Warning: Permanently added '[localhost]:5994' (ECDSA) to the list of known hosts. 2022/09/29 03:36:01 fuzzer started 2022/09/29 03:36:01 dialing manager at localhost:45751 syzkaller login: [ 40.656951] cgroup: Unknown subsys name 'net' [ 40.782018] cgroup: Unknown subsys name 'rlimit' 2022/09/29 03:36:15 syscalls: 2215 2022/09/29 03:36:15 code coverage: enabled 2022/09/29 03:36:15 comparison tracing: enabled 2022/09/29 03:36:15 extra coverage: enabled 2022/09/29 03:36:15 setuid sandbox: enabled 2022/09/29 03:36:15 namespace sandbox: enabled 2022/09/29 03:36:15 Android sandbox: enabled 2022/09/29 03:36:15 fault injection: enabled 2022/09/29 03:36:15 leak checking: enabled 2022/09/29 03:36:15 net packet injection: enabled 2022/09/29 03:36:15 net device setup: enabled 2022/09/29 03:36:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/29 03:36:15 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/29 03:36:15 USB emulation: enabled 2022/09/29 03:36:15 hci packet injection: enabled 2022/09/29 03:36:15 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220928) 2022/09/29 03:36:15 802.15.4 emulation: enabled 2022/09/29 03:36:15 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/29 03:36:15 fetching corpus: 30, signal 22789/26297 (executing program) 2022/09/29 03:36:15 fetching corpus: 71, signal 34181/39122 (executing program) 2022/09/29 03:36:15 fetching corpus: 121, signal 42690/48901 (executing program) 2022/09/29 03:36:16 fetching corpus: 171, signal 51643/58930 (executing program) 2022/09/29 03:36:16 fetching corpus: 221, signal 54658/63185 (executing program) 2022/09/29 03:36:16 fetching corpus: 271, signal 58298/68021 (executing program) 2022/09/29 03:36:16 fetching corpus: 321, signal 64320/74899 (executing program) 2022/09/29 03:36:16 fetching corpus: 370, signal 70644/81940 (executing program) 2022/09/29 03:36:16 fetching corpus: 420, signal 73122/85413 (executing program) 2022/09/29 03:36:16 fetching corpus: 469, signal 74830/88191 (executing program) 2022/09/29 03:36:16 fetching corpus: 519, signal 77373/91591 (executing program) 2022/09/29 03:36:16 fetching corpus: 569, signal 79240/94393 (executing program) 2022/09/29 03:36:16 fetching corpus: 618, signal 81604/97587 (executing program) 2022/09/29 03:36:17 fetching corpus: 668, signal 83269/100154 (executing program) 2022/09/29 03:36:17 fetching corpus: 717, signal 86245/103738 (executing program) 2022/09/29 03:36:17 fetching corpus: 766, signal 88967/107092 (executing program) 2022/09/29 03:36:17 fetching corpus: 815, signal 91858/110470 (executing program) 2022/09/29 03:36:17 fetching corpus: 863, signal 93760/113063 (executing program) 2022/09/29 03:36:17 fetching corpus: 913, signal 96385/116198 (executing program) 2022/09/29 03:36:17 fetching corpus: 962, signal 100032/119988 (executing program) 2022/09/29 03:36:18 fetching corpus: 1012, signal 102791/123061 (executing program) 2022/09/29 03:36:18 fetching corpus: 1062, signal 104620/125405 (executing program) 2022/09/29 03:36:18 fetching corpus: 1112, signal 105807/127181 (executing program) 2022/09/29 03:36:18 fetching corpus: 1162, signal 107644/129389 (executing program) 2022/09/29 03:36:18 fetching corpus: 1212, signal 110385/132224 (executing program) 2022/09/29 03:36:18 fetching corpus: 1261, signal 112023/134222 (executing program) 2022/09/29 03:36:18 fetching corpus: 1310, signal 113572/136114 (executing program) 2022/09/29 03:36:18 fetching corpus: 1360, signal 115553/138290 (executing program) 2022/09/29 03:36:19 fetching corpus: 1410, signal 117022/140100 (executing program) 2022/09/29 03:36:19 fetching corpus: 1460, signal 118722/142060 (executing program) 2022/09/29 03:36:19 fetching corpus: 1509, signal 120967/144322 (executing program) 2022/09/29 03:36:19 fetching corpus: 1559, signal 122699/146157 (executing program) 2022/09/29 03:36:19 fetching corpus: 1609, signal 124387/147923 (executing program) 2022/09/29 03:36:19 fetching corpus: 1658, signal 126019/149697 (executing program) 2022/09/29 03:36:19 fetching corpus: 1707, signal 128242/151714 (executing program) 2022/09/29 03:36:19 fetching corpus: 1757, signal 129881/153329 (executing program) 2022/09/29 03:36:19 fetching corpus: 1807, signal 131052/154717 (executing program) 2022/09/29 03:36:20 fetching corpus: 1856, signal 133253/156589 (executing program) 2022/09/29 03:36:20 fetching corpus: 1906, signal 134465/157880 (executing program) 2022/09/29 03:36:20 fetching corpus: 1956, signal 136147/159425 (executing program) 2022/09/29 03:36:20 fetching corpus: 2006, signal 137106/160556 (executing program) 2022/09/29 03:36:20 fetching corpus: 2055, signal 139326/162352 (executing program) 2022/09/29 03:36:20 fetching corpus: 2104, signal 140300/163486 (executing program) 2022/09/29 03:36:20 fetching corpus: 2154, signal 141597/164670 (executing program) 2022/09/29 03:36:20 fetching corpus: 2204, signal 143063/165913 (executing program) 2022/09/29 03:36:21 fetching corpus: 2254, signal 144178/167030 (executing program) 2022/09/29 03:36:21 fetching corpus: 2304, signal 145147/168012 (executing program) 2022/09/29 03:36:21 fetching corpus: 2354, signal 145840/168869 (executing program) 2022/09/29 03:36:21 fetching corpus: 2403, signal 146906/169846 (executing program) 2022/09/29 03:36:21 fetching corpus: 2453, signal 147692/170661 (executing program) 2022/09/29 03:36:21 fetching corpus: 2502, signal 149108/171738 (executing program) 2022/09/29 03:36:21 fetching corpus: 2549, signal 151373/173146 (executing program) 2022/09/29 03:36:21 fetching corpus: 2599, signal 151968/173830 (executing program) 2022/09/29 03:36:22 fetching corpus: 2648, signal 153123/174663 (executing program) 2022/09/29 03:36:22 fetching corpus: 2698, signal 154791/175723 (executing program) 2022/09/29 03:36:22 fetching corpus: 2748, signal 155171/176254 (executing program) 2022/09/29 03:36:22 fetching corpus: 2798, signal 155938/176979 (executing program) 2022/09/29 03:36:22 fetching corpus: 2848, signal 156551/177592 (executing program) 2022/09/29 03:36:22 fetching corpus: 2898, signal 157309/178217 (executing program) 2022/09/29 03:36:22 fetching corpus: 2948, signal 159052/179185 (executing program) 2022/09/29 03:36:22 fetching corpus: 2998, signal 160438/180032 (executing program) 2022/09/29 03:36:22 fetching corpus: 3048, signal 161803/180786 (executing program) 2022/09/29 03:36:23 fetching corpus: 3098, signal 162907/181451 (executing program) 2022/09/29 03:36:23 fetching corpus: 3148, signal 163658/181993 (executing program) 2022/09/29 03:36:23 fetching corpus: 3198, signal 164426/182478 (executing program) 2022/09/29 03:36:23 fetching corpus: 3248, signal 165247/182988 (executing program) 2022/09/29 03:36:23 fetching corpus: 3298, signal 165664/183365 (executing program) 2022/09/29 03:36:23 fetching corpus: 3347, signal 166623/183865 (executing program) 2022/09/29 03:36:23 fetching corpus: 3397, signal 167975/184464 (executing program) 2022/09/29 03:36:23 fetching corpus: 3446, signal 168845/184890 (executing program) 2022/09/29 03:36:23 fetching corpus: 3496, signal 169481/185259 (executing program) 2022/09/29 03:36:24 fetching corpus: 3546, signal 170245/185650 (executing program) 2022/09/29 03:36:24 fetching corpus: 3596, signal 171029/186060 (executing program) 2022/09/29 03:36:24 fetching corpus: 3646, signal 171619/186369 (executing program) 2022/09/29 03:36:24 fetching corpus: 3696, signal 172402/186706 (executing program) 2022/09/29 03:36:24 fetching corpus: 3746, signal 172963/186987 (executing program) 2022/09/29 03:36:24 fetching corpus: 3796, signal 173892/187303 (executing program) 2022/09/29 03:36:24 fetching corpus: 3846, signal 174471/187708 (executing program) 2022/09/29 03:36:24 fetching corpus: 3896, signal 175555/188053 (executing program) 2022/09/29 03:36:25 fetching corpus: 3945, signal 176085/188274 (executing program) 2022/09/29 03:36:25 fetching corpus: 3995, signal 176886/188531 (executing program) 2022/09/29 03:36:25 fetching corpus: 4045, signal 177763/188776 (executing program) 2022/09/29 03:36:25 fetching corpus: 4095, signal 178387/188972 (executing program) 2022/09/29 03:36:25 fetching corpus: 4145, signal 179382/189191 (executing program) 2022/09/29 03:36:25 fetching corpus: 4194, signal 180472/189427 (executing program) 2022/09/29 03:36:25 fetching corpus: 4244, signal 181159/189587 (executing program) 2022/09/29 03:36:25 fetching corpus: 4294, signal 181761/189710 (executing program) 2022/09/29 03:36:25 fetching corpus: 4344, signal 182354/189828 (executing program) 2022/09/29 03:36:26 fetching corpus: 4394, signal 182830/189935 (executing program) 2022/09/29 03:36:26 fetching corpus: 4443, signal 183675/190054 (executing program) 2022/09/29 03:36:26 fetching corpus: 4474, signal 184855/190141 (executing program) 2022/09/29 03:36:26 fetching corpus: 4474, signal 184855/190211 (executing program) 2022/09/29 03:36:26 fetching corpus: 4474, signal 184855/190269 (executing program) 2022/09/29 03:36:26 fetching corpus: 4474, signal 184855/190269 (executing program) 2022/09/29 03:36:29 starting 8 fuzzer processes 03:36:29 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000200)={0x0, 0x0}) 03:36:29 executing program 1: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x7, 0xc8}}}, 0x7) 03:36:29 executing program 3: semtimedop(0x0, &(0x7f0000000000)=[{}], 0x1, 0x0) 03:36:29 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, 0x0) 03:36:29 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) syncfs(r0) 03:36:29 executing program 4: keyctl$set_timeout(0xf, 0x0, 0x0) [ 67.465559] audit: type=1400 audit(1664422589.272:6): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 03:36:29 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r0, 0x8993, &(0x7f0000000540)={'syztnl1\x00', 0x0}) 03:36:29 executing program 7: pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000300)={0x0, 0x989680}, 0x0) [ 68.841285] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.842753] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.844659] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.846313] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.847359] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.847622] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.849624] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.850815] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.852003] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.853399] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.874668] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.875981] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.879607] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.881311] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 68.882719] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.884546] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 68.885812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.886944] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.887940] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.889431] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 68.890838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.892029] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.894505] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.896392] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.897132] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.897847] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.898618] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 68.901424] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.903719] Bluetooth: hci1: HCI_REQ-0x0c1a [ 68.905128] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 68.906116] Bluetooth: hci3: HCI_REQ-0x0c1a [ 68.907627] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 68.912601] Bluetooth: hci2: HCI_REQ-0x0c1a [ 68.914821] Bluetooth: hci0: HCI_REQ-0x0c1a [ 68.924647] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 68.927716] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 68.929058] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 68.931803] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 68.932971] Bluetooth: hci7: HCI_REQ-0x0c1a [ 68.934476] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 68.935777] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 68.941847] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 68.945775] Bluetooth: hci5: HCI_REQ-0x0c1a [ 68.954407] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 68.955830] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 68.958493] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 68.960120] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 68.961515] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 68.965776] Bluetooth: hci6: HCI_REQ-0x0c1a [ 70.902304] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 70.966642] Bluetooth: hci5: command 0x0409 tx timeout [ 70.966666] Bluetooth: hci7: command 0x0409 tx timeout [ 70.967669] Bluetooth: hci0: command 0x0409 tx timeout [ 70.968249] Bluetooth: hci3: command 0x0409 tx timeout [ 70.969042] Bluetooth: hci1: command 0x0409 tx timeout [ 70.969423] Bluetooth: hci2: command 0x0409 tx timeout [ 71.031204] Bluetooth: hci6: command 0x0409 tx timeout [ 73.014404] Bluetooth: hci2: command 0x041b tx timeout [ 73.014448] Bluetooth: hci1: command 0x041b tx timeout [ 73.015241] Bluetooth: hci3: command 0x041b tx timeout [ 73.015630] Bluetooth: hci0: command 0x041b tx timeout [ 73.016357] Bluetooth: hci7: command 0x041b tx timeout [ 73.016720] Bluetooth: hci5: command 0x041b tx timeout [ 73.079301] Bluetooth: hci6: command 0x041b tx timeout [ 73.961460] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.966594] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 73.967497] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.970805] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.971891] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 73.972847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 73.976693] Bluetooth: hci4: HCI_REQ-0x0c1a [ 75.062475] Bluetooth: hci5: command 0x040f tx timeout [ 75.062590] Bluetooth: hci7: command 0x040f tx timeout [ 75.063121] Bluetooth: hci0: command 0x040f tx timeout [ 75.063880] Bluetooth: hci3: command 0x040f tx timeout [ 75.064484] Bluetooth: hci1: command 0x040f tx timeout [ 75.065225] Bluetooth: hci2: command 0x040f tx timeout [ 75.126219] Bluetooth: hci6: command 0x040f tx timeout [ 76.022278] Bluetooth: hci4: command 0x0409 tx timeout [ 77.110390] Bluetooth: hci1: command 0x0419 tx timeout [ 77.110527] Bluetooth: hci2: command 0x0419 tx timeout [ 77.111207] Bluetooth: hci3: command 0x0419 tx timeout [ 77.112256] Bluetooth: hci0: command 0x0419 tx timeout [ 77.112934] Bluetooth: hci7: command 0x0419 tx timeout [ 77.113943] Bluetooth: hci5: command 0x0419 tx timeout [ 77.174322] Bluetooth: hci6: command 0x0419 tx timeout [ 78.070239] Bluetooth: hci4: command 0x041b tx timeout [ 80.118213] Bluetooth: hci4: command 0x040f tx timeout [ 82.166432] Bluetooth: hci4: command 0x0419 tx timeout 03:37:29 executing program 4: clone3(&(0x7f0000000dc0)={0x100, 0x0, 0x0, 0x0, {}, &(0x7f0000000b80)=""/244, 0xf4, 0x0, &(0x7f0000000d80)=[0x0, 0x0, 0x0], 0x3}, 0x58) 03:37:29 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000002700)=[{&(0x7f00000002c0)='?', 0x1}, {&(0x7f0000000380)="d9", 0x1, 0x100000001}, {&(0x7f0000001440)="e6", 0x1, 0x10001}], 0x8a8410, &(0x7f0000002a40)={[{@gid}]}) [ 127.811016] loop4: detected capacity change from 0 to 264192 [ 127.830023] loop4: detected capacity change from 0 to 264192 03:37:29 executing program 4: ptrace$setregset(0x4205, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x0}) time(&(0x7f00000008c0)) 03:37:29 executing program 4: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 128.022864] audit: type=1400 audit(1664422649.830:7): avc: denied { open } for pid=3737 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.025083] audit: type=1400 audit(1664422649.830:8): avc: denied { kernel } for pid=3737 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 03:37:29 executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/schedstat\x00', 0x0, 0x0) ftruncate(r0, 0x0) 03:37:29 executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/schedstat\x00', 0x0, 0x0) ftruncate(r0, 0x0) 03:37:30 executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/schedstat\x00', 0x0, 0x0) ftruncate(r0, 0x0) 03:37:30 executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/schedstat\x00', 0x0, 0x0) ftruncate(r0, 0x0) [ 130.625532] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 130.626383] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 130.627534] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 130.628925] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 130.630427] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 130.631259] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 130.633711] Bluetooth: hci0: HCI_REQ-0x0c1a [ 130.834824] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 130.838727] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 130.839431] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 130.841554] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 130.843312] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 130.843993] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 130.851210] Bluetooth: hci1: HCI_REQ-0x0c1a [ 130.905651] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 130.907082] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 130.912628] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 130.913603] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 130.914965] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 130.915578] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 130.917428] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 130.922397] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 130.922455] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 130.924019] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 130.925069] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 130.926683] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 130.928924] Bluetooth: hci7: HCI_REQ-0x0c1a [ 130.939779] Bluetooth: hci3: HCI_REQ-0x0c1a [ 132.662221] Bluetooth: hci0: command 0x0409 tx timeout [ 132.854292] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 132.918232] Bluetooth: hci1: command 0x0409 tx timeout [ 132.919516] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 132.982223] Bluetooth: hci3: command 0x0409 tx timeout [ 132.982907] Bluetooth: hci7: command 0x0409 tx timeout [ 134.710191] Bluetooth: hci0: command 0x041b tx timeout [ 134.967192] Bluetooth: hci1: command 0x041b tx timeout [ 135.030243] Bluetooth: hci7: command 0x041b tx timeout [ 135.030709] Bluetooth: hci3: command 0x041b tx timeout [ 135.203127] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 135.204794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 135.205583] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 135.208538] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 135.209720] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 135.210596] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 135.213773] Bluetooth: hci2: HCI_REQ-0x0c1a [ 135.376117] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 135.378862] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 135.392066] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 135.404531] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 135.413816] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 135.414596] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 135.422091] Bluetooth: hci6: HCI_REQ-0x0c1a [ 136.759188] Bluetooth: hci0: command 0x040f tx timeout [ 137.015189] Bluetooth: hci1: command 0x040f tx timeout [ 137.079247] Bluetooth: hci3: command 0x040f tx timeout [ 137.079727] Bluetooth: hci7: command 0x040f tx timeout [ 137.270261] Bluetooth: hci2: command 0x0409 tx timeout [ 137.462216] Bluetooth: hci6: command 0x0409 tx timeout [ 138.806193] Bluetooth: hci0: command 0x0419 tx timeout [ 139.062214] Bluetooth: hci1: command 0x0419 tx timeout [ 139.126243] Bluetooth: hci7: command 0x0419 tx timeout [ 139.126682] Bluetooth: hci3: command 0x0419 tx timeout [ 139.319188] Bluetooth: hci2: command 0x041b tx timeout [ 139.510239] Bluetooth: hci6: command 0x041b tx timeout [ 141.367487] Bluetooth: hci2: command 0x040f tx timeout [ 141.558220] Bluetooth: hci6: command 0x040f tx timeout [ 143.415184] Bluetooth: hci2: command 0x0419 tx timeout [ 143.607180] Bluetooth: hci6: command 0x0419 tx timeout 03:38:08 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000200)={0x0, 0x0}) 03:38:08 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000180)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}}, {{@in6=@mcast2}, 0x0, @in6=@loopback}}, 0xe8) 03:38:08 executing program 7: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000b00)='/sys/class/devlink', 0x0, 0x0) 03:38:08 executing program 3: prctl$PR_SET_PDEATHSIG(0x24, 0x41) 03:38:08 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) syncfs(r0) 03:38:08 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, 0x0, 0x0) 03:38:08 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, 0x0) 03:38:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwrite64(r1, &(0x7f00000000c0)='9', 0x1, 0x8040000) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000380)={0x0, 0x3ff}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) [ 166.833188] loop1: detected capacity change from 0 to 40 03:38:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}}, 0x0) 03:38:08 executing program 3: prctl$PR_GET_DUMPABLE(0x3) 03:38:08 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, 0x0) [ 166.933557] ------------[ cut here ]------------ [ 166.933595] [ 166.933601] ====================================================== [ 166.933608] WARNING: possible circular locking dependency detected [ 166.933615] 6.0.0-rc7-next-20220928 #1 Not tainted [ 166.933629] ------------------------------------------------------ [ 166.933635] syz-executor.1/6560 is trying to acquire lock: [ 166.933649] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 166.933728] [ 166.933728] but task is already holding lock: [ 166.933734] ffff8880374d3820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 166.933790] [ 166.933790] which lock already depends on the new lock. [ 166.933790] [ 166.933796] [ 166.933796] the existing dependency chain (in reverse order) is: [ 166.933803] [ 166.933803] -> #3 (&ctx->lock){....}-{2:2}: [ 166.933831] _raw_spin_lock+0x2a/0x40 [ 166.933857] __perf_event_task_sched_out+0x53b/0x18d0 [ 166.933895] __schedule+0xedd/0x2470 [ 166.933929] schedule+0xda/0x1b0 [ 166.933962] exit_to_user_mode_prepare+0x114/0x1a0 [ 166.933986] syscall_exit_to_user_mode+0x19/0x40 [ 166.934017] do_syscall_64+0x48/0x90 [ 166.934038] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 166.934068] [ 166.934068] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 166.934097] _raw_spin_lock_nested+0x30/0x40 [ 166.934123] raw_spin_rq_lock_nested+0x1e/0x30 [ 166.934148] task_fork_fair+0x63/0x4d0 [ 166.934185] sched_cgroup_fork+0x3d0/0x540 [ 166.934215] copy_process+0x4183/0x6e20 [ 166.934236] kernel_clone+0xe7/0x890 [ 166.934256] user_mode_thread+0xad/0xf0 [ 166.934277] rest_init+0x24/0x250 [ 166.934306] arch_call_rest_init+0xf/0x14 [ 166.934345] start_kernel+0x4c6/0x4eb [ 166.934381] secondary_startup_64_no_verify+0xe0/0xeb [ 166.934409] [ 166.934409] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 166.934438] _raw_spin_lock_irqsave+0x39/0x60 [ 166.934464] try_to_wake_up+0xab/0x1930 [ 166.934492] up+0x75/0xb0 [ 166.934527] __up_console_sem+0x6e/0x80 [ 166.934561] console_unlock+0x46a/0x590 [ 166.934596] vprintk_emit+0x1bd/0x560 [ 166.934632] vprintk+0x84/0xa0 [ 166.934668] _printk+0xba/0xf1 [ 166.934694] kauditd_hold_skb.cold+0x3f/0x4e [ 166.934735] kauditd_send_queue+0x233/0x290 [ 166.934766] kauditd_thread+0x5da/0x9a0 [ 166.934796] kthread+0x2ed/0x3a0 [ 166.934827] ret_from_fork+0x22/0x30 [ 166.934853] [ 166.934853] -> #0 ((console_sem).lock){....}-{2:2}: [ 166.934881] __lock_acquire+0x2a02/0x5e70 [ 166.934918] lock_acquire+0x1a2/0x530 [ 166.934953] _raw_spin_lock_irqsave+0x39/0x60 [ 166.934979] down_trylock+0xe/0x70 [ 166.935015] __down_trylock_console_sem+0x3b/0xd0 [ 166.935051] vprintk_emit+0x16b/0x560 [ 166.935087] vprintk+0x84/0xa0 [ 166.935122] _printk+0xba/0xf1 [ 166.935148] report_bug.cold+0x72/0xab [ 166.935167] handle_bug+0x3c/0x70 [ 166.935188] exc_invalid_op+0x14/0x50 [ 166.935210] asm_exc_invalid_op+0x16/0x20 [ 166.935239] group_sched_out.part.0+0x2c7/0x460 [ 166.935262] ctx_sched_out+0x8f1/0xc10 [ 166.935283] __perf_event_task_sched_out+0x6d0/0x18d0 [ 166.935310] __schedule+0xedd/0x2470 [ 166.935344] schedule+0xda/0x1b0 [ 166.935377] exit_to_user_mode_prepare+0x114/0x1a0 [ 166.935400] syscall_exit_to_user_mode+0x19/0x40 [ 166.935430] do_syscall_64+0x48/0x90 [ 166.935451] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 166.935481] [ 166.935481] other info that might help us debug this: [ 166.935481] [ 166.935487] Chain exists of: [ 166.935487] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 166.935487] [ 166.935518] Possible unsafe locking scenario: [ 166.935518] [ 166.935523] CPU0 CPU1 [ 166.935527] ---- ---- [ 166.935532] lock(&ctx->lock); [ 166.935543] lock(&rq->__lock); [ 166.935557] lock(&ctx->lock); [ 166.935570] lock((console_sem).lock); [ 166.935582] [ 166.935582] *** DEADLOCK *** [ 166.935582] [ 166.935586] 2 locks held by syz-executor.1/6560: [ 166.935599] #0: ffff88806cf37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 166.935669] #1: ffff8880374d3820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 166.935728] [ 166.935728] stack backtrace: [ 166.935733] CPU: 1 PID: 6560 Comm: syz-executor.1 Not tainted 6.0.0-rc7-next-20220928 #1 [ 166.935759] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 166.935775] Call Trace: [ 166.935781] [ 166.935789] dump_stack_lvl+0x8b/0xb3 [ 166.935813] check_noncircular+0x263/0x2e0 [ 166.935850] ? format_decode+0x26c/0xb50 [ 166.935888] ? print_circular_bug+0x450/0x450 [ 166.935926] ? enable_ptr_key_workfn+0x20/0x20 [ 166.935967] ? format_decode+0x26c/0xb50 [ 166.936009] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 166.936048] __lock_acquire+0x2a02/0x5e70 [ 166.936095] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 166.936145] lock_acquire+0x1a2/0x530 [ 166.936182] ? down_trylock+0xe/0x70 [ 166.936224] ? lock_release+0x750/0x750 [ 166.936270] ? vprintk+0x84/0xa0 [ 166.936310] _raw_spin_lock_irqsave+0x39/0x60 [ 166.936337] ? down_trylock+0xe/0x70 [ 166.936377] down_trylock+0xe/0x70 [ 166.936416] ? vprintk+0x84/0xa0 [ 166.936454] __down_trylock_console_sem+0x3b/0xd0 [ 166.936492] vprintk_emit+0x16b/0x560 [ 166.936534] vprintk+0x84/0xa0 [ 166.936574] _printk+0xba/0xf1 [ 166.936602] ? record_print_text.cold+0x16/0x16 [ 166.936640] ? report_bug.cold+0x66/0xab [ 166.936664] ? group_sched_out.part.0+0x2c7/0x460 [ 166.936689] report_bug.cold+0x72/0xab [ 166.936715] handle_bug+0x3c/0x70 [ 166.936738] exc_invalid_op+0x14/0x50 [ 166.936763] asm_exc_invalid_op+0x16/0x20 [ 166.936794] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 166.936822] Code: 5e 41 5f e9 cb a9 ef ff e8 c6 a9 ef ff 65 8b 1d db 12 ac 7e 31 ff 89 de e8 66 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 a9 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 9d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 166.936846] RSP: 0018:ffff88803f6c7c48 EFLAGS: 00010006 [ 166.936864] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 166.936880] RDX: ffff88803f5b8000 RSI: ffffffff815662f7 RDI: 0000000000000005 [ 166.936896] RBP: ffff88803f6d8000 R08: 0000000000000005 R09: 0000000000000001 [ 166.936911] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff8880374d3800 [ 166.936927] R13: ffff88806cf3d140 R14: ffffffff8547cf00 R15: 0000000000000002 [ 166.936950] ? group_sched_out.part.0+0x2c7/0x460 [ 166.936979] ? group_sched_out.part.0+0x2c7/0x460 [ 166.937008] ctx_sched_out+0x8f1/0xc10 [ 166.937035] __perf_event_task_sched_out+0x6d0/0x18d0 [ 166.937070] ? lock_is_held_type+0xd7/0x130 [ 166.937103] ? __perf_cgroup_move+0x160/0x160 [ 166.937130] ? set_next_entity+0x304/0x550 [ 166.937169] ? update_curr+0x267/0x740 [ 166.937210] ? lock_is_held_type+0xd7/0x130 [ 166.937244] __schedule+0xedd/0x2470 [ 166.937286] ? io_schedule_timeout+0x150/0x150 [ 166.937326] ? rcu_read_lock_sched_held+0x3e/0x80 [ 166.937371] schedule+0xda/0x1b0 [ 166.937408] exit_to_user_mode_prepare+0x114/0x1a0 [ 166.937434] syscall_exit_to_user_mode+0x19/0x40 [ 166.937467] do_syscall_64+0x48/0x90 [ 166.937491] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 166.937523] RIP: 0033:0x7f6fa538bb19 [ 166.937540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 166.937562] RSP: 002b:00007f6fa2901218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 166.937585] RAX: 0000000000000001 RBX: 00007f6fa549ef68 RCX: 00007f6fa538bb19 [ 166.937601] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6fa549ef6c [ 166.937616] RBP: 00007f6fa549ef60 R08: 000000000000000e R09: 0000000000000000 [ 166.937631] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f6fa549ef6c [ 166.937646] R13: 00007ffea2293bef R14: 00007f6fa2901300 R15: 0000000000022000 [ 166.937673] 03:38:08 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, 0x0, 0x0) [ 167.047377] WARNING: CPU: 1 PID: 6560 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 167.047425] Modules linked in: [ 167.047437] CPU: 1 PID: 6560 Comm: syz-executor.1 Not tainted 6.0.0-rc7-next-20220928 #1 [ 167.047464] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 167.047480] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 167.047509] Code: 5e 41 5f e9 cb a9 ef ff e8 c6 a9 ef ff 65 8b 1d db 12 ac 7e 31 ff 89 de e8 66 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 a9 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 9d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 167.047534] RSP: 0018:ffff88803f6c7c48 EFLAGS: 00010006 [ 167.047553] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 167.047569] RDX: ffff88803f5b8000 RSI: ffffffff815662f7 RDI: 0000000000000005 [ 167.047586] RBP: ffff88803f6d8000 R08: 0000000000000005 R09: 0000000000000001 [ 167.047602] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff8880374d3800 [ 167.047619] R13: ffff88806cf3d140 R14: ffffffff8547cf00 R15: 0000000000000002 [ 167.047639] FS: 00007f6fa2901700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 167.047664] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 167.047682] CR2: 00007fb49000d000 CR3: 000000003b7ce000 CR4: 0000000000350ee0 [ 167.047699] Call Trace: [ 167.047706] [ 167.047718] ctx_sched_out+0x8f1/0xc10 [ 167.047748] __perf_event_task_sched_out+0x6d0/0x18d0 [ 167.047783] ? lock_is_held_type+0xd7/0x130 [ 167.047819] ? __perf_cgroup_move+0x160/0x160 [ 167.047847] ? set_next_entity+0x304/0x550 [ 167.047888] ? update_curr+0x267/0x740 [ 167.047930] ? lock_is_held_type+0xd7/0x130 [ 167.047965] __schedule+0xedd/0x2470 [ 167.048007] ? io_schedule_timeout+0x150/0x150 [ 167.048048] ? rcu_read_lock_sched_held+0x3e/0x80 [ 167.048094] schedule+0xda/0x1b0 [ 167.048132] exit_to_user_mode_prepare+0x114/0x1a0 [ 167.048159] syscall_exit_to_user_mode+0x19/0x40 [ 167.048193] do_syscall_64+0x48/0x90 [ 167.048218] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 167.048251] RIP: 0033:0x7f6fa538bb19 [ 167.048269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 167.048293] RSP: 002b:00007f6fa2901218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 167.048317] RAX: 0000000000000001 RBX: 00007f6fa549ef68 RCX: 00007f6fa538bb19 [ 167.048333] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6fa549ef6c [ 167.048350] RBP: 00007f6fa549ef60 R08: 000000000000000e R09: 0000000000000000 [ 167.048366] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f6fa549ef6c [ 167.048382] R13: 00007ffea2293bef R14: 00007f6fa2901300 R15: 0000000000022000 [ 167.048409] [ 167.048417] irq event stamp: 2338 [ 167.048425] hardirqs last enabled at (2337): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 167.048457] hardirqs last disabled at (2338): [] __schedule+0x1225/0x2470 [ 167.048499] softirqs last enabled at (2326): [] __irq_exit_rcu+0x11b/0x180 [ 167.048541] softirqs last disabled at (2317): [] __irq_exit_rcu+0x11b/0x180 [ 167.048582] ---[ end trace 0000000000000000 ]--- [ 167.158159] hrtimer: interrupt took 19096 ns [ 167.384892] syz-executor.1: attempt to access beyond end of device [ 167.384892] loop1: rw=2049, sector=124, nr_sectors = 4 limit=40 [ 167.392943] Buffer I/O error on dev loop1, logical block 31, lost async page write [ 167.446101] syz-executor.1: attempt to access beyond end of device [ 167.446101] loop1: rw=2049, sector=124, nr_sectors = 4 limit=40 [ 167.447933] Buffer I/O error on dev loop1, logical block 31, lost async page write [ 167.482369] syz-executor.1 (6560) used greatest stack depth: 24472 bytes left 03:38:09 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000200)={0x0, 0x0}) 03:38:09 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) open_by_handle_at(r0, &(0x7f0000000140)=@ceph_nfs_confh={0x10, 0x2, {0x20000}}, 0x0) 03:38:09 executing program 7: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DESTROY(r0, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000000580)={0xec4, 0x15, 0x0, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0xead, 0x1, "254df14a052a748769f3b34ad3ab9d35c97e9e2c5b17b4765e415c622138b07a3aa8d87565e78d85685fb728a8fc30ab8f814545b9ba9253af0b58e2420535ea8f094e3cf25dfab248a0c65d58559775cb1be4e0804d49d1065f665805d30a5864edc97c638a46a39725a6b733be5c77b8f2b859b5b1d7958f7b8299c2091aef8b7d08b5be7935ee9e0d6a5e3f9fc100d83a49f80bc3c2d2b5bc3e2b26b892586bc921586cd4d82621c275375d7c721efe0ce6c565bada10aec373893f07fe8f9a8fb32921d3f6838e69a6d61f9b8086adc9bb8918a2504e43108c6e5246155d40a738a09b4a933be8549ae3a39a5e60d4d0ded152d8c7b9b8c807f4157be78fe7701ea9cce591f21c982ddf9da5488657fda34022f5e17e06fef3a2ca383855714524fff1010bae1f352574c2a5b38993ede1c1a848dc0fca03f58522b801abd318dccca5955d9b9792ba28569a90af1c493addb0a1540e58589fae02f947adae0395413efdf5ed73a43cd28f7223b7c42e023de9e220e280f7551d7c323d9001f19403433c0d1ed3f513806999e96ffd77a2f7b819235e77b635cc755731ff7a33b24e7a9a27a91692477f7482f07553084ae8162309dac4b909b1a70ccd3a27f10071be088b89c3589d4bdac24ef06406839fccccf94525efc8331d64a0ec83e4f86b2e6a3b16049926310844a048ebb3807d0cf47708270ca5c94f88576ccb4068d1c7575deeb77c9450bb541620ceed4f484866ccc0c44a3bbdadbe83eaf1abe5597730b5c308d0442f3d55435365a5155b8bdfe223e0cffbbbd43ee7d04d41d34fee1291dfc0c55ab1e32841802de5d6524ecde32e2c77fd26f52a25b5fd0d9440072529bd020ba273599f2f102b4c30f059f273542fd0065e0a3fed5d609ca36824766788423720fd1aacddcd1246374ebed58fbc292cd855869f8378794cb39454b3cb6bff3d148e220cccfd1b5e14339cc46c2d097deb4c527edb55621c85ad735dc6a0006b703c700483862de04bb623969e1a0445f26055f4b2da6d6dbb421802ba9853904e07d2df647826cddd042ef03cf1d243c54ce99a9d0c120d0bec51e51a99ca9c430246c2a65678b105ce8ba1680cb22b05d457b9e3b0b08216701c3fe95b296a215b592d4530b3ac34fdfbc87ff9d3953e977552b284fa9d45b0a51f1acb777ab29e55339fbba12b122628b5cb49a8c8ba6f2dcab828f14c8ea337e0c0ffc75a569acb3db07db3a04eb636e9a32fbcf5ad6dab91f4a0564f4c21f264a093895544c903bec8804b425e4cb00186328b38bc42b51c58b1e5ef12dce41b71264fe3552ef0164ea0c2b3296436a8c223c49eeb168769ba7b00b0a0523091b1dfd146507abe76369f8365596e90934046985589ec6ead948477c2e38ff230b4721017c65bfa3f64af510f64745b3c61324e885cc35f04dedfabd91b589f559a53831ac339cfda0ff0155cf5220f5abfdf52d44eeb0f13fdce487922c4d7172a2b645077df96a6a948b73321e33c16850e4af19d3fbff91ac815ac18626837de8393fac646dc169a9e377b1b52a41d2842d71d440227ad9f6afb0afcda7d86a483c53c1976c343ea87164095d70904a0844a031803584e28a22898fac6e7ecacac000124eac3eee55a456baad701d588806285101908ea8e15c11e914c5f41e146f8e6ea9f6bf69d8596bc4161aac74a9d9e4c0a4a5916cc4bae57f430895f65c42f671245b5b67ae5c830a1fa44a4e6e1afd8a45bbaacd3963c27cd7ee5f71c837eb852a4994c7ba6cbaf11a16581ecdd9ee86d4dfa7eb7ddfb04a3b82727a8606f62167ed02c01fa3dc00cb71c0b82a3d16f6615b7ab2f720c9a0a697fd6fbbf4bc310beef93992bae932f455b75322f7156b1ccd4498017b673763ae6f7aed89e99f9701e24724096f3b14653a528b1c75847b0e17923adab42676c37bfb6f2de1b208ac5cd03181c01d8887be59256aecb107130a7f39b092db0b217f35fcaee6c5e72319e7fdb4f5d95f58e66e680413e989a3c7672dff88b1c50f71ca0fffb1524664ca7a63041d445ba022b8b890fb2551769231f8ed2256078416bc711f8f4e7d6870a937fecfc0d2a1a2c8f22badcd5bdd7aa56d1341452945ee5377037f4a1a719832c1ed89a747e7f6b2aa8bc3afb08c1f1fd6096de8cf5bdd6a73bc1f3175e63491e7a912569d961e94a6cff5b799ee88aa702abde123d49ceeb54e921e9258bee4ab2d765099bfcc01d9415d5b07f6c841811ed922221760fe7424738b2ab0b38f8d2271ae7d2764729fd61fb5c5875fd031e19b24b509bedf8accb8a91178af169380aa16577c6f79e09c72d072f9ec39b4b913ec6b09fa611f6a625aba718d9f0abcf2a11edc89c02aabb8cab1d6b4c66958867c0fe2c6dea797b078574b0d714aa5b13ddc16e1f5e771c3f184b13ec12a23a3dafc241a6af50c52829195a54aa36cf67fd6a7de2ef111410f84025b0acbb17e6c3f516c7d88f23dec798acbc049c3cdfec5469e7659af6480eaa92a899ee3d6ae6d3bf61b2228ea6da67ff5e77931dd73f37bd08744687cc3d70743094ccd18556f239c6ae7ad411a02e54636f70334dd857e130af9b2d8d7da4d15f8587d9a5e4ef9318439b4c677949cbe72be3c0fe3487a362ed862ab585ad29c315f4d6cbd30ff91fa89860777a2c8577f741de2669675b1e90ca1b31a049c2b96375d3150ae54dc1b6eacdd8ebf6c338ee49dfc0842126d1d5824d57f27ff099f1a71e4564f7e47674a043b5fcca42de8cfd8839ad13a3541eb2d2c2b767edd385bfedc27f158025123d933ccadd1917042fa413c62aa8d3fd5e1cd69959c14eefb3647f1a145ddcacde7e73822adea58bfc19addb515cfd481acebb79040e1f9cfd27582fe47009e660b01bae5a5238d8dac38225e8ff4bebc1d5e4bd448a1fed49b97e5081a284196c3b6fa3c57b07af80c9dfb0701fc8e96856a9cf78d9ab34a48586e1373c19a0e78fcf359627fe7e5d214d23645abdc0ffd648703a3bc848c1c24df3f15e4b9eaf7a4213e8f6483ea6193fa534f9438ca8f4d91563b72c79a31ff063b33546737aec05572c380d6b3bdbddb006a56b55ccbf7d57577bdb4adbdc02e2fa310d141dbaff03feb7e86b19c10617db3f0e74d69c9f0d72c745fca6afd38949009b00e93d64da4258570c90615239460c1f2fd96a9a6c69a0b462956d6ac365d1b9caa383c87db233b2f9bede756de2b05f86676b2990ee77453a1363d9ab08be4776c321543029dc23c9f710051a9e03ce8102a0c867c24664da12177245668fae9bb1e9fefe17983555bcb1b6e8cd6392962e7d34afc97528c3c7678cd4c738f7580c471e427c34de47718371da4a1ea2b3962f9d79c83fc0edbcc80821e3c50cdf4fa5b0af6f99b25c65980184b1f9d391267cb8b388188a140f2c6f32defba7be60ba95086ac6279dacf0f84745e3e5e1a00869a9288bbd9445e0bfcc431fe806a23438c7233ea6bf0bd91089855d1f943fd23fac2cc2cddd42e4951510fae7a7d44d17cc93e9bf87dacc193ae46891661b1bddae9cfbbccce0a56b378708c309fcb156912fa18efe4256f28ce937a73c17fb76486d4b24591804426d52592500ca1d68f3d3cc0442c24c11ec4f5cddf94986d9bb1efd61e3b6b9901a9ac3160b143e6ba680d94b937e25de9dee3a8c0db8878357bf6688e9ba3cccca46a90f7114a1ff5f8d6e0124dd7543de31c4801126c8c022509bd1db6fcab3554a54040264b1def8cb00179bb13eedf1212eb0ceb53363f43a8f86fc16e4e8822635133fcc95207d2e90c80bdeefdce051a7e4101509890de115fbcb2233d130845e84cc716f3d00d1270a1ab69304232701e0e8ddeba47303ec87678158cd02e8d1fbcf0e81e628a2740073f7818aca0f54868f9bad637a84c06362a7ca30cc6f2bdb0c52207309e6aa67f8a8bd5672dcf25e8fc87a09ad0c0aec6ada4439edbdf74cc4f616ff74ff56b63d1b1e1b1dad60cdfb9d6a2bdabb19c8aaf196d65bedeb5dc736ad601b14750af14408f3d626baf2f076aeabd447343ce001e9e9436fa80430908005358b725f47c730a9ae7ba63077dc3e32eed6d2a91588b6214b9c783b43337bf8eafe7465c8eb74e4515918d507a32c18a13f30db2ab324845480d0ca62b8b3317a8d6fe542aecdccb5e6b8cc42bd0044e9f3575490736ac4a4184900f157334c0641bf5d6d4e930d1c4e26121afc0fe8053f9214c6e3beb5e8e934e1308e8d9a140db649ec0082dc7ffcbb62224bc6356e412d89109f66b468c6b712e64930b5cd41ab5d10539f1275b0550d7c14bcca9b95a33eacd9678a9991c5f900c301422decb2c9f744eacebe4bdd8b8b9736c32b37cc34f822b1342c179407a249b437bec37ba0a3770ad0bac47f5179e2145bfd16d042ea96af407adeeac3eea1cc3fda76d6327e37f475d27b16e41b2c07c87380afcc774b0a9dfb08a1a7fa94443206bbda146c6299a370a87a7184c90c3616e860571b827b8f7e146f24ea460ed2997b8ac35a5091c1728e0ddd83e93b0bf1e015589f7f7a97135ff529e1e4bd5fd158f57b3106b649f568985a27b917569da1129bcc3702e95770532876ccdb08b306572dc505d1b0d61699029663f182d4a393b35fd1e80503b410fb2eb76c4464ff093967ff7c470510abc727f0d33d97e33d767f4325cf96d434217eeb52bc9bc3a0bef540dd8bb19a72add6ec6775451a731a4b5011edb68f47ac9a0d7e5e66a037402b7aac7b43809d24a34fac2fbb7e27de476da7d740e6a08ba39a561d41a77ec8eaa7ec211c6d3c798c69ab794ce462400dc370e233c9c7dbdb322b7cc8c937ede79667274a5cd69d4465bf1eee1f8385050238f5915b0641a8322a284a8cf2519b247652b639075f9a99f1e219cdb86bc54339d5301b933d6e03ee719664405d20cf282913b9906d051f17ab35a4010b03e82702e66da4db8ea2b202551107db86411b534370465acca3e57c47e4e181e0e98a2530a6e1fbba4a956b0f4488d6622c9d9eebbb8152b82ffb5538bb539aacd2c3205f4e109c1e5b3cd97f5740aac51350411ebce74f1e8ed457fc2dd766a1b3f5c574e67ba23b63867c82fb63601acd2c90e972f269f86042ed9f942a48df912e1541fa93846ed3057a7166db3731e7801d8795f31c9f6064f1b3e5e62aa1523286b3e2663d3d8eabd966feae5a84f8912f2d1055537311f557b395fd2f1099ca933fdf6478e6f99c7de269bf26fc10d3f3b910ac7f24bc8e273f1bcfdde84b65f130a0fcf60166d9"}]}, 0xec4}}, 0x0) 03:38:09 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) syncfs(r0) 03:38:09 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) 03:38:09 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, 0x0, 0x0) 03:38:09 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, 0x0) 03:38:09 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwrite64(r1, &(0x7f00000000c0)='9', 0x1, 0x8040000) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000380)={0x0, 0x3ff}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) [ 167.589936] loop1: detected capacity change from 0 to 40 03:38:09 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwrite64(r1, &(0x7f00000000c0)='9', 0x1, 0x8040000) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000380)={0x0, 0x3ff}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) 03:38:09 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwrite64(r1, &(0x7f00000000c0)='9', 0x1, 0x8040000) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000380)={0x0, 0x3ff}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) [ 167.674906] loop3: detected capacity change from 0 to 40 [ 167.720989] loop7: detected capacity change from 0 to 40 [ 167.995888] syz-executor.7: attempt to access beyond end of device [ 167.995888] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40 [ 167.998938] Buffer I/O error on dev loop7, logical block 31, lost async page write [ 168.004766] syz-executor.1: attempt to access beyond end of device [ 168.004766] loop1: rw=2049, sector=124, nr_sectors = 4 limit=40 [ 168.007996] Buffer I/O error on dev loop1, logical block 31, lost async page write [ 168.177823] syz-executor.3: attempt to access beyond end of device [ 168.177823] loop3: rw=2049, sector=124, nr_sectors = 4 limit=40 [ 168.194198] Buffer I/O error on dev loop3, logical block 31, lost async page write 03:38:10 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwrite64(r1, &(0x7f00000000c0)='9', 0x1, 0x8040000) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000380)={0x0, 0x3ff}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) 03:38:10 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) 03:38:10 executing program 2: r0 = syz_mount_image$tmpfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)) mknodat$loop(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) openat(r0, &(0x7f0000000080)='./file0\x00', 0x402, 0x0) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x121823, 0x0) 03:38:10 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) syncfs(r0) 03:38:10 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwrite64(r1, &(0x7f00000000c0)='9', 0x1, 0x8040000) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000380)={0x0, 0x3ff}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) 03:38:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwrite64(r1, &(0x7f00000000c0)='9', 0x1, 0x8040000) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000380)={0x0, 0x3ff}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) 03:38:10 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, 0x0, 0x0) 03:38:10 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000200)={0x0, 0x0}) [ 168.383366] loop1: detected capacity change from 0 to 40 [ 168.384920] loop7: detected capacity change from 0 to 40 [ 168.470793] syz-executor.1: attempt to access beyond end of device [ 168.470793] loop1: rw=2049, sector=124, nr_sectors = 4 limit=40 [ 168.473161] Buffer I/O error on dev loop1, logical block 31, lost async page write [ 168.475105] loop3: detected capacity change from 0 to 40 [ 168.517325] syz-executor.7: attempt to access beyond end of device [ 168.517325] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40 [ 168.518802] Buffer I/O error on dev loop7, logical block 31, lost async page write 03:38:10 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) 03:38:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwrite64(r1, &(0x7f00000000c0)='9', 0x1, 0x8040000) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000380)={0x0, 0x3ff}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) 03:38:10 executing program 2: prctl$PR_GET_UNALIGN(0x35, 0x0) [ 168.558863] loop1: detected capacity change from 0 to 40 [ 168.566979] Bluetooth: hci2: command 0x0406 tx timeout 03:38:10 executing program 5: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000080)='system_u:object_r:autofs_device_t:s0\x00', 0x25) r1 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) symlinkat(&(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000040)='./file0\x00') 03:38:10 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x5000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getresgid(0x0, 0x0, 0x0) shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) shmctl$IPC_SET(0x0, 0x1, 0x0) 03:38:10 executing program 6: faccessat(0xffffffffffffffff, 0x0, 0x102) [ 168.617602] audit: type=1400 audit(1664422690.425:9): avc: denied { create } for pid=6616 comm="syz-executor.5" name="file0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:autofs_device_t:s0 tclass=lnk_file permissive=1 [ 168.620784] audit: type=1400 audit(1664422690.425:10): avc: denied { associate } for pid=6616 comm="syz-executor.5" name="file0" scontext=system_u:object_r:autofs_device_t:s0 tcontext=system_u:object_r:hugetlbfs_t:s0 tclass=filesystem permissive=1 03:38:10 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwrite64(r1, &(0x7f00000000c0)='9', 0x1, 0x8040000) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000380)={0x0, 0x3ff}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) 03:38:10 executing program 6: socket(0x1e, 0x0, 0x0) [ 168.754628] loop7: detected capacity change from 0 to 40 [ 168.779099] syz-executor.1: attempt to access beyond end of device [ 168.779099] loop1: rw=2049, sector=124, nr_sectors = 4 limit=40 [ 168.781006] Buffer I/O error on dev loop1, logical block 31, lost async page write [ 168.812480] syz-executor.3: attempt to access beyond end of device [ 168.812480] loop3: rw=2049, sector=124, nr_sectors = 4 limit=40 [ 168.816630] Buffer I/O error on dev loop3, logical block 31, lost async page write [ 168.821246] syz-executor.7: attempt to access beyond end of device [ 168.821246] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40 [ 168.822886] Buffer I/O error on dev loop7, logical block 31, lost async page write [ 168.975395] loop3: detected capacity change from 0 to 40 03:38:10 executing program 2: prctl$PR_GET_UNALIGN(0x35, 0x0) 03:38:10 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwrite64(r1, &(0x7f00000000c0)='9', 0x1, 0x8040000) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000380)={0x0, 0x3ff}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) 03:38:10 executing program 1: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000080)='system_u:object_r:autofs_device_t:s0\x00', 0x25) r1 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) symlinkat(&(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000040)='./file0\x00') 03:38:10 executing program 6: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000440)) 03:38:10 executing program 7: symlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00') lsetxattr$security_ima(&(0x7f0000001500)='./file0\x00', &(0x7f0000001540), &(0x7f0000000100)=ANY=[@ANYBLOB], 0x9, 0x0) unlink(&(0x7f0000000040)='./file0\x00') 03:38:10 executing program 0: mknod(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) link(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='./file0\x00') unlink(&(0x7f00000001c0)='./file1\x00') 03:38:10 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) 03:38:10 executing program 5: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000080)='system_u:object_r:autofs_device_t:s0\x00', 0x25) r1 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) symlinkat(&(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000040)='./file0\x00') 03:38:10 executing program 0: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9f47ad4552e7bdf4f8e7998a1266a360beb2ec1527390452139f9ab91ee250efcf3413e72a6b2688d8b6a4748ccc165bbf886573ccdd03bd93f32a866cd878ec246e06f31d4d7f7ec9836b7305ee0c1b9fa75cd6e4ca5cc2f107b654f15a2442cd9c8eaf581d093639fe35e0da49394c5ed66ad29bc2b863649e16c1951d0d3dd6f1048539e558ee1f059d91510a5acd84777ca01545635d2fb40e2f205bb11435023e47e4e2f85b6d1b56b688dd1a4304708a561d32dbaa6cd4f969e67af33773d4e9772751019dc6c2af7e2fe9d3c7eb6f1b401926603d90802f792b081957dd5ebd18410cd42b2ea05ae9a61254e4b878384b8a376fe9eba06afc1253f2224fab88feb7c426e3dfb19385afbb42cc13209b419568eeafdf505dc5ca30acc17d337e941e0badf9f9413f381fe9a315e2597426805827943f193f02a12554d434bd91708a28d9da1bf64ad64f80a7287d1e02d5d1f14bf9d89ba3badfa524694db6a651e97ea64104ad34942f36745259f4ec32fdce0bd13e693ccbe0e012e61a1fae9fc1662b99871e3812cea14d12646ccc08b0514762a475ecdbf9071377bb1ecd891c6fe32fde1d3044caf466b3a342b7541e8ed7432e94baf1d5546aff0e23f6a03c9ea5635519533e712639c27958e3a0f3684ed91cfb2e6e4", 0x3b8}], 0x1) 03:38:10 executing program 5: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000080)='system_u:object_r:autofs_device_t:s0\x00', 0x25) r1 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) symlinkat(&(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000040)='./file0\x00') 03:38:10 executing program 1: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000080)='system_u:object_r:autofs_device_t:s0\x00', 0x25) r1 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) symlinkat(&(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000040)='./file0\x00') 03:38:10 executing program 2: prctl$PR_GET_UNALIGN(0x35, 0x0) 03:38:10 executing program 6: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000440)) 03:38:10 executing program 7: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000002780)=[{&(0x7f0000001640)="90b170fb1922da8c5f60d15dcc609eba81ed33fc8ba2e3d22d2757d9d08b6add12bb4c4d7a1cd78ac3c35ddbf855a91cd26f443b99aef8e937a2f5aaf875666a849ae4f31b2d52c8daef715abc9b3a0c2161499aac1e0fb25800fd4e924e862a503a344e1c65fba93576d5b1d4ecac8c0acec7b6bc4630147bbee5567ed034537baf124e35a06aba781e6ba276981c9d2661b03b7448d28949b75243109ba114dab802bf1ad9a4b3a89254aac12b4cfa7b57b77db9b69e85c62319c982f631ba9c7790751312e5995e0c9df27958cb77ea5a68abcaf46b2d18f8821b01ee6c652047c4722955af7356aefd3bcd0793606255c21b760a505c25a2bf1f383e7a71cbc99c23ec9b8b958861955f246b0e89700e96d9f0f17c5bd1f6926c9a775e5c27030368f21a9a815aa5cc6480047155ecf7402aec3b046f4ab2da86332a75074f6edd3d70117d21543af5edf8dbfa8301efb51dc88cdea478bfc433209b64fa13715f00e0a0f3d1d3c69c0f09ce190339e9e44b76353962a91fca38196fc3008e16ffbc6b2708192a5ca1a72c53c5580f5033387ac573a4aad5c2cba545c6a68c49c27626405e0f1f2f02a29c510796fcf205022d8967545f58663c6ba93989b95701a9d28c13383e50f32a606e80b15dab41939fd5dd60f63ce60ac10364d7d7ed8d584017de7c8cd472c81ca864bf3659b4bb367bc2f534c45601938158", 0x1ff, 0x1}], 0x0, 0x0) [ 169.162336] loop7: detected capacity change from 0 to 1 [ 169.172309] loop7: detected capacity change from 0 to 1 03:38:10 executing program 5: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000080)='system_u:object_r:autofs_device_t:s0\x00', 0x25) r1 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) symlinkat(&(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000040)='./file0\x00') 03:38:11 executing program 1: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000080)='system_u:object_r:autofs_device_t:s0\x00', 0x25) r1 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) symlinkat(&(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000040)='./file0\x00') 03:38:11 executing program 2: prctl$PR_GET_UNALIGN(0x35, 0x0) 03:38:11 executing program 6: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000440)) 03:38:11 executing program 0: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9f47ad4552e7bdf4f8e7998a1266a360beb2ec1527390452139f9ab91ee250efcf3413e72a6b2688d8b6a4748ccc165bbf886573ccdd03bd93f32a866cd878ec246e06f31d4d7f7ec9836b7305ee0c1b9fa75cd6e4ca5cc2f107b654f15a2442cd9c8eaf581d093639fe35e0da49394c5ed66ad29bc2b863649e16c1951d0d3dd6f1048539e558ee1f059d91510a5acd84777ca01545635d2fb40e2f205bb11435023e47e4e2f85b6d1b56b688dd1a4304708a561d32dbaa6cd4f969e67af33773d4e9772751019dc6c2af7e2fe9d3c7eb6f1b401926603d90802f792b081957dd5ebd18410cd42b2ea05ae9a61254e4b878384b8a376fe9eba06afc1253f2224fab88feb7c426e3dfb19385afbb42cc13209b419568eeafdf505dc5ca30acc17d337e941e0badf9f9413f381fe9a315e2597426805827943f193f02a12554d434bd91708a28d9da1bf64ad64f80a7287d1e02d5d1f14bf9d89ba3badfa524694db6a651e97ea64104ad34942f36745259f4ec32fdce0bd13e693ccbe0e012e61a1fae9fc1662b99871e3812cea14d12646ccc08b0514762a475ecdbf9071377bb1ecd891c6fe32fde1d3044caf466b3a342b7541e8ed7432e94baf1d5546aff0e23f6a03c9ea5635519533e712639c27958e3a0f3684ed91cfb2e6e4", 0x3b8}], 0x1) 03:38:11 executing program 4: syz_io_uring_setup(0x61eb, &(0x7f00000003c0)={0x0, 0x87bd}, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000440), &(0x7f0000000480)) 03:38:11 executing program 7: r0 = msgget$private(0x0, 0x448) msgget$private(0x0, 0x108) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/238) r1 = msgget(0x3, 0x6c) msgrcv(r1, &(0x7f00000007c0)={0x0, ""/114}, 0x7a, 0x2, 0x3000) 03:38:11 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) copy_file_range(r0, 0x0, r0, 0x0, 0x0, 0x0) 03:38:11 executing program 3: syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 03:38:11 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000080)={0x0, {{0x2, 0x0, @multicast1}}, 0x0, 0x2}, 0x190) 03:38:11 executing program 5: syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f00000004c0), 0x50, &(0x7f0000000580)={[{@stripe}, {@max_batch_time}, {@data_writeback}], [{@euid_gt}]}) 03:38:11 executing program 6: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000440)) [ 169.435807] ======================================================= [ 169.435807] WARNING: The mand mount option has been deprecated and [ 169.435807] and is ignored by this kernel. Remove the mand [ 169.435807] option from the mount to silence this warning. [ 169.435807] ======================================================= 03:38:11 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000014a00)) [ 169.453074] ext2: Unknown parameter 'euid>00000000000000000000' 03:38:11 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000080)='./mnt\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0) getxattr(&(0x7f0000000000)='./mnt\x00', &(0x7f0000000140)=@known='trusted.overlay.opaque\x00', &(0x7f0000000180)=""/180, 0xb4) [ 169.459458] loop2: detected capacity change from 0 to 4 [ 169.463106] ext2: Unknown parameter 'euid>00000000000000000000' [ 169.473523] EXT4-fs (loop2): Can't read superblock on 2nd try 03:38:11 executing program 5: syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f00000004c0), 0x50, &(0x7f0000000580)={[{@stripe}, {@max_batch_time}, {@data_writeback}], [{@euid_gt}]}) 03:38:11 executing program 0: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9f47ad4552e7bdf4f8e7998a1266a360beb2ec1527390452139f9ab91ee250efcf3413e72a6b2688d8b6a4748ccc165bbf886573ccdd03bd93f32a866cd878ec246e06f31d4d7f7ec9836b7305ee0c1b9fa75cd6e4ca5cc2f107b654f15a2442cd9c8eaf581d093639fe35e0da49394c5ed66ad29bc2b863649e16c1951d0d3dd6f1048539e558ee1f059d91510a5acd84777ca01545635d2fb40e2f205bb11435023e47e4e2f85b6d1b56b688dd1a4304708a561d32dbaa6cd4f969e67af33773d4e9772751019dc6c2af7e2fe9d3c7eb6f1b401926603d90802f792b081957dd5ebd18410cd42b2ea05ae9a61254e4b878384b8a376fe9eba06afc1253f2224fab88feb7c426e3dfb19385afbb42cc13209b419568eeafdf505dc5ca30acc17d337e941e0badf9f9413f381fe9a315e2597426805827943f193f02a12554d434bd91708a28d9da1bf64ad64f80a7287d1e02d5d1f14bf9d89ba3badfa524694db6a651e97ea64104ad34942f36745259f4ec32fdce0bd13e693ccbe0e012e61a1fae9fc1662b99871e3812cea14d12646ccc08b0514762a475ecdbf9071377bb1ecd891c6fe32fde1d3044caf466b3a342b7541e8ed7432e94baf1d5546aff0e23f6a03c9ea5635519533e712639c27958e3a0f3684ed91cfb2e6e4", 0x3b8}], 0x1) [ 169.500098] loop2: detected capacity change from 0 to 4 [ 169.509379] ext2: Unknown parameter 'euid>00000000000000000000' [ 169.514613] EXT4-fs (loop2): Can't read superblock on 2nd try 03:38:11 executing program 6: keyctl$search(0xa, 0x0, &(0x7f0000000000)='.request_key_auth\x00', &(0x7f0000000040)={'syz', 0x0}, 0xfffffffffffffffb) request_key(&(0x7f0000001800)='asymmetric\x00', &(0x7f0000001840)={'syz', 0x0}, &(0x7f0000001880)=',\\)\x00', 0x0) 03:38:11 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000080)={0x0, {{0x2, 0x0, @multicast1}}, 0x0, 0x2}, 0x190) 03:38:11 executing program 5: syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f00000004c0), 0x50, &(0x7f0000000580)={[{@stripe}, {@max_batch_time}, {@data_writeback}], [{@euid_gt}]}) 03:38:11 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0x8531) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) preadv2(r1, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/75, 0x4b}], 0x1, 0x0, 0x0, 0x8) 03:38:11 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) getpeername$netlink(r0, 0x0, 0x0) [ 169.610354] ext2: Unknown parameter 'euid>00000000000000000000' 03:38:12 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000014a00)) 03:38:12 executing program 5: syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f00000004c0), 0x50, &(0x7f0000000580)={[{@stripe}, {@max_batch_time}, {@data_writeback}], [{@euid_gt}]}) 03:38:12 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000080)={0x0, {{0x2, 0x0, @multicast1}}, 0x0, 0x2}, 0x190) 03:38:12 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) read(r0, 0x0, 0x0) 03:38:12 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, r0, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r1, 0x0) 03:38:12 executing program 0: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9f47ad4552e7bdf4f8e7998a1266a360beb2ec1527390452139f9ab91ee250efcf3413e72a6b2688d8b6a4748ccc165bbf886573ccdd03bd93f32a866cd878ec246e06f31d4d7f7ec9836b7305ee0c1b9fa75cd6e4ca5cc2f107b654f15a2442cd9c8eaf581d093639fe35e0da49394c5ed66ad29bc2b863649e16c1951d0d3dd6f1048539e558ee1f059d91510a5acd84777ca01545635d2fb40e2f205bb11435023e47e4e2f85b6d1b56b688dd1a4304708a561d32dbaa6cd4f969e67af33773d4e9772751019dc6c2af7e2fe9d3c7eb6f1b401926603d90802f792b081957dd5ebd18410cd42b2ea05ae9a61254e4b878384b8a376fe9eba06afc1253f2224fab88feb7c426e3dfb19385afbb42cc13209b419568eeafdf505dc5ca30acc17d337e941e0badf9f9413f381fe9a315e2597426805827943f193f02a12554d434bd91708a28d9da1bf64ad64f80a7287d1e02d5d1f14bf9d89ba3badfa524694db6a651e97ea64104ad34942f36745259f4ec32fdce0bd13e693ccbe0e012e61a1fae9fc1662b99871e3812cea14d12646ccc08b0514762a475ecdbf9071377bb1ecd891c6fe32fde1d3044caf466b3a342b7541e8ed7432e94baf1d5546aff0e23f6a03c9ea5635519533e712639c27958e3a0f3684ed91cfb2e6e4", 0x3b8}], 0x1) 03:38:12 executing program 7: r0 = msgget$private(0x0, 0x448) msgget$private(0x0, 0x108) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/238) r1 = msgget(0x3, 0x6c) msgrcv(r1, &(0x7f00000007c0)={0x0, ""/114}, 0x7a, 0x2, 0x3000) 03:38:12 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0x8531) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) preadv2(r1, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/75, 0x4b}], 0x1, 0x0, 0x0, 0x8) [ 170.320083] ext2: Unknown parameter 'euid>00000000000000000000' [ 170.328427] loop2: detected capacity change from 0 to 4 [ 170.332521] EXT4-fs (loop2): Can't read superblock on 2nd try 03:38:12 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000080)={0x0, {{0x2, 0x0, @multicast1}}, 0x0, 0x2}, 0x190) 03:38:12 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000014a00)) 03:38:12 executing program 3: r0 = msgget$private(0x0, 0x448) msgget$private(0x0, 0x108) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/238) r1 = msgget(0x3, 0x6c) msgrcv(r1, &(0x7f00000007c0)={0x0, ""/114}, 0x7a, 0x2, 0x3000) 03:38:12 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, r0, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r1, 0x0) 03:38:13 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0x8531) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) preadv2(r1, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/75, 0x4b}], 0x1, 0x0, 0x0, 0x8) 03:38:13 executing program 7: r0 = msgget$private(0x0, 0x448) msgget$private(0x0, 0x108) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/238) r1 = msgget(0x3, 0x6c) msgrcv(r1, &(0x7f00000007c0)={0x0, ""/114}, 0x7a, 0x2, 0x3000) 03:38:13 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000014a00)) 03:38:13 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, r0, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r1, 0x0) 03:38:13 executing program 3: r0 = msgget$private(0x0, 0x448) msgget$private(0x0, 0x108) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/238) r1 = msgget(0x3, 0x6c) msgrcv(r1, &(0x7f00000007c0)={0x0, ""/114}, 0x7a, 0x2, 0x3000) 03:38:13 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0x8531) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) preadv2(r1, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/75, 0x4b}], 0x1, 0x0, 0x0, 0x8) 03:38:13 executing program 1: socket(0x1f, 0x0, 0x0) 03:38:13 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) [ 171.321943] loop2: detected capacity change from 0 to 4 [ 171.330539] loop0: detected capacity change from 0 to 40 [ 171.334925] EXT4-fs (loop2): Can't read superblock on 2nd try 03:38:13 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0x8531) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) preadv2(r1, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/75, 0x4b}], 0x1, 0x0, 0x0, 0x8) 03:38:13 executing program 1: lsetxattr(&(0x7f00000000c0)='.\x00', &(0x7f0000000140)=@known='security.selinux\x00', &(0x7f0000000180)='\x00', 0x1, 0x0) fork() umount2(0x0, 0x9) rt_sigqueueinfo(0x0, 0x0, 0x0) 03:38:13 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0x8531) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) preadv2(r1, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/75, 0x4b}], 0x1, 0x0, 0x0, 0x8) 03:38:13 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, r0, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r1, 0x0) [ 171.492842] SELinux: Context is not valid (left unmapped). 03:38:14 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1c, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2, 0x2}, [@CTA_MARK={0x8}]}, 0x1c}}, 0x0) 03:38:14 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) 03:38:14 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x7}, 0x18292}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r1, 0x1, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 03:38:14 executing program 7: r0 = msgget$private(0x0, 0x448) msgget$private(0x0, 0x108) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/238) r1 = msgget(0x3, 0x6c) msgrcv(r1, &(0x7f00000007c0)={0x0, ""/114}, 0x7a, 0x2, 0x3000) 03:38:14 executing program 3: r0 = msgget$private(0x0, 0x448) msgget$private(0x0, 0x108) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/238) r1 = msgget(0x3, 0x6c) msgrcv(r1, &(0x7f00000007c0)={0x0, ""/114}, 0x7a, 0x2, 0x3000) 03:38:14 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0x8531) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) preadv2(r1, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/75, 0x4b}], 0x1, 0x0, 0x0, 0x8) 03:38:14 executing program 1: lsetxattr(&(0x7f00000000c0)='.\x00', &(0x7f0000000140)=@known='security.selinux\x00', &(0x7f0000000180)='\x00', 0x1, 0x0) fork() umount2(0x0, 0x9) rt_sigqueueinfo(0x0, 0x0, 0x0) [ 172.319380] loop0: detected capacity change from 0 to 40 03:38:14 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1c, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2, 0x2}, [@CTA_MARK={0x8}]}, 0x1c}}, 0x0) 03:38:14 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) [ 172.401839] loop6: detected capacity change from 0 to 40 03:38:14 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) [ 172.511609] loop5: detected capacity change from 0 to 40 03:38:14 executing program 1: lsetxattr(&(0x7f00000000c0)='.\x00', &(0x7f0000000140)=@known='security.selinux\x00', &(0x7f0000000180)='\x00', 0x1, 0x0) fork() umount2(0x0, 0x9) rt_sigqueueinfo(0x0, 0x0, 0x0) 03:38:14 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1c, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2, 0x2}, [@CTA_MARK={0x8}]}, 0x1c}}, 0x0) 03:38:14 executing program 1: lsetxattr(&(0x7f00000000c0)='.\x00', &(0x7f0000000140)=@known='security.selinux\x00', &(0x7f0000000180)='\x00', 0x1, 0x0) fork() umount2(0x0, 0x9) rt_sigqueueinfo(0x0, 0x0, 0x0) 03:38:14 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1c, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2, 0x2}, [@CTA_MARK={0x8}]}, 0x1c}}, 0x0) 03:38:14 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) 03:38:14 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) [ 172.946024] loop1: detected capacity change from 0 to 40 [ 172.967818] loop2: detected capacity change from 0 to 40 [ 173.131652] bio_check_eod: 2 callbacks suppressed [ 173.131681] syz-executor.0: attempt to access beyond end of device [ 173.131681] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 173.134242] buffer_io_error: 2 callbacks suppressed [ 173.134272] Buffer I/O error on dev loop0, logical block 10, lost async page write [ 173.188232] syz-executor.2: attempt to access beyond end of device [ 173.188232] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 173.189749] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 173.257652] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 173.274565] autofs4:pid:6806:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(2.1), cmd(0xc0189373) [ 173.276480] autofs4:pid:6806:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189373) 03:38:15 executing program 7: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000040)={{0x2, 0x1, 0x18}, './file0\x00'}) 03:38:15 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) [ 173.333518] loop0: detected capacity change from 0 to 40 [ 173.403537] syz-executor.4 (6780) used greatest stack depth: 22808 bytes left 03:38:16 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) 03:38:16 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) 03:38:16 executing program 7: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x401, 0x1400}, {0x0, 0xffff}], 0x2, 0x0) unshare(0x48040080) 03:38:16 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000005d00)={@mcast2}, 0x14) 03:38:16 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) 03:38:16 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x7}, 0x18292}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r1, 0x1, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 03:38:16 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) 03:38:16 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) [ 174.253323] loop2: detected capacity change from 0 to 40 [ 174.256433] loop6: detected capacity change from 0 to 40 [ 174.259172] loop5: detected capacity change from 0 to 40 [ 174.271829] loop1: detected capacity change from 0 to 40 [ 174.322993] loop0: detected capacity change from 0 to 40 03:38:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x18, r1, 0x301, 0x0, 0x0, {0x6}, [@HEADER={0x4}]}, 0x18}}, 0x0) 03:38:16 executing program 7: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x401, 0x1400}, {0x0, 0xffff}], 0x2, 0x0) unshare(0x48040080) 03:38:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x18, r1, 0x301, 0x0, 0x0, {0x6}, [@HEADER={0x4}]}, 0x18}}, 0x0) 03:38:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x18, r1, 0x301, 0x0, 0x0, {0x6}, [@HEADER={0x4}]}, 0x18}}, 0x0) 03:38:16 executing program 7: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x401, 0x1400}, {0x0, 0xffff}], 0x2, 0x0) unshare(0x48040080) 03:38:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x18, r1, 0x301, 0x0, 0x0, {0x6}, [@HEADER={0x4}]}, 0x18}}, 0x0) [ 175.049711] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 175.317243] loop6: detected capacity change from 0 to 40 03:38:17 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x7}, 0x18292}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r1, 0x1, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 03:38:17 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) 03:38:17 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) 03:38:17 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) 03:38:17 executing program 7: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x401, 0x1400}, {0x0, 0xffff}], 0x2, 0x0) unshare(0x48040080) 03:38:17 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) openat(r0, &(0x7f0000000300)='./file1\x00', 0x200, 0xb1) chdir(&(0x7f0000000140)='./file0\x00') openat(r0, &(0x7f0000000000)='./file0\x00', 0x20c0, 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0xc0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)=ANY=[@ANYBLOB="873b07000000efb1606e00770100"/24, @ANYRES32=r3, @ANYBLOB='Y0\x00``\x00'/18]) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0xa015000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r5, 0x8, 0x0, 0x8000000) ioctl$AUTOFS_IOC_CATATONIC(r5, 0x9362, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r6, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r6, r1, 0x0, 0xfffffdef) 03:38:17 executing program 3: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x401, 0x1400}, {0x0, 0xffff}], 0x2, 0x0) unshare(0x48040080) 03:38:17 executing program 0: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x401, 0x1400}, {0x0, 0xffff}], 0x2, 0x0) unshare(0x48040080) [ 175.351352] loop2: detected capacity change from 0 to 40 [ 175.363801] loop1: detected capacity change from 0 to 40 [ 175.378779] loop5: detected capacity change from 0 to 40 [ 175.444770] syz-executor.6: attempt to access beyond end of device [ 175.444770] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 175.446326] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 175.503212] syz-executor.2: attempt to access beyond end of device [ 175.503212] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 175.504409] Buffer I/O error on dev loop2, logical block 10, lost async page write [ 175.521688] syz-executor.1: attempt to access beyond end of device [ 175.521688] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 175.522807] Buffer I/O error on dev loop1, logical block 10, lost async page write [ 175.614824] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 175.652550] syz-executor.5: attempt to access beyond end of device [ 175.652550] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 175.653886] Buffer I/O error on dev loop5, logical block 10, lost async page write 03:38:17 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0x227c, &(0x7f0000000340)={'\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) 03:38:17 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5f800, 0xf, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000bf000000000000bf000000000000000000000000000000000000000000000000000000000000000001000001010000010008080018000000000000181400000000000000000000160000000022001c0000000000001c00080000000008007809140b2a3a08020000010000010100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202073797a6b616c6c65722020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202047454e49534f494d4147452049534f20393636302f4846532046494c4553595354454d2043524541544f5220284329203139393320452e594f554e4744414c452028432920313939372d32303036204a2e50454152534f4e2f4a2e534348494c4c494e472028432920323030362d32303037204344524b4954205445414d202066696c6533202020202020202020202020202020202020202020202020202020202020202066696c6531202020202020202020202020202020202020202020202020202020202020202066696c6532202020202020202020202020202020202020202020202020202020202020202032303230303932303131343235383030083230323030393230313134323538303008303030303030303030303030303030300032303230303932303131343235383030080100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202000"/1408, 0x580, 0x8000}, {&(0x7f0000010600)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d002000200020002000200020002000200020002000200000000000000000bf000000000000bf252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e0000000000001e00080000000008007809140b2a3a08020000010000010100002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000730079007a006b0061006c006c006500720020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000470045004e00490053004f0049004d004100470045002000490053004f00200039003600360030005f004800460053002000460049004c004500530059005300540045004d002000430052004500410054004f005200200028004300290020003100390039003300200045002e0059004f0055004e004700440041004c004500660069006c0065003300200020002000200020002000200020002000200020002000200000660069006c0065003100200020002000200020002000200020002000200020002000200000660069006c0065003200200020002000200020002000200020002000200020002000200032303230303932303131343235383030083230323030393230313134323538303008303030303030303030303030303030300032303230303932303131343235383030080100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202000"/1408, 0x580, 0x8800}, {&(0x7f0000010c00)="ff43443030310100"/32, 0x20, 0x9000}, {&(0x7f0000010d00)="01001c0000000100000005001d000000010046494c4530000000000000000000", 0x20, 0xa000}, {&(0x7f0000010e00)="01000000001c0001000005000000001d000146494c4530000000000000000000", 0x20, 0xb000}, {&(0x7f0000010f00)="01001e000000010000000a001f000000010000660069006c0065003000000000", 0x20, 0xc000}, {&(0x7f0000011000)="01000000001e000100000a000000001f000100660069006c0065003000000000", 0x20, 0xd000}, {&(0x7f0000011100)="88001c0000000000001c00080000000008007809140b2a3a0802000001000001010053500701beef005252050181505824016d4100000000416d03000000000000030000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a0843451c0120000000000000200000000000000000ed000000000000ed66001c0000000000001c00080000000008007809140b2a3a080200000100000101015252050181505824016d4100000000416d02000000000000020000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a08008c00210000000000002164000000000000647809140b2a3a08000000010000010a46494c452e434f4c3b310041410e0254455854756e6978000052520501894e4d0e010066696c652e636f6c64505824016d8100000000816d01000000000000010000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a080074001d0000000000001d00080000000008007809140b2a3a08020000010000010546494c453052520501894e4d0a010066696c6530505824016d4100000000416d02000000000000020000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a0800860022000000000000220a0000000000000a7809140b2a3a08000000010000010846494c45312e3b310041410e0254455854756e6978000052520501894e4d0a010066696c6531505824016d8100000000816d01000000000000010000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a08008600230000000000002328230000000023287809140b2a3a08000000010000010846494c45322e3b310041410e0254455854756e6978000052520501894e4d0a010066696c6532505824016d8100000000816d02000000000000020000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a08008600230000000000002328230000000023287809140b2a3a08000000010000010846494c45332e3b310041410e0254455854756e6978000052520501894e4d0a010066696c6533505824016d8100000000816d02000000000000020000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a0800", 0x380, 0xe000}, {&(0x7f0000011500)="66001d0000000000001d00080000000008007809140b2a3a080200000100000101005252050181505824016d4100000000416d02000000000000020000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a080066001c0000000000001c00080000000008007809140b2a3a080200000100000101015252050181505824016d4100000000416d03000000000000030000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a0800860028000000000000281a0400000000041a7809140b2a3a08000000010000010846494c45302e3b310041410e0254455854756e6978000052520501894e4d0a010066696c6530505824016d8100000000816d01000000000000010000000000000000000000000000000054461a010e7809140b2a3a087809140b2a3a087809140b2a3a0800a800290000000000002900000000000000007809140b2a3a08000000010000010846494c45312e3b3100525205018d4e4d0a010066696c6531505824016da100000000a16d010000000000000100000000000000000000000000000000534c31010008000003746d70001573797a2d696d61676567656e393632343934303438000566696c6530000566696c653054461a010e7809140b2a3a087809140b2a3a087809140b2a3a08000000000000", 0x200, 0xe800}, {&(0x7f0000011700)="22001e0000000000001e00080000000008007809140b2a3a0802000001000001010022001e0000000000001e00080000000008007809140b2a3a080200000100000101013400210000000000002164000000000000647809140b2a3a08000000010000011200660069006c0065002e0063006f006c0064002c001f0000000000001f00080000000008007809140b2a3a08020000010000010a00660069006c00650030002c0022000000000000220a0000000000000a7809140b2a3a08000000010000010a00660069006c00650031002c00230000000000002328230000000023287809140b2a3a08000000010000010a00660069006c00650032002c00230000000000002328230000000023287809140b2a3a08000000010000010a00660069006c0065003300"/320, 0x140, 0xf000}, {&(0x7f0000011900)="22001f0000000000001f00080000000008007809140b2a3a0802000001000001010022001e0000000000001e00080000000008007809140b2a3a080200000100000101012c0028000000000000281a0400000000041a7809140b2a3a08000000010000010a00660069006c00650030002c00290000000000002900000000000000007809140b2a3a08000000010000010a00660069006c006500310000000000", 0xa0, 0xf800}, {&(0x7f0000011a00)="4552ed010a548701525249505f313939314154484520524f434b20524944474520494e5445524348414e47452050524f544f434f4c2050524f564944455320535550504f525420464f5220504f5349582046494c452053595354454d2053454d414e54494353504c4541534520434f4e544143542044495343205055424c495348455220464f522053504543494649434154494f4e20534f555243452e2020534545205055424c4953484552204944454e54494649455220494e205052494d41525920564f4c554d452044455343524950544f5220464f5220434f4e5441435420494e464f524d4154494f4e2e00"/256, 0x100, 0x10000}, {&(0x7f0000011b00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x10800}, {&(0x7f0000011c00)='syzkallers\x00'/32, 0x20, 0x11000}, {&(0x7f0000011d00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x14000}], 0x0, &(0x7f0000012200)) 03:38:17 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x1d, &(0x7f0000000200)={0x77359400}, 0x10) 03:38:17 executing program 6: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x1c, 0x3, 0x1, 0x301, 0x0, 0x0, {0x2}, [@CTA_MARK={0x8}]}, 0x1c}}, 0x0) [ 175.707536] loop1: detected capacity change from 0 to 764 [ 175.710222] ISO 9660 Extensions: Microsoft Joliet Level 3 03:38:17 executing program 7: mkdir(&(0x7f0000003b80)='./file0\x00', 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r0, r0, r0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r1) [ 175.716578] ISO 9660 Extensions: RRIP_1991A 03:38:17 executing program 3: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x401, 0x1400}, {0x0, 0xffff}], 0x2, 0x0) unshare(0x48040080) 03:38:17 executing program 0: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x401, 0x1400}, {0x0, 0xffff}], 0x2, 0x0) unshare(0x48040080) 03:38:17 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x7}, 0x18292}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r1, 0x1, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 03:38:17 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x29, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='devpts\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) 03:38:17 executing program 6: ustat(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x1ff) close(0xffffffffffffffff) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) close(0xffffffffffffffff) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 03:38:17 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0x8}, @void}}}, 0x24}}, 0x0) 03:38:17 executing program 7: mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r0, r0, 0x0, 0x100000) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=r1, @ANYBLOB="02000100", @ANYRES32, @ANYBLOB="02000400", @ANYBLOB="040000f90000000000000000000068"], 0x3c, 0x0) lseek(0xffffffffffffffff, 0x2000005, 0x0) 03:38:17 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSPGRP(r0, 0x5410, 0x0) [ 175.842047] Process accounting resumed 03:38:17 executing program 5: keyctl$join(0x1, &(0x7f0000000180)={'syz', 0x3}) [ 175.871530] Process accounting resumed 03:38:17 executing program 6: ustat(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x1ff) close(0xffffffffffffffff) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) close(0xffffffffffffffff) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 03:38:17 executing program 7: mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r0, r0, 0x0, 0x100000) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=r1, @ANYBLOB="02000100", @ANYRES32, @ANYBLOB="02000400", @ANYBLOB="040000f90000000000000000000068"], 0x3c, 0x0) lseek(0xffffffffffffffff, 0x2000005, 0x0) 03:38:17 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSPGRP(r0, 0x5410, 0x0) 03:38:17 executing program 5: keyctl$join(0x1, &(0x7f0000000180)={'syz', 0x3}) [ 175.964837] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 175.979442] Process accounting resumed 03:38:17 executing program 5: keyctl$join(0x1, &(0x7f0000000180)={'syz', 0x3}) 03:38:17 executing program 7: mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r0, r0, 0x0, 0x100000) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=r1, @ANYBLOB="02000100", @ANYRES32, @ANYBLOB="02000400", @ANYBLOB="040000f90000000000000000000068"], 0x3c, 0x0) lseek(0xffffffffffffffff, 0x2000005, 0x0) 03:38:17 executing program 1: mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(r0, r0, 0x0, 0x100000) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=r1, @ANYBLOB="02000100", @ANYRES32, @ANYBLOB="02000400", @ANYBLOB="040000f90000000000000000000068"], 0x3c, 0x0) lseek(0xffffffffffffffff, 0x2000005, 0x0) [ 176.092648] Process accounting resumed [ 176.164582] Process accounting r VM DIAGNOSIS: 03:38:09 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=00000000000001fe RCX=ffffffff815efb04 RDX=ffff88803f513580 RSI=0000000000000004 RDI=ffffea0000d09df4 RBP=ffffea0000d09df4 RSP=ffff88803f5d74e8 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=dffffc0000000000 R13=00000000000000a2 R14=ffff88803f402520 R15=ffffea0000d09dc0 RIP=ffffffff817887b4 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd6a762f3a4 CR3=000000003a688000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823ba131 RDI=ffffffff8765a980 RBP=ffffffff8765a940 RSP=ffff88803f6c7690 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000066 R11=0000000000000001 R12=0000000000000066 R13=ffffffff8765a940 R14=0000000000000010 R15=ffffffff823ba120 RIP=ffffffff823ba189 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f6fa2901700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb49000d000 CR3=000000003b7ce000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000