Warning: Permanently added '[localhost]:42091' (ECDSA) to the list of known hosts. 2022/09/19 14:30:09 fuzzer started 2022/09/19 14:30:10 dialing manager at localhost:42121 syzkaller login: [ 35.993024] cgroup: Unknown subsys name 'net' [ 36.075982] cgroup: Unknown subsys name 'rlimit' 2022/09/19 14:30:24 syscalls: 2215 2022/09/19 14:30:24 code coverage: enabled 2022/09/19 14:30:24 comparison tracing: enabled 2022/09/19 14:30:24 extra coverage: enabled 2022/09/19 14:30:24 setuid sandbox: enabled 2022/09/19 14:30:24 namespace sandbox: enabled 2022/09/19 14:30:24 Android sandbox: enabled 2022/09/19 14:30:24 fault injection: enabled 2022/09/19 14:30:24 leak checking: enabled 2022/09/19 14:30:24 net packet injection: enabled 2022/09/19 14:30:24 net device setup: enabled 2022/09/19 14:30:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/19 14:30:24 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/19 14:30:24 USB emulation: enabled 2022/09/19 14:30:24 hci packet injection: enabled 2022/09/19 14:30:24 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220919) 2022/09/19 14:30:24 802.15.4 emulation: enabled 2022/09/19 14:30:24 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/19 14:30:24 fetching corpus: 50, signal 27464/30951 (executing program) 2022/09/19 14:30:24 fetching corpus: 100, signal 40514/45379 (executing program) 2022/09/19 14:30:24 fetching corpus: 150, signal 46100/52385 (executing program) 2022/09/19 14:30:24 fetching corpus: 200, signal 52357/59922 (executing program) 2022/09/19 14:30:24 fetching corpus: 250, signal 57845/66657 (executing program) 2022/09/19 14:30:25 fetching corpus: 300, signal 66944/76642 (executing program) 2022/09/19 14:30:25 fetching corpus: 350, signal 71134/81871 (executing program) 2022/09/19 14:30:25 fetching corpus: 400, signal 76416/88038 (executing program) 2022/09/19 14:30:25 fetching corpus: 450, signal 82983/95269 (executing program) 2022/09/19 14:30:25 fetching corpus: 500, signal 86156/99355 (executing program) 2022/09/19 14:30:25 fetching corpus: 550, signal 88397/102520 (executing program) 2022/09/19 14:30:25 fetching corpus: 600, signal 91760/106644 (executing program) 2022/09/19 14:30:26 fetching corpus: 650, signal 95980/111505 (executing program) 2022/09/19 14:30:26 fetching corpus: 700, signal 99639/115774 (executing program) 2022/09/19 14:30:26 fetching corpus: 750, signal 102928/119676 (executing program) 2022/09/19 14:30:26 fetching corpus: 800, signal 105308/122762 (executing program) 2022/09/19 14:30:26 fetching corpus: 850, signal 108920/126832 (executing program) 2022/09/19 14:30:26 fetching corpus: 900, signal 111188/129706 (executing program) 2022/09/19 14:30:26 fetching corpus: 950, signal 112843/132036 (executing program) 2022/09/19 14:30:27 fetching corpus: 1000, signal 115408/135051 (executing program) 2022/09/19 14:30:27 fetching corpus: 1050, signal 117769/137886 (executing program) 2022/09/19 14:30:27 fetching corpus: 1100, signal 119850/140456 (executing program) 2022/09/19 14:30:27 fetching corpus: 1150, signal 121037/142292 (executing program) 2022/09/19 14:30:27 fetching corpus: 1200, signal 123593/145205 (executing program) 2022/09/19 14:30:27 fetching corpus: 1250, signal 125093/147182 (executing program) 2022/09/19 14:30:27 fetching corpus: 1300, signal 126269/148896 (executing program) 2022/09/19 14:30:27 fetching corpus: 1350, signal 128018/151074 (executing program) 2022/09/19 14:30:28 fetching corpus: 1400, signal 128950/152549 (executing program) 2022/09/19 14:30:28 fetching corpus: 1450, signal 130821/154726 (executing program) 2022/09/19 14:30:28 fetching corpus: 1500, signal 132510/156680 (executing program) 2022/09/19 14:30:28 fetching corpus: 1550, signal 133722/158333 (executing program) 2022/09/19 14:30:28 fetching corpus: 1600, signal 135098/160083 (executing program) 2022/09/19 14:30:28 fetching corpus: 1650, signal 138574/163267 (executing program) 2022/09/19 14:30:28 fetching corpus: 1700, signal 140475/165230 (executing program) 2022/09/19 14:30:29 fetching corpus: 1750, signal 142333/167157 (executing program) 2022/09/19 14:30:29 fetching corpus: 1800, signal 143793/168801 (executing program) 2022/09/19 14:30:29 fetching corpus: 1850, signal 144974/170232 (executing program) 2022/09/19 14:30:29 fetching corpus: 1900, signal 146566/171945 (executing program) 2022/09/19 14:30:29 fetching corpus: 1950, signal 148677/173898 (executing program) 2022/09/19 14:30:29 fetching corpus: 2000, signal 149986/175399 (executing program) 2022/09/19 14:30:29 fetching corpus: 2050, signal 151370/176904 (executing program) 2022/09/19 14:30:29 fetching corpus: 2100, signal 152847/178422 (executing program) 2022/09/19 14:30:30 fetching corpus: 2150, signal 154274/179876 (executing program) 2022/09/19 14:30:30 fetching corpus: 2200, signal 156300/181642 (executing program) 2022/09/19 14:30:30 fetching corpus: 2250, signal 157956/183133 (executing program) 2022/09/19 14:30:30 fetching corpus: 2300, signal 159031/184350 (executing program) 2022/09/19 14:30:30 fetching corpus: 2350, signal 160041/185435 (executing program) 2022/09/19 14:30:30 fetching corpus: 2400, signal 161366/186682 (executing program) 2022/09/19 14:30:30 fetching corpus: 2450, signal 162424/187753 (executing program) 2022/09/19 14:30:30 fetching corpus: 2500, signal 165091/189759 (executing program) 2022/09/19 14:30:31 fetching corpus: 2550, signal 166167/190785 (executing program) 2022/09/19 14:30:31 fetching corpus: 2600, signal 167377/191900 (executing program) 2022/09/19 14:30:31 fetching corpus: 2650, signal 168325/192847 (executing program) 2022/09/19 14:30:31 fetching corpus: 2700, signal 168959/193580 (executing program) 2022/09/19 14:30:31 fetching corpus: 2750, signal 169850/194456 (executing program) 2022/09/19 14:30:31 fetching corpus: 2800, signal 171337/195581 (executing program) 2022/09/19 14:30:31 fetching corpus: 2850, signal 172320/196445 (executing program) 2022/09/19 14:30:32 fetching corpus: 2900, signal 173169/197319 (executing program) 2022/09/19 14:30:32 fetching corpus: 2950, signal 174814/198458 (executing program) 2022/09/19 14:30:32 fetching corpus: 3000, signal 175926/199325 (executing program) 2022/09/19 14:30:32 fetching corpus: 3050, signal 176906/200167 (executing program) 2022/09/19 14:30:32 fetching corpus: 3100, signal 177487/200776 (executing program) 2022/09/19 14:30:32 fetching corpus: 3150, signal 178660/201615 (executing program) 2022/09/19 14:30:32 fetching corpus: 3200, signal 179792/202405 (executing program) 2022/09/19 14:30:32 fetching corpus: 3250, signal 180515/203022 (executing program) 2022/09/19 14:30:33 fetching corpus: 3300, signal 182051/204274 (executing program) 2022/09/19 14:30:33 fetching corpus: 3350, signal 182806/204918 (executing program) 2022/09/19 14:30:33 fetching corpus: 3400, signal 184011/205616 (executing program) 2022/09/19 14:30:33 fetching corpus: 3450, signal 185468/206472 (executing program) 2022/09/19 14:30:33 fetching corpus: 3500, signal 186092/207012 (executing program) 2022/09/19 14:30:33 fetching corpus: 3550, signal 186819/207626 (executing program) 2022/09/19 14:30:33 fetching corpus: 3600, signal 187847/208241 (executing program) 2022/09/19 14:30:34 fetching corpus: 3650, signal 188426/208679 (executing program) 2022/09/19 14:30:34 fetching corpus: 3700, signal 189226/209205 (executing program) 2022/09/19 14:30:34 fetching corpus: 3750, signal 190076/209711 (executing program) 2022/09/19 14:30:34 fetching corpus: 3800, signal 190952/210250 (executing program) 2022/09/19 14:30:34 fetching corpus: 3850, signal 192190/210830 (executing program) 2022/09/19 14:30:34 fetching corpus: 3900, signal 192791/211212 (executing program) 2022/09/19 14:30:34 fetching corpus: 3950, signal 193209/211551 (executing program) 2022/09/19 14:30:34 fetching corpus: 4000, signal 194274/212075 (executing program) 2022/09/19 14:30:35 fetching corpus: 4050, signal 194702/212416 (executing program) 2022/09/19 14:30:35 fetching corpus: 4100, signal 195302/212776 (executing program) 2022/09/19 14:30:35 fetching corpus: 4150, signal 196077/213180 (executing program) 2022/09/19 14:30:35 fetching corpus: 4200, signal 196622/213496 (executing program) 2022/09/19 14:30:35 fetching corpus: 4250, signal 197605/213911 (executing program) 2022/09/19 14:30:35 fetching corpus: 4300, signal 198184/214182 (executing program) 2022/09/19 14:30:35 fetching corpus: 4350, signal 199845/214657 (executing program) 2022/09/19 14:30:35 fetching corpus: 4400, signal 200247/214889 (executing program) 2022/09/19 14:30:36 fetching corpus: 4450, signal 201177/215230 (executing program) 2022/09/19 14:30:36 fetching corpus: 4500, signal 201814/215494 (executing program) 2022/09/19 14:30:36 fetching corpus: 4550, signal 202707/215786 (executing program) 2022/09/19 14:30:36 fetching corpus: 4600, signal 203192/215992 (executing program) 2022/09/19 14:30:36 fetching corpus: 4650, signal 203850/216243 (executing program) 2022/09/19 14:30:36 fetching corpus: 4700, signal 204596/216467 (executing program) 2022/09/19 14:30:36 fetching corpus: 4750, signal 205346/216704 (executing program) 2022/09/19 14:30:36 fetching corpus: 4800, signal 206046/216920 (executing program) 2022/09/19 14:30:36 fetching corpus: 4850, signal 206434/217058 (executing program) 2022/09/19 14:30:37 fetching corpus: 4900, signal 207458/217240 (executing program) 2022/09/19 14:30:37 fetching corpus: 4950, signal 208275/217397 (executing program) 2022/09/19 14:30:37 fetching corpus: 5000, signal 208891/217626 (executing program) 2022/09/19 14:30:37 fetching corpus: 5050, signal 209470/217747 (executing program) 2022/09/19 14:30:37 fetching corpus: 5100, signal 210460/218089 (executing program) 2022/09/19 14:30:37 fetching corpus: 5150, signal 211060/218174 (executing program) 2022/09/19 14:30:37 fetching corpus: 5200, signal 211594/218302 (executing program) 2022/09/19 14:30:38 fetching corpus: 5250, signal 212349/218373 (executing program) 2022/09/19 14:30:38 fetching corpus: 5263, signal 212567/218426 (executing program) 2022/09/19 14:30:38 fetching corpus: 5263, signal 212567/218426 (executing program) 2022/09/19 14:30:38 fetching corpus: 5263, signal 212567/218426 (executing program) 2022/09/19 14:30:39 starting 8 fuzzer processes 14:30:39 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCGSERIAL(r0, 0x4b49, 0x0) 14:30:40 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) getsockopt$inet6_tcp_int(r0, 0x6, 0x2, 0x0, &(0x7f0000000280)) 14:30:40 executing program 0: syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000700)='/sys/kernel/slab', 0x80000, 0x100) openat$sr(0xffffffffffffff9c, &(0x7f0000001180), 0x82880, 0x0) 14:30:40 executing program 2: r0 = syz_io_uring_setup(0x137, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@rc, 0x80, 0x0}}, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x7, 0x0, @fd=r3, 0x8, &(0x7f0000000140)=""/180, 0xb4, 0x9}, 0x2) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 14:30:40 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f00000000c0), &(0x7f00000002c0)=0x2) [ 65.769627] audit: type=1400 audit(1663597840.027:6): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 14:30:40 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000009c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000a00)={0x14, r1, 0x1}, 0x14}}, 0x0) 14:30:40 executing program 5: newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r0, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) fsetxattr$security_selinux(r1, &(0x7f0000000000), &(0x7f0000000100)='system_u:object_r:hald_log_t:s0\x00', 0x25, 0x0) 14:30:40 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 67.061961] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.064007] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.065449] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.066951] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.068535] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.092009] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.093194] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.094867] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.096708] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.096783] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.099633] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.103533] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.105178] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.105587] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.106531] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.107927] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 67.108852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.109516] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 67.110140] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.112477] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 67.114447] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 67.116008] Bluetooth: hci4: HCI_REQ-0x0c1a [ 67.119241] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.120498] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 67.121811] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 67.122799] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.123040] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 67.123510] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.127504] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 67.129089] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.130781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.132034] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.133869] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.136401] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.137528] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.138641] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.138685] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.141808] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 67.143139] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 67.144552] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.146283] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.148978] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 67.149546] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.150837] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 67.151079] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 67.153858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.155138] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 67.155267] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 67.160396] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.165809] Bluetooth: hci0: HCI_REQ-0x0c1a [ 67.170197] Bluetooth: hci7: HCI_REQ-0x0c1a [ 67.171186] Bluetooth: hci2: HCI_REQ-0x0c1a [ 67.172027] Bluetooth: hci3: HCI_REQ-0x0c1a [ 67.179121] Bluetooth: hci5: HCI_REQ-0x0c1a [ 67.184718] Bluetooth: hci1: HCI_REQ-0x0c1a [ 67.190137] Bluetooth: hci6: HCI_REQ-0x0c1a [ 69.174043] Bluetooth: hci4: command 0x0409 tx timeout [ 69.237341] Bluetooth: hci5: command 0x0409 tx timeout [ 69.237398] Bluetooth: hci6: command 0x0409 tx timeout [ 69.238235] Bluetooth: hci3: command 0x0409 tx timeout [ 69.238629] Bluetooth: hci1: command 0x0409 tx timeout [ 69.239650] Bluetooth: hci0: command 0x0409 tx timeout [ 69.240155] Bluetooth: hci7: command 0x0409 tx timeout [ 69.240707] Bluetooth: hci2: command 0x0409 tx timeout [ 71.221426] Bluetooth: hci4: command 0x041b tx timeout [ 71.285402] Bluetooth: hci1: command 0x041b tx timeout [ 71.285462] Bluetooth: hci2: command 0x041b tx timeout [ 71.285900] Bluetooth: hci3: command 0x041b tx timeout [ 71.287791] Bluetooth: hci7: command 0x041b tx timeout [ 71.288212] Bluetooth: hci0: command 0x041b tx timeout [ 71.289793] Bluetooth: hci6: command 0x041b tx timeout [ 71.290208] Bluetooth: hci5: command 0x041b tx timeout [ 73.269382] Bluetooth: hci4: command 0x040f tx timeout [ 73.333396] Bluetooth: hci2: command 0x040f tx timeout [ 73.333435] Bluetooth: hci5: command 0x040f tx timeout [ 73.333854] Bluetooth: hci1: command 0x040f tx timeout [ 73.334665] Bluetooth: hci6: command 0x040f tx timeout [ 73.335170] Bluetooth: hci0: command 0x040f tx timeout [ 73.335767] Bluetooth: hci7: command 0x040f tx timeout [ 73.336193] Bluetooth: hci3: command 0x040f tx timeout [ 75.317391] Bluetooth: hci4: command 0x0419 tx timeout [ 75.381341] Bluetooth: hci1: command 0x0419 tx timeout [ 75.382478] Bluetooth: hci3: command 0x0419 tx timeout [ 75.382962] Bluetooth: hci7: command 0x0419 tx timeout [ 75.383394] Bluetooth: hci0: command 0x0419 tx timeout [ 75.383805] Bluetooth: hci6: command 0x0419 tx timeout [ 75.384210] Bluetooth: hci5: command 0x0419 tx timeout [ 75.385178] Bluetooth: hci2: command 0x0419 tx timeout [ 118.141692] audit: type=1400 audit(1663597892.398:7): avc: denied { open } for pid=3820 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.143080] audit: type=1400 audit(1663597892.398:8): avc: denied { kernel } for pid=3820 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.154881] ------------[ cut here ]------------ [ 118.154904] [ 118.154908] ====================================================== [ 118.154911] WARNING: possible circular locking dependency detected [ 118.154916] 6.0.0-rc6-next-20220919 #1 Not tainted [ 118.154922] ------------------------------------------------------ [ 118.154926] syz-executor.6/3822 is trying to acquire lock: [ 118.154932] ffffffff853fa838 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 118.154970] [ 118.154970] but task is already holding lock: [ 118.154973] ffff888018a51820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 118.155000] [ 118.155000] which lock already depends on the new lock. [ 118.155000] [ 118.155004] [ 118.155004] the existing dependency chain (in reverse order) is: [ 118.155007] [ 118.155007] -> #3 (&ctx->lock){....}-{2:2}: [ 118.155022] _raw_spin_lock+0x2a/0x40 [ 118.155039] __perf_event_task_sched_out+0x53b/0x18d0 [ 118.155051] __schedule+0xedd/0x2470 [ 118.155062] schedule+0xda/0x1b0 [ 118.155072] exit_to_user_mode_prepare+0x114/0x1a0 [ 118.155092] syscall_exit_to_user_mode+0x19/0x40 [ 118.155109] do_syscall_64+0x48/0x90 [ 118.155123] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.155140] [ 118.155140] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 118.155154] _raw_spin_lock_nested+0x30/0x40 [ 118.155169] raw_spin_rq_lock_nested+0x1e/0x30 [ 118.155182] task_fork_fair+0x63/0x4d0 [ 118.155198] sched_cgroup_fork+0x3d0/0x540 [ 118.155212] copy_process+0x4183/0x6e20 [ 118.155223] kernel_clone+0xe7/0x890 [ 118.155232] user_mode_thread+0xad/0xf0 [ 118.155242] rest_init+0x24/0x250 [ 118.155258] arch_call_rest_init+0xf/0x14 [ 118.155290] start_kernel+0x4c1/0x4e6 [ 118.155299] secondary_startup_64_no_verify+0xe0/0xeb [ 118.155314] [ 118.155314] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 118.155328] _raw_spin_lock_irqsave+0x39/0x60 [ 118.155343] try_to_wake_up+0xab/0x1920 [ 118.155356] up+0x75/0xb0 [ 118.155367] __up_console_sem+0x6e/0x80 [ 118.155383] console_unlock+0x46a/0x590 [ 118.155399] do_con_write+0xc05/0x1d50 [ 118.155411] con_write+0x21/0x40 [ 118.155420] n_tty_write+0x4d4/0xfe0 [ 118.155434] file_tty_write.constprop.0+0x49c/0x8f0 [ 118.155446] vfs_write+0x9c3/0xd90 [ 118.155464] ksys_write+0x127/0x250 [ 118.155481] do_syscall_64+0x3b/0x90 [ 118.155494] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.155510] [ 118.155510] -> #0 ((console_sem).lock){....}-{2:2}: [ 118.155524] __lock_acquire+0x2a02/0x5e70 [ 118.155541] lock_acquire+0x1a2/0x530 [ 118.155556] _raw_spin_lock_irqsave+0x39/0x60 [ 118.155571] down_trylock+0xe/0x70 [ 118.155583] __down_trylock_console_sem+0x3b/0xd0 [ 118.155599] vprintk_emit+0x16b/0x560 [ 118.155615] vprintk+0x84/0xa0 [ 118.155631] _printk+0xba/0xf1 [ 118.155649] report_bug.cold+0x72/0xab [ 118.155661] handle_bug+0x3c/0x70 [ 118.155674] exc_invalid_op+0x14/0x50 [ 118.155687] asm_exc_invalid_op+0x16/0x20 [ 118.155703] group_sched_out.part.0+0x2c7/0x460 [ 118.155714] ctx_sched_out+0x8f1/0xc10 [ 118.155723] __perf_event_task_sched_out+0x6d0/0x18d0 [ 118.155736] __schedule+0xedd/0x2470 [ 118.155746] schedule+0xda/0x1b0 [ 118.155755] exit_to_user_mode_prepare+0x114/0x1a0 [ 118.155773] syscall_exit_to_user_mode+0x19/0x40 [ 118.155790] do_syscall_64+0x48/0x90 [ 118.155803] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.155820] [ 118.155820] other info that might help us debug this: [ 118.155820] [ 118.155823] Chain exists of: [ 118.155823] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 118.155823] [ 118.155838] Possible unsafe locking scenario: [ 118.155838] [ 118.155840] CPU0 CPU1 [ 118.155843] ---- ---- [ 118.155845] lock(&ctx->lock); [ 118.155851] lock(&rq->__lock); [ 118.155857] lock(&ctx->lock); [ 118.155864] lock((console_sem).lock); [ 118.155869] [ 118.155869] *** DEADLOCK *** [ 118.155869] [ 118.155871] 2 locks held by syz-executor.6/3822: [ 118.155878] #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 118.155904] #1: ffff888018a51820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 118.155932] [ 118.155932] stack backtrace: [ 118.155935] CPU: 0 PID: 3822 Comm: syz-executor.6 Not tainted 6.0.0-rc6-next-20220919 #1 [ 118.155948] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 118.155956] Call Trace: [ 118.155960] [ 118.155965] dump_stack_lvl+0x8b/0xb3 [ 118.155979] check_noncircular+0x263/0x2e0 [ 118.155996] ? format_decode+0x26c/0xb50 [ 118.156012] ? print_circular_bug+0x450/0x450 [ 118.156028] ? enable_ptr_key_workfn+0x20/0x20 [ 118.156044] ? format_decode+0x26c/0xb50 [ 118.156059] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 118.156077] __lock_acquire+0x2a02/0x5e70 [ 118.156098] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 118.156120] lock_acquire+0x1a2/0x530 [ 118.156136] ? down_trylock+0xe/0x70 [ 118.156151] ? lock_release+0x750/0x750 [ 118.156171] ? vprintk+0x84/0xa0 [ 118.156189] _raw_spin_lock_irqsave+0x39/0x60 [ 118.156205] ? down_trylock+0xe/0x70 [ 118.156218] down_trylock+0xe/0x70 [ 118.156231] ? vprintk+0x84/0xa0 [ 118.156248] __down_trylock_console_sem+0x3b/0xd0 [ 118.156265] vprintk_emit+0x16b/0x560 [ 118.156284] vprintk+0x84/0xa0 [ 118.156301] _printk+0xba/0xf1 [ 118.156319] ? record_print_text.cold+0x16/0x16 [ 118.156341] ? report_bug.cold+0x66/0xab [ 118.156355] ? group_sched_out.part.0+0x2c7/0x460 [ 118.156366] report_bug.cold+0x72/0xab [ 118.156382] handle_bug+0x3c/0x70 [ 118.156395] exc_invalid_op+0x14/0x50 [ 118.156410] asm_exc_invalid_op+0x16/0x20 [ 118.156427] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 118.156440] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d 5b 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 118.156452] RSP: 0018:ffff88801f20fc48 EFLAGS: 00010006 [ 118.156461] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 118.156470] RDX: ffff888015ea1ac0 RSI: ffffffff81566077 RDI: 0000000000000005 [ 118.156479] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 118.156489] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff888018a51800 [ 118.156499] R13: ffff88806ce3d140 R14: ffffffff8547c620 R15: 0000000000000002 [ 118.156511] ? group_sched_out.part.0+0x2c7/0x460 [ 118.156524] ? group_sched_out.part.0+0x2c7/0x460 [ 118.156537] ctx_sched_out+0x8f1/0xc10 [ 118.156550] __perf_event_task_sched_out+0x6d0/0x18d0 [ 118.156568] ? lock_is_held_type+0xd7/0x130 [ 118.156586] ? __perf_cgroup_move+0x160/0x160 [ 118.156598] ? set_next_entity+0x304/0x550 [ 118.156615] ? update_curr+0x267/0x740 [ 118.156633] ? lock_is_held_type+0xd7/0x130 [ 118.156654] __schedule+0xedd/0x2470 [ 118.156667] ? io_schedule_timeout+0x150/0x150 [ 118.156680] ? rcu_read_lock_sched_held+0x3e/0x80 [ 118.156700] schedule+0xda/0x1b0 [ 118.156712] exit_to_user_mode_prepare+0x114/0x1a0 [ 118.156733] syscall_exit_to_user_mode+0x19/0x40 [ 118.156751] do_syscall_64+0x48/0x90 [ 118.156766] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.156783] RIP: 0033:0x7f23255fcb19 [ 118.156794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.156805] RSP: 002b:00007f2322b72218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.156816] RAX: 0000000000000001 RBX: 00007f232570ff68 RCX: 00007f23255fcb19 [ 118.156824] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f232570ff6c [ 118.156831] RBP: 00007f232570ff60 R08: 000000000000000e R09: 0000000000000000 [ 118.156839] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f232570ff6c [ 118.156846] R13: 00007ffda957ce6f R14: 00007f2322b72300 R15: 0000000000022000 [ 118.156860] [ 118.210768] WARNING: CPU: 0 PID: 3822 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 118.211401] Modules linked in: [ 118.211623] CPU: 0 PID: 3822 Comm: syz-executor.6 Not tainted 6.0.0-rc6-next-20220919 #1 [ 118.212160] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 118.212903] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 118.213268] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d 5b 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 118.214464] RSP: 0018:ffff88801f20fc48 EFLAGS: 00010006 [ 118.214825] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 118.215311] RDX: ffff888015ea1ac0 RSI: ffffffff81566077 RDI: 0000000000000005 [ 118.215785] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 118.216259] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff888018a51800 [ 118.216742] R13: ffff88806ce3d140 R14: ffffffff8547c620 R15: 0000000000000002 [ 118.217222] FS: 00007f2322b72700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 118.217761] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.218150] CR2: 00007fbd6aa6c8e0 CR3: 000000000e67e000 CR4: 0000000000350ef0 [ 118.218626] Call Trace: [ 118.218803] [ 118.218964] ctx_sched_out+0x8f1/0xc10 [ 118.219235] __perf_event_task_sched_out+0x6d0/0x18d0 [ 118.219599] ? lock_is_held_type+0xd7/0x130 [ 118.219908] ? __perf_cgroup_move+0x160/0x160 [ 118.220218] ? set_next_entity+0x304/0x550 [ 118.220513] ? update_curr+0x267/0x740 [ 118.220788] ? lock_is_held_type+0xd7/0x130 [ 118.221091] __schedule+0xedd/0x2470 [ 118.221353] ? io_schedule_timeout+0x150/0x150 [ 118.221669] ? rcu_read_lock_sched_held+0x3e/0x80 [ 118.222011] schedule+0xda/0x1b0 [ 118.222248] exit_to_user_mode_prepare+0x114/0x1a0 [ 118.222587] syscall_exit_to_user_mode+0x19/0x40 [ 118.222922] do_syscall_64+0x48/0x90 [ 118.223183] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.223551] RIP: 0033:0x7f23255fcb19 [ 118.223808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.225064] RSP: 002b:00007f2322b72218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.225620] RAX: 0000000000000001 RBX: 00007f232570ff68 RCX: 00007f23255fcb19 [ 118.226153] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f232570ff6c [ 118.226677] RBP: 00007f232570ff60 R08: 000000000000000e R09: 0000000000000000 [ 118.227186] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f232570ff6c [ 118.227699] R13: 00007ffda957ce6f R14: 00007f2322b72300 R15: 0000000000022000 [ 118.228175] [ 118.228340] irq event stamp: 1140 [ 118.228572] hardirqs last enabled at (1139): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 118.229209] hardirqs last disabled at (1140): [] __schedule+0x1225/0x2470 [ 118.229760] softirqs last enabled at (1032): [] __irq_exit_rcu+0x11b/0x180 [ 118.230336] softirqs last disabled at (937): [] __irq_exit_rcu+0x11b/0x180 [ 118.230905] ---[ end trace 0000000000000000 ]--- [ 118.509961] random: crng reseeded on system resumption [ 118.511444] Restarting kernel threads ... done. [ 118.600541] random: crng reseeded on system resumption 14:31:32 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 118.796256] random: crng reseeded on system resumption [ 118.841523] Restarting kernel threads ... done. 14:31:33 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 14:31:33 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 119.040973] random: crng reseeded on system resumption [ 119.044113] Restarting kernel threads ... done. 14:31:33 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f00000000c0), &(0x7f00000002c0)=0x2) [ 119.129724] random: crng reseeded on system resumption [ 119.144945] Restarting kernel threads ... done. 14:31:33 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 14:31:33 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f00000000c0), &(0x7f00000002c0)=0x2) 14:31:33 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 14:31:33 executing program 2: r0 = syz_io_uring_setup(0x137, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@rc, 0x80, 0x0}}, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x7, 0x0, @fd=r3, 0x8, &(0x7f0000000140)=""/180, 0xb4, 0x9}, 0x2) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) [ 119.293035] random: crng reseeded on system resumption [ 119.295941] Restarting kernel threads ... done. [ 119.756255] audit: type=1401 audit(1663597894.013:9): op=setxattr invalid_context=73797374656D5F753A6F626A6563745F723A68616C645F6C6F675F743A73300000000000 14:31:34 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCGSERIAL(r0, 0x4b49, 0x0) 14:31:34 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 14:31:34 executing program 7: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCGSERIAL(r0, 0x541e, 0x0) 14:31:34 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x103, @fixed, 0x0, 0x2}, 0xe) 14:31:34 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f00000000c0), &(0x7f00000002c0)=0x2) 14:31:34 executing program 2: r0 = syz_io_uring_setup(0x137, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@rc, 0x80, 0x0}}, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x7, 0x0, @fd=r3, 0x8, &(0x7f0000000140)=""/180, 0xb4, 0x9}, 0x2) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 14:31:34 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 14:31:34 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 14:31:34 executing program 3: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000040)) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x0) read(r1, &(0x7f00000004c0)=""/195, 0xc3) [ 120.001606] random: crng reseeded on system resumption [ 120.032580] Restarting kernel threads ... done. 14:31:35 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCGSERIAL(r0, 0x4b49, 0x0) 14:31:35 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x103, @fixed, 0x0, 0x2}, 0xe) 14:31:35 executing program 7: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCGSERIAL(r0, 0x541e, 0x0) 14:31:35 executing program 2: r0 = syz_io_uring_setup(0x137, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@rc, 0x80, 0x0}}, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x7, 0x0, @fd=r3, 0x8, &(0x7f0000000140)=""/180, 0xb4, 0x9}, 0x2) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 14:31:35 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 14:31:35 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 14:31:35 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x2) 14:31:35 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[]) r1 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) fallocate(r1, 0x0, 0x0, 0x6) write$9p(r1, &(0x7f0000000280)='S', 0x1) 14:31:35 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCGSERIAL(r0, 0x4b49, 0x0) [ 120.937303] hrtimer: interrupt took 17442 ns [ 120.950197] random: crng reseeded on system resumption 14:31:35 executing program 7: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCGSERIAL(r0, 0x541e, 0x0) [ 120.956731] Restarting kernel threads ... done. 14:31:35 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x103, @fixed, 0x0, 0x2}, 0xe) 14:31:35 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x1b, &(0x7f0000000000)={0x77359400}, 0x10) 14:31:35 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x2) 14:31:35 executing program 7: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCGSERIAL(r0, 0x541e, 0x0) 14:31:35 executing program 1: openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f00000001c0)='./file0\x00') renameat(r1, &(0x7f0000000140)='./file0/file0\x00', r1, &(0x7f0000000180)='./file1\x00') 14:31:35 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x103, @fixed, 0x0, 0x2}, 0xe) 14:31:35 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 14:31:35 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x4, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, r3, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 14:31:35 executing program 2: r0 = syz_io_uring_setup(0x178f, &(0x7f0000000080)={0x0, 0x0, 0x900, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_CLOSE, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x7) io_uring_enter(r0, 0x64d0, 0x0, 0x0, 0x0, 0x0) 14:31:35 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x2) 14:31:35 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x1b, &(0x7f0000000000)={0x77359400}, 0x10) [ 121.404517] random: crng reseeded on system resumption [ 121.409134] Restarting kernel threads ... done. 14:31:35 executing program 4: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 14:31:35 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000f00), 0x0, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000f40)={0x0, 0x1}) 14:31:35 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0xd40, 0x0) ioctl$CDROMREADAUDIO(r0, 0x5303, &(0x7f0000000180)={@msf, 0x0, 0x0, 0x0}) 14:31:35 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x1b, &(0x7f0000000000)={0x77359400}, 0x10) 14:31:35 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x2) 14:31:35 executing program 4: syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000001580), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r1, &(0x7f0000001fc0)={0x0, 0x0, &(0x7f0000001f80)={0x0}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000002080)={'syztnl2\x00', 0x0}) syz_open_dev$mouse(&(0x7f00000020c0), 0x0, 0x1a1040) 14:31:35 executing program 2: msgget$private(0x0, 0x0) [ 121.667836] Zero length message leads to an empty skb 14:31:36 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0xd40, 0x0) ioctl$CDROMREADAUDIO(r0, 0x5303, &(0x7f0000000180)={@msf, 0x0, 0x0, 0x0}) 14:31:36 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x1b, &(0x7f0000000000)={0x77359400}, 0x10) 14:31:36 executing program 1: openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f00000001c0)='./file0\x00') renameat(r1, &(0x7f0000000140)='./file0/file0\x00', r1, &(0x7f0000000180)='./file1\x00') 14:31:36 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6(0xa, 0x1, 0x6) 14:31:36 executing program 2: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x14300, 0x8) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x220) openat(r1, 0x0, 0x100000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'}) listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)=""/4096, 0x1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r3, 0x3, 0x80000, 0x8000000) write$binfmt_aout(r3, &(0x7f0000001300)={{0xcc, 0x0, 0x52, 0x289, 0x295, 0x5, 0x0, 0x9}, "24f14da56a86b2a113f3cc53ca55bafe991660d1b42188439f2c77c871d17bd6ca9e650fc131bd814bc836be2e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d) r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/arp\x00') openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xabe2fe4d9e090a4d, 0x0) pread64(r4, &(0x7f0000000180)=""/16, 0x20000190, 0x68000000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) 14:31:36 executing program 6: socket$inet_udp(0x2, 0x2, 0x0) 14:31:36 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) openat$cdrom(0xffffffffffffff9c, &(0x7f00000000c0), 0x40800, 0x0) 14:31:36 executing program 5: syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000340)={[{@iocharset={'iocharset', 0x3d, 'cp437'}}, {@dmode}]}) [ 121.978632] loop2: detected capacity change from 0 to 40 14:31:36 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000a940)=[{&(0x7f0000003fc0)={0x20, 0x11, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x2}, @typed={0x8, 0x0, 0x0, 0x0, @u32}]}, 0x20}], 0x1}, 0x0) 14:31:36 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0xd40, 0x0) ioctl$CDROMREADAUDIO(r0, 0x5303, &(0x7f0000000180)={@msf, 0x0, 0x0, 0x0}) 14:31:36 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)={0x14, 0x2, 0x2, 0x801}, 0x14}}, 0x0) 14:31:36 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6(0xa, 0x1, 0x6) 14:31:36 executing program 0: r0 = syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x114, &(0x7f0000000180)=0x1, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000200)={0x42}, &(0x7f0000000240)='./file1\x00', 0x18, 0x0, 0x12345}, 0x0) io_uring_enter(r0, 0x1, 0x1, 0x1, 0x0, 0x0) r3 = syz_io_uring_complete(r1) close(r3) 14:31:36 executing program 4: syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) getrusage(0x0, &(0x7f0000000a00)) 14:31:36 executing program 6: getdents64(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f00000011c0)) [ 122.192519] syz-executor.2: attempt to access beyond end of device [ 122.192519] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 122.194057] Buffer I/O error on dev loop2, logical block 10, lost async page write 14:31:36 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6(0xa, 0x1, 0x6) 14:31:36 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000100)=@req={0x3b280000, 0x81, 0x400}, 0x10) 14:31:36 executing program 0: read$ptp(0xffffffffffffffff, 0x0, 0x0) 14:31:36 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r0) sendmsg$GTP_CMD_DELPDP(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)={0x14}, 0x14}}, 0x0) 14:31:36 executing program 6: getdents64(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f00000011c0)) 14:31:36 executing program 1: openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f00000001c0)='./file0\x00') renameat(r1, &(0x7f0000000140)='./file0/file0\x00', r1, &(0x7f0000000180)='./file1\x00') 14:31:36 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0xd40, 0x0) ioctl$CDROMREADAUDIO(r0, 0x5303, &(0x7f0000000180)={@msf, 0x0, 0x0, 0x0}) 14:31:36 executing program 2: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x14300, 0x8) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x220) openat(r1, 0x0, 0x100000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'}) listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)=""/4096, 0x1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r3, 0x3, 0x80000, 0x8000000) write$binfmt_aout(r3, &(0x7f0000001300)={{0xcc, 0x0, 0x52, 0x289, 0x295, 0x5, 0x0, 0x9}, "24f14da56a86b2a113f3cc53ca55bafe991660d1b42188439f2c77c871d17bd6ca9e650fc131bd814bc836be2e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d) r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/arp\x00') openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xabe2fe4d9e090a4d, 0x0) pread64(r4, &(0x7f0000000180)=""/16, 0x20000190, 0x68000000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) [ 122.320160] loop2: detected capacity change from 0 to 40 14:31:36 executing program 6: getdents64(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f00000011c0)) 14:31:36 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000100)=@req={0x3b280000, 0x81, 0x400}, 0x10) 14:31:36 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x14300, 0x8) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x220) openat(r1, 0x0, 0x100000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'}) listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)=""/4096, 0x1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r3, 0x3, 0x80000, 0x8000000) write$binfmt_aout(r3, &(0x7f0000001300)={{0xcc, 0x0, 0x52, 0x289, 0x295, 0x5, 0x0, 0x9}, "24f14da56a86b2a113f3cc53ca55bafe991660d1b42188439f2c77c871d17bd6ca9e650fc131bd814bc836be2e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d) r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/arp\x00') openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xabe2fe4d9e090a4d, 0x0) pread64(r4, &(0x7f0000000180)=""/16, 0x20000190, 0x68000000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) 14:31:36 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6(0xa, 0x1, 0x6) [ 122.458144] syz-executor.2: attempt to access beyond end of device [ 122.458144] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 122.459571] Buffer I/O error on dev loop2, logical block 10, lost async page write 14:31:36 executing program 6: getdents64(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f00000011c0)) [ 122.538817] loop0: detected capacity change from 0 to 40 14:31:36 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x14300, 0x8) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x220) openat(r1, 0x0, 0x100000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'}) listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)=""/4096, 0x1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r3, 0x3, 0x80000, 0x8000000) write$binfmt_aout(r3, &(0x7f0000001300)={{0xcc, 0x0, 0x52, 0x289, 0x295, 0x5, 0x0, 0x9}, "24f14da56a86b2a113f3cc53ca55bafe991660d1b42188439f2c77c871d17bd6ca9e650fc131bd814bc836be2e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d) r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/arp\x00') openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xabe2fe4d9e090a4d, 0x0) pread64(r4, &(0x7f0000000180)=""/16, 0x20000190, 0x68000000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) 14:31:36 executing program 2: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x14300, 0x8) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x220) openat(r1, 0x0, 0x100000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'}) listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)=""/4096, 0x1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r3, 0x3, 0x80000, 0x8000000) write$binfmt_aout(r3, &(0x7f0000001300)={{0xcc, 0x0, 0x52, 0x289, 0x295, 0x5, 0x0, 0x9}, "24f14da56a86b2a113f3cc53ca55bafe991660d1b42188439f2c77c871d17bd6ca9e650fc131bd814bc836be2e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d) r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/arp\x00') openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xabe2fe4d9e090a4d, 0x0) pread64(r4, &(0x7f0000000180)=""/16, 0x20000190, 0x68000000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) 14:31:36 executing program 3: clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) epoll_pwait2(0xffffffffffffffff, &(0x7f0000000300)=[{}], 0x1, &(0x7f00000003c0)={0x0, r0+10000000}, &(0x7f0000000400)={[0xbb40]}, 0x8) 14:31:36 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000100)=@req={0x3b280000, 0x81, 0x400}, 0x10) 14:31:36 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000340)) ioctl$CDROM_TIMED_MEDIA_CHANGE(r0, 0x5396, &(0x7f0000000040)={0x7fff, 0x1}) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x500, 0x0) r2 = syz_open_dev$vcsu(&(0x7f0000000380), 0x5, 0x221301) ioctl$CDROM_DEBUG(r2, 0x5330, 0x1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000001c0)={0x8}) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) r5 = dup(r4) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000000000009effffffca6143954f35e696e380f7090be1a528f4bd69eab42cd928e01cc2715c1247b8c22731dcb2483bdec7654c1380bd27c6"]) ioctl$F2FS_IOC_RESIZE_FS(r3, 0x4008f510, &(0x7f00000004c0)=0x2) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x5, 0x0, 0x0, "5df0cbe6fdabd2f3df4ef4f785986942cd3abde4a688ab8ac64e3fc9f1fd6b46ff5188f5b347fd4f809c95e509bd80996376c7c843b528adc48ff5476a66c4ec", "76997adcf8341a9ba908142c646d65d888d4f54577b74d6beac185359ce1537275c2c4c839569b788e610ed9e3f5c93bc62f70307ba9dd32fb8f55d16063bcae", "585f24bb3ae12d10afaf3f1a82c1b955b13ba2ce5b3c5445b7f6ef6c03d7c7ef"}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000030c0)) mmap$perf(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x50, r2, 0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000180), 0x5, 0x10003) r6 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=ANY=[@ANYBLOB="140000001d00010000000000000000000400000014a98f45357d0100d7c15cabbd7d63d35ec421d1437fb2c573d2f90f9f8d54e311394136d2fffe511eeef330b2781188e25185ffbd7c1ac2aa15d41a3594308833deeeb2b795274af0e04089f501a625bcfd1a812ba1e2233700d0ba6a2ff5918fe814ddcfb8c50e3b468820fc670522f9fbb574597387e3d57f3f0544a91ef99d18363ea8c782c250080be7318bb1fb37aa1039fa0000000000"], 0x14}], 0x1}, 0x0) [ 122.593839] loop2: detected capacity change from 0 to 40 [ 122.681927] syz-executor.2: attempt to access beyond end of device [ 122.681927] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 122.683015] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 122.711576] program syz-executor.7 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.732460] syz-executor.0: attempt to access beyond end of device [ 122.732460] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 122.733509] Buffer I/O error on dev loop0, logical block 10, lost async page write [ 122.792261] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht' [ 122.958362] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht' [ 123.480085] syz-executor.5 (4140) used greatest stack depth: 24304 bytes left 14:31:37 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000340)) ioctl$CDROM_TIMED_MEDIA_CHANGE(r0, 0x5396, &(0x7f0000000040)={0x7fff, 0x1}) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x500, 0x0) r2 = syz_open_dev$vcsu(&(0x7f0000000380), 0x5, 0x221301) ioctl$CDROM_DEBUG(r2, 0x5330, 0x1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000001c0)={0x8}) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) r5 = dup(r4) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000000000009effffffca6143954f35e696e380f7090be1a528f4bd69eab42cd928e01cc2715c1247b8c22731dcb2483bdec7654c1380bd27c6"]) ioctl$F2FS_IOC_RESIZE_FS(r3, 0x4008f510, &(0x7f00000004c0)=0x2) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x5, 0x0, 0x0, "5df0cbe6fdabd2f3df4ef4f785986942cd3abde4a688ab8ac64e3fc9f1fd6b46ff5188f5b347fd4f809c95e509bd80996376c7c843b528adc48ff5476a66c4ec", "76997adcf8341a9ba908142c646d65d888d4f54577b74d6beac185359ce1537275c2c4c839569b788e610ed9e3f5c93bc62f70307ba9dd32fb8f55d16063bcae", "585f24bb3ae12d10afaf3f1a82c1b955b13ba2ce5b3c5445b7f6ef6c03d7c7ef"}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000030c0)) mmap$perf(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x50, r2, 0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000180), 0x5, 0x10003) r6 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=ANY=[@ANYBLOB="140000001d00010000000000000000000400000014a98f45357d0100d7c15cabbd7d63d35ec421d1437fb2c573d2f90f9f8d54e311394136d2fffe511eeef330b2781188e25185ffbd7c1ac2aa15d41a3594308833deeeb2b795274af0e04089f501a625bcfd1a812ba1e2233700d0ba6a2ff5918fe814ddcfb8c50e3b468820fc670522f9fbb574597387e3d57f3f0544a91ef99d18363ea8c782c250080be7318bb1fb37aa1039fa0000000000"], 0x14}], 0x1}, 0x0) 14:31:37 executing program 3: io_setup(0x6, &(0x7f0000000040)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8c3c1, 0x0) io_submit(r0, 0x4000, &(0x7f00000004c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0, 0x200000000000000}]) 14:31:37 executing program 1: openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f00000001c0)='./file0\x00') renameat(r1, &(0x7f0000000140)='./file0/file0\x00', r1, &(0x7f0000000180)='./file1\x00') 14:31:37 executing program 2: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x14300, 0x8) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x220) openat(r1, 0x0, 0x100000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'}) listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)=""/4096, 0x1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r3, 0x3, 0x80000, 0x8000000) write$binfmt_aout(r3, &(0x7f0000001300)={{0xcc, 0x0, 0x52, 0x289, 0x295, 0x5, 0x0, 0x9}, "24f14da56a86b2a113f3cc53ca55bafe991660d1b42188439f2c77c871d17bd6ca9e650fc131bd814bc836be2e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d) r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/arp\x00') openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xabe2fe4d9e090a4d, 0x0) pread64(r4, &(0x7f0000000180)=""/16, 0x20000190, 0x68000000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) 14:31:37 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000100)=@req={0x3b280000, 0x81, 0x400}, 0x10) 14:31:37 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x14300, 0x8) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x220) openat(r1, 0x0, 0x100000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'}) listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)=""/4096, 0x1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r3, 0x3, 0x80000, 0x8000000) write$binfmt_aout(r3, &(0x7f0000001300)={{0xcc, 0x0, 0x52, 0x289, 0x295, 0x5, 0x0, 0x9}, "24f14da56a86b2a113f3cc53ca55bafe991660d1b42188439f2c77c871d17bd6ca9e650fc131bd814bc836be2e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d) r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/arp\x00') openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xabe2fe4d9e090a4d, 0x0) pread64(r4, &(0x7f0000000180)=""/16, 0x20000190, 0x68000000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) 14:31:37 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x14300, 0x8) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x220) openat(r1, 0x0, 0x100000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'}) listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)=""/4096, 0x1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r3, 0x3, 0x80000, 0x8000000) write$binfmt_aout(r3, &(0x7f0000001300)={{0xcc, 0x0, 0x52, 0x289, 0x295, 0x5, 0x0, 0x9}, "24f14da56a86b2a113f3cc53ca55bafe991660d1b42188439f2c77c871d17bd6ca9e650fc131bd814bc836be2e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d) r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/arp\x00') openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xabe2fe4d9e090a4d, 0x0) pread64(r4, &(0x7f0000000180)=""/16, 0x20000190, 0x68000000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) 14:31:37 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000340)) ioctl$CDROM_TIMED_MEDIA_CHANGE(r0, 0x5396, &(0x7f0000000040)={0x7fff, 0x1}) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x500, 0x0) r2 = syz_open_dev$vcsu(&(0x7f0000000380), 0x5, 0x221301) ioctl$CDROM_DEBUG(r2, 0x5330, 0x1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000001c0)={0x8}) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) r5 = dup(r4) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000000000009effffffca6143954f35e696e380f7090be1a528f4bd69eab42cd928e01cc2715c1247b8c22731dcb2483bdec7654c1380bd27c6"]) ioctl$F2FS_IOC_RESIZE_FS(r3, 0x4008f510, &(0x7f00000004c0)=0x2) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x5, 0x0, 0x0, "5df0cbe6fdabd2f3df4ef4f785986942cd3abde4a688ab8ac64e3fc9f1fd6b46ff5188f5b347fd4f809c95e509bd80996376c7c843b528adc48ff5476a66c4ec", "76997adcf8341a9ba908142c646d65d888d4f54577b74d6beac185359ce1537275c2c4c839569b788e610ed9e3f5c93bc62f70307ba9dd32fb8f55d16063bcae", "585f24bb3ae12d10afaf3f1a82c1b955b13ba2ce5b3c5445b7f6ef6c03d7c7ef"}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000030c0)) mmap$perf(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x50, r2, 0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000180), 0x5, 0x10003) r6 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=ANY=[@ANYBLOB="140000001d00010000000000000000000400000014a98f45357d0100d7c15cabbd7d63d35ec421d1437fb2c573d2f90f9f8d54e311394136d2fffe511eeef330b2781188e25185ffbd7c1ac2aa15d41a3594308833deeeb2b795274af0e04089f501a625bcfd1a812ba1e2233700d0ba6a2ff5918fe814ddcfb8c50e3b468820fc670522f9fbb574597387e3d57f3f0544a91ef99d18363ea8c782c250080be7318bb1fb37aa1039fa0000000000"], 0x14}], 0x1}, 0x0) [ 123.539659] loop0: detected capacity change from 0 to 40 [ 123.544010] loop2: detected capacity change from 0 to 40 14:31:37 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x42, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r2) r3 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r3, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) [ 123.564859] program syz-executor.7 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 123.594334] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 123.597956] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht' 14:31:37 executing program 3: io_setup(0x6, &(0x7f0000000040)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8c3c1, 0x0) io_submit(r0, 0x4000, &(0x7f00000004c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0, 0x200000000000000}]) [ 123.689558] syz-executor.2: attempt to access beyond end of device [ 123.689558] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 123.690566] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 123.700121] syz-executor.0: attempt to access beyond end of device [ 123.700121] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 123.701091] Buffer I/O error on dev loop0, logical block 10, lost async page write 14:31:37 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x42, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r2) r3 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r3, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) 14:31:37 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x42, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r2) r3 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r3, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) 14:31:38 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x14300, 0x8) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x220) openat(r1, 0x0, 0x100000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'}) listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)=""/4096, 0x1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r3, 0x3, 0x80000, 0x8000000) write$binfmt_aout(r3, &(0x7f0000001300)={{0xcc, 0x0, 0x52, 0x289, 0x295, 0x5, 0x0, 0x9}, "24f14da56a86b2a113f3cc53ca55bafe991660d1b42188439f2c77c871d17bd6ca9e650fc131bd814bc836be2e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d) r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/arp\x00') openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xabe2fe4d9e090a4d, 0x0) pread64(r4, &(0x7f0000000180)=""/16, 0x20000190, 0x68000000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) 14:31:38 executing program 3: io_setup(0x6, &(0x7f0000000040)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8c3c1, 0x0) io_submit(r0, 0x4000, &(0x7f00000004c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0, 0x200000000000000}]) [ 123.826536] loop0: detected capacity change from 0 to 40 [ 123.924685] syz-executor.0: attempt to access beyond end of device [ 123.924685] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 123.926735] Buffer I/O error on dev loop0, logical block 10, lost async page write [ 124.073083] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht' 14:31:38 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x42, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r2) r3 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r3, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) 14:31:38 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x42, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r2) r3 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r3, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) 14:31:38 executing program 3: io_setup(0x6, &(0x7f0000000040)=0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8c3c1, 0x0) io_submit(r0, 0x4000, &(0x7f00000004c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0, 0x200000000000000}]) 14:31:38 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x42, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r2) r3 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r3, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) 14:31:38 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x26e1, 0x0) fcntl$notify(r0, 0x402, 0x80000030) 14:31:38 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000340)) ioctl$CDROM_TIMED_MEDIA_CHANGE(r0, 0x5396, &(0x7f0000000040)={0x7fff, 0x1}) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x500, 0x0) r2 = syz_open_dev$vcsu(&(0x7f0000000380), 0x5, 0x221301) ioctl$CDROM_DEBUG(r2, 0x5330, 0x1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000001c0)={0x8}) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) r5 = dup(r4) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000000000009effffffca6143954f35e696e380f7090be1a528f4bd69eab42cd928e01cc2715c1247b8c22731dcb2483bdec7654c1380bd27c6"]) ioctl$F2FS_IOC_RESIZE_FS(r3, 0x4008f510, &(0x7f00000004c0)=0x2) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x5, 0x0, 0x0, "5df0cbe6fdabd2f3df4ef4f785986942cd3abde4a688ab8ac64e3fc9f1fd6b46ff5188f5b347fd4f809c95e509bd80996376c7c843b528adc48ff5476a66c4ec", "76997adcf8341a9ba908142c646d65d888d4f54577b74d6beac185359ce1537275c2c4c839569b788e610ed9e3f5c93bc62f70307ba9dd32fb8f55d16063bcae", "585f24bb3ae12d10afaf3f1a82c1b955b13ba2ce5b3c5445b7f6ef6c03d7c7ef"}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000030c0)) mmap$perf(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x50, r2, 0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000180), 0x5, 0x10003) r6 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=ANY=[@ANYBLOB="140000001d00010000000000000000000400000014a98f45357d0100d7c15cabbd7d63d35ec421d1437fb2c573d2f90f9f8d54e311394136d2fffe511eeef330b2781188e25185ffbd7c1ac2aa15d41a3594308833deeeb2b795274af0e04089f501a625bcfd1a812ba1e2233700d0ba6a2ff5918fe814ddcfb8c50e3b468820fc670522f9fbb574597387e3d57f3f0544a91ef99d18363ea8c782c250080be7318bb1fb37aa1039fa0000000000"], 0x14}], 0x1}, 0x0) 14:31:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x14300, 0x8) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x220) openat(r1, 0x0, 0x100000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'}) listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)=""/4096, 0x1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r3, 0x3, 0x80000, 0x8000000) write$binfmt_aout(r3, &(0x7f0000001300)={{0xcc, 0x0, 0x52, 0x289, 0x295, 0x5, 0x0, 0x9}, "24f14da56a86b2a113f3cc53ca55bafe991660d1b42188439f2c77c871d17bd6ca9e650fc131bd814bc836be2e", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x74d) r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/arp\x00') openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xabe2fe4d9e090a4d, 0x0) pread64(r4, &(0x7f0000000180)=""/16, 0x20000190, 0x68000000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r1, r0, 0x0, 0xfffffdef) 14:31:38 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000340)) ioctl$CDROM_TIMED_MEDIA_CHANGE(r0, 0x5396, &(0x7f0000000040)={0x7fff, 0x1}) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x500, 0x0) r2 = syz_open_dev$vcsu(&(0x7f0000000380), 0x5, 0x221301) ioctl$CDROM_DEBUG(r2, 0x5330, 0x1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000001c0)={0x8}) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) r5 = dup(r4) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000000000009effffffca6143954f35e696e380f7090be1a528f4bd69eab42cd928e01cc2715c1247b8c22731dcb2483bdec7654c1380bd27c6"]) ioctl$F2FS_IOC_RESIZE_FS(r3, 0x4008f510, &(0x7f00000004c0)=0x2) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x5, 0x0, 0x0, "5df0cbe6fdabd2f3df4ef4f785986942cd3abde4a688ab8ac64e3fc9f1fd6b46ff5188f5b347fd4f809c95e509bd80996376c7c843b528adc48ff5476a66c4ec", "76997adcf8341a9ba908142c646d65d888d4f54577b74d6beac185359ce1537275c2c4c839569b788e610ed9e3f5c93bc62f70307ba9dd32fb8f55d16063bcae", "585f24bb3ae12d10afaf3f1a82c1b955b13ba2ce5b3c5445b7f6ef6c03d7c7ef"}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000030c0)) mmap$perf(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x50, r2, 0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000180), 0x5, 0x10003) r6 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=ANY=[@ANYBLOB="140000001d00010000000000000000000400000014a98f45357d0100d7c15cabbd7d63d35ec421d1437fb2c573d2f90f9f8d54e311394136d2fffe511eeef330b2781188e25185ffbd7c1ac2aa15d41a3594308833deeeb2b795274af0e04089f501a625bcfd1a812ba1e2233700d0ba6a2ff5918fe814ddcfb8c50e3b468820fc670522f9fbb574597387e3d57f3f0544a91ef99d18363ea8c782c250080be7318bb1fb37aa1039fa0000000000"], 0x14}], 0x1}, 0x0) 14:31:38 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000540)={0x20, 0x0, 0x2, 0x101, 0x0, 0x0, {}, [@CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x4}, @CTA_EXPECT_MASTER={0x4}]}, 0x20}}, 0x0) [ 124.476220] program syz-executor.7 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 124.490146] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO 14:31:38 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x42, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r2) r3 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r3, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) [ 124.570735] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht' 14:31:38 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x42, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r2) r3 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r3, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) 14:31:38 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000540)={0x20, 0x0, 0x2, 0x101, 0x0, 0x0, {}, [@CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x4}, @CTA_EXPECT_MASTER={0x4}]}, 0x20}}, 0x0) 14:31:39 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) read(r0, &(0x7f0000000380)=""/82, 0x52) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) 14:31:39 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000540)={0x20, 0x0, 0x2, 0x101, 0x0, 0x0, {}, [@CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x4}, @CTA_EXPECT_MASTER={0x4}]}, 0x20}}, 0x0) 14:31:39 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000540)={0x20, 0x0, 0x2, 0x101, 0x0, 0x0, {}, [@CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x4}, @CTA_EXPECT_MASTER={0x4}]}, 0x20}}, 0x0) 14:31:39 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x42, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r2) r3 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r3, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) 14:31:39 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup3(r0, r1, 0x0) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x29, 0x0, 0x5037) [ 125.348234] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' 14:31:39 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) read(r0, &(0x7f0000000380)=""/82, 0x52) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) 14:31:39 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000340)) ioctl$CDROM_TIMED_MEDIA_CHANGE(r0, 0x5396, &(0x7f0000000040)={0x7fff, 0x1}) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x500, 0x0) r2 = syz_open_dev$vcsu(&(0x7f0000000380), 0x5, 0x221301) ioctl$CDROM_DEBUG(r2, 0x5330, 0x1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000001c0)={0x8}) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) r5 = dup(r4) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000000000009effffffca6143954f35e696e380f7090be1a528f4bd69eab42cd928e01cc2715c1247b8c22731dcb2483bdec7654c1380bd27c6"]) ioctl$F2FS_IOC_RESIZE_FS(r3, 0x4008f510, &(0x7f00000004c0)=0x2) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x5, 0x0, 0x0, "5df0cbe6fdabd2f3df4ef4f785986942cd3abde4a688ab8ac64e3fc9f1fd6b46ff5188f5b347fd4f809c95e509bd80996376c7c843b528adc48ff5476a66c4ec", "76997adcf8341a9ba908142c646d65d888d4f54577b74d6beac185359ce1537275c2c4c839569b788e610ed9e3f5c93bc62f70307ba9dd32fb8f55d16063bcae", "585f24bb3ae12d10afaf3f1a82c1b955b13ba2ce5b3c5445b7f6ef6c03d7c7ef"}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000030c0)) mmap$perf(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x50, r2, 0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000180), 0x5, 0x10003) r6 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=ANY=[@ANYBLOB="140000001d00010000000000000000000400000014a98f45357d0100d7c15cabbd7d63d35ec421d1437fb2c573d2f90f9f8d54e311394136d2fffe511eeef330b2781188e25185ffbd7c1ac2aa15d41a3594308833deeeb2b795274af0e04089f501a625bcfd1a812ba1e2233700d0ba6a2ff5918fe814ddcfb8c50e3b468820fc670522f9fbb574597387e3d57f3f0544a91ef99d18363ea8c782c250080be7318bb1fb37aa1039fa0000000000"], 0x14}], 0x1}, 0x0) 14:31:39 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) 14:31:39 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() rt_sigqueueinfo(r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x40, 0x58, 0x20, 0xff, 0x0, 0x7, 0x5019, 0xf, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext={0x401, 0x8000}, 0x4000, 0x0, 0x20, 0xc, 0x5, 0x7, 0x2, 0x0, 0x10001, 0x0, 0x3}, r1, 0x5, r0, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000001500)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x42, 0x0, "ae41ba3d08ae79cbef4c72343e141dc83dd4a24a447556e055d70b3b61fd7929acb571c66cd984146d66ae44bb567da9a6e26c17246bf5ac5a0b74d1cfdbac75e919f15f27d44a1e807ff95985c6f996"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) close(r2) r3 = gettid() openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x804000, 0x1) rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) rt_tgsigqueueinfo(r3, 0x0, 0x3a, &(0x7f0000000300)={0x1, 0xfffffff9, 0x3}) 14:31:39 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000340)) ioctl$CDROM_TIMED_MEDIA_CHANGE(r0, 0x5396, &(0x7f0000000040)={0x7fff, 0x1}) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x500, 0x0) r2 = syz_open_dev$vcsu(&(0x7f0000000380), 0x5, 0x221301) ioctl$CDROM_DEBUG(r2, 0x5330, 0x1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000001c0)={0x8}) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) r5 = dup(r4) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000000000009effffffca6143954f35e696e380f7090be1a528f4bd69eab42cd928e01cc2715c1247b8c22731dcb2483bdec7654c1380bd27c6"]) ioctl$F2FS_IOC_RESIZE_FS(r3, 0x4008f510, &(0x7f00000004c0)=0x2) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x5, 0x0, 0x0, "5df0cbe6fdabd2f3df4ef4f785986942cd3abde4a688ab8ac64e3fc9f1fd6b46ff5188f5b347fd4f809c95e509bd80996376c7c843b528adc48ff5476a66c4ec", "76997adcf8341a9ba908142c646d65d888d4f54577b74d6beac185359ce1537275c2c4c839569b788e610ed9e3f5c93bc62f70307ba9dd32fb8f55d16063bcae", "585f24bb3ae12d10afaf3f1a82c1b955b13ba2ce5b3c5445b7f6ef6c03d7c7ef"}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000030c0)) mmap$perf(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x50, r2, 0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000180), 0x5, 0x10003) r6 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=ANY=[@ANYBLOB="140000001d00010000000000000000000400000014a98f45357d0100d7c15cabbd7d63d35ec421d1437fb2c573d2f90f9f8d54e311394136d2fffe511eeef330b2781188e25185ffbd7c1ac2aa15d41a3594308833deeeb2b795274af0e04089f501a625bcfd1a812ba1e2233700d0ba6a2ff5918fe814ddcfb8c50e3b468820fc670522f9fbb574597387e3d57f3f0544a91ef99d18363ea8c782c250080be7318bb1fb37aa1039fa0000000000"], 0x14}], 0x1}, 0x0) 14:31:39 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, 0x0, &(0x7f0000000040)) 14:31:39 executing program 0: setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)="bdc242a1aeb7a41c329825a02cecbaed", 0x10) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000140)) 14:31:39 executing program 0: setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)="bdc242a1aeb7a41c329825a02cecbaed", 0x10) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000140)) [ 125.533032] program syz-executor.7 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 125.538821] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 125.542136] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' 14:31:39 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) read(r0, &(0x7f0000000380)=""/82, 0x52) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) 14:31:39 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, 0x0, &(0x7f0000000040)) 14:31:39 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) 14:31:39 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000003380)=[{{&(0x7f00000036c0)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, &(0x7f0000004c80)=[{&(0x7f0000003700)='@f', 0x2}], 0x1, &(0x7f0000004dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @local}}}], 0x20}}, {{&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@ip_retopts={{0x28}}, @ip_retopts={{0x14, 0x0, 0x7, {[@ssrr={0x89, 0x3}]}}}], 0x28}}], 0x2, 0x0) 14:31:39 executing program 0: setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)="bdc242a1aeb7a41c329825a02cecbaed", 0x10) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000140)) [ 125.618480] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' 14:31:39 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) read(r0, &(0x7f0000000380)=""/82, 0x52) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) 14:31:39 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) read(r0, &(0x7f0000000380)=""/82, 0x52) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) 14:31:40 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000003380)=[{{&(0x7f00000036c0)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, &(0x7f0000004c80)=[{&(0x7f0000003700)='@f', 0x2}], 0x1, &(0x7f0000004dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @local}}}], 0x20}}, {{&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@ip_retopts={{0x28}}, @ip_retopts={{0x14, 0x0, 0x7, {[@ssrr={0x89, 0x3}]}}}], 0x28}}], 0x2, 0x0) 14:31:40 executing program 0: setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)="bdc242a1aeb7a41c329825a02cecbaed", 0x10) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000140)) 14:31:40 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, 0x0, &(0x7f0000000040)) 14:31:40 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) 14:31:40 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) read(r0, &(0x7f0000000380)=""/82, 0x52) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) 14:31:40 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) read(r0, &(0x7f0000000380)=""/82, 0x52) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) 14:31:40 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000003380)=[{{&(0x7f00000036c0)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, &(0x7f0000004c80)=[{&(0x7f0000003700)='@f', 0x2}], 0x1, &(0x7f0000004dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @local}}}], 0x20}}, {{&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@ip_retopts={{0x28}}, @ip_retopts={{0x14, 0x0, 0x7, {[@ssrr={0x89, 0x3}]}}}], 0x28}}], 0x2, 0x0) 14:31:40 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) 14:31:40 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, 0x0, &(0x7f0000000040)) 14:31:40 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000003380)=[{{&(0x7f00000036c0)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, &(0x7f0000004c80)=[{&(0x7f0000003700)='@f', 0x2}], 0x1, &(0x7f0000004dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @local}}}], 0x20}}, {{&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@ip_retopts={{0x28}}, @ip_retopts={{0x14, 0x0, 0x7, {[@ssrr={0x89, 0x3}]}}}], 0x28}}], 0x2, 0x0) 14:31:40 executing program 7: openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) 14:31:40 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x10, 0x0, &(0x7f0000000040)) 14:31:40 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x33, 0x0, &(0x7f00000000c0)) 14:31:40 executing program 6: pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000000)="dbf225f5a4568675d4b9d93506777ce8e7", 0x11}, {&(0x7f0000000240)}], 0x3, 0x8001, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_io_uring_setup(0x15971, &(0x7f0000000180)={0x0, 0x0, 0x2, 0x1, 0x254}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000005c0)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000007c0)) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) openat2(r1, &(0x7f0000000340)='./file1\x00', &(0x7f0000000380)={0x101042, 0x80, 0x8}, 0x18) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x201}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x3, 0x0, 0x0, 0x0, 0x3800000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) 14:31:40 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5414, &(0x7f0000000200)={0x0, 0x0}) [ 126.043960] audit: type=1400 audit(1663597900.301:10): avc: denied { write } for pid=4293 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 14:31:40 executing program 5: r0 = perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000080)='((\\{^!)\x00') 14:31:40 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x33, 0x0, &(0x7f00000000c0)) 14:31:40 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x56ad, &(0x7f0000000140)={0x0, 0x6c4c, 0x0, 0x2, 0x212}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000300)=0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(0xffffffffffffffff, &(0x7f0000000140)=[{0x23, 0x0, 0x0, 0x0, @time, {}, {}, @time}], 0x1c) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = syz_io_uring_setup(0x5024, &(0x7f0000000700)={0x0, 0x573c, 0x4, 0x2, 0x309, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000340)) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000200), &(0x7f0000000380), 0x2, 0x2) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, r4, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000240)=@IORING_OP_READV=@use_registered_buffer, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000240)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x1, 0x0, 0x1000, 0x0, &(0x7f0000000780)="5915fc1676ab790123b01ae1998d83e0d48664cc0d4b51a2bf2e1af1988231e8551efc66cd8a8ad022922bd7f6af1a5f0ca309ce39b69824214e06786e2f7ba44e7a2d9a59ae05440108aab4d4e4f543392274d20ee1182f6abc74a63236635dabf86e1309789c3efc69f3bc9d412cd25d9861d36e3329a7172fc31230361366b665c731dfd3559f412d8c46d6dace3a5f1b482c507b383966427e4af6", 0x80, 0x0, 0x1, {0x1, r2}}, 0x2) r7 = syz_open_dev$rtc(&(0x7f00000004c0), 0x0, 0x2310c0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r7, 0x81f8943c, &(0x7f0000000bc0)) close(r4) syz_io_uring_setup(0x35a6, &(0x7f00000003c0)={0x0, 0x132c, 0x10, 0x2, 0x375, 0x0, r3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000440), &(0x7f0000000480)) 14:31:40 executing program 1: syz_mount_image$nfs(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)) 14:31:40 executing program 4: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) open_tree(r0, &(0x7f00000004c0)='./file0\x00', 0x801) 14:31:40 executing program 5: timer_create(0x9, 0x0, &(0x7f0000000080)) timer_delete(0x0) 14:31:40 executing program 6: pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000000)="dbf225f5a4568675d4b9d93506777ce8e7", 0x11}, {&(0x7f0000000240)}], 0x3, 0x8001, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_io_uring_setup(0x15971, &(0x7f0000000180)={0x0, 0x0, 0x2, 0x1, 0x254}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000005c0)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000007c0)) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) openat2(r1, &(0x7f0000000340)='./file1\x00', &(0x7f0000000380)={0x101042, 0x80, 0x VM DIAGNOSIS: 14:31:32 Registers: info registers vcpu 0 RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b2e71 RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff88801f20f698 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000035 R11=0000000000000001 R12=0000000000000035 R13=ffffffff87641b60 R14=0000000000000010 R15=ffffffff822b2e60 RIP=ffffffff822b2ec9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f2322b72700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbd6aa6c8e0 CR3=000000000e67e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f23256e37c0 00007f23256e37c8 YMM02=0000000000000000 0000000000000000 00007f23256e37e0 00007f23256e37c0 YMM03=0000000000000000 0000000000000000 00007f23256e37c8 00007f23256e37c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000080000000 RBX=ffffffff8544d1c0 RCX=0000000080000000 RDX=ffff88800fed0000 RSI=ffffffff81468f23 RDI=ffffffff8544d1c0 RBP=00007f35fce93be7 RSP=ffff88800eff75b8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000080000000 R11=000000000003603d R12=00007f35fce93be7 R13=0000000000000000 R14=ffff88800fed0000 R15=0000000000092cc0 RIP=ffffffff8146179d RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f35fc9e48c0 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1c7e642000 CR3=0000000008b1a000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 0000000000000000 0000000000ff0000 YMM02=0000000000000000 0000000000000000 2e76656475006c65 76656c5f676f6c2e YMM03=0000000000000000 0000000000000000 7267630073636f72 702e70756f726763 YMM04=0000000000000000 0000000000000000 ffffffff00000002 0000558be4dd96c0 YMM05=0000000000000000 0000000000000000 0000558be4dd7650 0000558be4df2ed0 YMM06=0000000000000000 0000000000000000 0000558be4de6f10 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 2f63697361622f63 72732f2e2e000d0a YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000