Warning: Permanently added '[localhost]:19321' (ECDSA) to the list of known hosts. 2022/09/23 13:10:46 fuzzer started 2022/09/23 13:10:47 dialing manager at localhost:38881 syzkaller login: [ 43.737047] cgroup: Unknown subsys name 'net' [ 43.817290] cgroup: Unknown subsys name 'rlimit' 2022/09/23 13:10:59 syscalls: 2215 2022/09/23 13:10:59 code coverage: enabled 2022/09/23 13:10:59 comparison tracing: enabled 2022/09/23 13:10:59 extra coverage: enabled 2022/09/23 13:10:59 setuid sandbox: enabled 2022/09/23 13:10:59 namespace sandbox: enabled 2022/09/23 13:10:59 Android sandbox: enabled 2022/09/23 13:10:59 fault injection: enabled 2022/09/23 13:10:59 leak checking: enabled 2022/09/23 13:10:59 net packet injection: enabled 2022/09/23 13:10:59 net device setup: enabled 2022/09/23 13:10:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/23 13:10:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/23 13:10:59 USB emulation: enabled 2022/09/23 13:10:59 hci packet injection: enabled 2022/09/23 13:10:59 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220923) 2022/09/23 13:10:59 802.15.4 emulation: enabled 2022/09/23 13:10:59 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/23 13:10:59 fetching corpus: 31, signal 20874/24481 (executing program) 2022/09/23 13:10:59 fetching corpus: 81, signal 40482/45260 (executing program) 2022/09/23 13:10:59 fetching corpus: 131, signal 49819/55837 (executing program) 2022/09/23 13:10:59 fetching corpus: 181, signal 57958/65056 (executing program) 2022/09/23 13:10:59 fetching corpus: 231, signal 64991/73111 (executing program) 2022/09/23 13:10:59 fetching corpus: 280, signal 69438/78590 (executing program) 2022/09/23 13:10:59 fetching corpus: 330, signal 74470/84537 (executing program) 2022/09/23 13:11:00 fetching corpus: 380, signal 79867/90732 (executing program) 2022/09/23 13:11:00 fetching corpus: 430, signal 83819/95558 (executing program) 2022/09/23 13:11:00 fetching corpus: 480, signal 88247/100676 (executing program) 2022/09/23 13:11:00 fetching corpus: 530, signal 91312/104513 (executing program) 2022/09/23 13:11:00 fetching corpus: 580, signal 95271/109057 (executing program) 2022/09/23 13:11:00 fetching corpus: 630, signal 97713/112181 (executing program) 2022/09/23 13:11:00 fetching corpus: 680, signal 101305/116311 (executing program) 2022/09/23 13:11:01 fetching corpus: 730, signal 103362/119075 (executing program) 2022/09/23 13:11:01 fetching corpus: 780, signal 105531/121831 (executing program) 2022/09/23 13:11:01 fetching corpus: 830, signal 107463/124363 (executing program) 2022/09/23 13:11:01 fetching corpus: 880, signal 108995/126536 (executing program) 2022/09/23 13:11:01 fetching corpus: 930, signal 111080/129112 (executing program) 2022/09/23 13:11:01 fetching corpus: 979, signal 114233/132464 (executing program) 2022/09/23 13:11:01 fetching corpus: 1029, signal 115513/134359 (executing program) 2022/09/23 13:11:01 fetching corpus: 1078, signal 116827/136310 (executing program) 2022/09/23 13:11:01 fetching corpus: 1128, signal 118739/138577 (executing program) 2022/09/23 13:11:02 fetching corpus: 1177, signal 120284/140613 (executing program) 2022/09/23 13:11:02 fetching corpus: 1227, signal 122265/142945 (executing program) 2022/09/23 13:11:02 fetching corpus: 1277, signal 123409/144581 (executing program) 2022/09/23 13:11:02 fetching corpus: 1327, signal 125043/146567 (executing program) 2022/09/23 13:11:02 fetching corpus: 1377, signal 127042/148762 (executing program) 2022/09/23 13:11:02 fetching corpus: 1427, signal 129720/151445 (executing program) 2022/09/23 13:11:02 fetching corpus: 1477, signal 130648/152857 (executing program) 2022/09/23 13:11:02 fetching corpus: 1527, signal 132810/155103 (executing program) 2022/09/23 13:11:03 fetching corpus: 1577, signal 134069/156670 (executing program) 2022/09/23 13:11:03 fetching corpus: 1627, signal 135689/158489 (executing program) 2022/09/23 13:11:03 fetching corpus: 1677, signal 137359/160272 (executing program) 2022/09/23 13:11:03 fetching corpus: 1727, signal 138672/161767 (executing program) 2022/09/23 13:11:03 fetching corpus: 1776, signal 139611/162951 (executing program) 2022/09/23 13:11:03 fetching corpus: 1826, signal 141458/164802 (executing program) 2022/09/23 13:11:03 fetching corpus: 1875, signal 142908/166377 (executing program) 2022/09/23 13:11:04 fetching corpus: 1925, signal 143775/167506 (executing program) 2022/09/23 13:11:04 fetching corpus: 1975, signal 144606/168560 (executing program) 2022/09/23 13:11:04 fetching corpus: 2025, signal 145370/169619 (executing program) 2022/09/23 13:11:04 fetching corpus: 2075, signal 146315/170743 (executing program) 2022/09/23 13:11:04 fetching corpus: 2125, signal 147343/171874 (executing program) 2022/09/23 13:11:04 fetching corpus: 2175, signal 148519/173098 (executing program) 2022/09/23 13:11:04 fetching corpus: 2224, signal 149667/174332 (executing program) 2022/09/23 13:11:04 fetching corpus: 2274, signal 150808/175468 (executing program) 2022/09/23 13:11:04 fetching corpus: 2324, signal 151313/176260 (executing program) 2022/09/23 13:11:04 fetching corpus: 2374, signal 152388/177330 (executing program) 2022/09/23 13:11:05 fetching corpus: 2424, signal 153356/178335 (executing program) 2022/09/23 13:11:05 fetching corpus: 2473, signal 154156/179244 (executing program) 2022/09/23 13:11:05 fetching corpus: 2523, signal 155089/180218 (executing program) 2022/09/23 13:11:05 fetching corpus: 2573, signal 156289/181296 (executing program) 2022/09/23 13:11:05 fetching corpus: 2623, signal 157042/182130 (executing program) 2022/09/23 13:11:05 fetching corpus: 2673, signal 159550/183760 (executing program) 2022/09/23 13:11:05 fetching corpus: 2723, signal 160349/184553 (executing program) 2022/09/23 13:11:05 fetching corpus: 2773, signal 161920/185664 (executing program) 2022/09/23 13:11:06 fetching corpus: 2822, signal 162757/186439 (executing program) 2022/09/23 13:11:06 fetching corpus: 2872, signal 164398/187694 (executing program) 2022/09/23 13:11:06 fetching corpus: 2922, signal 165982/188732 (executing program) 2022/09/23 13:11:06 fetching corpus: 2972, signal 168379/190051 (executing program) 2022/09/23 13:11:06 fetching corpus: 3022, signal 169098/190728 (executing program) 2022/09/23 13:11:06 fetching corpus: 3072, signal 169884/191373 (executing program) 2022/09/23 13:11:06 fetching corpus: 3121, signal 170844/192052 (executing program) 2022/09/23 13:11:07 fetching corpus: 3171, signal 171912/192749 (executing program) 2022/09/23 13:11:07 fetching corpus: 3221, signal 172357/193188 (executing program) 2022/09/23 13:11:07 fetching corpus: 3271, signal 173552/193926 (executing program) 2022/09/23 13:11:07 fetching corpus: 3321, signal 174768/194615 (executing program) 2022/09/23 13:11:07 fetching corpus: 3371, signal 175488/195130 (executing program) 2022/09/23 13:11:07 fetching corpus: 3421, signal 176584/195776 (executing program) 2022/09/23 13:11:07 fetching corpus: 3471, signal 178179/196524 (executing program) 2022/09/23 13:11:08 fetching corpus: 3521, signal 178939/197016 (executing program) 2022/09/23 13:11:08 fetching corpus: 3571, signal 179866/197546 (executing program) 2022/09/23 13:11:08 fetching corpus: 3621, signal 180765/198047 (executing program) 2022/09/23 13:11:08 fetching corpus: 3671, signal 181539/198471 (executing program) 2022/09/23 13:11:08 fetching corpus: 3721, signal 182322/198914 (executing program) 2022/09/23 13:11:08 fetching corpus: 3771, signal 182828/199301 (executing program) 2022/09/23 13:11:08 fetching corpus: 3820, signal 183682/199720 (executing program) 2022/09/23 13:11:08 fetching corpus: 3870, signal 184451/200107 (executing program) 2022/09/23 13:11:08 fetching corpus: 3920, signal 185134/200437 (executing program) 2022/09/23 13:11:09 fetching corpus: 3970, signal 185677/200755 (executing program) 2022/09/23 13:11:09 fetching corpus: 4020, signal 186619/201129 (executing program) 2022/09/23 13:11:09 fetching corpus: 4070, signal 187044/201384 (executing program) 2022/09/23 13:11:09 fetching corpus: 4120, signal 187813/201647 (executing program) 2022/09/23 13:11:09 fetching corpus: 4170, signal 188375/201891 (executing program) 2022/09/23 13:11:09 fetching corpus: 4220, signal 189088/202151 (executing program) 2022/09/23 13:11:09 fetching corpus: 4269, signal 189545/202355 (executing program) 2022/09/23 13:11:09 fetching corpus: 4318, signal 190406/202651 (executing program) 2022/09/23 13:11:10 fetching corpus: 4368, signal 191128/202888 (executing program) 2022/09/23 13:11:10 fetching corpus: 4418, signal 191625/203064 (executing program) 2022/09/23 13:11:10 fetching corpus: 4468, signal 192184/203230 (executing program) 2022/09/23 13:11:10 fetching corpus: 4518, signal 192796/203502 (executing program) 2022/09/23 13:11:10 fetching corpus: 4568, signal 194002/203690 (executing program) 2022/09/23 13:11:10 fetching corpus: 4618, signal 194841/203884 (executing program) 2022/09/23 13:11:10 fetching corpus: 4668, signal 195186/204023 (executing program) 2022/09/23 13:11:10 fetching corpus: 4718, signal 195987/204166 (executing program) 2022/09/23 13:11:11 fetching corpus: 4768, signal 196555/204274 (executing program) 2022/09/23 13:11:11 fetching corpus: 4818, signal 197136/204358 (executing program) 2022/09/23 13:11:11 fetching corpus: 4868, signal 197725/204443 (executing program) 2022/09/23 13:11:11 fetching corpus: 4918, signal 198840/204512 (executing program) 2022/09/23 13:11:11 fetching corpus: 4921, signal 198844/204512 (executing program) 2022/09/23 13:11:11 fetching corpus: 4921, signal 198844/204512 (executing program) 2022/09/23 13:11:13 starting 8 fuzzer processes 13:11:13 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) fspick(0xffffffffffffffff, 0x0, 0x0) 13:11:13 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW(r0, 0x540a, 0x0) 13:11:13 executing program 2: syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) syz_genetlink_get_family_id$mptcp(&(0x7f0000000440), 0xffffffffffffffff) [ 70.422706] audit: type=1400 audit(1663938673.848:6): avc: denied { execmem } for pid=288 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 13:11:13 executing program 4: r0 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000480)='user\x00', &(0x7f00000004c0)={'syz', 0x3}, &(0x7f0000000500)='cyz', 0x0) add_key$user(&(0x7f0000000080), &(0x7f0000000280)={'syz', 0x3}, &(0x7f00000002c0)="e2", 0x1, r0) request_key(&(0x7f0000000480)='user\x00', &(0x7f00000004c0)={'syz', 0x3}, &(0x7f0000000500)='cyz', 0x0) 13:11:13 executing program 3: setresuid(0xee00, 0xee01, 0xee01) setfsuid(0x0) 13:11:13 executing program 5: madvise(&(0x7f0000fed000/0x11000)=nil, 0x11000, 0x10) 13:11:13 executing program 6: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001cc0)='./cgroup.net/syz0\x00', 0x200002, 0x0) 13:11:13 executing program 7: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r0, 0x112, 0x10, 0x0, 0x0) [ 71.831847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.833794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.835140] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.843121] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.846252] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 71.847719] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.855272] Bluetooth: hci0: HCI_REQ-0x0c1a [ 71.912568] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.915306] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.918392] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.920110] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.921232] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 71.922506] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.923499] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.925152] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.928748] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.930292] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.933229] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 71.934266] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 71.935780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.936746] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.943717] Bluetooth: hci2: HCI_REQ-0x0c1a [ 71.944925] Bluetooth: hci4: HCI_REQ-0x0c1a [ 71.949091] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 71.950426] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 71.951573] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.952578] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.954368] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.956914] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 71.958711] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.958760] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 71.963172] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.965119] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 71.966895] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 71.968901] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 71.970483] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.981760] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 71.985766] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.989446] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 71.991128] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 71.992350] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.993797] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 71.995010] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.997111] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.999241] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 72.000464] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 72.004716] Bluetooth: hci1: HCI_REQ-0x0c1a [ 72.005723] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 72.006970] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 72.012170] Bluetooth: hci3: HCI_REQ-0x0c1a [ 72.019242] Bluetooth: hci5: HCI_REQ-0x0c1a [ 72.037943] Bluetooth: hci6: HCI_REQ-0x0c1a [ 72.038839] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 72.040670] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 72.042093] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 72.053640] Bluetooth: hci7: HCI_REQ-0x0c1a [ 73.910996] Bluetooth: hci0: command 0x0409 tx timeout [ 73.975212] Bluetooth: hci2: command 0x0409 tx timeout [ 73.975858] Bluetooth: hci4: command 0x0409 tx timeout [ 74.038689] Bluetooth: hci5: command 0x0409 tx timeout [ 74.039347] Bluetooth: hci3: command 0x0409 tx timeout [ 74.039866] Bluetooth: hci1: command 0x0409 tx timeout [ 74.102611] Bluetooth: hci7: command 0x0409 tx timeout [ 74.103268] Bluetooth: hci6: command 0x0409 tx timeout [ 75.958627] Bluetooth: hci0: command 0x041b tx timeout [ 76.022834] Bluetooth: hci4: command 0x041b tx timeout [ 76.023649] Bluetooth: hci2: command 0x041b tx timeout [ 76.086738] Bluetooth: hci1: command 0x041b tx timeout [ 76.087435] Bluetooth: hci3: command 0x041b tx timeout [ 76.088150] Bluetooth: hci5: command 0x041b tx timeout [ 76.150722] Bluetooth: hci6: command 0x041b tx timeout [ 76.151415] Bluetooth: hci7: command 0x041b tx timeout [ 78.006634] Bluetooth: hci0: command 0x040f tx timeout [ 78.070682] Bluetooth: hci2: command 0x040f tx timeout [ 78.071496] Bluetooth: hci4: command 0x040f tx timeout [ 78.134748] Bluetooth: hci5: command 0x040f tx timeout [ 78.135514] Bluetooth: hci3: command 0x040f tx timeout [ 78.136291] Bluetooth: hci1: command 0x040f tx timeout [ 78.198645] Bluetooth: hci7: command 0x040f tx timeout [ 78.199412] Bluetooth: hci6: command 0x040f tx timeout [ 80.054586] Bluetooth: hci0: command 0x0419 tx timeout [ 80.118637] Bluetooth: hci4: command 0x0419 tx timeout [ 80.119112] Bluetooth: hci2: command 0x0419 tx timeout [ 80.182705] Bluetooth: hci1: command 0x0419 tx timeout [ 80.183158] Bluetooth: hci3: command 0x0419 tx timeout [ 80.183599] Bluetooth: hci5: command 0x0419 tx timeout [ 80.246651] Bluetooth: hci6: command 0x0419 tx timeout [ 80.247131] Bluetooth: hci7: command 0x0419 tx timeout 13:12:12 executing program 2: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x1}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 13:12:12 executing program 2: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x1}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 13:12:12 executing program 2: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x1}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 13:12:12 executing program 2: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x1}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 13:12:13 executing program 2: clone3(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 13:12:13 executing program 2: clone3(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 13:12:13 executing program 2: clone3(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 13:12:14 executing program 2: clone3(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 134.411922] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 134.414165] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 134.415237] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 134.417387] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 134.419910] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 134.420899] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 134.423492] Bluetooth: hci3: HCI_REQ-0x0c1a [ 134.490579] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 134.491334] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 134.502793] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 134.504015] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 134.506073] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 134.507243] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 134.514140] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 134.522254] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 134.523406] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 134.526672] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 134.527925] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 134.529909] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 134.531512] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 134.536725] Bluetooth: hci7: HCI_REQ-0x0c1a [ 134.542470] Bluetooth: hci5: HCI_REQ-0x0c1a [ 134.575983] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 134.577032] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 134.599916] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 134.614761] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 134.617102] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 134.625499] Bluetooth: hci6: HCI_REQ-0x0c1a [ 136.374606] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 136.438624] Bluetooth: hci3: command 0x0409 tx timeout [ 136.439414] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 136.502650] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 136.566618] Bluetooth: hci5: command 0x0409 tx timeout [ 136.567272] Bluetooth: hci7: command 0x0409 tx timeout [ 136.694607] Bluetooth: hci6: command 0x0409 tx timeout [ 138.486818] Bluetooth: hci3: command 0x041b tx timeout [ 138.614613] Bluetooth: hci7: command 0x041b tx timeout [ 138.615111] Bluetooth: hci5: command 0x041b tx timeout [ 138.742614] Bluetooth: hci6: command 0x041b tx timeout [ 139.198003] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 139.199087] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 139.201009] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 139.203296] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 139.205017] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 139.206140] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 139.212621] Bluetooth: hci4: HCI_REQ-0x0c1a [ 140.534847] Bluetooth: hci3: command 0x040f tx timeout [ 140.662633] Bluetooth: hci5: command 0x040f tx timeout [ 140.662668] Bluetooth: hci7: command 0x040f tx timeout [ 140.790649] Bluetooth: hci6: command 0x040f tx timeout [ 140.918597] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 141.110585] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 141.238649] Bluetooth: hci4: command 0x0409 tx timeout [ 142.582871] Bluetooth: hci3: command 0x0419 tx timeout [ 142.710680] Bluetooth: hci7: command 0x0419 tx timeout [ 142.711173] Bluetooth: hci5: command 0x0419 tx timeout [ 142.840257] Bluetooth: hci6: command 0x0419 tx timeout [ 143.288199] Bluetooth: hci4: command 0x041b tx timeout [ 143.326456] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 143.332316] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 143.333157] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 143.335800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 143.337317] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 143.342101] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 143.347826] Bluetooth: hci0: HCI_REQ-0x0c1a [ 143.500943] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 143.510179] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 143.510969] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 143.524306] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 143.525284] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 143.526430] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 143.540334] Bluetooth: hci1: HCI_REQ-0x0c1a [ 145.334646] Bluetooth: hci4: command 0x040f tx timeout [ 145.398601] Bluetooth: hci0: command 0x0409 tx timeout [ 145.590844] Bluetooth: hci1: command 0x0409 tx timeout [ 147.383273] Bluetooth: hci4: command 0x0419 tx timeout [ 147.447060] Bluetooth: hci0: command 0x041b tx timeout [ 147.638582] Bluetooth: hci1: command 0x041b tx timeout [ 149.495578] Bluetooth: hci0: command 0x040f tx timeout [ 149.687586] Bluetooth: hci1: command 0x040f tx timeout [ 151.543673] Bluetooth: hci0: command 0x0419 tx timeout [ 151.735811] Bluetooth: hci1: command 0x0419 tx timeout 13:13:06 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x40086604) 13:13:06 executing program 4: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x11000, 0xa, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000220000000000002200000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000002200170000000000001700080000000008007809140b2a3a08020000010000010100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202073797a6b616c6c65722020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202047454e49534f494d4147452049534f20393636302f4846532046494c4553595354454d2043524541544f5220284329203139393320452e594f554e4744414c452028432920313939372d32303036204a2e50454152534f4e2f4a2e534348494c4c494e472028432920323030362d32303037204344524b4954205445414d202066696c6533202020202020202020202020202020202020202020202020202020202020202066696c6531202020202020202020202020202020202020202020202020202020202020202066696c6532202020202020202020202020202020202020202020202020202020202020202032303230303932303131343235383030083230323030393230313134323538303008303030303030303030303030303030300032303230303932303131343235383030080100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202000"/1408, 0x580, 0x8000}, {&(0x7f0000010600)="ff43443030310100"/32, 0x20, 0x8800}, {&(0x7f0000010700)="01001700000001000000050018000000010046494c4530000000000000000000", 0x20, 0x9800}, {&(0x7f0000010800)="01000000001700010000050000000018000146494c4530000000000000000000", 0x20, 0xa800}, {&(0x7f0000010900)="8800170000000000001700080000000008007809140b2a3a0802000001000001010053500701beef005252050181505824016d4100000000416d03000000000000030000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a0843451c0119000000000000190000000000000000ed000000000000ed6600170000000000001700080000000008007809140b2a3a080200000100000101015252050181505824016d4100000000416d02000000000000020000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a08008c001a0000000000001a64000000000000647809140b2a3a08000000010000010a46494c452e434f4c3b310041410e0254455854756e6978000052520501894e4d0e010066696c652e636f6c64505824016d8100000000816d01000000000000010000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a08007400180000000000001800080000000008007809140b2a3a08020000010000010546494c453052520501894e4d0a010066696c6530505824016d4100000000416d02000000000000020000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a080086001b0000000000001b0a0000000000000a7809140b2a3a08000000010000010846494c45312e3b310041410e0254455854756e6978000052520501894e4d0a010066696c6531505824016d8100000000816d01000000000000010000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a080086001c0000000000001c28230000000023287809140b2a3a08000000010000010846494c45322e3b310041410e0254455854756e6978000052520501894e4d0a010066696c6532505824016d8100000000816d02000000000000020000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a080086001c0000000000001c28230000000023287809140b2a3a08000000010000010846494c45332e3b310041410e0254455854756e6978000052520501894e4d0a010066696c6533505824016d8100000000816d02000000000000020000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a0800", 0x380, 0xb800}, {&(0x7f0000010d00)="6600180000000000001800080000000008007809140b2a3a080200000100000101005252050181505824016d4100000000416d02000000000000020000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a08006600170000000000001700080000000008007809140b2a3a080200000100000101015252050181505824016d4100000000416d03000000000000030000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a0800860021000000000000211a0400000000041a7809140b2a3a08000000010000010846494c45302e3b310041410e0254455854756e6978000052520501894e4d0a010066696c6530505824016d8100000000816d01000000000000010000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a0800a800220000000000002200000000000000007809140b2a3a08000000010000010846494c45312e3b3100525205018d4e4d0a010066696c6531505824016da100000000a16d010000000000000100000000000000000000000000000000534c31010008000003746d70001573797a2d696d61676567656e393632343934303438000566696c6530000566696c653054461a010e7809140b2a3a087809140b2a3a087809140b2a3a08000000000000", 0x200, 0xc000}, {&(0x7f0000010f00)="4552ed010a548701525249505f313939314154484520524f434b20524944474520494e5445524348414e47452050524f544f434f4c2050524f564944455320535550504f525420464f5220504f5349582046494c452053595354454d2053454d414e54494353504c4541534520434f4e544143542044495343205055424c495348455220464f522053504543494649434154494f4e20534f555243452e2020534545205055424c4953484552204944454e54494649455220494e205052494d41525920564f4c554d452044455343524950544f5220464f5220434f4e5441435420494e464f524d4154494f4e2e00"/256, 0x100, 0xc800}, {&(0x7f0000011000)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0xd000}, {&(0x7f0000011100)='syzkallers\x00'/32, 0x20, 0xd800}, {&(0x7f0000011200)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x10800}], 0x0, &(0x7f0000011700)) 13:13:06 executing program 6: timerfd_create(0x2, 0x0) 13:13:06 executing program 7: bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x0, @empty}, 0x1c) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0xc4032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000) 13:13:06 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW(r0, 0x540a, 0x0) 13:13:06 executing program 3: io_uring_setup(0x6725, &(0x7f0000000940)) 13:13:06 executing program 2: open$dir(&(0x7f0000000000)='./file0\x00', 0x5, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001480)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$msdos(&(0x7f0000001ac0), &(0x7f0000001b00)='./file0\x00', 0x0, 0x1, &(0x7f0000001b80)=[{&(0x7f0000001b40)='?', 0x1}], 0x0, &(0x7f0000001bc0)) unlinkat(0xffffffffffffffff, &(0x7f0000001c40)='.\x00', 0x0) 13:13:06 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW(r0, 0x540a, 0x0) [ 182.824902] loop4: detected capacity change from 0 to 264 [ 182.841451] EXT4-fs warning (device sda): __ext4_ioctl:1238: Setting inode version is not supported with metadata_csum enabled. [ 182.869632] FAT-fs (loop2): bogus number of reserved sectors [ 182.870608] FAT-fs (loop2): Can't find a valid FAT filesystem [ 182.926636] FAT-fs (loop2): bogus number of reserved sectors [ 182.927401] FAT-fs (loop2): Can't find a valid FAT filesystem 13:13:06 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x161941, 0x2) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000180)='./file1\x00', 0x0) [ 183.047798] audit: type=1400 audit(1663938786.471:7): avc: denied { open } for pid=7085 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 183.050224] audit: type=1400 audit(1663938786.472:8): avc: denied { kernel } for pid=7085 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 183.060325] ------------[ cut here ]------------ [ 183.060354] [ 183.060358] ====================================================== [ 183.060363] WARNING: possible circular locking dependency detected [ 183.060369] 6.0.0-rc6-next-20220923 #1 Not tainted [ 183.060379] ------------------------------------------------------ [ 183.060384] syz-executor.6/7086 is trying to acquire lock: [ 183.060393] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 183.060450] [ 183.060450] but task is already holding lock: [ 183.060454] ffff88803f24fc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 183.060498] [ 183.060498] which lock already depends on the new lock. [ 183.060498] [ 183.060502] [ 183.060502] the existing dependency chain (in reverse order) is: [ 183.060507] [ 183.060507] -> #3 (&ctx->lock){....}-{2:2}: [ 183.060533] _raw_spin_lock+0x2a/0x40 [ 183.060562] __perf_event_task_sched_out+0x53b/0x18d0 [ 183.060582] __schedule+0xedd/0x2470 [ 183.060603] preempt_schedule_common+0x45/0xc0 [ 183.060626] __cond_resched+0x17/0x30 [ 183.060647] __mutex_lock+0xa3/0x14d0 [ 183.060670] __do_sys_perf_event_open+0x1eec/0x32c0 [ 183.060690] do_syscall_64+0x3b/0x90 [ 183.060716] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 183.060736] [ 183.060736] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 183.060757] _raw_spin_lock_nested+0x30/0x40 [ 183.060786] raw_spin_rq_lock_nested+0x1e/0x30 [ 183.060806] task_fork_fair+0x63/0x4d0 [ 183.060832] sched_cgroup_fork+0x3d0/0x540 [ 183.060854] copy_process+0x4183/0x6e20 [ 183.060870] kernel_clone+0xe7/0x890 [ 183.060885] user_mode_thread+0xad/0xf0 [ 183.060901] rest_init+0x24/0x250 [ 183.060918] arch_call_rest_init+0xf/0x14 [ 183.060944] start_kernel+0x4c1/0x4e6 [ 183.060968] secondary_startup_64_no_verify+0xe0/0xeb [ 183.060990] [ 183.060990] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 183.061020] _raw_spin_lock_irqsave+0x39/0x60 [ 183.061049] try_to_wake_up+0xab/0x1930 [ 183.061070] up+0x75/0xb0 [ 183.061091] __up_console_sem+0x6e/0x80 [ 183.061115] console_unlock+0x46a/0x590 [ 183.061140] vprintk_emit+0x1bd/0x560 [ 183.061165] vprintk+0x84/0xa0 [ 183.061190] _printk+0xba/0xf1 [ 183.061207] kauditd_hold_skb.cold+0x3f/0x4e [ 183.061233] kauditd_send_queue+0x233/0x290 [ 183.061256] kauditd_thread+0x5da/0x9a0 [ 183.061277] kthread+0x2ed/0x3a0 [ 183.061300] ret_from_fork+0x22/0x30 [ 183.061319] [ 183.061319] -> #0 ((console_sem).lock){....}-{2:2}: [ 183.061340] __lock_acquire+0x2a02/0x5e70 [ 183.061367] lock_acquire+0x1a2/0x530 [ 183.061391] _raw_spin_lock_irqsave+0x39/0x60 [ 183.061420] down_trylock+0xe/0x70 [ 183.061443] __down_trylock_console_sem+0x3b/0xd0 [ 183.061468] vprintk_emit+0x16b/0x560 [ 183.061493] vprintk+0x84/0xa0 [ 183.061518] _printk+0xba/0xf1 [ 183.061534] report_bug.cold+0x72/0xab [ 183.061559] handle_bug+0x3c/0x70 [ 183.061584] exc_invalid_op+0x14/0x50 [ 183.061610] asm_exc_invalid_op+0x16/0x20 [ 183.061628] group_sched_out.part.0+0x2c7/0x460 [ 183.061646] ctx_sched_out+0x8f1/0xc10 [ 183.061661] __perf_event_task_sched_out+0x6d0/0x18d0 [ 183.061681] __schedule+0xedd/0x2470 [ 183.061702] preempt_schedule_common+0x45/0xc0 [ 183.061725] __cond_resched+0x17/0x30 [ 183.061746] __mutex_lock+0xa3/0x14d0 [ 183.061769] __do_sys_perf_event_open+0x1eec/0x32c0 [ 183.061789] do_syscall_64+0x3b/0x90 [ 183.061815] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 183.061834] [ 183.061834] other info that might help us debug this: [ 183.061834] [ 183.061838] Chain exists of: [ 183.061838] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 183.061838] [ 183.061862] Possible unsafe locking scenario: [ 183.061862] [ 183.061865] CPU0 CPU1 [ 183.061869] ---- ---- [ 183.061872] lock(&ctx->lock); [ 183.061881] lock(&rq->__lock); [ 183.061891] lock(&ctx->lock); [ 183.061901] lock((console_sem).lock); [ 183.061910] [ 183.061910] *** DEADLOCK *** [ 183.061910] [ 183.061913] 2 locks held by syz-executor.6/7086: [ 183.061923] #0: ffff88806cf37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 183.061969] #1: ffff88803f24fc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 183.062013] [ 183.062013] stack backtrace: [ 183.062017] CPU: 1 PID: 7086 Comm: syz-executor.6 Not tainted 6.0.0-rc6-next-20220923 #1 [ 183.062037] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 183.062050] Call Trace: [ 183.062054] [ 183.062060] dump_stack_lvl+0x8b/0xb3 [ 183.062088] check_noncircular+0x263/0x2e0 [ 183.062114] ? format_decode+0x26c/0xb50 [ 183.062139] ? print_circular_bug+0x450/0x450 [ 183.062166] ? enable_ptr_key_workfn+0x20/0x20 [ 183.062191] ? lock_release+0x547/0x750 [ 183.062217] ? format_decode+0x26c/0xb50 [ 183.062244] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 183.062271] __lock_acquire+0x2a02/0x5e70 [ 183.062305] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 183.062341] lock_acquire+0x1a2/0x530 [ 183.062367] ? down_trylock+0xe/0x70 [ 183.062393] ? lock_release+0x750/0x750 [ 183.062425] ? vprintk+0x84/0xa0 [ 183.062453] _raw_spin_lock_irqsave+0x39/0x60 [ 183.062484] ? down_trylock+0xe/0x70 [ 183.062508] down_trylock+0xe/0x70 [ 183.062533] ? vprintk+0x84/0xa0 [ 183.062559] __down_trylock_console_sem+0x3b/0xd0 [ 183.062586] vprintk_emit+0x16b/0x560 [ 183.062616] vprintk+0x84/0xa0 [ 183.062643] _printk+0xba/0xf1 [ 183.062661] ? record_print_text.cold+0x16/0x16 [ 183.062686] ? report_bug.cold+0x66/0xab [ 183.062714] ? group_sched_out.part.0+0x2c7/0x460 [ 183.062732] report_bug.cold+0x72/0xab [ 183.062761] handle_bug+0x3c/0x70 [ 183.062788] exc_invalid_op+0x14/0x50 [ 183.062816] asm_exc_invalid_op+0x16/0x20 [ 183.062835] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 183.062857] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 183.062875] RSP: 0018:ffff88803998f978 EFLAGS: 00010006 [ 183.062889] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 183.062901] RDX: ffff88803876b580 RSI: ffffffff81564fb7 RDI: 0000000000000005 [ 183.062913] RBP: ffff8880371d8000 R08: 0000000000000005 R09: 0000000000000001 [ 183.062925] R10: 0000000000000000 R11: ffffffff865b005b R12: ffff88803f24fc00 [ 183.062937] R13: ffff88806cf3d140 R14: ffffffff8547d040 R15: 0000000000000002 [ 183.062954] ? group_sched_out.part.0+0x2c7/0x460 [ 183.062976] ? group_sched_out.part.0+0x2c7/0x460 [ 183.062997] ctx_sched_out+0x8f1/0xc10 [ 183.063017] __perf_event_task_sched_out+0x6d0/0x18d0 [ 183.063042] ? lock_is_held_type+0xd7/0x130 [ 183.063063] ? __perf_cgroup_move+0x160/0x160 [ 183.063082] ? set_next_entity+0x304/0x550 [ 183.063110] ? update_curr+0x267/0x740 [ 183.063139] ? lock_is_held_type+0xd7/0x130 [ 183.063160] __schedule+0xedd/0x2470 [ 183.063187] ? io_schedule_timeout+0x150/0x150 [ 183.063210] ? find_held_lock+0x2c/0x110 [ 183.063235] ? lock_is_held_type+0xd7/0x130 [ 183.063255] ? __cond_resched+0x17/0x30 [ 183.063279] preempt_schedule_common+0x45/0xc0 [ 183.063305] __cond_resched+0x17/0x30 [ 183.063327] __mutex_lock+0xa3/0x14d0 [ 183.063353] ? lock_is_held_type+0xd7/0x130 [ 183.063372] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 183.063396] ? mutex_lock_io_nested+0x1310/0x1310 [ 183.063422] ? lock_release+0x3b2/0x750 [ 183.063449] ? __up_read+0x192/0x730 [ 183.063472] ? up_write+0x520/0x520 [ 183.063498] __do_sys_perf_event_open+0x1eec/0x32c0 [ 183.063526] ? perf_compat_ioctl+0x130/0x130 [ 183.063546] ? xfd_validate_state+0x59/0x180 [ 183.063581] ? syscall_enter_from_user_mode+0x1d/0x50 [ 183.063603] ? syscall_enter_from_user_mode+0x1d/0x50 [ 183.063627] do_syscall_64+0x3b/0x90 [ 183.063654] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 183.063674] RIP: 0033:0x7f9e664eab19 [ 183.063688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 183.063705] RSP: 002b:00007f9e63a60188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 183.063722] RAX: ffffffffffffffda RBX: 00007f9e665fdf60 RCX: 00007f9e664eab19 [ 183.063735] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000080 [ 183.063747] RBP: 00007f9e66544f6d R08: 0000000000000000 R09: 0000000000000000 [ 183.063758] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 183.063770] R13: 00007ffeada6303f R14: 00007f9e63a60300 R15: 0000000000022000 [ 183.063790] [ 183.156736] WARNING: CPU: 1 PID: 7086 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 183.157779] Modules linked in: [ 183.158138] CPU: 1 PID: 7086 Comm: syz-executor.6 Not tainted 6.0.0-rc6-next-20220923 #1 [ 183.159031] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 183.160281] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 183.160885] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 183.162929] RSP: 0018:ffff88803998f978 EFLAGS: 00010006 [ 183.163518] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 183.164314] RDX: ffff88803876b580 RSI: ffffffff81564fb7 RDI: 0000000000000005 [ 183.165116] RBP: ffff8880371d8000 R08: 0000000000000005 R09: 0000000000000001 [ 183.165909] R10: 0000000000000000 R11: ffffffff865b005b R12: ffff88803f24fc00 [ 183.166697] R13: ffff88806cf3d140 R14: ffffffff8547d040 R15: 0000000000000002 [ 183.167490] FS: 00007f9e63a60700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 183.168385] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 183.169037] CR2: 00007f24287ee840 CR3: 000000003f73a000 CR4: 0000000000350ee0 [ 183.169828] Call Trace: [ 183.170122] [ 183.170383] ctx_sched_out+0x8f1/0xc10 [ 183.170831] __perf_event_task_sched_out+0x6d0/0x18d0 [ 183.171418] ? lock_is_held_type+0xd7/0x130 [ 183.171907] ? __perf_cgroup_move+0x160/0x160 [ 183.172412] ? set_next_entity+0x304/0x550 [ 183.172900] ? update_curr+0x267/0x740 [ 183.173356] ? lock_is_held_type+0xd7/0x130 [ 183.173849] __schedule+0xedd/0x2470 [ 183.174279] ? io_schedule_timeout+0x150/0x150 [ 183.174801] ? find_held_lock+0x2c/0x110 [ 183.175272] ? lock_is_held_type+0xd7/0x130 [ 183.175761] ? __cond_resched+0x17/0x30 [ 183.176211] preempt_schedule_common+0x45/0xc0 [ 183.176737] __cond_resched+0x17/0x30 [ 183.177185] __mutex_lock+0xa3/0x14d0 [ 183.177626] ? lock_is_held_type+0xd7/0x130 [ 183.178111] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 183.178702] ? mutex_lock_io_nested+0x1310/0x1310 [ 183.179247] ? lock_release+0x3b2/0x750 [ 183.179701] ? __up_read+0x192/0x730 [ 183.180124] ? up_write+0x520/0x520 [ 183.180542] __do_sys_perf_event_open+0x1eec/0x32c0 [ 183.181117] ? perf_compat_ioctl+0x130/0x130 [ 183.181624] ? xfd_validate_state+0x59/0x180 [ 183.182136] ? syscall_enter_from_user_mode+0x1d/0x50 [ 183.182714] ? syscall_enter_from_user_mode+0x1d/0x50 [ 183.183293] do_syscall_64+0x3b/0x90 [ 183.183733] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 183.184303] RIP: 0033:0x7f9e664eab19 [ 183.184723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 183.186717] RSP: 002b:00007f9e63a60188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 183.187553] RAX: ffffffffffffffda RBX: 00007f9e665fdf60 RCX: 00007f9e664eab19 [ 183.188341] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000080 [ 183.189144] RBP: 00007f9e66544f6d R08: 0000000000000000 R09: 0000000000000000 [ 183.189931] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 183.190716] R13: 00007ffeada6303f R14: 00007f9e63a60300 R15: 0000000000022000 [ 183.191514] [ 183.191780] irq event stamp: 1526 [ 183.192161] hardirqs last enabled at (1525): [] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 183.193253] hardirqs last disabled at (1526): [] __schedule+0x1225/0x2470 [ 183.194173] softirqs last enabled at (1374): [] __irq_exit_rcu+0x11b/0x180 [ 183.195131] softirqs last disabled at (1365): [] __irq_exit_rcu+0x11b/0x180 [ 183.196068] ---[ end trace 0000000000000000 ]--- 13:13:06 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x40086604) 13:13:06 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW(r0, 0x540a, 0x0) 13:13:06 executing program 7: bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x0, @empty}, 0x1c) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0xc4032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000) 13:13:06 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW(r0, 0x540a, 0x0) 13:13:06 executing program 4: bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x0, @empty}, 0x1c) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0xc4032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000) [ 183.266567] EXT4-fs warning (device sda): __ext4_ioctl:1238: Setting inode version is not supported with metadata_csum enabled. 13:13:06 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x80000, 0xa, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000470000004f801002000400003000000000000008000295d20d2f153595a4b414c4c4552202046415431362020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ffffffffffffff00"/64, 0x40, 0x1e0}, {&(0x7f0000010200)="f8fffffff0ffffffffffffff00"/32, 0x20, 0x400}, {&(0x7f0000010300)="f8fffffff0ffffffffffffff00"/32, 0x20, 0x600}, {&(0x7f0000010400)="f8fffffff0ffffffffffffff00"/32, 0x20, 0x800}, {&(0x7f0000010500)="53595a4b414c4c45522020080000ec80325132510000ec80325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100080ec70325132510000ec70325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200080ec70325132510000ec70325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200080ec70325132510000ec70325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200080ec70325132510000ec703251070064000000", 0x120, 0xa00}, {&(0x7f0000010700)="2e20202020202020202020100080ec70325132510000ec7032510300000000002e2e202020202020202020100080ec70325132510000ec70325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200080ec70325132510000ec70325104001a040000", 0x80, 0x11800}, {&(0x7f0000010800)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x21800}, {&(0x7f0000010d00)='syzkallers\x00'/32, 0x20, 0x31800}, {&(0x7f0000010e00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x51800}], 0x0, &(0x7f0000010f00)) 13:13:06 executing program 2: open$dir(&(0x7f0000000000)='./file0\x00', 0x5, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001480)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$msdos(&(0x7f0000001ac0), &(0x7f0000001b00)='./file0\x00', 0x0, 0x1, &(0x7f0000001b80)=[{&(0x7f0000001b40)='?', 0x1}], 0x0, &(0x7f0000001bc0)) unlinkat(0xffffffffffffffff, &(0x7f0000001c40)='.\x00', 0x0) 13:13:06 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSPGRP(r0, 0x5410, 0x0) [ 183.308418] loop6: detected capacity change from 0 to 1304 [ 183.315368] FAT-fs (loop2): bogus number of reserved sectors [ 183.316002] FAT-fs (loop2): Can't find a valid FAT filesystem 13:13:06 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x40086604) 13:13:06 executing program 4: bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x0, @empty}, 0x1c) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0xc4032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000) 13:13:06 executing program 7: bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x0, @empty}, 0x1c) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0xc4032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000) 13:13:06 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW(r0, 0x540a, 0x0) [ 183.397227] EXT4-fs warning (device sda): __ext4_ioctl:1238: Setting inode version is not supported with metadata_csum enabled. 13:13:06 executing program 3: msgctl$IPC_STAT(0x0, 0x2, 0x0) 13:13:06 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 13:13:06 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW(r0, 0x540a, 0x0) [ 183.503121] loop1: detected capacity change from 0 to 264192 13:13:06 executing program 4: bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x0, @empty}, 0x1c) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0xc4032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000) 13:13:06 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x40086604) 13:13:06 executing program 7: bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x0, @empty}, 0x1c) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0xc4032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000) 13:13:06 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000000)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) chown(&(0x7f00000003c0)='./file1\x00', 0x0, 0x0) 13:13:06 executing program 2: open$dir(&(0x7f0000000000)='./file0\x00', 0x5, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001480)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$msdos(&(0x7f0000001ac0), &(0x7f0000001b00)='./file0\x00', 0x0, 0x1, &(0x7f0000001b80)=[{&(0x7f0000001b40)='?', 0x1}], 0x0, &(0x7f0000001bc0)) unlinkat(0xffffffffffffffff, &(0x7f0000001c40)='.\x00', 0x0) [ 183.520641] loop6: detected capacity change from 0 to 40 [ 183.529934] EXT4-fs warning (device sda): __ext4_ioctl:1238: Setting inode version is not supported with metadata_csum enabled. [ 183.539559] FAT-fs (loop2): bogus number of reserved sectors [ 183.540072] FAT-fs (loop2): Can't find a valid FAT filesystem [ 183.584544] hrtimer: interrupt took 17673 ns 13:13:07 executing program 2: open$dir(&(0x7f0000000000)='./file0\x00', 0x5, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001480)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$msdos(&(0x7f0000001ac0), &(0x7f0000001b00)='./file0\x00', 0x0, 0x1, &(0x7f0000001b80)=[{&(0x7f0000001b40)='?', 0x1}], 0x0, &(0x7f0000001bc0)) unlinkat(0xffffffffffffffff, &(0x7f0000001c40)='.\x00', 0x0) 13:13:07 executing program 3: r0 = syz_open_dev$usbmon(&(0x7f0000000380), 0x0, 0x0) ioctl$MON_IOCQ_URB_LEN(r0, 0x9201) [ 183.615709] FAT-fs (loop2): bogus number of reserved sectors [ 183.616224] FAT-fs (loop2): Can't find a valid FAT filesystem 13:13:07 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000140), 0x4) close(r1) 13:13:07 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0x13, 0x0, 0x0) 13:13:07 executing program 5: syz_emit_ethernet(0x5a, &(0x7f0000000080)={@link_local, @local, @val={@void}, {@canfd={0xd, {{0x1fffffff}, 0x0, 0x0, 0x0, 0x0, "bf5ec5abb92316ffad4769f3a3cc0d360e7fbd8096835ae1c03e90cbae66998d397b9a99fd7fd97e53c3f42512daeaac857bda4c34595fb82dbb72348507f1de"}}}}, 0x0) 13:13:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8917, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8916, &(0x7f0000000000)={'lo\x00'}) 13:13:07 executing program 7: openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0) 13:13:07 executing program 6: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(r1, r0) 13:13:07 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080)=0x3ff, 0x4) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000100)) 13:13:07 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 13:13:07 executing program 5: semget$private(0x0, 0x4, 0x0) 13:13:07 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 13:13:07 executing program 6: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(r1, r0) 13:13:07 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="00000000000000005e4d57d9cf66696c"]) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r1, 0xa015000) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = io_uring_setup(0x454c, &(0x7f0000000240)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x11, 0x0, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="05ff232ef592436bf2d97aa1", 0xe}, {&(0x7f0000000100)="9f", 0x1}, {&(0x7f00000002c0)='^', 0x1}], 0x3, 0x0, 0x0, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, &(0x7f00000001c0)) sendfile(r3, r0, 0x0, 0xfffffdef) 13:13:07 executing program 2: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) madvise(&(0x7f000015a000/0x1000)=nil, 0x1000, 0x18) 13:13:07 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080)=0x3ff, 0x4) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000100)) 13:13:07 executing program 7: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080)=0x3ff, 0x4) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000100)) [ 184.452257] loop4: detected capacity change from 0 to 40 [ 184.486455] loop3: detected capacity change from 0 to 264192 [ 184.491442] loop1: detected capacity change from 0 to 264192 13:13:07 executing program 6: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(r1, r0) 13:13:07 executing program 2: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) madvise(&(0x7f000015a000/0x1000)=nil, 0x1000, 0x18) [ 184.533976] syz-executor.4: attempt to access beyond end of device [ 184.533976] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 184.535162] Buffer I/O error on dev loop4, logical block 10, lost async page write 13:13:07 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080)=0x3ff, 0x4) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000100)) 13:13:07 executing program 7: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080)=0x3ff, 0x4) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000100)) 13:13:07 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 184.568155] syz-executor.4 (7170) used greatest stack depth: 24472 bytes left 13:13:08 executing program 6: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(r1, r0) [ 184.614959] loop5: detected capacity change from 0 to 264192 13:13:08 executing program 2: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) madvise(&(0x7f000015a000/0x1000)=nil, 0x1000, 0x18) 13:13:08 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="00000000000000005e4d57d9cf66696c"]) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r1, 0xa015000) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = io_uring_setup(0x454c, &(0x7f0000000240)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x11, 0x0, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="05ff232ef592436bf2d97aa1", 0xe}, {&(0x7f0000000100)="9f", 0x1}, {&(0x7f00000002c0)='^', 0x1}], 0x3, 0x0, 0x0, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, &(0x7f00000001c0)) sendfile(r3, r0, 0x0, 0xfffffdef) [ 184.685035] loop4: detected capacity change from 0 to 40 [ 184.740130] syz-executor.4: attempt to access beyond end of device [ 184.740130] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 184.741203] Buffer I/O error on dev loop4, logical block 10, lost async page write 13:13:08 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080)=0x3ff, 0x4) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000100)) 13:13:08 executing program 2: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) madvise(&(0x7f000015a000/0x1000)=nil, 0x1000, 0x18) 13:13:08 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="00000000000000005e4d57d9cf66696c"]) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r1, 0xa015000) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = io_uring_setup(0x454c, &(0x7f0000000240)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x11, 0x0, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="05ff232ef592436bf2d97aa1", 0xe}, {&(0x7f0000000100)="9f", 0x1}, {&(0x7f00000002c0)='^', 0x1}], 0x3, 0x0, 0x0, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, &(0x7f00000001c0)) sendfile(r3, r0, 0x0, 0xfffffdef) 13:13:08 executing program 6: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(r1, r0) 13:13:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 13:13:08 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 13:13:08 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 13:13:08 executing program 7: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080)=0x3ff, 0x4) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000100)) [ 185.215306] loop4: detected capacity change from 0 to 40 [ 185.221842] loop3: detected capacity change from 0 to 264192 [ 185.227313] loop5: detected capacity change from 0 to 264192 13:13:08 executing program 2: timer_create(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x1}, &(0x7f0000000600)) timer_settime(0x0, 0x1, &(0x7f0000000680)={{}, {0x77359400}}, &(0x7f00000006c0)) [ 185.278974] loop1: detected capacity change from 0 to 264192 13:13:08 executing program 7: getcwd(0x0, 0x0) 13:13:08 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000001d00)='./file0\x00', 0x0, 0x4, &(0x7f0000002100)=[{0x0, 0x0, 0x3}, {&(0x7f0000001dc0)}, {0x0, 0x0, 0x100}, {0x0, 0x0, 0x5}], 0x0, &(0x7f00000021c0)={[{@noquota}, {@dioread_lock}, {@abort}]}) [ 185.367486] syz-executor.4: attempt to access beyond end of device [ 185.367486] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 185.368454] Buffer I/O error on dev loop4, logical block 10, lost async page write 13:13:08 executing program 7: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000140)=[{0x0, 0x2, 0x0, 0x0, @tick, {}, {}, @raw8={"6a4110372e4321349a15abcc"}}], 0x1c) fdatasync(r0) mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) 13:13:08 executing program 2: timer_create(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x1}, &(0x7f0000000600)) timer_settime(0x0, 0x1, &(0x7f0000000680)={{}, {0x77359400}}, &(0x7f00000006c0)) [ 185.423851] loop0: detected capacity change from 0 to 1 [ 185.426387] Process accounting resumed 13:13:08 executing program 6: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(r1, r0) [ 185.439041] loop0: detected capacity change from 0 to 1 [ 185.446605] Process accounting resumed 13:13:08 executing program 7: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000140)=[{0x0, 0x2, 0x0, 0x0, @tick, {}, {}, @raw8={"6a4110372e4321349a15abcc"}}], 0x1c) fdatasync(r0) mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) [ 185.533232] Process accounting resumed 13:13:09 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000140)=[{0x0, 0x2, 0x0, 0x0, @tick, {}, {}, @raw8={"6a4110372e4321349a15abcc"}}], 0x1c) fdatasync(r0) mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) 13:13:09 executing program 7: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000140)=[{0x0, 0x2, 0x0, 0x0, @tick, {}, {}, @raw8={"6a4110372e4321349a15abcc"}}], 0x1c) fdatasync(r0) mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) 13:13:09 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="00000000000000005e4d57d9cf66696c"]) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r1, 0xa015000) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r4 = io_uring_setup(0x454c, &(0x7f0000000240)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x11, 0x0, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="05ff232ef592436bf2d97aa1", 0xe}, {&(0x7f0000000100)="9f", 0x1}, {&(0x7f00000002c0)='^', 0x1}], 0x3, 0x0, 0x0, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, &(0x7f00000001c0)) sendfile(r3, r0, 0x0, 0xfffffdef) 13:13:09 executing program 2: timer_create(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x1}, &(0x7f0000000600)) timer_settime(0x0, 0x1, &(0x7f0000000680)={{}, {0x77359400}}, &(0x7f00000006c0)) 13:13:09 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 13:13:09 executing program 6: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) dup2(r1, r0) 13:13:09 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) 13:13:09 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x102) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) write$P9_RWSTAT(r1, &(0x7f0000000380)={0x7, 0x7f, 0x7}, 0x7) pread64(0xffffffffffffffff, &(0x7f0000000180)=""/16, 0x20000190, 0x0) openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x80000, 0x40) perf_event_open(&(0x7f0000000280)={0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) mount$9p_rdma(&(0x7f0000000140), &(0x7f0000000180)='./file1/file0\x00', 0x0, 0x4202402, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e23,appraise,obj_user=^,dont_appraise,euid<', @ANYRESDEC=0xee01, @ANYBLOB="2c1ac587813e95c81fa7cd62cee12f3900ba62ca87fb1ecea357fb0d4d84b3fe581ff63e6c805409792d15cdce83ac2541206d5f3e"]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', 0x0, 0x153) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x7fffffff) sendfile(r3, r2, 0x0, 0xfffffdef) [ 185.920368] Process accounting resumed [ 185.920880] loop5: detected capacity change from 0 to 264192 [ 185.923043] loop1: detected capacity change from 0 to 264192 [ 185.930974] Process accounting resumed [ 185.934248] loop4: detected capacity change from 0 to 40 13:13:09 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000140)=[{0x0, 0x2, 0x0, 0x0, @tick, {}, {}, @raw8={"6a4110372e4321349a15abcc"}}], 0x1c) fdatasync(r0) mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) [ 185.987234] loop3: detected capacity change from 0 to 264192 [ 186.028680] Process accounting resumed 13:13:09 executing program 7: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000140)=[{0x0, 0x2, 0x0, 0x0, @tick, {}, {}, @raw8={"6a4110372e4321349a15abcc"}}], 0x1c) fdatasync(r0) mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) 13:13:09 executing program 2: timer_create(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x1}, &(0x7f0000000600)) timer_settime(0x0, 0x1, &(0x7f0000000680)={{}, {0x77359400}}, &(0x7f00000006c0)) [ 186.110460] Process accounting resumed 13:13:09 executing program 6: epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0x5, &(0x7f0000000140)={[0x8]}, 0x8) [ 186.262782] Process accounting resumed 13:13:09 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000140)=[{0x0, 0x2, 0x0, 0x0, @tick, {}, {}, @raw8={"6a4110372e4321349a15abcc"}}], 0x1c) fdatasync(r0) mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) [ 186.334382] syz-executor.4: attempt to access beyond end of device [ 186.334382] loop4: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 186.336151] Buffer I/O error on dev loop4, logical block 10, lost async page write [ 186.836320] capability: warning: `syz-executor.2' uses deprecated v2 capabilities in a way that may be insecure 13:13:10 executing program 6: epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0x5, &(0x7f0000000140)={[0x8]}, 0x8) 13:13:10 executing program 7: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f00000005c0)={&(0x7f0000000400)={0x2, 0x0, @local}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000440)="9fe2", 0x2}], 0x1}, 0x8004) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @broadcast}}}], 0x20}, 0x0) 13:13:10 executing program 2: capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000580)) r0 = io_uring_setup(0x2f29, &(0x7f0000000040)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000024c0)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) 13:13:10 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000940), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000980)={0x82, @time}) 13:13:10 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0xf, &(0x7f0000000380)={0x0, {{0x2, 0x0, @multicast1}}}, 0x88) 13:13:10 executing program 4: r0 = socket(0x11, 0xa, 0x0) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 13:13:10 executing program 3: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000018, r0) r1 = io_uring_setup(0x710, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x2, 0x20e}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x10050, r1, 0x10000000) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x4000)=nil) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) 13:13:10 executing program 1: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f00000000c0), 0x4) 13:13:10 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) close(r0) 13:13:10 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0xf, &(0x7f0000000380)={0x0, {{0x2, 0x0, @multicast1}}}, 0x88) 13:13:10 executing program 4: r0 = socket(0x11, 0xa, 0x0) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 13:13:10 executing program 0: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40880, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x309, &(0x7f0000000700)) 13:13:10 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, 0x0, 0x0) 13:13:10 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0xc2000402) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x60000020) 13:13:10 executing program 6: epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0x5, &(0x7f0000000140)={[0x8]}, 0x8) 13:13:10 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @dev}, 0xc) setsockopt$inet_mreqn(r0, 0x0, 0x25, &(0x7f00000003c0)={@multicast1, @local}, 0xc) 13:13:10 executing program 3: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000018, r0) r1 = io_uring_setup(0x710, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x2, 0x20e}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x10050, r1, 0x10000000) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x4000)=nil) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) 13:13:10 executing program 1: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000018, r0) r1 = io_uring_setup(0x710, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x2, 0x20e}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x10050, r1, 0x10000000) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x4000)=nil) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) 13:13:10 executing program 4: r0 = socket(0x11, 0xa, 0x0) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 13:13:10 executing program 7: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000018, r0) r1 = io_uring_setup(0x710, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x2, 0x20e}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x10050, r1, 0x10000000) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x4000)=nil) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) 13:13:10 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) close(r0) 13:13:10 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0xf, &(0x7f0000000380)={0x0, {{0x2, 0x0, @multicast1}}}, 0x88) 13:13:10 executing program 1: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000018, r0) r1 = io_uring_setup(0x710, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x2, 0x20e}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x10050, r1, 0x10000000) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x4000)=nil) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) 13:13:10 executing program 0: nanosleep(&(0x7f00000007c0), 0x0) 13:13:10 executing program 4: r0 = socket(0x11, 0xa, 0x0) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) 13:13:10 executing program 6: epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0x5, &(0x7f0000000140)={[0x8]}, 0x8) 13:13:10 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0xf, &(0x7f0000000380)={0x0, {{0x2, 0x0, @multicast1}}}, 0x88) 13:13:10 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pivot_root(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380)='./file0/file0\x00') mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 187.203387] loop4: detected capacity change from 0 to 40 13:13:10 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) close(r0) 13:13:10 executing program 0: nanosleep(&(0x7f00000007c0), 0x0) 13:13:10 executing program 7: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000018, r0) r1 = io_uring_setup(0x710, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x2, 0x20e}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x10050, r1, 0x10000000) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x4000)=nil) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) 13:13:10 executing program 1: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000018, r0) r1 = io_uring_setup(0x710, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x2, 0x20e}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x10050, r1, 0x10000000) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x4000)=nil) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) 13:13:10 executing program 3: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000018, r0) r1 = io_uring_setup(0x710, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x2, 0x20e}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x10050, r1, 0x10000000) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x4000)=nil) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) 13:13:10 executing program 6: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_buf(r0, 0x0, 0x23, 0x0, 0x0) 13:13:11 executing program 7: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000018, r0) r1 = io_uring_setup(0x710, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x2, 0x20e}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x10050, r1, 0x10000000) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x4000)=nil) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) 13:13:11 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) close(r0) 13:13:11 executing program 5: syz_io_uring_setup(0x43db, &(0x7f00000001c0), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000000240), &(0x7f0000000280)) 13:13:11 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = dup3(r0, r1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) 13:13:11 executing program 3: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000018, r0) r1 = io_uring_setup(0x710, &(0x7f0000000040)={0x0, 0x0, 0x1, 0x2, 0x20e}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x10050, r1, 0x10000000) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x4000)=nil) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) 13:13:11 executing program 0: nanosleep(&(0x7f00000007c0), 0x0) 13:13:11 executing program 6: ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000000)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000100)) 13:13:11 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pivot_root(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380)='./file0/file0\x00') mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 187.764083] loop4: detected capacity change from 0 to 40 13:13:11 executing program 7: pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000006700)={0x0, 0x989680}, &(0x7f0000006780)={&(0x7f0000006740), 0x8}) 13:13:11 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) fallocate(r0, 0x10, 0x3, 0x40) 13:13:11 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), r0) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 13:13:11 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, 0x0, 0x0) 13:13:11 executing program 0: nanosleep(&(0x7f00000007c0), 0x0) 13:13:11 executing program 5: clock_gettime(0x0, 0x0) 13:13:11 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x42) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000300)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@rthdrdstopts={{0x18}}, @flowinfo={{0x14, 0x29, 0xb, 0x5b14}}], 0x30}}], 0x1, 0x0) 13:13:11 executing program 7: pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000006700)={0x0, 0x989680}, &(0x7f0000006780)={&(0x7f0000006740), 0x8}) 13:13:11 executing program 3: syz_genetlink_get_family_id$team(&(0x7f0000000640), 0xffffffffffffffff) 13:13:11 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8906, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) dup2(r1, r0) 13:13:11 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_int(r0, 0x29, 0x49, &(0x7f0000000a40)=0x2, 0x4) 13:13:11 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000001c0), 0x4) 13:13:11 executing program 1: semctl$SEM_STAT_ANY(0x0, 0x0, 0x14, &(0x7f0000000280)=""/4096) 13:13:11 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pivot_root(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380)='./file0/file0\x00') mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 13:13:11 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000001c0), 0x4) 13:13:11 executing program 1: syz_io_uring_setup(0x2780, &(0x7f0000001240)={0x0, 0x0, 0x4}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000012c0), &(0x7f0000001300)) 13:13:11 executing program 2: msync(&(0x7f0000fef000/0x2000)=nil, 0x2000, 0x6) 13:13:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000b80), &(0x7f0000000bc0)=0x4) 13:13:11 executing program 7: pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000006700)={0x0, 0x989680}, &(0x7f0000006780)={&(0x7f0000006740), 0x8}) 13:13:11 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f00000000c0)={0xffffffffffffffff}) 13:13:11 executing program 0: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000d00)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) [ 188.463140] loop4: detected capacity change from 0 to 40 13:13:11 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f00000000c0)={0xffffffffffffffff}) 13:13:11 executing program 1: set_mempolicy(0x1, &(0x7f0000000040)=0x3, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x0, &(0x7f00000001c0)=0xffffffffffffff7f, 0x3) syz_open_dev$vcsn(&(0x7f00000006c0), 0x4000, 0x400000) syz_open_dev$sg(&(0x7f0000000000), 0x2, 0x200) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 13:13:11 executing program 7: pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000006700)={0x0, 0x989680}, &(0x7f0000006780)={&(0x7f0000006740), 0x8}) 13:13:11 executing program 3: r0 = syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000240)={0x3314c1}, &(0x7f0000000280)='./file0\x00', 0x18}, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) 13:13:11 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480), &(0x7f00000014c0)) 13:13:11 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000001c0), 0x4) 13:13:12 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480), &(0x7f00000014c0)) 13:13:12 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000001c0), 0x4) 13:13:12 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000040)={0x81}) 13:13:12 executing program 3: getrusage(0x1, &(0x7f0000000200)) 13:13:12 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pivot_root(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380)='./file0/file0\x00') mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 13:13:12 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f00000000c0)={0xffffffffffffffff}) [ 188.764424] loop4: detected capacity change from 0 to 40 13:13:12 executing program 0: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000d00)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 13:13:12 executing program 1: set_mempolicy(0x1, &(0x7f0000000040)=0x3, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x0, &(0x7f00000001c0)=0xffffffffffffff7f, 0x3) syz_open_dev$vcsn(&(0x7f00000006c0), 0x4000, 0x400000) syz_open_dev$sg(&(0x7f0000000000), 0x2, 0x200) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 13:13:12 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f00000000c0)={0xffffffffffffffff}) 13:13:12 executing program 6: set_mempolicy(0x1, &(0x7f0000000040)=0x3, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x0, &(0x7f00000001c0)=0xffffffffffffff7f, 0x3) syz_open_dev$vcsn(&(0x7f00000006c0), 0x4000, 0x400000) syz_open_dev$sg(&(0x7f0000000000), 0x2, 0x200) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 13:13:12 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000040)={0x81}) 13:13:12 executing program 3: getrusage(0x1, &(0x7f0000000200)) 13:13:12 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480), &(0x7f00000014c0)) 13:13:12 executing program 0: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000d00)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 13:13:12 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000040)={0x81}) 13:13:12 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000040)={0x81}) 13:13:12 executing program 3: getrusage(0x1, &(0x7f0000000200)) 13:13:12 executing program 0: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000d00)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 13:13:12 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) syz_io_uring_setup(0x6d1c, &(0x7f0000001400)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000001480), &(0x7f00000014c0)) 13:13:12 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000040)={0x81}) 13:13:12 executing program 6: set_mempolicy(0x1, &(0x7f0000000040)=0x3, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x0, &(0x7f00000001c0)=0xffffffffffffff7f, 0x3) syz_open_dev$vcsn(&(0x7f00000006c0), 0x4000, 0x400000) syz_open_dev$sg(&(0x7f0000000000), 0x2, 0x200) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 13:13:12 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x1, @none}, 0xe) 13:13:12 executing program 3: getrusage(0x1, &(0x7f0000000200)) 13:13:12 executing program 1: set_mempolicy(0x1, &(0x7f0000000040)=0x3, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x0, &(0x7f00000001c0)=0xffffffffffffff7f, 0x3) syz_open_dev$vcsn(&(0x7f00000006c0), 0x4000, 0x400000) syz_open_dev$sg(&(0x7f0000000000), 0x2, 0x200) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 13:13:12 executing program 2: semtimedop(0x0, &(0x7f0000002d00)=[{0x0, 0x100}, {0x0, 0x0, 0x1000}], 0x2, &(0x7f0000002d80)) 13:13:12 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000000)={0x1c, 0x5e, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}]}, 0x1c}], 0x1}, 0x0) 13:13:12 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000040)={0x81}) 13:13:13 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @val={0x3a, [0x33, 0x2d, 0x35, 0x2f]}}}}]}) 13:13:13 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='schedstat\x00') pread64(r0, &(0x7f00000000c0)=""/98, 0x62, 0x0) [ 189.725941] tmpfs: Bad value for 'mpol' 13:13:13 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) ioctl$SNAPSHOT_S2RAM(r0, 0x330b) [ 189.737822] tmpfs: Bad value for 'mpol' 13:13:13 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f00000013c0)={0x1, 0x0, 0x18, 0x12, 0x1e4, &(0x7f0000002640)}) 13:13:13 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000040)={0x81}) 13:13:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x40001) 13:13:13 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) ioctl$SNAPSHOT_S2RAM(r0, 0x330b) 13:13:13 executing program 6: set_mempolicy(0x1, &(0x7f0000000040)=0x3, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x0, &(0x7f00000001c0)=0xffffffffffffff7f, 0x3) syz_open_dev$vcsn(&(0x7f00000006c0), 0x4000, 0x400000) syz_open_dev$sg(&(0x7f0000000000), 0x2, 0x200) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 13:13:13 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$CDROM_GET_MCN(0xffffffffffffffff, 0x5311, 0x0) sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, 0x0, 0x20000005) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_channels={0x43}}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_channels={0x43}}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000080)) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, 0x0, 0x0) 13:13:13 executing program 1: set_mempolicy(0x1, &(0x7f0000000040)=0x3, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x0, &(0x7f00000001c0)=0xffffffffffffff7f, 0x3) syz_open_dev$vcsn(&(0x7f00000006c0), 0x4000, 0x400000) syz_open_dev$sg(&(0x7f0000000000), 0x2, 0x200) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 13:13:13 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @val={0x3a, [0x33, 0x2d, 0x35, 0x2f]}}}}]}) 13:13:13 executing program 3: syz_io_uring_setup(0x17a3, &(0x7f000000d280)={0x0, 0xb6f0, 0x8}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f000000d300), &(0x7f000000d340)) 13:13:13 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @val={0x3a, [0x33, 0x2d, 0x35, 0x2f]}}}}]}) 13:13:13 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) ioctl$SNAPSHOT_S2RAM(r0, 0x330b) 13:13:13 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) ioctl$SNAPSHOT_S2RAM(r0, 0x330b) 13:13:13 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @val={0x3a, [0x33, 0x2d, 0x35, 0x2f]}}}}]}) [ 189.899404] tmpfs: Bad value for 'mpol' [ 190.065836] tmpfs: Bad value for 'mpol' 13:13:13 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x81, 0x81, 0xef, 0x7, 0x0, 0x6, 0x12, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x8ee, 0x6aeae925f990a1d6, @perf_config_ext={0x3, 0x2}, 0x4110, 0xffff, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x101}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x9) syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000002180)={{}, {}, [], {}, [{0x8, 0x0, 0xffffffffffffffff}], {0x10, 0x4}}, 0x2c, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x10000027f) fcntl$getown(0xffffffffffffffff, 0x9) 13:13:13 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/handlers\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000140)=[{&(0x7f00000017c0)=""/4096, 0x1000}], 0x1, 0x417, 0x0) [ 190.266375] tmpfs: Bad value for 'mpol' 13:13:14 executing program 5: socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000100), 0x0) eventfd(0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$notify(r0, 0x402, 0x2) 13:13:14 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$CDROM_GET_MCN(0xffffffffffffffff, 0x5311, 0x0) sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, 0x0, 0x20000005) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_channels={0x43}}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_channels={0x43}}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000080)) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, 0x0, 0x0) 13:13:14 executing program 3: r0 = syz_open_dev$loop(&(0x7f00000008c0), 0x0, 0x0) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000900)) 13:13:14 executing program 1: r0 = fsopen(&(0x7f0000000000)='selinuxfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r2, &(0x7f0000000400)=[{&(0x7f0000000380)="dcf83f59a5179d20e8b30d337aaa3f7f0572c7890f56f69320136005c274637b2ec3af4ac226c028618deb", 0x2b}], 0x1, 0xbefe, 0x8) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x2, @perf_bp={&(0x7f0000000200), 0x3}, 0x2000, 0x8, 0x1, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = fsopen(&(0x7f0000000000)='debugfs\x00', 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000540)=[{&(0x7f0000000740)="a6ee607b8be4495141ace3ccbcc5910c01ed282d1449c62d8710cc66b02c3570e7d8ba466e9aab0ffa40fa743b248ea1885aba83cb2c3790f31ee1bce2611bb6875418b23d2640ad223c88c0b46abfa0c8f8aea4128e959b4180ebd5d2124c3f1c578e04cea1be18782717e636f4ad1718e31931f21cea4ce3fb7521764a0693643facbb4ce7b3a0f435aebfbb7a59f74838c60fbc34e8a7d1a5cf7b19717924ccbda97aca43738178eb58edb46d514b2470b91692f5ca4bf07639dc35baff41bbc413a736c587813641214babff1fd815c0d3999f2d0fd0a22b155001a2f8d638ee821ec2aa00b92eb67835e85fbdaeff21484724e4e6456a875d6260d83180216955f0998e4dcde2c61e140f1f01bb9464cf6af206c2f08e82835fb985729fbc622f7b4241ed649fc3d56e0a77d012ba575d12831a2272f0d78f3fffbe21a04e82900cec459759c66669f93641a3ded16a1d2d9dbb674521ee1f469aea210c4019949c9fd196d96365fa472e907393fbd677594a58bf88070490f07e59a77707e2daf51b1b799bef5db6deaa6ed7d13f5eac9be7c5879858088a3e15b81b81345c32b9e32c0f0316bdd8c3438b823f9b4f04378a97f9abd65f4d6cae060348cda8b96a1a8b769a3579d7ce3ac7e3a43ebd15a53eeded638faa76bfc20b9478086991193dc6757377639b9ae98d58448356eedae676a7c7001bd024d951cdf43f3e85b4f14d48f1147afe712aceb8b63547a2b03c5c29b8b9a8b49210f8e1c17d82bde7eb65221dcbf0a60ae6eb68a151a19aa468368c4eb87de6586384b875759e82f54186ac9fd3f4818765117f8f53081502c0cfd32c525e18cbb7642649cc32e5a912e60da9f204bbdc0b2bf722fa6846a8e565fe1ee930cbaa7464015a6bb51ce6f4f568bac90179cb140dfa2fd2c165a62152ac6db9d11a9840c6255f255710eac12772a9d4e1c83ea8d559e479e201444778c851830193abd590ca9e972953d2d848b071d3ed4684615c1e1b2be6daab8705d85996aa9b4e19415a47e4eb78628cf18de2983d6932391b02dcb1cf794d4d256d471846dfb40b62b125022cd1b91e59f820b2580985912b9df165f85518a9bb9939684e56332b2a0f737a49efd975c4dd5ff9dbf460922fd1f782511c5d14fa36c449e140a8acdec1a090d3c05c4e69f0ba0431b2ceb72033b797bde5a7da27cb17273056e1609791a0f9a8f9ae900d9cb5f3717327ebb920bbad9c9dd7afd4d79c2c766374617ecab48429e389ead2ca9de1bf9ed6224476bbb2c9c8a000166858925841798936ad48b263cd52ecb9ac72d423ca50dae3a4f7c94385aea6296c9498f4276229c9e199fd0d7ea015de522cb67e49c23c4823c6750e839e2a98d0b77563dec5dd08d425fe06dcf5c700a0c8b74c8945bdf11299a691865f271489e5ea227b7feb559c3739e3885c7a5d298305f10923408ea24d7406635b501705ce8000c5b78c95736b9a1e6370a41f56cfb3401c90fb0fcf4e3190ee2dc663276d0a709ab66b26a7da60136a59238a6ead28e47c2a35052344f77faea6d3f630f1d6d5558b20851472f61c71d7f52319df9125a281af194dc7e89b59350abac5565da7038320cd7a9e3d6b83883cd2f1a38cd3804a60c9201b551fce4cc07721821ac818015bdab9eb5934bf0926acb53b4d13e0a78a09c60051c7658e22bfe5ffd1ecee82b5002d712aafec9795b4d35f9853d0338e20ebdb0244b6630613fc3c5c8229bd263da38f7c91f47794925399b9ee2ef2d2d737a6e663adfe48736e5a99d2e4ca0be25038f1b67c48869abe5ec6b2612354443916193a28d0d543aead85989cdfb30b2d3976c8d83ba40088d8bcc6852614aab19f5174caea757d79ec7a4e8e36d15657b339aaf27b1e5345bfaa74a3d3d26e0359a9d961b77f91d186f30799878de72a2570c938ccffcb16e349df5be7b7be76796b4b351b938f5d812de759cdabbf8dc811d775cff9e81abf32510896b3f1c4fdef5ac8988373973b84cd7b2c28216ab0ef157c1db5b13226b3cd97cf218e9151a93edc9931f1c4dd6ca3f5413e1ba9bfa94a75f69bbf74d8704414d93bd6bbda0dc7869c6c6c50ffd5fcc832b159d57005e6cea136d0b1defbfa584b019cf855584432f58dfcebe5f2fa68b8298020e90ab4b699b7f4e6427d6423bfadb0d91a7b76642272f32e5652ed158bed36de372498db3daf286f652bce5bd827d7d2a248f96703d375b7fe3b9a8b622ee8cfafa52e6a91eb1545313803934b27e4f0fd44c00a1a8fa83930e226f38e296fa53d3d3236db15a815d677fd2bd9162f349f2cd42488e4049a96e30f96e77c2a291098cebbd93ae95e10c14a7855dc7b0dbe58ff053b322056242fcc0874bc5bcb24105ab3ec22f120bf1f00f8b1324c6662309dbb4f13e6a208fc0959b8553501876d1a15d2bd4ad155030e25a55a8be3925b028080b06115d28074c834a7b674f9469150c36e5d0fddd2554628fcd2752b8fd4328e195853cca613fbb425bb88518a184e58a2433839f9d3a1f2c1ef8071b16f43d8589cf3b72f6ce6d8c0da2203c9680efad64552c7aa2221a4acd812e07bdafce151ab64cbe7548c8115cb674e343d71fb96260f70ed6a8d5e3a668fb613532db2055970df031dce9f2e771ce1b3c00891b44d0600e3444948d36285bf7765020c1fc3569a6f14dcdee54469aa680410c9896ddd565c6935ab912ec97b8562b93156b4d5d95e508049ab342e47684a7b238f78e00098d2a0dbe2c0b474fe7111337df47814c7b88885985c71d72b686abb1b2ac9ece757f11077cbaf6cd3a235a8621accff3d5ddcd064e753f46ad0d27a69ca214824880a7b256bb364530f29d336059894ab4e826f4a668264400cf1e83f4b7f07993de31c42b70c319066b17f4a6621a4dcef14df0d6bae2abc2665df97cd7564fc444622af7bb52fca4f047a66274528c47254d2fd814917c64a7c33b2038960c640a08d1e0d20c0936632fff8810c026b5522b6de5a50996bc9ece4a7eb9ced4327dc7b500791985818e37b84e3a458eef8cf367eb19aa95852a3b1348e288169caec04b6b7e6b2a4cf08e33f416c18f0e8cb649361dd6faaf0f4a4479be60edcf29ba82e9b31730772640accc8a9c3268b61c94a88fdf1a7344c26dc92cbf011f2929fb4ccfc9dab50f14fc0b5c0adfb7e3f6e3aa1dc473b8f7c7092c02a8d4ab5b2b94b72a5abf46f0c049bbfef51142dfcc7d6f18fc4be07fb4cc556c5b894a3ffb4bcb1c8b302fc5c05cfe2537c10f2f53852443f7a4ca6396fca1bbb24b301946e6bf1fd0a2d3ca71640ad9ff5d9c579edd92375fbc01b1372d87605187d0b9b50a472acd8ebf9d9958c05cf3073c1f4c648a65faad8e2bfd44230bb05d50d47e3a55ecb0108aea145819ba3cc5a29009c56720b5a006712bac0d7ab4e7b0f9c7b0f909116845434f55d985a10d6f54c01cf1e061bef16ca9e0a4eb259837d4605cb2317f0c2d7a2f9feb77bea2bab92ca1f4b7de53410031958d2c88c0870d3342ccf487556aa406cea322d3b04edd177e31e7764a2bc197bbd9d0b1d163129d09c031c62a9f4c0d225679a89ddcbff5eed7ab90ef66f939b7d7cc08724b508df888b668e35d03a79403e6a8c711d2897112d89f31b6cb7772f99ce3bd302026c0401b0121d824f9b89961af8818fd2f955bee568dbffb610e062f5c47de3409f588d88c80beaef4978710ab066ff7ae6b727d7ede5dde218e10b0c686d57de377d55d8f0118a62093a64d597f5e9ec554e548988286e8e3813f600a010a04caf180ba2d6aa04e179e106ff6fc1d0e19afc58a858600087e6f8e7f9215076836a0fefde99822115c22017501dafa534245f1bbc83baafbc4ae59ba5be110826e2d2b1e3d6fd178b88fcfc2bb684d7a752e5c678a0c8fa5c75fb13b39705f0f2882ecad01c33ab9f58bc29b6fc06e296bd317973c7529e99076e0b76777b79732dfa1eedc1815b7a5f64263fe713857f5268857c0dc282f7170b0b2e7c7f03bcdd640dcb35430dbc782df046c9b912703c0de048eca199f2e15cb42464ae34491e6cfb6adad8e70451d0cfb30af17aab1790e85146d00636b5a03d299f5465b3369880dad9e941e2b1fb34871d5b6390307bbccf24964af92c24f6888899895758474c5fb7c4cf84cee6b3ecd9658a8d25d38e0763f1bd77baefe61e7d7a5d21860ca9319452399613ecc7176de3453ccc116f9ab67c41f658f3db1c252af788d9832b1dc5325bf53ee58967ffe811a57c55dd0be33d10d14c5fa74ba7c52153b7e277dcfdf5fcefb90e55238a8c52f2c1a634e5c032fe4aaaa76e8339794ce861e0496a369ff49798bee9f5a2220d449278770321d18574d2322cb24757e7baab22b0fad3b703eee1493946326a507a9ffcdb716ef15d887915390d5dfbe3e30c402a42f2e0626c1849f63d022fad923699260a61496b8381cd9057d7bff95933a2f67686160b7f76f30bca9bbd7dfdc5642174f646a1b8124ac9705b1f5dd094322ccfeda7e5e682c33eef0a186c83ad172db43ab67be06530db776abda629e6b25b56124de007f02bfa97847cf544d9aee39616713452771ff83084c4c17dba21e95fab40de4b31bcc973110f174cd72e0db44533c0940835e529789f34c1be88f7b4b6e81f89b3525f170d78a7bb4f108ad03dfe7de3e7a10777740010bc02b184ce68e247c16bc1f78c32dfae71477d9dcc25e55b3f7d3364a707aa48ef16435b4d01395d0d71cf5ee3371fff399f729a51c3cd1378e9f4fdd04c235cd8a869cdf8a51991b644a3cc35133f91a01586b4f295907a69da23bf6db87ca2da8d5587e78bbcc4cbe7a80d786a5c3e4bc1b81f0439080d228b822187499e795b61d23056b8040219e6029192296e8f9add757a1871869ac64237e8a39d3f618bf0a981078d21bbcdb134e3e568e468bebacf03a127198495a82e559aebea302cdc5989bd805754e64daca7158be854f2f877f10ef6f63a0b6f2745520d9b676f93238dc47915b88f7bbb21be8f022d59944c905aa67460d9799970dc916a992ec8f9411f22769491cfafb8745ab93ddccd724b3b4ba9d89fb447de1db62a6887f4739a63fe81db9924069b63901850c545f44f3f8a110aa96d191b05a95972b61c174f9847bfbdcd863f17875d9e151e7fdd4f8d2aa4633b5db32606af6027f2815ef1ea918a281328c419618fc6c035530458a9b9103097fe145b55cf5216ea6d72b3f2bb3cf6ef6cc5c954f19a1819573d449e47158c7c2f1f0fef8e0c519cdb08b76df9d3f2b20f3974ead24ad2982516b4e351f9a43d9b428cbaa5613d9b61b04589b83299fb89b3f9f05769e8f591fdcd800421106631161d0235e9b8e8242446deb5dbdcbdcfae174f6a7a1f1486c0d8c87bf4f61dbf56328b7b362c140bf0a3a3a8867c50057431f55986ae72ddac8f589157c80cb0c8df3d381b36f7feb7d1f77c29f4095b7ebaf02dce763fb60128e097bf15e3ce0a301303c4da0e4e3ca80628a99bbdfbcc30287d5114c2c6a7e88c96c4a3a46e8eb68c886d5b18cf03acb76f7165cffd553f59e55dd16f6f1f2b16d0ecc9a5468c6c200cd8b6d778af525ae2161ea2665cf79375ce8bb65d08c476c0cfb5e0e3699515774e73c1832435eab8d8ccd11ffb55232e1fad672290fa4dfd733dcdd5cfa62d6775255fedacfe3f9f15c48be5a9baf717e3adff5480b57e92c554257dab3b438fd1c449c8c1538584073bf669c3a94671c484955d9f3db765", 0x1000}, {&(0x7f0000000180)="f4b752b48fcc060fbe08c865e936c2a852a33c9b6fe4f4e6e30f92cabc2c1c", 0x1f}, {&(0x7f0000000300)="0f1de089b38acb66690fb0e53e16b958dd6b258d0e2f6ef0c6c7edb6356431a0d0c88c943e0a6344c6a1f54f4e919eefc8c016301d6e5bde974e7a888315576ca9c192177fddbb08c60a032b55735326021045c54a288a1b3ef761", 0x5b}, {&(0x7f00000001c0)="16db73f6834de5c6e309822a97ab86edace1f0fc395c9efbcbc8", 0x1a}, {&(0x7f0000000440)="ecc08bbb8162a1ece884a7ceaca00b367d9c3b1ffbf1f2b48d6cf29fd2b15f8e1c1429844501048356112fc5137b8bd725866692ef3036f327aa78644655b750d0acc2a041ff8a492dce1b72087370bb89b5c0ea46ff2cdda7eb1b870c609b9b10836b1679b23753c260609e", 0x6c}, {&(0x7f0000000240)="8b5802b25968a225fe61652b2672eb195e8e735eeade5ee1fdad7f569728994afc5628a6d8784c6786c87f448899e66d31c04c6f2dd6", 0x36}, {&(0x7f00000004c0)="dd763354b4cf7ca3ca73041348f03b43aba9c4cb3b0c4196ec6c0de7d17b44f64245295ffe813fd5f7d989898961024841895c894b605762cc38063b33643b2c7cbc49e05c12ba2156516d98d0cba0c5fa8c9cc80b", 0x55}], 0x7) r6 = gettid() sendmmsg$unix(r4, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [r5]}}, @cred={{0x1c, 0x1, 0x2, {r6, 0xee00}}}], 0x38}}], 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) 13:13:14 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f00000013c0)={0x1, 0x0, 0x18, 0x12, 0x1e4, &(0x7f0000002640)}) 13:13:14 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x303c2, 0x1) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x8000000) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setns(r1, 0x0) perf_event_open(&(0x7f0000000640)={0x4, 0x80, 0x5, 0x7f, 0xbd, 0x8, 0x0, 0x70, 0x4064, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x5, 0x46e}, 0x8040, 0xa, 0x2, 0x0, 0x9, 0x40, 0x0, 0x0, 0x9a1, 0x0, 0x1}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) sendmsg$AUDIT_LIST_RULES(r0, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000006c0)={&(0x7f0000000480)={0x10, 0x3f5, 0x100, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000}, 0x4000000) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000009c0)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000001700)={r2, 0x0, "179f6134888676bb40cc941e6a3c3ba19403b4b48a730226ccbd7674d98f6a0c56c7a1c56ae01c0a6c609c06cc0e21191775861c107caa86f5796bc8bb592346c21fceb93b2a3f5eb03e86de14adf2f3c5d3c3f82037f64089214e4e3eaa6fbb8b7da5c607fe42b47c9c6452a4c321d7eada85f6ebff50253e976210894d0c416311f0213163928d0482822cf37e2c774ce5c7a873623431c485ed33e06e68ff92f73f0d5f6502c10d84dc956a1a641af2394e2238d10604c0787baef2c960c17b0e9a9595e9aeefec5287fa94a75407c549c03249698583d18a5138bae3a06e24066d4edd2f1c0d7539cae623ec759162b5eca4bdfdcda13a0658057fc2bdf4", "7d64a01a0ac8a2ec9abdfe07aa4d0fca888966e96d41af11457b9460a2237e58f8a0f4a495772c85fd9dfde26986d3e150319f7a6deff9f18b5e305b69a692ff158f8a312b6c46b0a01bca8c7244a1e4805d4c8b396ee9253c99b97e5ad1e6f514bf742d0a4aa19a217cf71e43ed91e54d6686a98fcea2d9997802ca58907775298199b8931aa717dceeb78d780a6b4c0edcce54f09393171d4277d27f7a0e5c865bc06cf66e604d20d7bf5787591fadd628364217ee7e339b5090d7c0690847071cc1cf42aed98b82e28976aeb84a7f098d2a8c04a6dfe5999a3a00189789f38f22f47a4da808d9306f963cb24bc754c1e3818630188a2831ff076c5aa7f67089de651c5b69f50c285fc05a11943996bd506f1299a7c3523f4adf6421369733457c84db5f198d131a3d97ce159efd8df4dae2e7d274e410ec2593e48b02b0693d070ff8c9ae4251e69c8e11f095285c4476450f88de00945c627607a312a6d66c06d408cb0503088f79d45b135e869a8088c19af9c7c01574b0e704750b8e574f2d829115f06aa9a5a79a1ce2ce169385a62b1fad0d8570d23512fd5098d92488391b2d042e1a712bcb346b97533d067cbd5200f617bcaf8bca477ae305fee6b4d56aeabfb452d1d85f7267c19beefe33076ce70ed910e914cfefcadac0a96cb16d1fb89087290cd918c6b14cfe5f3267f156263fd2963cb99fd895cfa98ad5b427e54294b5f520924b63215f93f618a95be569dcd3e4a4fef2c082d61f2ece2ca7ff5ffeec2ebde6e79fe72a6af6ca7caf0108ace96bc5cdfedd06f31c0b4b6b23f6ef5d0b3ecb34d89b254740ee54263bd5b132d00647d0a85983acd047a5c0e49150d82bcb9a525a692054b2dc2f5fd3f0414a7a17488323d9777f91b77e3b742c5611264dbeb37193508a48ecdf89eea8f0810fe1f508d60303c274ce2b220fd7578cf3bd268b9dc18442f17c5982d5c4549cee54570be54a8f3d7d4851c5f0eb5d4a97b2dd2b82e98a6875ea4b4c3b7efab9628dec49da29caf73811187fccbf0001b5f0ecd8cb5c68d5450db8487fc10f4c239e464e51ea462b5a5be58e275e4d949f1fb61378f760efee5761fdea6afd3113e991712322248b67dbfd346a2a2717b65e678687686f3a209f375c57330306ddd2c75820e7b87fb35e86ec712a4fb1b5c29c35643a9051bb71cd2fecaa2708e83470cb3b45f5cc3db078338b58301b27dc2ea791036a17e56705f630f72bf79b7d0be531bf8a57ece622abe3ae4f5bd78e31861bf2ef167c1fab581e5cffcbf63639e346561e523bb12ae698e6729ec360c79296e8f499ebd112a2681f60358d881a8802a46596e8c7e96056de8f5a9ff6e3d0df415deec418c8d9878be5250bad268e12865e95f7cc3979cfcd94ea240b3394e3f60c980ecb96beabec6d0d8625c322ebc9ac00ae6a96f163acc63e6695ca1283bd81996861d7a3e0275465514eab815af3db66edd40c3668d529b184e4c1f0e38ae4c07a660e04a151390128a0733676514330e38c50a57b0fc48a2fe9abdf1fd134b6dee6c5784397692247f17c3b0df90a3adc9026f4152f3edcfe08c6bc2f5da488c35659d418f5350400cbda216813d98a45b494acf58ff517255963f28419e9f54db663d1adec5b39c69c5b2f6422e50c22c88ace4f0dba0a0ac26a127e6c9d5f4190d766bb4a1842a50b3170eb1994c5e09192f733b8f78b0128da75f222f918721727bc5097280a72e87907aa57c0efa542533d06de9d0b72ca6098226311a782d6552822bf4ea3cb19130998e7b9806739eea695027860cbadb161e36f0b9e7d08ec6bb5b848b492bda0af5c13fbffe2ba27c88f3d72eb172e7a2e6be55c5050392048b5628e8b3f702e9b1aad821cd192e6dbc4a153eef215793f92de27883d9bd4cf668b5be7297538fdc965fd8f11c474ecd6902c0841fe05f5336ee9f8913d8e105e136051c68f7aeadf53e80c63c08bc4ff400dec6367526189d74ef9297d10ebe0f995d3e9edb184d93c989d53d4a3d5fbfd9d10fc63d1c06af473a07eeff877797616a23e7a8ea6577439db0fbac363beec66401ed4b2c3735630792ce688c2ee5eb092080c0d0c347c7ae6ff94c30b6aa0f2ff98a46e95f9996d3d0e519b719a05a99442abaea7ee40b64d59adbdee0e945e120492acaaf28c80a55279db57c5f63806e9e536b3054906f365666843494413e8aa768e80f0b902bf17ab94af5474627e993ebd8db5ca7b531d8ab3f015494cb29773051292264690e8685092c731afda14b53764083fdfd5f3d38d387c2ccac17df388bbbb4bff66f0e96755142af57d57ed805fe90ed4d7cc9d74f6e688c5e535877f5d74c313627372c52c163841358cd79dc9b3cc0732867a228cfaa483c5bc95cdd1550df37684194ce66d651fe402799fdfb9742f4f31a4e40da6b75314ab0536bd04fcfcfc32698edc58f4f1660cf8f51bd64ce1762ec0927d52e476d5ec6cfe92251e72c89c626670f7c6dab99cf4d4d2b7dfa68f05991feb7f5410b456adbd2d138ca0f7dd3113793927d6031e350298c386516137e4710f0fbd813a2ec35b28d6ff61790b8c23b8da724f86d0247d38d8b1a9a7026be99b8df17fd548f9d6dff0c671fd2a72b3d5af64ed17ccaa7d9df94ca7aecad70ee69540927a87c5171bd413dd5ddedf3f42f0c5e15d7f1ea3e4cfb64ae22018b2f69387150dacd21beb45455e2510ede62958751405566423990bf7e0e5f5594d8ace6926334b061630a8da5545ce5b4a8917558cad3bf5929637539c053af8052277996e61e2076ed24ea36dc08dbfb44320070919a425ef1511ec095fbdbe2d8d1c65e054cd5f5a7ef225460bf43fac7276e8b75fc39ef0d8cfbdbcc69c3f37626d94d6d61d6eb43fc72b80247ffd10996296f74e2ee55315a14c68afb2a194d2669f68f5d7d1f876eef4007e47bfa6606ebf508a473cd08fa551e5600ece988e59cd71e72a3eb977d146eeb8f89edd83a03785c180f7a1c520a614caabe761c26a0d77f1aa79546f297af2f927a62ed4ddcd477c60bd791c64da0743c44622898704ad8bd30d9f949ed176628db5c7066bf606ae4b695fd0b5c0987bb0c4ddfb73a428ab785b76b6bf5287c84d46eb15bb7d433ae9826a1e7087b048195b93c7b6e11709a0c3b04ee237b98defa24e1a4c6c17c54e626758e1227a3a5e02b69bcbe6ec3fa0238364d9254f7cd182eb43c55e9b6c2b6b280d4bfa57cd8517cba616faad74f5906f46e6c33440dfe826a5c78c78d94fbc4d6eb4f67bb1c8630bb750b5aaa25465a257119d489a18407dedc6570575eecceccfc3d06b2e3fda3cf844e4953cf746cff5ae171982c3743f8f5433870ddbff11715678d6f45118895dd8b1ebdc6e3e24b551c09ef1fcbf609ae941119626ad1118f57bdc29dd99b53d915e08753fbbe6501cc65312d0e7fffdfbd68a7eaf51457745477978ce775055f7ebcb4ea821494f9726bdc2ee639a8d6060bcf456f6f86f02660051a05c2c81554ef7cb00009e3f324de48e28589d848c973e972843a780042d19d9a6a199e1a26279c497694eac9d40488b27452b0e10dfeb43a3c4bd8e5bb90a44d61f0db9adec92e673429cd0e8a13f2528cfa1e2fca2a7e8698827a69a83c96f38e50b9d3e35ed5be0be8f9b1121b708717da72cbf5acf4ec8437ab3441afd055846ce9a52a7acd3d4484bdff409db606deb4db3e0fc4458dae81e9eb36adeb5c2fbd6ac232b09a47b8f3ed89cd69c55f262b1ebf3cf0019c1c253c501b97050939092c63a5236e8671f23000cf5f924e883f923fde2e94fb2104b8ba1012761e1687658ca6cbdb4bc69c817be34ff7217abfaf18c7dac4b454ae76af6abf169aa5025049bd852666eab6522eaf56028f7ce30094f9cca5888791d03193991a9d44be224883a2312a4c8d845517a8fa78f6ea804d7a811c52ef639036c36bbf84f05419fb3388a639e197a7de0e382578ac234c836f1267c69de600d5899e95880bc9657c414ac48ab1ad609dd5311b81187ff570a56fb3cbe481670be8b5b160b27187212ac9970724ba853d89397cf88438a93f9ee14d83ffd5697d94cd76177399264ae8e7039e94a2f0462e7aabd9ee8a09e399c045960c9fef2cf188864b9fe1a02a19e72547e641a65624a548990117e581e3fc724b454eee6d0782439fe257c3e08931ee0958206f9a3ba84ead620f7ca8b527a99b3cedb1f8f9429508aa008d3a278591b8a6aff392a949ded280bea0f46ac6e79147fc35b9ec61e3dc1ad0cc26857120a136eca3ac96d4c6190d348ddfa12b8d363ea3f1e8ccbf35d1edfc4a0f0a2f7bae77746d02a2af9aa5cea93a1006f2de15a96897de4e03422b3b74389172ebc267c071d925b3d2812b11e4123ef03abd58c539ada36f72db75aab68a2ba841a93a50cf4b4b00716835b37362952fdef3c342fd9030de3d86dee95fd377f8bd4871adcce3f381871ff30191c8e065576dac110f0c9882b56e3a2a986ded327f7e518f0650f148721fae2602ad95c71ed3a98f9175e806050adcf5eacd000ca139b6dff33e3f0abd892244cd85d3a4cecf9c8b420b964817046e5adcd1bf695f6f629f2a778f62cea1cb33c8cfba2a2921bdede2f01f39be5307ebad224617c95d698387fd05197eb07c1bbd109a552a7c51a5efa6b3cf0cf2dc9062c134ab8c7753c2b01fd528c3d0a0919d0511d9dee3d04cee13d7c1c93a3fa81ee2f7a52d69b8cbfb9747244092cf0e4c19226e18644a09a0a37ccece6fc5d9343ca5d12154f9d6498ec55c69ebc2602b03f4acc49488adf0f61eb6cff66899cd6e961dd618d56afadbae68f3a632f225e3328a6073d657ae927d82271f2bcc771e0a3b39d22f49719ce1c99e3686aa2019035cf63b52d2f60249b709d2c21fbd33c86f6e15f85404df0f2172fd9f159f2a5be14a25299c4970d2fc70c4fcbb6b086ebab85d543f7b983a00f3e0e2f854b07b7faee57c027e577907e91a31acd3f2e9a15f6117ff943924c47247642fc13f06428a1492a871f4f4875d1e92c3df9d99dc3323d4720589e26c0daa64ec1d1b766c5517b44184b91927cddc7ab12ec72c976b878a704070cd11909bcaee59035dbe8cbeb1a501b573b9181cadafca62ae939ec99b36ad4d4a5184e77d0a6703edd16e57839dd8225b84824bd9beaa2a0e1418630c0d0b03a8be4175b501c3ed6598fbebb24e02c919b1bb1ed1b72ac7561e5cd8445830d446400342211feeb60e34e882a758f7250c649513d14d244bb154f6209c222e3112bb1f3f9635724253a7533168f5f435ad4cb851e6fee917231939bbc2f6703cf26a1c73d69e745b6dc628546e634c141aef7f2e1b7b5641f2fafe007472537f9feb178730444a7"}) pipe(&(0x7f0000000140)) setxattr$trusted_overlay_redirect(&(0x7f0000000540)='./file1\x00', &(0x7f0000000580), &(0x7f00000005c0)='./file1\x00', 0x8, 0x1) 13:13:14 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x81, 0x81, 0xef, 0x7, 0x0, 0x6, 0x12, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x8ee, 0x6aeae925f990a1d6, @perf_config_ext={0x3, 0x2}, 0x4110, 0xffff, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x101}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x9) syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000002180)={{}, {}, [], {}, [{0x8, 0x0, 0xffffffffffffffff}], {0x10, 0x4}}, 0x2c, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x10000027f) fcntl$getown(0xffffffffffffffff, 0x9) 13:13:14 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x81, 0x81, 0xef, 0x7, 0x0, 0x6, 0x12, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x8ee, 0x6aeae925f990a1d6, @perf_config_ext={0x3, 0x2}, 0x4110, 0xffff, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x101}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x9) syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000002180)={{}, {}, [], {}, [{0x8, 0x0, 0xffffffffffffffff}], {0x10, 0x4}}, 0x2c, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x10000027f) fcntl$getown(0xffffffffffffffff, 0x9) 13:13:14 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f00000013c0)={0x1, 0x0, 0x18, 0x12, 0x1e4, &(0x7f0000002640)}) 13:13:14 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x81, 0x81, 0xef, 0x7, 0x0, 0x6, 0x12, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x8ee, 0x6aeae925f990a1d6, @perf_config_ext={0x3, 0x2}, 0x4110, 0xffff, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x101}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x9) syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000002180)={{}, {}, [], {}, [{0x8, 0x0, 0xffffffffffffffff}], {0x10, 0x4}}, 0x2c, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x10000027f) fcntl$getown(0xffffffffffffffff, 0x9) 13:13:14 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f00000013c0)={0x1, 0x0, 0x18, 0x12, 0x1e4, &(0x7f0000002640)}) [ 191.149523] syz-executor.3 (7529) used greatest stack depth: 23512 bytes left 13:13:14 executing program 5: socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0x7, &(0x7f0000000100), 0x0) eventfd(0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$notify(r0, 0x402, 0x2) 13:13:14 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x81, 0x81, 0xef, 0x7, 0x0, 0x6, 0x12, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x8ee, 0x6aeae925f990a1d6, @perf_config_ext={0x3, 0x2}, 0x4110, 0xffff, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x101}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x9) syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000002180)={{}, {}, [], {}, [{0x8, 0x0, 0xffffffffffffffff}], {0x10, 0x4}}, 0x2c, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x10000027f) fcntl$getown(0xffffffffffffffff, 0x9) 13:13:14 executing program 0: o VM DIAGNOSIS: 13:13:06 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff84271427 RDX=ffffed100d9e6fa1 RSI=0000000000000004 RDI=ffff88806cf37d00 RBP=ffff88806cf37d00 RSP=ffff88806ce09b28 R8 =0000000000000000 R9 =ffff88806cf37d03 R10=ffffed100d9e6fa0 R11=0000000000000001 R12=0000000000000003 R13=ffffed100d9e6fa0 R14=0000000000000001 R15=1ffff1100d9c1366 RIP=ffffffff842714a4 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f0ac70068c0 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005618c7c25b08 CR3=000000000ecce000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 000000000000002f 002f2e2e2f002e2e YMM01=0000000000000000 0000000000000000 0000000000000000 696c61766e49002f YMM02=0000000000000000 0000000000000000 ffffffffffffff0f 0e0d0c0b0a090807 YMM03=0000000000000000 0000000000000000 696e656420737365 636341002f737973 YMM04=0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f YMM05=0000000000000000 0000000000000000 00005618c7c37200 00005618c7c1fe40 YMM06=0000000000000000 0000000000000000 0000000000000000 00000003ffffffff YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 2f63697361622f63 72732f2e2e000d0a YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000200000 0000000000200000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff822b175c RDI=ffffffff87645be0 RBP=ffffffff87645ba0 RSP=ffff88803998f370 R8 =0000000000000004 R9 =0000000000000010 R10=0000000000000010 R11=0000000000000001 R12=0000000000002710 R13=0000000000000020 R14=fffffbfff0ec8bcb R15=dffffc0000000000 RIP=ffffffff822b17b1 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f9e63a60700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f24287ee840 CR3=000000003f73a000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 081290a7608b418b 4f4b08d87debd02a YMM02=0000000000000000 0000000000000000 00000000000fa5b8 5e5c10884646930b YMM03=0000000000000000 0000000000000000 00000000000fa8d8 aabf2c55a4f4e763 YMM04=0000000000000000 0000000000000000 f0a2b09fe77f100a 00000000000ae988 YMM05=0000000000000000 0000000000000000 c8a54713b07d5f7b 000000000013fb60 YMM06=0000000000000000 0000000000000000 f552651b67ec2cab 000000000013f940 YMM07=0000000000000000 0000000000000000 14aee7cc1bb4f0bd 000000000013f898 YMM08=0000000000000000 0000000000000000 d6ad57d02453f0d2 00000000000fa990 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0020000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000