 850, signal 115834/133947 (executing program) 2022/09/16 13:00:14 fetching corpus: 900, signal 118506/137177 (executing program) 2022/09/16 13:00:14 fetching corpus: 950, signal 120427/139755 (executing program) 2022/09/16 13:00:14 fetching corpus: 1000, signal 121977/141980 (executing program) 2022/09/16 13:00:15 fetching corpus: 1050, signal 123727/144321 (executing program) 2022/09/16 13:00:15 fetching corpus: 1100, signal 126051/147173 (executing program) 2022/09/16 13:00:15 fetching corpus: 1150, signal 128170/149767 (executing program) 2022/09/16 13:00:15 fetching corpus: 1200, signal 130061/152145 (executing program) 2022/09/16 13:00:15 fetching corpus: 1250, signal 133958/156054 (executing program) 2022/09/16 13:00:15 fetching corpus: 1300, signal 136462/158799 (executing program) 2022/09/16 13:00:15 fetching corpus: 1350, signal 137811/160625 (executing program) 2022/09/16 13:00:16 fetching corpus: 1400, signal 139286/162539 (executing program) 2022/09/16 13:00:16 fetching corpus: 1450, signal 140323/164087 (executing program) 2022/09/16 13:00:16 fetching corpus: 1500, signal 142259/166326 (executing program) 2022/09/16 13:00:16 fetching corpus: 1550, signal 144563/168766 (executing program) 2022/09/16 13:00:16 fetching corpus: 1600, signal 147029/171336 (executing program) 2022/09/16 13:00:16 fetching corpus: 1650, signal 148908/173427 (executing program) 2022/09/16 13:00:16 fetching corpus: 1700, signal 150812/175450 (executing program) 2022/09/16 13:00:16 fetching corpus: 1750, signal 152314/177174 (executing program) 2022/09/16 13:00:17 fetching corpus: 1800, signal 153926/178942 (executing program) 2022/09/16 13:00:17 fetching corpus: 1850, signal 155633/180786 (executing program) 2022/09/16 13:00:17 fetching corpus: 1900, signal 156788/182215 (executing program) 2022/09/16 13:00:17 fetching corpus: 1950, signal 158685/184111 (executing program) 2022/09/16 13:00:17 fetching corpus: 2000, signal 159708/185397 (executing program) 2022/09/16 13:00:17 fetching corpus: 2050, signal 160834/186735 (executing program) 2022/09/16 13:00:17 fetching corpus: 2100, signal 162229/188227 (executing program) 2022/09/16 13:00:18 fetching corpus: 2150, signal 163834/189812 (executing program) 2022/09/16 13:00:18 fetching corpus: 2200, signal 165309/191356 (executing program) 2022/09/16 13:00:18 fetching corpus: 2250, signal 166781/192819 (executing program) 2022/09/16 13:00:18 fetching corpus: 2300, signal 167649/193902 (executing program) 2022/09/16 13:00:18 fetching corpus: 2350, signal 169125/195315 (executing program) 2022/09/16 13:00:18 fetching corpus: 2400, signal 170036/196327 (executing program) 2022/09/16 13:00:18 fetching corpus: 2450, signal 171280/197629 (executing program) 2022/09/16 13:00:18 fetching corpus: 2500, signal 172576/198931 (executing program) 2022/09/16 13:00:19 fetching corpus: 2550, signal 173584/200006 (executing program) 2022/09/16 13:00:19 fetching corpus: 2600, signal 174700/201124 (executing program) 2022/09/16 13:00:19 fetching corpus: 2650, signal 175510/202052 (executing program) 2022/09/16 13:00:19 fetching corpus: 2700, signal 177063/203433 (executing program) 2022/09/16 13:00:19 fetching corpus: 2750, signal 177970/204404 (executing program) 2022/09/16 13:00:19 fetching corpus: 2800, signal 179004/205410 (executing program) 2022/09/16 13:00:20 fetching corpus: 2850, signal 180082/206417 (executing program) 2022/09/16 13:00:20 fetching corpus: 2900, signal 180916/207243 (executing program) 2022/09/16 13:00:20 fetching corpus: 2950, signal 182377/208401 (executing program) 2022/09/16 13:00:20 fetching corpus: 3000, signal 183524/209422 (executing program) 2022/09/16 13:00:20 fetching corpus: 3050, signal 184282/210190 (executing program) 2022/09/16 13:00:20 fetching corpus: 3100, signal 185587/211379 (executing program) 2022/09/16 13:00:20 fetching corpus: 3150, signal 186229/212069 (executing program) 2022/09/16 13:00:21 fetching corpus: 3200, signal 187461/212976 (executing program) 2022/09/16 13:00:21 fetching corpus: 3250, signal 188398/213767 (executing program) 2022/09/16 13:00:21 fetching corpus: 3300, signal 189202/214456 (executing program) 2022/09/16 13:00:21 fetching corpus: 3350, signal 189893/215123 (executing program) 2022/09/16 13:00:21 fetching corpus: 3400, signal 190595/215787 (executing program) 2022/09/16 13:00:21 fetching corpus: 3450, signal 191344/216459 (executing program) 2022/09/16 13:00:21 fetching corpus: 3500, signal 192007/217096 (executing program) 2022/09/16 13:00:21 fetching corpus: 3550, signal 193112/217917 (executing program) 2022/09/16 13:00:22 fetching corpus: 3600, signal 194277/218666 (executing program) 2022/09/16 13:00:22 fetching corpus: 3650, signal 194949/219295 (executing program) 2022/09/16 13:00:22 fetching corpus: 3700, signal 195508/219819 (executing program) 2022/09/16 13:00:22 fetching corpus: 3750, signal 196525/220475 (executing program) 2022/09/16 13:00:22 fetching corpus: 3800, signal 197215/220983 (executing program) 2022/09/16 13:00:22 fetching corpus: 3850, signal 198001/221538 (executing program) 2022/09/16 13:00:22 fetching corpus: 3900, signal 198861/222057 (executing program) 2022/09/16 13:00:23 fetching corpus: 3950, signal 199583/222598 (executing program) 2022/09/16 13:00:23 fetching corpus: 4000, signal 200537/223191 (executing program) 2022/09/16 13:00:23 fetching corpus: 4050, signal 201557/223798 (executing program) 2022/09/16 13:00:23 fetching corpus: 4100, signal 203036/224438 (executing program) 2022/09/16 13:00:23 fetching corpus: 4150, signal 203672/224859 (executing program) 2022/09/16 13:00:23 fetching corpus: 4200, signal 204699/225393 (executing program) 2022/09/16 13:00:24 fetching corpus: 4250, signal 205379/225793 (executing program) 2022/09/16 13:00:24 fetching corpus: 4300, signal 206369/226228 (executing program) 2022/09/16 13:00:24 fetching corpus: 4350, signal 206984/226618 (executing program) 2022/09/16 13:00:24 fetching corpus: 4400, signal 208031/227056 (executing program) 2022/09/16 13:00:24 fetching corpus: 4450, signal 208915/227442 (executing program) 2022/09/16 13:00:24 fetching corpus: 4500, signal 209807/227814 (executing program) 2022/09/16 13:00:24 fetching corpus: 4550, signal 210828/228197 (executing program) 2022/09/16 13:00:25 fetching corpus: 4600, signal 211643/228523 (executing program) 2022/09/16 13:00:25 fetching corpus: 4650, signal 212500/228995 (executing program) 2022/09/16 13:00:25 fetching corpus: 4700, signal 213104/229264 (executing program) 2022/09/16 13:00:25 fetching corpus: 4750, signal 213701/229517 (executing program) 2022/09/16 13:00:25 fetching corpus: 4800, signal 214242/229742 (executing program) 2022/09/16 13:00:25 fetching corpus: 4850, signal 214766/230007 (executing program) 2022/09/16 13:00:25 fetching corpus: 4900, signal 215589/230267 (executing program) 2022/09/16 13:00:26 fetching corpus: 4950, signal 216249/230474 (executing program) 2022/09/16 13:00:26 fetching corpus: 5000, signal 216985/230685 (executing program) 2022/09/16 13:00:26 fetching corpus: 5050, signal 217775/230952 (executing program) 2022/09/16 13:00:26 fetching corpus: 5100, signal 218188/231125 (executing program) 2022/09/16 13:00:26 fetching corpus: 5150, signal 219067/231356 (executing program) 2022/09/16 13:00:26 fetching corpus: 5200, signal 219714/231519 (executing program) 2022/09/16 13:00:26 fetching corpus: 5250, signal 220160/231671 (executing program) 2022/09/16 13:00:27 fetching corpus: 5300, signal 220969/231843 (executing program) 2022/09/16 13:00:27 fetching corpus: 5350, signal 222321/232021 (executing program) 2022/09/16 13:00:27 fetching corpus: 5400, signal 223529/232156 (executing program) 2022/09/16 13:00:27 fetching corpus: 5450, signal 224332/232253 (executing program) 2022/09/16 13:00:27 fetching corpus: 5500, signal 224782/232332 (executing program) 2022/09/16 13:00:27 fetching corpus: 5550, signal 225344/232453 (executing program) 2022/09/16 13:00:28 fetching corpus: 5600, signal 225858/232557 (executing program) 2022/09/16 13:00:28 fetching corpus: 5606, signal 225872/232557 (executing program) 2022/09/16 13:00:28 fetching corpus: 5606, signal 225872/232557 (executing program) 2022/09/16 13:00:30 starting 8 fuzzer processes 13:00:30 executing program 0: ustat(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x1ff) close(0xffffffffffffffff) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) close(0xffffffffffffffff) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 13:00:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000880)={0x18, 0x1e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@multicast1}]}, 0x18}], 0x1}, 0x0) 13:00:30 executing program 2: syz_emit_ethernet(0x2a, &(0x7f00000001c0)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, @echo={0xd}}}}}, 0x0) 13:00:30 executing program 3: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:00:30 executing program 4: keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) [ 76.236094] audit: type=1400 audit(1663333230.367:6): avc: denied { execmem } for pid=285 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 13:00:30 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 13:00:30 executing program 6: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) close(r0) 13:00:30 executing program 7: clone3(&(0x7f00000030c0)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000000880)=""/4096, 0x1000, 0x0, 0x0}, 0x58) [ 77.586060] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.587187] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.588428] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.589770] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.590367] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.592071] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.592725] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.593432] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.594957] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.595815] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.597380] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.598014] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.632004] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.633590] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.634434] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 77.635808] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.636351] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.637452] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.639987] Bluetooth: hci1: HCI_REQ-0x0c1a [ 77.640119] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.642527] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.643427] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 77.644110] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.646479] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.647792] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.649050] Bluetooth: hci4: HCI_REQ-0x0c1a [ 77.649203] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.660746] Bluetooth: hci2: HCI_REQ-0x0c1a [ 77.661707] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.666869] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.678225] Bluetooth: hci0: HCI_REQ-0x0c1a [ 77.701920] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.703544] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 77.704587] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 77.706869] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 77.708153] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 77.709039] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 77.714188] Bluetooth: hci5: HCI_REQ-0x0c1a [ 77.715320] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 77.719589] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 77.721780] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 77.733312] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.741353] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 77.742833] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 77.751209] Bluetooth: hci6: HCI_REQ-0x0c1a [ 77.831207] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.834829] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 77.836551] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.848418] Bluetooth: hci7: HCI_REQ-0x0c1a [ 79.648681] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 79.713336] Bluetooth: hci0: command 0x0409 tx timeout [ 79.713423] Bluetooth: hci2: command 0x0409 tx timeout [ 79.713980] Bluetooth: hci4: command 0x0409 tx timeout [ 79.714586] Bluetooth: hci1: command 0x0409 tx timeout [ 79.776685] Bluetooth: hci6: command 0x0409 tx timeout [ 79.776737] Bluetooth: hci5: command 0x0409 tx timeout [ 79.905654] Bluetooth: hci7: command 0x0409 tx timeout [ 81.761230] Bluetooth: hci1: command 0x041b tx timeout [ 81.761717] Bluetooth: hci4: command 0x041b tx timeout [ 81.762103] Bluetooth: hci2: command 0x041b tx timeout [ 81.763279] Bluetooth: hci0: command 0x041b tx timeout [ 81.825469] Bluetooth: hci5: command 0x041b tx timeout [ 81.827218] Bluetooth: hci6: command 0x041b tx timeout [ 81.952709] Bluetooth: hci7: command 0x041b tx timeout [ 83.091016] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.092021] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.093037] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.095543] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.096662] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 83.097562] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.100315] Bluetooth: hci3: HCI_REQ-0x0c1a [ 83.809079] Bluetooth: hci4: command 0x040f tx timeout [ 83.809514] Bluetooth: hci1: command 0x040f tx timeout [ 83.809686] Bluetooth: hci0: command 0x040f tx timeout [ 83.811279] Bluetooth: hci2: command 0x040f tx timeout [ 83.873674] Bluetooth: hci6: command 0x040f tx timeout [ 83.875181] Bluetooth: hci5: command 0x040f tx timeout [ 84.001736] Bluetooth: hci7: command 0x040f tx timeout [ 85.153652] Bluetooth: hci3: command 0x0409 tx timeout [ 85.857683] Bluetooth: hci2: command 0x0419 tx timeout [ 85.858124] Bluetooth: hci1: command 0x0419 tx timeout [ 85.858502] Bluetooth: hci0: command 0x0419 tx timeout [ 85.858930] Bluetooth: hci4: command 0x0419 tx timeout [ 85.921683] Bluetooth: hci5: command 0x0419 tx timeout [ 85.922085] Bluetooth: hci6: command 0x0419 tx timeout [ 86.049711] Bluetooth: hci7: command 0x0419 tx timeout [ 87.201736] Bluetooth: hci3: command 0x041b tx timeout [ 89.249664] Bluetooth: hci3: command 0x040f tx timeout [ 91.296739] Bluetooth: hci3: command 0x0419 tx timeout 13:01:25 executing program 4: keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) 13:01:25 executing program 4: keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) 13:01:25 executing program 4: keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) 13:01:25 executing program 4: io_setup(0x3ff, &(0x7f0000000140)=0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') io_submit(r0, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x200000}]) io_pgetevents(r0, 0x0, 0x2, &(0x7f0000000340)=[{}, {}], 0x0, 0x0) 13:01:25 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r0, 0x0, 0x3, &(0x7f0000000380)={0x6, {}, {{0x2, 0x0, @local}}}, 0x108) sendmmsg$inet(r0, &(0x7f0000004cc0)=[{{&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000080)="592dd67e0200000000010200000000000000000093e0959f652315edfed58f111bd616eb", 0x2c}], 0x1}}], 0x1, 0x0) 13:01:26 executing program 4: socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000140)=0x100, 0x4) getpid() r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x48, 0x0, 0x0, 0x3}, {0x6}]}, 0x10) [ 131.963906] audit: type=1400 audit(1663333286.095:7): avc: denied { open } for pid=3827 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 131.965440] audit: type=1400 audit(1663333286.096:8): avc: denied { kernel } for pid=3827 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 131.979450] ------------[ cut here ]------------ [ 131.979470] [ 131.979473] ====================================================== [ 131.979476] WARNING: possible circular locking dependency detected [ 131.979480] 6.0.0-rc5-next-20220916 #1 Not tainted [ 131.979487] ------------------------------------------------------ [ 131.979490] syz-executor.4/3829 is trying to acquire lock: [ 131.979496] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 131.979532] [ 131.979532] but task is already holding lock: [ 131.979534] ffff88803ef93420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 131.979561] [ 131.979561] which lock already depends on the new lock. [ 131.979561] [ 131.979564] [ 131.979564] the existing dependency chain (in reverse order) is: [ 131.979567] [ 131.979567] -> #3 (&ctx->lock){....}-{2:2}: [ 131.979580] _raw_spin_lock+0x2a/0x40 [ 131.979601] __perf_event_task_sched_out+0x53b/0x18d0 [ 131.979613] __schedule+0xedd/0x2470 [ 131.979623] schedule+0xda/0x1b0 [ 131.979633] futex_wait_queue+0xf5/0x1e0 [ 131.979644] futex_wait+0x28e/0x690 [ 131.979654] do_futex+0x2ff/0x380 [ 131.979663] __x64_sys_futex+0x1c6/0x4d0 [ 131.979672] do_syscall_64+0x3b/0x90 [ 131.979686] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 131.979703] [ 131.979703] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 131.979717] _raw_spin_lock_nested+0x30/0x40 [ 131.979731] raw_spin_rq_lock_nested+0x1e/0x30 [ 131.979744] task_fork_fair+0x63/0x4d0 [ 131.979760] sched_cgroup_fork+0x3d0/0x540 [ 131.979774] copy_process+0x4183/0x6e20 [ 131.979784] kernel_clone+0xe7/0x890 [ 131.979793] user_mode_thread+0xad/0xf0 [ 131.979803] rest_init+0x24/0x250 [ 131.979819] arch_call_rest_init+0xf/0x14 [ 131.979832] start_kernel+0x4c1/0x4e6 [ 131.979841] secondary_startup_64_no_verify+0xe0/0xeb [ 131.979855] [ 131.979855] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 131.979868] _raw_spin_lock_irqsave+0x39/0x60 [ 131.979887] try_to_wake_up+0xab/0x1920 [ 131.979899] up+0x75/0xb0 [ 131.979910] __up_console_sem+0x6e/0x80 [ 131.979925] console_unlock+0x46a/0x590 [ 131.979940] do_con_write+0xc05/0x1d50 [ 131.979952] con_write+0x21/0x40 [ 131.979962] n_tty_write+0x4d4/0xfe0 [ 131.979974] file_tty_write.constprop.0+0x49c/0x8f0 [ 131.979986] vfs_write+0x9c3/0xd90 [ 131.980004] ksys_write+0x127/0x250 [ 131.980020] do_syscall_64+0x3b/0x90 [ 131.980033] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 131.980050] [ 131.980050] -> #0 ((console_sem).lock){....}-{2:2}: [ 131.980064] __lock_acquire+0x2a02/0x5e70 [ 131.980079] lock_acquire+0x1a2/0x530 [ 131.980101] _raw_spin_lock_irqsave+0x39/0x60 [ 131.980115] down_trylock+0xe/0x70 [ 131.980127] __down_trylock_console_sem+0x3b/0xd0 [ 131.980143] vprintk_emit+0x16b/0x560 [ 131.980159] vprintk+0x84/0xa0 [ 131.980175] _printk+0xba/0xf1 [ 131.980192] report_bug.cold+0x72/0xab [ 131.980204] handle_bug+0x3c/0x70 [ 131.980217] exc_invalid_op+0x14/0x50 [ 131.980230] asm_exc_invalid_op+0x16/0x20 [ 131.980246] group_sched_out.part.0+0x2c7/0x460 [ 131.980257] ctx_sched_out+0x8f1/0xc10 [ 131.980266] __perf_event_task_sched_out+0x6d0/0x18d0 [ 131.980278] __schedule+0xedd/0x2470 [ 131.980288] schedule+0xda/0x1b0 [ 131.980298] futex_wait_queue+0xf5/0x1e0 [ 131.980308] futex_wait+0x28e/0x690 [ 131.980318] do_futex+0x2ff/0x380 [ 131.980326] __x64_sys_futex+0x1c6/0x4d0 [ 131.980336] do_syscall_64+0x3b/0x90 [ 131.980349] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 131.980366] [ 131.980366] other info that might help us debug this: [ 131.980366] [ 131.980368] Chain exists of: [ 131.980368] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 131.980368] [ 131.980383] Possible unsafe locking scenario: [ 131.980383] [ 131.980385] CPU0 CPU1 [ 131.980387] ---- ---- [ 131.980389] lock(&ctx->lock); [ 131.980395] lock(&rq->__lock); [ 131.980401] lock(&ctx->lock); [ 131.980407] lock((console_sem).lock); [ 131.980413] [ 131.980413] *** DEADLOCK *** [ 131.980413] [ 131.980414] 2 locks held by syz-executor.4/3829: [ 131.980421] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 131.980447] #1: ffff88803ef93420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 131.980474] [ 131.980474] stack backtrace: [ 131.980477] CPU: 0 PID: 3829 Comm: syz-executor.4 Not tainted 6.0.0-rc5-next-20220916 #1 [ 131.980489] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 131.980497] Call Trace: [ 131.980500] [ 131.980505] dump_stack_lvl+0x8b/0xb3 [ 131.980519] check_noncircular+0x263/0x2e0 [ 131.980535] ? format_decode+0x26c/0xb50 [ 131.980550] ? print_circular_bug+0x450/0x450 [ 131.980567] ? enable_ptr_key_workfn+0x20/0x20 [ 131.980582] ? format_decode+0x26c/0xb50 [ 131.980598] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 131.980615] __lock_acquire+0x2a02/0x5e70 [ 131.980636] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 131.980658] lock_acquire+0x1a2/0x530 [ 131.980675] ? down_trylock+0xe/0x70 [ 131.980689] ? rcu_read_unlock+0x40/0x40 [ 131.980709] ? vprintk+0x84/0xa0 [ 131.980727] _raw_spin_lock_irqsave+0x39/0x60 [ 131.980742] ? down_trylock+0xe/0x70 [ 131.980755] down_trylock+0xe/0x70 [ 131.980768] ? vprintk+0x84/0xa0 [ 131.980785] __down_trylock_console_sem+0x3b/0xd0 [ 131.980802] vprintk_emit+0x16b/0x560 [ 131.980820] vprintk+0x84/0xa0 [ 131.980837] _printk+0xba/0xf1 [ 131.980855] ? record_print_text.cold+0x16/0x16 [ 131.980876] ? report_bug.cold+0x66/0xab [ 131.980891] ? group_sched_out.part.0+0x2c7/0x460 [ 131.980902] report_bug.cold+0x72/0xab [ 131.980917] handle_bug+0x3c/0x70 [ 131.980931] exc_invalid_op+0x14/0x50 [ 131.980946] asm_exc_invalid_op+0x16/0x20 [ 131.980963] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 131.980976] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 131.980987] RSP: 0018:ffff8880401c78f8 EFLAGS: 00010006 [ 131.980996] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 131.981004] RDX: ffff888017cd3580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 131.981011] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 131.981019] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88803ef93400 [ 131.981026] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 131.981037] ? group_sched_out.part.0+0x2c7/0x460 [ 131.981050] ? group_sched_out.part.0+0x2c7/0x460 [ 131.981063] ctx_sched_out+0x8f1/0xc10 [ 131.981075] __perf_event_task_sched_out+0x6d0/0x18d0 [ 131.981091] ? lock_is_held_type+0xd7/0x130 [ 131.981109] ? __perf_cgroup_move+0x160/0x160 [ 131.981121] ? set_next_entity+0x304/0x550 [ 131.981140] ? lock_is_held_type+0xd7/0x130 [ 131.981159] __schedule+0xedd/0x2470 [ 131.981172] ? io_schedule_timeout+0x150/0x150 [ 131.981184] ? futex_wait_setup+0x166/0x230 [ 131.981198] schedule+0xda/0x1b0 [ 131.981209] futex_wait_queue+0xf5/0x1e0 [ 131.981221] futex_wait+0x28e/0x690 [ 131.981233] ? futex_wait_setup+0x230/0x230 [ 131.981246] ? wake_up_q+0x8b/0xf0 [ 131.981259] ? do_raw_spin_unlock+0x4f/0x220 [ 131.981278] ? futex_wake+0x158/0x490 [ 131.981294] ? fd_install+0x1f9/0x640 [ 131.981310] do_futex+0x2ff/0x380 [ 131.981321] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 131.981337] __x64_sys_futex+0x1c6/0x4d0 [ 131.981349] ? __x64_sys_futex_time32+0x480/0x480 [ 131.981360] ? trace_rcu_dyntick+0x1a7/0x250 [ 131.981380] ? syscall_enter_from_user_mode+0x1d/0x50 [ 131.981398] ? syscall_enter_from_user_mode+0x1d/0x50 [ 131.981418] do_syscall_64+0x3b/0x90 [ 131.981432] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 131.981450] RIP: 0033:0x7f5d64d12b19 [ 131.981459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 131.981469] RSP: 002b:00007f5d62288218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 131.981480] RAX: ffffffffffffffda RBX: 00007f5d64e25f68 RCX: 00007f5d64d12b19 [ 131.981488] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5d64e25f68 [ 131.981495] RBP: 00007f5d64e25f60 R08: 0000000000000000 R09: 0000000000000000 [ 131.981502] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d64e25f6c [ 131.981509] R13: 00007fff107331cf R14: 00007f5d62288300 R15: 0000000000022000 [ 131.981522] [ 132.040957] WARNING: CPU: 0 PID: 3829 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 132.041652] Modules linked in: [ 132.041897] CPU: 0 PID: 3829 Comm: syz-executor.4 Not tainted 6.0.0-rc5-next-20220916 #1 [ 132.042498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 132.043331] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 132.043740] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 132.045094] RSP: 0018:ffff8880401c78f8 EFLAGS: 00010006 [ 132.045490] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 132.046026] RDX: ffff888017cd3580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 132.046554] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 132.047084] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88803ef93400 [ 132.047625] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 132.048158] FS: 00007f5d62288700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 132.048748] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.049182] CR2: 00007f4029db48e0 CR3: 0000000015d52000 CR4: 0000000000350ef0 [ 132.049715] Call Trace: [ 132.049909] [ 132.050086] ctx_sched_out+0x8f1/0xc10 [ 132.050386] __perf_event_task_sched_out+0x6d0/0x18d0 [ 132.050776] ? lock_is_held_type+0xd7/0x130 [ 132.051108] ? __perf_cgroup_move+0x160/0x160 [ 132.051446] ? set_next_entity+0x304/0x550 [ 132.051772] ? lock_is_held_type+0xd7/0x130 [ 132.052111] __schedule+0xedd/0x2470 [ 132.052396] ? io_schedule_timeout+0x150/0x150 [ 132.052753] ? futex_wait_setup+0x166/0x230 [ 132.053082] schedule+0xda/0x1b0 [ 132.053343] futex_wait_queue+0xf5/0x1e0 [ 132.053653] futex_wait+0x28e/0x690 [ 132.053932] ? futex_wait_setup+0x230/0x230 [ 132.054256] ? wake_up_q+0x8b/0xf0 [ 132.054528] ? do_raw_spin_unlock+0x4f/0x220 [ 132.054873] ? futex_wake+0x158/0x490 [ 132.055171] ? fd_install+0x1f9/0x640 [ 132.055461] do_futex+0x2ff/0x380 [ 132.055729] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 132.056179] __x64_sys_futex+0x1c6/0x4d0 [ 132.056497] ? __x64_sys_futex_time32+0x480/0x480 [ 132.056856] ? trace_rcu_dyntick+0x1a7/0x250 [ 132.057199] ? syscall_enter_from_user_mode+0x1d/0x50 [ 132.057598] ? syscall_enter_from_user_mode+0x1d/0x50 [ 132.057995] do_syscall_64+0x3b/0x90 [ 132.058285] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 132.058683] RIP: 0033:0x7f5d64d12b19 [ 132.058963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 132.060311] RSP: 002b:00007f5d62288218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 132.060877] RAX: ffffffffffffffda RBX: 00007f5d64e25f68 RCX: 00007f5d64d12b19 [ 132.061412] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5d64e25f68 [ 132.061937] RBP: 00007f5d64e25f60 R08: 0000000000000000 R09: 0000000000000000 [ 132.062470] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d64e25f6c [ 132.063008] R13: 00007fff107331cf R14: 00007f5d62288300 R15: 0000000000022000 [ 132.063548] [ 132.063727] irq event stamp: 670 [ 132.063975] hardirqs last enabled at (669): [] syscall_enter_from_user_mode+0x1d/0x50 [ 132.064699] hardirqs last disabled at (670): [] __schedule+0x1225/0x2470 [ 132.065321] softirqs last enabled at (94): [] __irq_exit_rcu+0x11b/0x180 [ 132.065940] softirqs last disabled at (85): [] __irq_exit_rcu+0x11b/0x180 [ 132.066570] ---[ end trace 0000000000000000 ]--- [ 132.187619] hrtimer: interrupt took 20659 ns 13:01:26 executing program 4: socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000140)=0x100, 0x4) getpid() r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x48, 0x0, 0x0, 0x3}, {0x6}]}, 0x10) [ 132.289216] loop5: detected capacity change from 0 to 40 [ 132.337926] syz-executor.5: attempt to access beyond end of device [ 132.337926] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 132.338997] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 132.378126] syz-executor.5 (3846) used greatest stack depth: 24664 bytes left 13:01:26 executing program 4: socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000140)=0x100, 0x4) getpid() r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x48, 0x0, 0x0, 0x3}, {0x6}]}, 0x10) 13:01:28 executing program 0: ustat(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x1ff) close(0xffffffffffffffff) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) close(0xffffffffffffffff) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 13:01:28 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 13:01:28 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 13:01:28 executing program 4: socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000140)=0x100, 0x4) getpid() r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x48, 0x0, 0x0, 0x3}, {0x6}]}, 0x10) 13:01:28 executing program 6: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) close(r0) 13:01:28 executing program 7: seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000000)) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000040)={0x2c, 0x2b, 0x2, 0x11, 0x4, 0x4, 0x3, 0x41, 0xffffffffffffffff}) syz_mount_image$nfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0xcf4, 0x5, &(0x7f0000000480)=[{&(0x7f00000001c0)="e577001988d8dc7af061a5b1e2b29828c48655dfc45a82bd8e938f2063a8d6077785ad86917046dd3ae8e1047d605d54c65bab8517b673ee88963a549312514e662cdd2635", 0x45, 0x1}, {&(0x7f0000000240)="bfec75b3caa14669a1c76c17e7b6045523cae9b06f0285e8a590ca5009f2af6714bcbd85315885319ace304a14943905d9b03c28611106384258eaa2c63aca0c98757fdc7fe51944c57e2dee9b57dc18a034ab1db08d0f07ab45d05422a626e9d3a515d3fc6f358d630744e9cb198ca78e0a8ceeb218967cd23a613d", 0x7c, 0xbf4}, {&(0x7f00000002c0)="be3b701644b9ecd545e05f97e5773be0ec1db67fa68691e77d", 0x19, 0x4}, {&(0x7f0000000300)="927fdcebab4b53e58b1d12a70f55959db79895c627be5dd3248f6a650d5c137a5d06c993dcec3e1031417ceefb5a29e890b46fb305eee0a104123546a322a4db257ff8e6fa039678b726a26c5324950d6b2d6d154085ef77e5dbd62b82b10e70465a61ed71a1b2598ff74be03af0e34e58dada23b27e4edb4f63beb45c87d5a0530362080ea8b0133c4d41d0b99f9b8fb9247cce33365e78ce46be20ae1ab3e864696e5782cfff34e21f2b247d5d5771ef47c8e5b04da43f2e1341f9b0549895b427a4b6a9a7a5b3311c974c48dcf1c26bbb3720df935c6633ee411d9e3d6f5be28b2c7ea7fb8c76026f9e7764b8ea02", 0xf0, 0x40}, {&(0x7f0000000400)="3edd54ab0d934bc47d569cd9573cf8e62a12004ec7f743993d8a025aecb3f8660a1c506a4d1b92cbcc39b71208ad404209cc6b9a788f4c7bb8577be83988144ce76f58789e70a4f13797d90394efb0574b4aa5daa5", 0x55, 0x5}], 0x10000, &(0x7f0000000500)={[{'NLBL_UNLBL\x00'}, {'/dev/usbmon#\x00'}, {'(%^'}], [{@fowner_gt={'fowner>', 0xee00}}]}) mkdirat(0xffffffffffffffff, &(0x7f0000002140)='./file0\x00', 0x118) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f0000002440), 0x82, 0x0) 13:01:28 executing program 3: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:28 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) [ 134.246116] loop1: detected capacity change from 0 to 40 [ 134.254161] loop5: detected capacity change from 0 to 40 [ 134.258428] loop2: detected capacity change from 0 to 40 [ 134.261828] loop7: detected capacity change from 0 to 11 [ 134.268937] nfs: Unknown parameter 'NLBL_UNLBL' [ 134.277038] loop7: detected capacity change from 0 to 11 [ 134.279972] nfs: Unknown parameter 'NLBL_UNLBL' 13:01:28 executing program 3: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:28 executing program 6: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) close(r0) 13:01:28 executing program 7: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 134.358219] syz-executor.1: attempt to access beyond end of device [ 134.358219] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 134.359340] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 134.368319] syz-executor.5: attempt to access beyond end of device [ 134.368319] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 134.369828] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 134.374638] syz-executor.2: attempt to access beyond end of device [ 134.374638] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 134.375591] Buffer I/O error on dev loop2, logical block 10, lost async page write 13:01:28 executing program 4: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 134.418737] syz-executor.1 (3977) used greatest stack depth: 24472 bytes left [ 134.472881] loop1: detected capacity change from 0 to 40 13:01:28 executing program 0: ustat(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x1ff) close(0xffffffffffffffff) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) close(0xffffffffffffffff) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 13:01:28 executing program 6: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) close(r0) 13:01:28 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 13:01:28 executing program 3: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:28 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 13:01:28 executing program 4: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:28 executing program 7: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:28 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) [ 134.517692] loop5: detected capacity change from 0 to 40 13:01:28 executing program 4: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:28 executing program 6: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:28 executing program 7: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:28 executing program 0: ustat(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x1ff) close(0xffffffffffffffff) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) close(0xffffffffffffffff) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 13:01:28 executing program 3: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:28 executing program 6: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 134.837004] syz-executor.1: attempt to access beyond end of device [ 134.837004] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 134.838278] Buffer I/O error on dev loop1, logical block 10, lost async page write 13:01:28 executing program 4: syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x20, &(0x7f0000000180)={[{@size={'size', 0x3d, [0x32]}}]}) [ 134.862530] syz-executor.5: attempt to access beyond end of device [ 134.862530] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 134.865739] Buffer I/O error on dev loop5, logical block 10, lost async page write 13:01:29 executing program 7: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) read$hiddev(r0, &(0x7f0000000c00)=""/4082, 0xfffffdef) 13:01:29 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 13:01:29 executing program 3: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:29 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 13:01:29 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000540), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000600), 0x0, 0x0, 0x0, 0x0, 0x0}) [ 135.042476] loop5: detected capacity change from 0 to 40 [ 135.058089] loop1: detected capacity change from 0 to 40 [ 135.188441] syz-executor.5: attempt to access beyond end of device [ 135.188441] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 135.189688] Buffer I/O error on dev loop5, logical block 10, lost async page write [ 135.386757] syz-executor.2 (4009) used greatest stack depth: 24216 bytes left [ 135.396801] syz-executor.1: attempt to access beyond end of device [ 135.396801] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 135.401081] Buffer I/O error on dev loop1, logical block 10, lost async page write 13:01:29 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f00000001c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/121, 0x79}, {&(0x7f0000000080)=""/121, 0x79}], 0x2, 0x0, 0x0) fdatasync(r3) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x200200, 0x4) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r4 = socket$inet6(0xa, 0x1, 0x0) fchown(r4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000240), 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000480)) open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x81900) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb}, 0x15182, 0x7, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0801022d9c02000022020000400000006e020000510000000000000000000000d722124423720590ac8548566a6de9af7118d129433ac1f1f81ac98c6ceb2ba8ab7d8edd2428e93393049c780d87a8e8a326fe475fcdc5adfe2db5f018e4cfba50b06b0eab18d2884eb0094ae4c7f77c32acf6c8c97714692a124ce74e05deda9d575f74b43892c5"], 0x88) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) 13:01:29 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000001ac0)=0x9, 0x4) r1 = dup(r0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) 13:01:29 executing program 6: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:29 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000540), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000600), 0x0, 0x0, 0x0, 0x0, 0x0}) 13:01:29 executing program 3: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r1 = io_uring_setup(0x454c, &(0x7f0000000240)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r3, &(0x7f0000000040), 0x14) sendmmsg(r3, &(0x7f00000000c0), 0x45d, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x2000}) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) r5 = openat$cgroup_type(r4, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r5, 0x8400941f, &(0x7f00000006c0)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000240)) signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13:01:29 executing program 0: openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0) socketpair(0x0, 0x0, 0x0, &(0x7f0000000e00)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000e80), 0xffffffffffffffff) 13:01:29 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, 0x0) 13:01:29 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, 0x0, 0x0) 13:01:29 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, 0x0) 13:01:29 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8}, @ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0x4}, @ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8}]}, 0x2c}}, 0x0) 13:01:29 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000540), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000600), 0x0, 0x0, 0x0, 0x0, 0x0}) 13:01:29 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x1e, 0x0, 0x0) 13:01:29 executing program 6: mmap(&(0x7f0000001000/0xb000)=nil, 0xb000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'sit0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) 13:01:29 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x1e, 0x0, 0x0) 13:01:29 executing program 4: socket(0xb, 0x0, 0x0) 13:01:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_timeval(r0, 0x1, 0xb, 0x0, &(0x7f00000002c0)) 13:01:30 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='\\&&\x00') 13:01:30 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, 0x0) 13:01:30 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000002c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x200002e0) 13:01:30 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x1e, 0x0, 0x0) 13:01:30 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000540), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000600), 0x0, 0x0, 0x0, 0x0, 0x0}) 13:01:30 executing program 6: mmap(&(0x7f0000001000/0xb000)=nil, 0xb000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'sit0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) 13:01:30 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getuid() [ 136.501460] audit: type=1400 audit(1663333290.633:9): avc: denied { write } for pid=4086 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 13:01:30 executing program 0: r0 = fsopen(&(0x7f0000000000)='cpuset\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) 13:01:30 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, 0x0) 13:01:30 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x8953, 0x0) 13:01:30 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_SCRNMAP(r0, 0x5437, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)='l', 0x1}], 0x1) 13:01:30 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='\\&&\x00') 13:01:30 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_SCRNMAP(r0, 0x5437, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)='l', 0x1}], 0x1) 13:01:30 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x1e, 0x0, 0x0) 13:01:30 executing program 6: mmap(&(0x7f0000001000/0xb000)=nil, 0xb000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'sit0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) 13:01:30 executing program 7: syz_emit_ethernet(0xcce, &(0x7f0000002500)={@random="bd995b764602", @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0xc98, 0x3a, 0xff, @private2, @local, {[], @ndisc_ns={0x87, 0x0, 0x0, @rand_addr=' \x01\x00', [{0x0, 0x2, "5a1e2587594e5ce20f9019802172df0b703a"}, {0x0, 0xe, "a34405ddee6537fcc2224815a7bf9b10df62e507e59d84f0809c32a2de258b403fd9a1d5f9bba6374125c9bdce0a580b0b7de2afeb61e140e7df1f2a6d06d3714ffc130544b5806c0a5de61ce48d4ecd9486342d886479287afbd45d5b1b14fd603d6c23dec370ccf980b6ffc3592b1e6e5ed4cd"}, {0x0, 0x1e, "1ae75d3504140ab6d12c63a939ecdc5de30eb8ce9504e9384b444e92f364cee4765f846fefd27e5de618a80b1942617e179db2046d8dbbff04b7f9a05a84f03691ef215bf9ba37cc29529b122d4047f58484b4e3535af3d1d341ee8d717e23cc8879b5c668b2769a5b949c3413de26276ccfa2ffd6dad9aa2b5c2a58657d3e6d69e397bd1b6edd858ba86ec4665584c1842ef9adabe856dace08643e0060469a8ac99d948dbfcfab3a2de1a1a89c9c5622c91ab28733fe1a420e1d0fccac2be186403b4616d9c57835d5f1387989f4c03a6d70e9e094571c324bf8fd8490daec2a272991391400"/245}, {0x0, 0x58, "25934eb97e155ff9275dec0cd24837169babadc98f194e74645e49745c98976a0607730cd52edfa6c68b66f145d47d2ff5c1aee56e30b554691b9bcf27c5fa0c3c52cc29c9478aa303e998c72145aef137ddf45659a81c6b97ca1b350ecd50859201131f8ad4be92bd6c8d5cd6680719442754dda0c43c41c29c61d46f870e427b4a56b9254bc4dafa2684481d266386e1ef951f527fdd8e0113a3329ddd6d0155d850faaee3838fa137b37fbdf085a83ad6fb32ba07a6abebdaf10dce1c7a7446a97b98ac5f3ecf17319032e2b6b3289a8e1d3fc9686c6bafbcbcfa076ab625224a00fa683581c4ed2c38c5185bd521dd56796448f3b798956f3cd2310cc6152a9469fbb36a558beec1d3b5065fc61cd866b818774c20b80533dacebbbea91957828accf3fd1f21e6b45a5c7aa14e17d611645928b9bb2d735a119b1fcd38f75870bd8242c94bca51c95807f206896bd936d383288da0b6c271476d9429b099f3e7ca0e82bd5156577428fe44c79be68a7b3a5e64d966b2f78b5104bb5ad7f7ecc3853af648d05684231b7971228c7ccf36495a711eec1e5fea5c16383e815c4119bbbe71ee910acf480928b79b56c0832eb4b8ce62ab91f39ea54f34a044df9c0ca93c21477825ceb7626bc295842ceae1040f34e0731df63f9d60d5e18d8e0145b97a6a21cde9aa1c25a091c5852402a8d6a8682c9cd649aeb066bec506bd78b72482c986f317de2ffa066fc69a85e5d5cf96dc5513f22845e39cd0b9e7f91bf3a9c6368719cce3e6ba1b0901d583ded0b85fbe2c77a915a6efc7cd6482e36ff343af51253e4b07608539c4b0074dc3208049b34178cdc465fabf1368a7afff28f051998886c814ae7d1ab5cc404b44a0b05a28d032b6b4a1e88497db31a2edfd880f8d437f2c3d5d7d96d8398accb89aa8f36bab9c39711ff3423f6c2fc8cf9c6012a1fbc2ef08f7b17d5be62fb939356f15678e5929d5ea7d17f50720e8c2"}, {0x0, 0x7, "f19d6c1b3d0159cc69a6604eaa3aa05e0e301e8cc5f0d23f345b60619bd0d86e513e51c87e3f1179b02017a4be262fac6443092ba2d9bed54473f7e966"}, {0x0, 0xe, "78ee5813850973d5ddc70cf652e0b7ca2a25772bf799e4d9976b26e0de6df77f0e048a2e26212e46011c20704e030816937af8488c5641b629f45118bf1744ea0799a4ad6fa3fed59cf2a2572b5d7a60d548858708944ef9d82fc82388b2a509ab144f913cce36affe3a401ff1a0f65f7b0658ab68"}, {0x0, 0xf1, "524d23ae13d9761f8194a0c36d701e4ef69fb19a30d8215403aed818b279dfb4915748d0c9a6f7ce9c9ae0b272b1fc0235589eff2b70da59160d48d7109653a8b201abf531369c8d617f255dc4cc5c21bae98288f7e26948c5f91bee2956a46f442e8723fd3518f3ad3fe85e96de7f0b75129f4763918f9f0ec05ac98c32e50b2d2a780ea1f2c18c12fa3f5ed8cda93f3a6ec917f4e5b8d45cecb9f980986eb27b5552e1385bb170ebfba169978bdbc31a43831a81a81fa3d1d330fd510195e8fa81b2c87072bf86d26cdb5f47ecd4355e494e501ad7c9aafb121579c9c170ba2d81ac9ee0b4aa3b8ef4550ec9985a01d31793b99732e0c3cbddce9399fd654882a3094b3d4e76f417059baacc9f40ed99dd7611d02ac05c3a755e294b60bda785686c2108141d1b40088ae555a4164ccfce59a19c324c571d46d4801080e21a8ffb49713e5fcb3bbbb1dd204562d4a5703141bc6ee156b3311fa555092810664c5dc3405e3c5561312cc4b4a8335b8ee732869ba807a8edd1754bdeb0769649369a8aca3ffd7668367ae73aa8f92a651a31b4a634c320078d2f1ab0addcd5c0d3b56712a34b276ffd513ed2b998dc59b914f9ff51db59860dde9df994f4063c9963c90b2316f7197c009c548604a69f940ed144053fa96f840dacfa50e8e234b165a2f9b8957535394b3e2e93b7d5ec058fe8f583afe8be78df8449a11783ee59c4e03dfa2427cbb0466f743caab1211669417564cd51414cb91de64600e8d9809e209393348363e36fb0bf911fe5d8eb0c6c7abc0fac8d0e9b9cf6ca680c19f8545358304c44ef41babe09481d190b56a0f7d4ef05c5fc9e072e4c4b743226f294e05495e500d848d1e313c527770606fdf7f3197f9059100a44762d87e7ede52f0250419fd54487b127be90ac79cca2d49ab63a19578d767f51f8d0fca1dc66c527e5ddd0508186b38cde7d0afd90aa553e5ff40d94ed68193f67285d0720874137f73569cf07c5f53c33d814ff7b4f38aa2d9db2b506dad6ca28876b10d4ca0d1d7236c6cbbb69c46c85c7fa271da27b7c96df706ad122f345bfc6016a5042587021503520d4ba1a491bd57ddb9e32dcdf62e619c7f89fe143c175d292aba3c931b1e8245324ad271865d21b364722cfee3a6b5cde7e75f9e87a8002da135997ab4c2f664b3a8164a9668f2569df308b0eeb8b100f10cd0f4d5707ae659caf5fec342266f9dd023ab1faec8b62cb0369a5b07e55413b4da6fb2f7383cffc6e721f0008379bd1629aef9a1a44d4b7bc3fd19f838df7f38b5c32373f73c608c8eb45d8150654123f549f975aa4a1120ea88195c6348482a12c0895078d7049ed6d969c9c4a6ec6192ccde79a84ebef530edce0ffde56a07c11d3edaa6f5d3516d902ea2a131bec80c1117322b1d12a067eb3513657ce58eb837419629cbbfad30a8d20e207e0682360c5fe57a35b24643b58c1fcaabb2db25714dd0fdcb97401fbe70278dd3243f93b35cac51c7227ba750d36f19193d8325a21694db54fe7acc4c8a6d0e09218cab4277c3255efdfa2428d2ffc1725c41a06ae4a7e1314c2a310c9080fb2dcbf563c848a02b8d07c05f0d5500274a745961f21f7fbd465e36924fd39e401b825aafe658d4e595cba09daeddb10b5c4aa6cff91ba02275dcc0b109802ebc87d39ad4a667b54597e1da9bfc035dedb03f3196da0eb0b8ccb94a7eefc177bc70ccc54843fcebd7e947747e461b01c2ca37ed05ea3fb6f8272d11f555f1e80d523de52a4cf649a243b000ab0903d0381a0916cd2bae16fc48e38ef2d64912287d9540c7762f2235f2c6550116a812e76f4488262c8ee5c5fc3e2659c338d2accb18122ee8bedf10f5809acac2884b52ee30c1ac463bc36d5f03c34d7e843fdbc4dfc9c9ee0e86474d3f262295ba8173bb2b40b0f74ee7d9da631381363de641cebdfdf632183c859b1469f8373af21d7ab7ca09afef95c9464744537a2be755598556caf84f313311c87b2585e6895c3802e1e9379e68f296cb552b4271c415bef460e166520e06b068d5819fb2312fad84a49fba26d29baf52d7d96f4e39bd7b9052dcb678c776e58cffd4d9f7b6cbc025a7250b3b2528c7a02ea66e56ae7b7fe0619c0f9be3f443a2e11f1f5e2ac78c8ae3a85dc0fd7602c03ec5089a5435893dfe60b69148610d69ce071c22bc5a7097a81140d697f94a91ad3e7ae06cb9d3c0d754f4a6373484e16f1427d326c816d2e92f6dc355c4f456ee3ae965298d11a64ce2b37866d07fff6bbe8291e9bcb14388010b742851f6fa6fcef4a3daff8a3d515d10dcb91d8c10b6d90d5608820499d37f340316082ceb3418685eb8c541aa5b7d665c315cebc1ee9526e9350082ecab08e19d2a96219c84c7bff2f4927db4ae3460fac3c7f090ff7dfe424346720094cbc61e433f42eaa9e21220bd6efba2f87cd85a426fa36fb1e52e6f657431d50254ec36261dc51c1f3fa86847d25e2ad59d8dd020bae4783ddd742f51fab616a05aa7afbe59c10453ea9f3e0aa29b175f8a0013068567ed6c3ac866781474bad4d86f775a152a47e8bdd883df3d2735effc0e3cae8130cf1fe3597ca336f1b0d6c184abae6e5196e6c5061fe078f5fc0d3625a765a984f4f1f73ec9ad438628636880da74afb3fef231f794ca5742020b0e203dba2b285c0b7667178b4a4402538ddbf692b55bb26a8a01e002c3aa16c"}]}}}}}}, 0x0) 13:01:30 executing program 4: r0 = fsopen(&(0x7f0000000000)='cpuset\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) 13:01:30 executing program 0: r0 = fsopen(&(0x7f0000000000)='cpuset\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) 13:01:30 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x12, &(0x7f0000000040)=0x7cc, 0x4) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, 0x0) 13:01:30 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_SCRNMAP(r0, 0x5437, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)='l', 0x1}], 0x1) 13:01:30 executing program 7: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x2175, &(0x7f0000000680)={0x0, 0x1df2, 0x4, 0x102, 0x285}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000380), &(0x7f00000003c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r3, &(0x7f0000000400)=0x80, &(0x7f00000005c0)=@isdn, 0x0, 0x80800, 0x1, {0x0, r5}}, 0x3) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[r6, r7], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r8, 0x0, 0x0, 0x87ffffc) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000540), &(0x7f0000000580)=0x4) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000640)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000480)=0x10) syz_io_uring_submit(r1, r4, &(0x7f0000000180)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x4}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x7d65, &(0x7f00000001c0)={0x0, 0xf798, 0x4, 0x1, 0x60, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000240)) 13:01:30 executing program 5: r0 = syz_io_uring_setup(0x178f, &(0x7f0000000080)={0x0, 0x0, 0x900, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_CLOSE, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x7) io_uring_enter(r0, 0x64d0, 0x0, 0x0, 0x0, 0x0) 13:01:30 executing program 0: r0 = fsopen(&(0x7f0000000000)='cpuset\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) 13:01:30 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='\\&&\x00') 13:01:30 executing program 6: mmap(&(0x7f0000001000/0xb000)=nil, 0xb000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'sit0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) 13:01:30 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f00000001c0)=ANY=[], 0x8) sendmmsg$inet6(r0, &(0x7f00000038c0)=[{{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000000040)="178d453526d560d0372ba61cdcf15d9ce12b5ac72726e265bb75a1c267ea2c129559c1e0e8ec8cbda6ef5d57ea66423ff1b772899c154b2ce16189f5dfa52a6e56e2e241d41f", 0x46}, {&(0x7f0000000100)="56fa6402ec7a19094274eca75aae2f3e6e3833c42cc1e0e252b13d383572d2e94e433cf1d4e6376b2fb5283eeb40d0caeeba9a2f69456d99892090675635eb4482f43d411310cce63aae3e8d054222aa052506876b5acc2ddf74b592e4a1f4b1506e3deb8b8930f2984b5bc680f36183e3f5f648fa64038c4c306af3cd425bcfa628ec6ff7cd319494ab0f4c85c630bc2b481ff81f70f404a43e4f6e6cf66ee0d789b0f6b0eb7cefae2f43e2f0a7ef0ee8530c1593492e4a3c996590ad91d82b4dfaef8110c7526ea90b61606bec0fe516d7016141bba465add28193f689f4321f1ff1bea8be6873eb574a835c27a663af448c797a615dcfa0af0403ee4b990cc78689de37ab5dec4d6f2dc4d8a30bda285914a8198b0b98412e361520141ef429847569389905f2ab41b09a7afb40ccd02e582580f70722ad2a60a55602e9b174c274a3a4306c22068b47f904a0974a293b2628facc136503104190c23c58681d122b6416a45c4654ad7da13ab8112e9df2165c2636e8d0fe50cc9e122a3fa33a68a094bd875dcd1a46b356abd854786d2221f41b614a416a8b8f4e87b5cb3f3e0551981d8d778b6f521ab379be457e53721c6ec2064bd51d76a76bbc19d15cf8b9bb4ce7f1cb5a5f4bde5fb790a7b70d9ff782c03fe559161de3b82ae60f97b3cb9894f9476eab38db6f7f719a087f9ac09ceb0cff703d47bbbe940861d8a925765f5602aaa55ee446fc6dc0b1d80d03b34121377dc2ea3182950324a8db368044350506b66d37f208565df885cf9396ebec5f964b2e5fb38c299d2737a1302a2818bf68bfe8bf9437c776f183e34b3b69a21acd13874f04475f672b014ced448e3e12a214d656d9efb89c3ff17ac7a151d75725f787aff791e6b2140da15f72dae4ea435ea21886268fb8dee2f42d5ed5980ad92b21e6edaaad0a8c971cd66daa633504e84884f0a9189491aa5fd165448cbcf2eabb560024e4fe546d6f95ec915da7f8f3f8e421783d275e1e9db551ef01b5b0ea7e188bc93eaba212604ee0f90eef4ff2d37a05266a697e5ba23be0d2c3b704ee4c13ea8749dc75e07ae0084bb64dd689ef1f6c8a9eae3bf86fc1fd318bf2a031f5e1f84ad7aaff98dd2508f33551e98aec6cf693e301f0338df10e81a676c1ab1b1b09739c4ce6edb8efb388aa951efebf1ab6fe1086c4cd9a5175b7a19320c58f896e983ab5c28a8faad1c448dac52b00d4be320b380a36db74465937579eaeac17841005d8b15de6a44c16bb0ff02be932f0a82b60ae54da718ecaff64e24b804f43e6cce5bac89468f0d2783c3a454e287134a3b2ab23e1461293d25e02184d4b943139dbd0ea137de490a9a3614f300f047dc51fb7659c0d8803ee84dee1c3f735ee164f529ec1d71ef283bf3d0db8985e3f20ea83f68bcd7101ee295099333e069475f21e4a9be040316be1457b79bb65053ac39aba5ece5225ba7953225f0c9614f65ac80d54687ab87e73e46c8b542dd6a98e3aa750eac50075f590cee4028ad94c0ee8ffcb40bca615a0be2f5653f679f30ee6ef6d52af5073b6948e3b06d6759218e89d76c0c8d40ea33ec62474cf6a06fb669a98925e13e5805788153157543530e0e56d5bb97c5f3d0d0be59f20da6efe5e80f17c8f3876515b1f8a9cbf1a4552975085059aa6896824cb0a14870a5dbe689d13cfd293ec4650c2945270d19ccfb3f71126d450a57572d86e273b4dce78cc4bb1b4cebbe7cf9ae8fe28a0ea30d92c59c50ee76cee31e281f9491ec4a6f53246cb1fadb6fc5ceb5ff4a6420b49ac81a0cdf878d537f211991e23e71f28069c7e1c0025cdee5dcb00d279df49048e310a504b5fb0cdb26c4c078085d33c557865c2a6587c6e2f5e6285161e6b824ca19af531e4d3efc5e86449e928f442cb6a8a3aab13805e1a8e0b4240db405668ee61cf769e669d494084aea8917424ce11575f73f253c6aed433a71dbea715059444c0a0859365ce0a44f40bc53a5525636ed77bdd60f320e82826ef13bd2754eb1770a4043acd944f1a3a419acfa10a2032a2fabc3b3aaa2db45478acc1bf1f48f748e5941a6db271509653857c09a6068e6b58800ba843231ff0f23841267fd6b2effecb89cbd8fa831befd0cc4bde2e06ca53d8e6d1d07c62d03d30ebaa60bdc7afbcf225f337a2398766dbe6bdf4d063e6df8b4b33390a5fe4b35520faf9f0b0fb0090cf704fadfb0fd7f7a568bbf4cd17d84e4e34ac942f443c6e9c238ef33a3de098db3cac3c16fbe3553e5606422c686732d2fc405f1ca24f7d9de76116056b7bdd7e61a39608c6a7451504f0234d30229b58dff16b9f9144bd88cfecdb65c0d92c70c6aa1b6088d4f468364face42e85a0fb89f69def467fe511483d252faf9321f300b14f3f7c1d6906cb0e43586a1ff477f062238b2110b62de889a896f26acecadf7870522923e3b3bd26b9e189a6f8799bc53b8782eea7bbacea8c73ea25d4df49b54f09be10cda63f8400c72f7f3641da26f88520da0a161fe22fb30b64f9624ff69b867658478da912fed197824fdf6c43f9368cf73777b671ebe18aba3030c0a611798720002399c744a264c9bb789e0b37ac23b0c2277e9514b9dbfe453d7f162d8e796201159156d5bf5aea969438270b31bc3eef9febd8a60f24e13c6ac40ed97d408a6ea6a484df32059148cbdc2da36882a6f149a435fb739990d2690b4b3d73201618f9dd48529e0c18569b9f250da077a64076b4d7eaa215135890c0725ae6d86f7428ddb2c85fdac214800d8ebd9280575ebf6fba7013ce088692c131e7d134b285dafbfae1070ae5bd9479b4ab176fe8cbf8b9516b79820f3a5e48a60930934729fde0105963eec885c7ff32de76f9d1cdf5fb2a9b706c33b904d62a4032c6bbaaab213f15d1adc7a0340c7cabefff231907acf20946b62b9cbd91dd9490891173411ebcff57390ac6d874e4c5016bbf6126a36f7a34a030538650988e539bf47c0d06ad9bdf0cb4e5170dfc78fecba94eab754f1e847c4c1089ccda6093979725ad93bb3b8defaf2c70a3cf6dbe3095aa69a09434da339660b91b8a28b33f794c5a059803134ce7de0715a07b81af8fb33c87d1838f7ea4f39247dc3b0984cde4967df604530948e555d01f8efd36560c5b89f3b834dbb8417623a3978339c66d62b09208a1356a6165832dd07816f23b54c7d75fa1e13755843f941534ec6450024866369aff220ac354e59550af7859713b063f08f710bb85794f715b9362d899033e83059061abaa66f9b661427de89335cad6083b7b9280ac7dcfd413e3d7d62e66d393edafa53882cc64177e31cc202caa2fea7c0de90f8dc3ee84123966a0aba337a9b3d7712ead481eaf2da60a9bf03560a7440616340ea983ef561236f7be7320b506cb2c7ccdc511ec8bce0fdb1e7e9cc6481fe0ed16b548f5de30b94430e53799a4ef0efec453364c6301a0cbef1952df1192245e1d422ef4e4b1a445925c91dd7a15392cb9530df847736cd06e2306283446b2aa63aa9cce87a5fdb0df6826bec524841ea3c70c192a2b101198ac06a13107d36db0c1a0f08f2eeb189d19756bba37d3f5aa4d358cda2cda05da33094bad57b3cb35aecc6ebf23a1362403661acb0c90c91436e1f2b2f12147547451510e16f36cdb4dcbeb14c858e48d16d2e0edf9100b3458953ebcdfdc902899e055a3270deede8cfdf85ea72ead30850e1eb202d4e9416c39e756e02e61cb4713a3dc6ddb4759ed7ae46ad8522cda05070d6fe53a23b1b99983126f19e3eac8bad7e1a389be5a62559afefe102d981ed6d5d00ef755d1dcb6b4b43f575db3aa19d8c9f7765e9753a6d140df0fa7788bf95f94f7a9325b9640f99e325d1a94b0e10d2a8a9f050619e6a5906c20008baab0f5d861b65679d168cc64320e9e45", 0xadb}], 0x2}}, {{&(0x7f0000001180)={0xa, 0x4e23, 0x0, @remote, 0x1}, 0x1c, 0x0}}], 0x2, 0x0) 13:01:31 executing program 4: r0 = fsopen(&(0x7f0000000000)='cpuset\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) 13:01:31 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000140)={r1, 0x1, 0x6, @link_local}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0xf, 0x4, @broadcast}, 0x10) 13:01:31 executing program 1: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='\\&&\x00') 13:01:31 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x12, 0x0, 0x0) 13:01:31 executing program 3: pwritev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x1000000000000096, 0x0) 13:01:31 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_SCRNMAP(r0, 0x5437, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)='l', 0x1}], 0x1) 13:01:31 executing program 0: r0 = fsopen(&(0x7f0000000000)='cpuset\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) 13:01:31 executing program 7: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x2175, &(0x7f0000000680)={0x0, 0x1df2, 0x4, 0x102, 0x285}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000380), &(0x7f00000003c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r3, &(0x7f0000000400)=0x80, &(0x7f00000005c0)=@isdn, 0x0, 0x80800, 0x1, {0x0, r5}}, 0x3) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[r6, r7], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r8, 0x0, 0x0, 0x87ffffc) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000540), &(0x7f0000000580)=0x4) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000640)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000480)=0x10) syz_io_uring_submit(r1, r4, &(0x7f0000000180)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x4}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x7d65, &(0x7f00000001c0)={0x0, 0xf798, 0x4, 0x1, 0x60, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000240)) [ 137.232424] device syz_tun entered promiscuous mode [ 137.233823] device syz_tun left promiscuous mode [ 137.239621] device syz_tun entered promiscuous mode [ 137.240587] device syz_tun left promiscuous mode 13:01:31 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x12, 0x0, 0x0) 13:01:31 executing program 3: pwritev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x1000000000000096, 0x0) 13:01:31 executing program 4: r0 = fsopen(&(0x7f0000000000)='cpuset\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) 13:01:31 executing program 2: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x2175, &(0x7f0000000680)={0x0, 0x1df2, 0x4, 0x102, 0x285}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000380), &(0x7f00000003c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r3, &(0x7f0000000400)=0x80, &(0x7f00000005c0)=@isdn, 0x0, 0x80800, 0x1, {0x0, r5}}, 0x3) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[r6, r7], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r8, 0x0, 0x0, 0x87ffffc) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000540), &(0x7f0000000580)=0x4) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000640)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000480)=0x10) syz_io_uring_submit(r1, r4, &(0x7f0000000180)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x4}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x7d65, &(0x7f00000001c0)={0x0, 0xf798, 0x4, 0x1, 0x60, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000240)) 13:01:31 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000080)={0x17e}) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x80, 0x8}) 13:01:31 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000140)={r1, 0x1, 0x6, @link_local}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0xf, 0x4, @broadcast}, 0x10) [ 137.410133] device syz_tun entered promiscuous mode 13:01:31 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f00000000c0)={{0x2, 0x0, @dev}, {0x0, @remote}, 0x0, {0x2, 0x0, @dev}}) [ 137.430157] device syz_tun left promiscuous mode 13:01:31 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x12, 0x0, 0x0) 13:01:31 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000040)) 13:01:31 executing program 3: pwritev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x1000000000000096, 0x0) 13:01:31 executing program 1: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 13:01:31 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = dup(r0) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x3, 0x2, 0x101}, 0x14}}, 0x0) recvmmsg(r1, &(0x7f0000001600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 13:01:31 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000140)={r1, 0x1, 0x6, @link_local}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0xf, 0x4, @broadcast}, 0x10) 13:01:31 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x12, 0x0, 0x0) [ 137.628304] device syz_tun entered promiscuous mode [ 137.629368] device syz_tun left promiscuous mode 13:01:31 executing program 3: pwritev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x1000000000000096, 0x0) 13:01:31 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000040)) 13:01:31 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000040)) 13:01:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x8, 0x17, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, 0x1c}], 0x1}, 0x0) 13:01:31 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000100)=[{0x20, 0x0, 0x0, 0x8}, {0x6}]}) 13:01:31 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000140)={r1, 0x1, 0x6, @link_local}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0xf, 0x4, @broadcast}, 0x10) 13:01:31 executing program 2: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x2175, &(0x7f0000000680)={0x0, 0x1df2, 0x4, 0x102, 0x285}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000380), &(0x7f00000003c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r3, &(0x7f0000000400)=0x80, &(0x7f00000005c0)=@isdn, 0x0, 0x80800, 0x1, {0x0, r5}}, 0x3) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[r6, r7], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r8, 0x0, 0x0, 0x87ffffc) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000540), &(0x7f0000000580)=0x4) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000640)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000480)=0x10) syz_io_uring_submit(r1, r4, &(0x7f0000000180)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x4}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x7d65, &(0x7f00000001c0)={0x0, 0xf798, 0x4, 0x1, 0x60, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000240)) 13:01:31 executing program 7: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x2175, &(0x7f0000000680)={0x0, 0x1df2, 0x4, 0x102, 0x285}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000380), &(0x7f00000003c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r3, &(0x7f0000000400)=0x80, &(0x7f00000005c0)=@isdn, 0x0, 0x80800, 0x1, {0x0, r5}}, 0x3) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[r6, r7], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r8, 0x0, 0x0, 0x87ffffc) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000540), &(0x7f0000000580)=0x4) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000640)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000480)=0x10) syz_io_uring_submit(r1, r4, &(0x7f0000000180)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x4}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x7d65, &(0x7f00000001c0)={0x0, 0xf798, 0x4, 0x1, 0x60, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000240)) [ 137.816874] device syz_tun entered promiscuous mode [ 137.846076] device syz_tun left promiscuous mode [ 137.849537] audit: type=1326 audit(1663333291.981:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4202 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d707c8b19 code=0x0 13:01:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x8, 0x17, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, 0x1c}], 0x1}, 0x0) 13:01:32 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x445, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)) r0 = gettid() r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00') pread64(r1, &(0x7f0000000180)=""/16, 0x2f00, 0x76) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x2, 0x2, 0x2, 0x42b1, r0}) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 13:01:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x8, 0x17, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, 0x1c}], 0x1}, 0x0) 13:01:32 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x2, 0xc9}}}, 0x6) 13:01:32 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f00000015c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$vga_arbiter(0xffffffffffffffff, 0x0, 0xc) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(0xffffffffffffffff, 0xf505, 0x0) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r1, 0x0, 0x6) r2 = getpid() clone3(&(0x7f0000001340)={0x80c200, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0), {0x1f}, &(0x7f0000000200)=""/73, 0x49, 0x0, &(0x7f0000001300)=[0x0, r2], 0x2}, 0x58) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001440)=""/137, &(0x7f0000001500)=0x89) fcntl$getown(0xffffffffffffffff, 0x9) fstatfs(0xffffffffffffffff, &(0x7f0000001640)=""/233) 13:01:32 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x2, 0xc9}}}, 0x6) 13:01:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x8, 0x17, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, 0x1c}], 0x1}, 0x0) 13:01:32 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x2, 0xc9}}}, 0x6) 13:01:33 executing program 7: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x2175, &(0x7f0000000680)={0x0, 0x1df2, 0x4, 0x102, 0x285}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000380), &(0x7f00000003c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r3, &(0x7f0000000400)=0x80, &(0x7f00000005c0)=@isdn, 0x0, 0x80800, 0x1, {0x0, r5}}, 0x3) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[r6, r7], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r8, 0x0, 0x0, 0x87ffffc) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000540), &(0x7f0000000580)=0x4) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000640)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000480)=0x10) syz_io_uring_submit(r1, r4, &(0x7f0000000180)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x4}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x7d65, &(0x7f00000001c0)={0x0, 0xf798, 0x4, 0x1, 0x60, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000240)) 13:01:33 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x2, 0xc9}}}, 0x6) 13:01:33 executing program 5: pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RWALK(r0, &(0x7f0000000200)={0x9}, 0x9) write$P9_RLOPEN(r0, &(0x7f0000000600)={0x18}, 0xfdef) 13:01:33 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x445, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)) r0 = gettid() r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00') pread64(r1, &(0x7f0000000180)=""/16, 0x2f00, 0x76) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x2, 0x2, 0x2, 0x42b1, r0}) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 13:01:33 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000040)) 13:01:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f00000015c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$vga_arbiter(0xffffffffffffffff, 0x0, 0xc) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(0xffffffffffffffff, 0xf505, 0x0) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r1, 0x0, 0x6) r2 = getpid() clone3(&(0x7f0000001340)={0x80c200, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0), {0x1f}, &(0x7f0000000200)=""/73, 0x49, 0x0, &(0x7f0000001300)=[0x0, r2], 0x2}, 0x58) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001440)=""/137, &(0x7f0000001500)=0x89) fcntl$getown(0xffffffffffffffff, 0x9) fstatfs(0xffffffffffffffff, &(0x7f0000001640)=""/233) 13:01:33 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000040)) 13:01:33 executing program 2: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x2175, &(0x7f0000000680)={0x0, 0x1df2, 0x4, 0x102, 0x285}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000380), &(0x7f00000003c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r3, &(0x7f0000000400)=0x80, &(0x7f00000005c0)=@isdn, 0x0, 0x80800, 0x1, {0x0, r5}}, 0x3) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0) r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[r6, r7], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r8, 0x0, 0x0, 0x87ffffc) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000540), &(0x7f0000000580)=0x4) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000640)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000480)=0x10) syz_io_uring_submit(r1, r4, &(0x7f0000000180)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x4}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x7d65, &(0x7f00000001c0)={0x0, 0xf798, 0x4, 0x1, 0x60, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000240)) 13:01:33 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x445, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)) r0 = gettid() r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00') pread64(r1, &(0x7f0000000180)=""/16, 0x2f00, 0x76) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x2, 0x2, 0x2, 0x42b1, r0}) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 13:01:33 executing program 3: setpgid(0xffffffffffffffff, 0xffffffffffffffff) 13:01:33 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000040)) 13:01:33 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x445, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)) r0 = gettid() r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00') pread64(r1, &(0x7f0000000180)=""/16, 0x2f00, 0x76) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x2, 0x2, 0x2, 0x42b1, r0}) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 13:01:33 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000040)) 13:01:33 executing program 3: setpgid(0xffffffffffffffff, 0xffffffffffffffff) 13:01:33 executing program 0: socket$inet(0x2, 0x3, 0x0) 13:01:33 executing program 3: setpgid(0xffffffffffffffff, 0xffffffffffffffff) 13:01:33 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x445, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)) r0 = gettid() r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00') pread64(r1, &(0x7f0000000180)=""/16, 0x2f00, 0x76) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x2, 0x2, 0x2, 0x42b1, r0}) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 13:01:33 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@remote, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev, 0x0, 0x3c}, 0x2, @in6=@empty, 0x0, 0x4, 0x0, 0xfe}}, 0xe8) connect$inet6(r0, &(0x7f0000001100)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) 13:01:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f00000015c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$vga_arbiter(0xffffffffffffffff, 0x0, 0xc) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(0xffffffffffffffff, 0xf505, 0x0) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r1, 0x0, 0x6) r2 = getpid() clone3(&(0x7f0000001340)={0x80c200, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0), {0x1f}, &(0x7f0000000200)=""/73, 0x49, 0x0, &(0x7f0000001300)=[0x0, r2], 0x2}, 0x58) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001440)=""/137, &(0x7f0000001500)=0x89) fcntl$getown(0xffffffffffffffff, 0x9) fstatfs(0xffffffffffffffff, &(0x7f0000001640)=""/233) 13:01:33 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x445, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)) r0 = gettid() r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00') pread64(r1, &(0x7f0000000180)=""/16, 0x2f00, 0x76) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x2, 0x2, 0x2, 0x42b1, r0}) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 13:01:33 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f00000015c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$vga_arbiter(0xffffffffffffffff, 0x0, 0xc) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(0xffffffffffffffff, 0xf505, 0x0) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r1, 0x0, 0x6) r2 = getpid() clone3(&(0x7f0000001340)={0x80c200, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0), {0x1f}, &(0x7f0000000200)=""/73, 0x49, 0x0, &(0x7f0000001300)=[0x0, r2], 0x2}, 0x58) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001440)=""/137, &(0x7f0000001500)=0x89) fcntl$getown(0xffffffffffffffff, 0x9) fstatfs(0xffffffffffffffff, &(0x7f0000001640)=""/233) 13:01:33 executing program 4: getitimer(0x1, &(0x7f0000000080)) 13:01:33 executing program 3: setpgid(0xffffffffffffffff, 0xffffffffffffffff) 13:01:33 executing program 2: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000580)={{0x0, 0x100000001, 0x0, 0x2, 0x1, 0x2, 0x0, 0x3, 0x7c0000, 0x3, 0x4, 0xb65d, 0x8, 0x0, 0x6}}) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9f47ad4552e7bdf4f8e7998a1266a360beb2ec1527390452139f9ab91ee250efcf3413e72a6b2688d8b6a4748ccc165bbf886573ccdd03bd93f32a866cd878ec246e06f31d4d7f7ec9836b7305ee0c1b9fa75cd6e4ca5cc2f107b654f15a2442cd9c8eaf581d093639fe35e0da49394c5ed66ad29bc2b863649e16c1951d0d3dd6f1048539e558ee1f059d91510a5acd84777ca01545635d2fb40e2f205bb11435023e47e4e2f85b6d1b56b688dd1a4304708a561d32dbaa6cd4f969e67af33773d4e9772751019dc6c2af7e2fe9d3c7eb6f1b401926603d90802f792b081957dd5ebd18410cd42b2ea05ae9a61254e4b878384b8a376fe9eba06afc1253f2224fab88feb7c426e3dfb19385afbb42cc13209b419568eeafdf505dc5ca30acc17d337e941e0badf9f9413f381fe9a315e2597426805827943f193f02a12554d434bd91708a28d9da1bf64ad64f80a7287d1e02d5d1f14bf9d89ba3badfa524694db6a651e97", 0x341}], 0x1) 13:01:33 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x445, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)) r0 = gettid() r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00') pread64(r1, &(0x7f0000000180)=""/16, 0x2f00, 0x76) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x2, 0x2, 0x2, 0x42b1, r0}) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 13:01:33 executing program 4: getresuid(&(0x7f0000000f40), &(0x7f0000000f80), 0x0) 13:01:33 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNGETVNETHDRSZ(r0, 0x800454cf, &(0x7f0000000340)) 13:01:33 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r2 = getpid() tgkill(r2, r2, 0x0) syncfs(r1) 13:01:33 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, VM DIAGNOSIS: 13:01:26 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b3251 RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff8880401c7348 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000020 R11=0000000000000001 R12=0000000000000020 R13=ffffffff87641b60 R14=0000000000000010 R15=ffffffff822b3240 RIP=ffffffff822b32a9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f5d62288700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4029db48e0 CR3=0000000015d52000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f5d64df97c0 00007f5d64df97c8 YMM02=0000000000000000 0000000000000000 00007f5d64df97e0 00007f5d64df97c0 YMM03=0000000000000000 0000000000000000 00007f5d64df97c8 00007f5d64df97c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88806cf3c2c0 RCX=0000000080120012 RDX=0000000080120011 RSI=ffffea0000377480 RDI=ffff888007c4f780 RBP=ffff888007c4f780 RSP=ffff8880400ef9a8 R8 =0000000000000000 R9 =0000000080120012 R10=fffffbfff0b605e2 R11=0000000000000001 R12=00000000ffffffff R13=ffff88800ddd3950 R14=ffff888017cd1ac0 R15=ffffea0000377480 RIP=ffffffff81781d1b RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2e60eb5260 CR3=000000003f272000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000