Warning: Permanently added '[localhost]:28410' (ECDSA) to the list of known hosts. 2022/12/01 11:41:44 fuzzer started 2022/12/01 11:41:45 dialing manager at localhost:39771 syzkaller login: [ 43.570066] cgroup: Unknown subsys name 'net' [ 43.686405] cgroup: Unknown subsys name 'rlimit' 2022/12/01 11:41:57 syscalls: 2217 2022/12/01 11:41:57 code coverage: enabled 2022/12/01 11:41:57 comparison tracing: enabled 2022/12/01 11:41:57 extra coverage: enabled 2022/12/01 11:41:57 setuid sandbox: enabled 2022/12/01 11:41:57 namespace sandbox: enabled 2022/12/01 11:41:57 Android sandbox: enabled 2022/12/01 11:41:57 fault injection: enabled 2022/12/01 11:41:57 leak checking: enabled 2022/12/01 11:41:57 net packet injection: enabled 2022/12/01 11:41:57 net device setup: enabled 2022/12/01 11:41:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/12/01 11:41:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/12/01 11:41:57 USB emulation: enabled 2022/12/01 11:41:57 hci packet injection: enabled 2022/12/01 11:41:57 wifi device emulation: enabled 2022/12/01 11:41:57 802.15.4 emulation: enabled 2022/12/01 11:41:57 fetching corpus: 0, signal 0/2000 (executing program) 2022/12/01 11:41:58 fetching corpus: 50, signal 31895/35485 (executing program) 2022/12/01 11:41:58 fetching corpus: 100, signal 43184/48315 (executing program) 2022/12/01 11:41:58 fetching corpus: 150, signal 55379/61875 (executing program) 2022/12/01 11:41:58 fetching corpus: 200, signal 63689/71496 (executing program) 2022/12/01 11:41:58 fetching corpus: 250, signal 72204/81241 (executing program) 2022/12/01 11:41:58 fetching corpus: 300, signal 79782/89969 (executing program) 2022/12/01 11:41:58 fetching corpus: 350, signal 85759/97098 (executing program) 2022/12/01 11:41:59 fetching corpus: 400, signal 88884/101439 (executing program) 2022/12/01 11:41:59 fetching corpus: 450, signal 92243/105937 (executing program) 2022/12/01 11:41:59 fetching corpus: 500, signal 96337/111093 (executing program) 2022/12/01 11:41:59 fetching corpus: 550, signal 101517/117185 (executing program) 2022/12/01 11:41:59 fetching corpus: 600, signal 105198/121802 (executing program) 2022/12/01 11:41:59 fetching corpus: 650, signal 108510/126032 (executing program) 2022/12/01 11:41:59 fetching corpus: 700, signal 114691/132815 (executing program) 2022/12/01 11:42:00 fetching corpus: 750, signal 117000/136055 (executing program) 2022/12/01 11:42:00 fetching corpus: 800, signal 118642/138737 (executing program) 2022/12/01 11:42:00 fetching corpus: 850, signal 121835/142708 (executing program) 2022/12/01 11:42:00 fetching corpus: 900, signal 123804/145577 (executing program) 2022/12/01 11:42:00 fetching corpus: 950, signal 126576/149157 (executing program) 2022/12/01 11:42:00 fetching corpus: 1000, signal 129422/152756 (executing program) 2022/12/01 11:42:00 fetching corpus: 1050, signal 132497/156442 (executing program) 2022/12/01 11:42:00 fetching corpus: 1100, signal 134656/159348 (executing program) 2022/12/01 11:42:01 fetching corpus: 1150, signal 137222/162584 (executing program) 2022/12/01 11:42:01 fetching corpus: 1200, signal 140800/166610 (executing program) 2022/12/01 11:42:01 fetching corpus: 1250, signal 142223/168791 (executing program) 2022/12/01 11:42:01 fetching corpus: 1300, signal 143875/171138 (executing program) 2022/12/01 11:42:01 fetching corpus: 1350, signal 145208/173240 (executing program) 2022/12/01 11:42:01 fetching corpus: 1400, signal 148189/176615 (executing program) 2022/12/01 11:42:01 fetching corpus: 1450, signal 150003/178996 (executing program) 2022/12/01 11:42:01 fetching corpus: 1500, signal 151612/181249 (executing program) 2022/12/01 11:42:02 fetching corpus: 1550, signal 153374/183592 (executing program) 2022/12/01 11:42:02 fetching corpus: 1600, signal 155215/185949 (executing program) 2022/12/01 11:42:02 fetching corpus: 1650, signal 157225/188507 (executing program) 2022/12/01 11:42:02 fetching corpus: 1700, signal 159230/190880 (executing program) 2022/12/01 11:42:02 fetching corpus: 1750, signal 160820/192988 (executing program) 2022/12/01 11:42:02 fetching corpus: 1800, signal 162427/195056 (executing program) 2022/12/01 11:42:03 fetching corpus: 1850, signal 164436/197374 (executing program) 2022/12/01 11:42:03 fetching corpus: 1900, signal 165722/199169 (executing program) 2022/12/01 11:42:03 fetching corpus: 1950, signal 166788/200772 (executing program) 2022/12/01 11:42:03 fetching corpus: 2000, signal 168393/202793 (executing program) 2022/12/01 11:42:03 fetching corpus: 2050, signal 169797/204616 (executing program) 2022/12/01 11:42:03 fetching corpus: 2100, signal 171487/206696 (executing program) 2022/12/01 11:42:03 fetching corpus: 2150, signal 173281/208723 (executing program) 2022/12/01 11:42:04 fetching corpus: 2200, signal 175034/210749 (executing program) 2022/12/01 11:42:04 fetching corpus: 2250, signal 176167/212339 (executing program) 2022/12/01 11:42:04 fetching corpus: 2300, signal 177957/214316 (executing program) 2022/12/01 11:42:04 fetching corpus: 2350, signal 179656/216298 (executing program) 2022/12/01 11:42:04 fetching corpus: 2400, signal 180855/217885 (executing program) 2022/12/01 11:42:04 fetching corpus: 2450, signal 181868/219301 (executing program) 2022/12/01 11:42:04 fetching corpus: 2500, signal 183294/221010 (executing program) 2022/12/01 11:42:05 fetching corpus: 2550, signal 184766/222739 (executing program) 2022/12/01 11:42:05 fetching corpus: 2600, signal 186556/224575 (executing program) 2022/12/01 11:42:05 fetching corpus: 2650, signal 187790/225991 (executing program) 2022/12/01 11:42:05 fetching corpus: 2700, signal 189281/227635 (executing program) 2022/12/01 11:42:05 fetching corpus: 2750, signal 190203/228909 (executing program) 2022/12/01 11:42:05 fetching corpus: 2800, signal 190808/229923 (executing program) 2022/12/01 11:42:05 fetching corpus: 2850, signal 191853/231205 (executing program) 2022/12/01 11:42:06 fetching corpus: 2900, signal 192648/232345 (executing program) 2022/12/01 11:42:06 fetching corpus: 2950, signal 193725/233648 (executing program) 2022/12/01 11:42:06 fetching corpus: 3000, signal 194477/234778 (executing program) 2022/12/01 11:42:06 fetching corpus: 3050, signal 195465/235989 (executing program) 2022/12/01 11:42:06 fetching corpus: 3100, signal 196647/237312 (executing program) 2022/12/01 11:42:06 fetching corpus: 3150, signal 197720/238577 (executing program) 2022/12/01 11:42:06 fetching corpus: 3200, signal 198957/239926 (executing program) 2022/12/01 11:42:06 fetching corpus: 3250, signal 200321/241306 (executing program) 2022/12/01 11:42:07 fetching corpus: 3300, signal 201587/242612 (executing program) 2022/12/01 11:42:07 fetching corpus: 3350, signal 202384/243622 (executing program) 2022/12/01 11:42:07 fetching corpus: 3400, signal 203366/244723 (executing program) 2022/12/01 11:42:07 fetching corpus: 3450, signal 204395/245881 (executing program) 2022/12/01 11:42:07 fetching corpus: 3500, signal 205631/247100 (executing program) 2022/12/01 11:42:07 fetching corpus: 3550, signal 206380/248087 (executing program) 2022/12/01 11:42:07 fetching corpus: 3600, signal 208119/249486 (executing program) 2022/12/01 11:42:08 fetching corpus: 3650, signal 208804/250388 (executing program) 2022/12/01 11:42:08 fetching corpus: 3700, signal 209496/251271 (executing program) 2022/12/01 11:42:08 fetching corpus: 3750, signal 210843/252448 (executing program) 2022/12/01 11:42:08 fetching corpus: 3800, signal 211513/253294 (executing program) 2022/12/01 11:42:08 fetching corpus: 3850, signal 212190/254139 (executing program) 2022/12/01 11:42:08 fetching corpus: 3900, signal 212863/254992 (executing program) 2022/12/01 11:42:09 fetching corpus: 3950, signal 213440/255799 (executing program) 2022/12/01 11:42:09 fetching corpus: 4000, signal 214021/256592 (executing program) 2022/12/01 11:42:09 fetching corpus: 4050, signal 214549/257327 (executing program) 2022/12/01 11:42:09 fetching corpus: 4100, signal 215581/258292 (executing program) 2022/12/01 11:42:09 fetching corpus: 4150, signal 216511/259203 (executing program) 2022/12/01 11:42:09 fetching corpus: 4200, signal 217414/260042 (executing program) 2022/12/01 11:42:09 fetching corpus: 4250, signal 218299/260915 (executing program) 2022/12/01 11:42:09 fetching corpus: 4300, signal 219344/261857 (executing program) 2022/12/01 11:42:10 fetching corpus: 4350, signal 220305/262722 (executing program) 2022/12/01 11:42:10 fetching corpus: 4400, signal 221017/263445 (executing program) 2022/12/01 11:42:10 fetching corpus: 4450, signal 221686/264212 (executing program) 2022/12/01 11:42:10 fetching corpus: 4500, signal 222581/265025 (executing program) 2022/12/01 11:42:10 fetching corpus: 4550, signal 223341/265782 (executing program) 2022/12/01 11:42:10 fetching corpus: 4600, signal 223822/266448 (executing program) 2022/12/01 11:42:10 fetching corpus: 4650, signal 224427/267124 (executing program) 2022/12/01 11:42:10 fetching corpus: 4700, signal 225174/267843 (executing program) 2022/12/01 11:42:11 fetching corpus: 4750, signal 225781/268470 (executing program) 2022/12/01 11:42:11 fetching corpus: 4800, signal 226445/269120 (executing program) 2022/12/01 11:42:11 fetching corpus: 4850, signal 226798/269660 (executing program) 2022/12/01 11:42:11 fetching corpus: 4900, signal 228128/270488 (executing program) 2022/12/01 11:42:11 fetching corpus: 4950, signal 229053/271216 (executing program) 2022/12/01 11:42:11 fetching corpus: 5000, signal 229683/271832 (executing program) 2022/12/01 11:42:11 fetching corpus: 5050, signal 230284/272441 (executing program) 2022/12/01 11:42:11 fetching corpus: 5100, signal 230674/272943 (executing program) 2022/12/01 11:42:12 fetching corpus: 5150, signal 231113/273504 (executing program) 2022/12/01 11:42:12 fetching corpus: 5200, signal 231567/274017 (executing program) 2022/12/01 11:42:12 fetching corpus: 5250, signal 232220/274602 (executing program) 2022/12/01 11:42:12 fetching corpus: 5300, signal 232998/275192 (executing program) 2022/12/01 11:42:12 fetching corpus: 5350, signal 233547/275749 (executing program) 2022/12/01 11:42:12 fetching corpus: 5400, signal 234159/276269 (executing program) 2022/12/01 11:42:12 fetching corpus: 5450, signal 234850/276856 (executing program) 2022/12/01 11:42:13 fetching corpus: 5500, signal 236368/277577 (executing program) 2022/12/01 11:42:13 fetching corpus: 5550, signal 237130/278087 (executing program) 2022/12/01 11:42:13 fetching corpus: 5600, signal 237508/278542 (executing program) 2022/12/01 11:42:13 fetching corpus: 5650, signal 238085/279052 (executing program) 2022/12/01 11:42:13 fetching corpus: 5700, signal 238545/279525 (executing program) 2022/12/01 11:42:13 fetching corpus: 5750, signal 239191/279986 (executing program) 2022/12/01 11:42:13 fetching corpus: 5800, signal 239951/280485 (executing program) 2022/12/01 11:42:14 fetching corpus: 5850, signal 240934/281039 (executing program) 2022/12/01 11:42:14 fetching corpus: 5900, signal 241562/281491 (executing program) 2022/12/01 11:42:14 fetching corpus: 5950, signal 242350/281927 (executing program) 2022/12/01 11:42:14 fetching corpus: 6000, signal 243258/282419 (executing program) 2022/12/01 11:42:14 fetching corpus: 6050, signal 243716/282776 (executing program) 2022/12/01 11:42:14 fetching corpus: 6100, signal 244448/283236 (executing program) 2022/12/01 11:42:14 fetching corpus: 6150, signal 244966/283616 (executing program) 2022/12/01 11:42:14 fetching corpus: 6200, signal 245537/283978 (executing program) 2022/12/01 11:42:15 fetching corpus: 6250, signal 245993/284341 (executing program) 2022/12/01 11:42:15 fetching corpus: 6300, signal 246424/284714 (executing program) 2022/12/01 11:42:15 fetching corpus: 6350, signal 246723/285045 (executing program) 2022/12/01 11:42:15 fetching corpus: 6400, signal 247175/285369 (executing program) 2022/12/01 11:42:15 fetching corpus: 6450, signal 247743/285762 (executing program) 2022/12/01 11:42:15 fetching corpus: 6500, signal 248399/286132 (executing program) 2022/12/01 11:42:15 fetching corpus: 6550, signal 248988/286501 (executing program) 2022/12/01 11:42:15 fetching corpus: 6600, signal 249630/286825 (executing program) 2022/12/01 11:42:16 fetching corpus: 6650, signal 250275/287139 (executing program) 2022/12/01 11:42:16 fetching corpus: 6700, signal 250756/287455 (executing program) 2022/12/01 11:42:16 fetching corpus: 6750, signal 251198/287746 (executing program) 2022/12/01 11:42:16 fetching corpus: 6800, signal 251788/288050 (executing program) 2022/12/01 11:42:16 fetching corpus: 6850, signal 252145/288352 (executing program) 2022/12/01 11:42:16 fetching corpus: 6900, signal 252760/288636 (executing program) 2022/12/01 11:42:16 fetching corpus: 6950, signal 253282/288896 (executing program) 2022/12/01 11:42:17 fetching corpus: 7000, signal 253751/289159 (executing program) 2022/12/01 11:42:17 fetching corpus: 7050, signal 254254/289420 (executing program) 2022/12/01 11:42:17 fetching corpus: 7100, signal 254828/289686 (executing program) 2022/12/01 11:42:17 fetching corpus: 7150, signal 255232/289929 (executing program) 2022/12/01 11:42:17 fetching corpus: 7200, signal 255865/290178 (executing program) 2022/12/01 11:42:17 fetching corpus: 7250, signal 256438/290199 (executing program) 2022/12/01 11:42:17 fetching corpus: 7300, signal 256861/290199 (executing program) 2022/12/01 11:42:18 fetching corpus: 7350, signal 257261/290199 (executing program) 2022/12/01 11:42:18 fetching corpus: 7400, signal 257879/290199 (executing program) 2022/12/01 11:42:18 fetching corpus: 7450, signal 258171/290199 (executing program) 2022/12/01 11:42:18 fetching corpus: 7500, signal 258476/290199 (executing program) 2022/12/01 11:42:18 fetching corpus: 7550, signal 258814/290199 (executing program) 2022/12/01 11:42:18 fetching corpus: 7600, signal 259426/290199 (executing program) 2022/12/01 11:42:18 fetching corpus: 7650, signal 259819/290199 (executing program) 2022/12/01 11:42:18 fetching corpus: 7700, signal 260192/290199 (executing program) 2022/12/01 11:42:18 fetching corpus: 7750, signal 260462/290199 (executing program) 2022/12/01 11:42:19 fetching corpus: 7800, signal 260806/290199 (executing program) 2022/12/01 11:42:19 fetching corpus: 7850, signal 261463/290199 (executing program) 2022/12/01 11:42:19 fetching corpus: 7900, signal 262251/290199 (executing program) 2022/12/01 11:42:19 fetching corpus: 7950, signal 262674/290199 (executing program) 2022/12/01 11:42:19 fetching corpus: 8000, signal 263254/290199 (executing program) 2022/12/01 11:42:19 fetching corpus: 8050, signal 263874/290199 (executing program) 2022/12/01 11:42:19 fetching corpus: 8100, signal 264350/290199 (executing program) 2022/12/01 11:42:19 fetching corpus: 8150, signal 264708/290199 (executing program) 2022/12/01 11:42:20 fetching corpus: 8200, signal 265069/290199 (executing program) 2022/12/01 11:42:20 fetching corpus: 8250, signal 265636/290199 (executing program) 2022/12/01 11:42:20 fetching corpus: 8300, signal 265980/290205 (executing program) 2022/12/01 11:42:20 fetching corpus: 8350, signal 266356/290206 (executing program) 2022/12/01 11:42:20 fetching corpus: 8400, signal 266619/290206 (executing program) 2022/12/01 11:42:20 fetching corpus: 8450, signal 267037/290206 (executing program) 2022/12/01 11:42:20 fetching corpus: 8500, signal 267523/290206 (executing program) 2022/12/01 11:42:21 fetching corpus: 8550, signal 268004/290206 (executing program) 2022/12/01 11:42:21 fetching corpus: 8600, signal 268413/290206 (executing program) 2022/12/01 11:42:21 fetching corpus: 8650, signal 268782/290206 (executing program) 2022/12/01 11:42:21 fetching corpus: 8700, signal 269204/290206 (executing program) 2022/12/01 11:42:21 fetching corpus: 8750, signal 269653/290206 (executing program) 2022/12/01 11:42:22 fetching corpus: 8800, signal 270146/290206 (executing program) 2022/12/01 11:42:22 fetching corpus: 8850, signal 270596/290206 (executing program) 2022/12/01 11:42:22 fetching corpus: 8900, signal 270910/290206 (executing program) 2022/12/01 11:42:22 fetching corpus: 8950, signal 271272/290206 (executing program) 2022/12/01 11:42:22 fetching corpus: 9000, signal 271722/290206 (executing program) 2022/12/01 11:42:22 fetching corpus: 9050, signal 272219/290206 (executing program) 2022/12/01 11:42:22 fetching corpus: 9100, signal 272554/290209 (executing program) 2022/12/01 11:42:23 fetching corpus: 9150, signal 272953/290209 (executing program) 2022/12/01 11:42:23 fetching corpus: 9200, signal 273383/290209 (executing program) 2022/12/01 11:42:23 fetching corpus: 9250, signal 273754/290209 (executing program) 2022/12/01 11:42:23 fetching corpus: 9300, signal 274434/290209 (executing program) 2022/12/01 11:42:23 fetching corpus: 9350, signal 274810/290209 (executing program) 2022/12/01 11:42:23 fetching corpus: 9400, signal 275173/290209 (executing program) 2022/12/01 11:42:24 fetching corpus: 9450, signal 275760/290209 (executing program) 2022/12/01 11:42:24 fetching corpus: 9500, signal 276070/290215 (executing program) 2022/12/01 11:42:24 fetching corpus: 9550, signal 276375/290215 (executing program) 2022/12/01 11:42:24 fetching corpus: 9600, signal 276776/290215 (executing program) 2022/12/01 11:42:24 fetching corpus: 9650, signal 277132/290215 (executing program) 2022/12/01 11:42:24 fetching corpus: 9700, signal 277491/290215 (executing program) 2022/12/01 11:42:24 fetching corpus: 9750, signal 278135/290215 (executing program) 2022/12/01 11:42:24 fetching corpus: 9800, signal 278459/290215 (executing program) 2022/12/01 11:42:25 fetching corpus: 9850, signal 278737/290215 (executing program) 2022/12/01 11:42:25 fetching corpus: 9900, signal 279064/290215 (executing program) 2022/12/01 11:42:25 fetching corpus: 9950, signal 279314/290215 (executing program) 2022/12/01 11:42:25 fetching corpus: 10000, signal 279561/290217 (executing program) 2022/12/01 11:42:25 fetching corpus: 10050, signal 279839/290217 (executing program) 2022/12/01 11:42:25 fetching corpus: 10100, signal 280064/290217 (executing program) 2022/12/01 11:42:25 fetching corpus: 10150, signal 280359/290217 (executing program) 2022/12/01 11:42:26 fetching corpus: 10200, signal 281041/290217 (executing program) 2022/12/01 11:42:26 fetching corpus: 10250, signal 281359/290218 (executing program) 2022/12/01 11:42:26 fetching corpus: 10300, signal 281661/290218 (executing program) 2022/12/01 11:42:26 fetching corpus: 10350, signal 281935/290218 (executing program) 2022/12/01 11:42:26 fetching corpus: 10400, signal 282252/290218 (executing program) 2022/12/01 11:42:26 fetching corpus: 10450, signal 282682/290218 (executing program) 2022/12/01 11:42:26 fetching corpus: 10500, signal 283374/290218 (executing program) 2022/12/01 11:42:27 fetching corpus: 10550, signal 283722/290218 (executing program) 2022/12/01 11:42:27 fetching corpus: 10600, signal 284146/290218 (executing program) 2022/12/01 11:42:27 fetching corpus: 10650, signal 284653/290218 (executing program) 2022/12/01 11:42:27 fetching corpus: 10700, signal 284884/290218 (executing program) 2022/12/01 11:42:27 fetching corpus: 10750, signal 285316/290218 (executing program) 2022/12/01 11:42:27 fetching corpus: 10771, signal 285397/290218 (executing program) 2022/12/01 11:42:27 fetching corpus: 10771, signal 285397/290218 (executing program) 2022/12/01 11:42:30 starting 8 fuzzer processes 11:42:30 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)={[{@abort}, {@test_dummy_encryption}]}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) 11:42:30 executing program 2: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:42:30 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 11:42:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000500)=0x3, 0x4) 11:42:30 executing program 4: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x0, 0x6, 0x89}) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffbffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001280)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000013c0)='/sys/module/pcmcia_core', 0x0, 0x0) dup2(r2, r2) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23, 0x10001, @mcast1, 0x11}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = dup(r3) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r5, 0x29, 0x37, &(0x7f0000000100)={0x2b, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x81}, @ra={0x5, 0x2, 0x2744}]}, 0x10) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000140)={0x40000008}) 11:42:30 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001800), r0) sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000001840)={0x14, r1, 0x1, 0x0, 0x0, {0x21}}, 0x14}}, 0x0) [ 89.087524] audit: type=1400 audit(1669894950.821:6): avc: denied { execmem } for pid=257 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:42:30 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x5601, 0x0) 11:42:30 executing program 7: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x0, @loopback}, {0x2, 0x0, @private}, {0x2, 0x0, @broadcast}, 0xc0}) [ 90.398399] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.400921] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.403987] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.405505] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.407234] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.409364] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.416123] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.418092] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.424041] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 90.426258] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.428778] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 90.452282] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.454467] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.460625] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.466721] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.477971] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.479627] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 90.483103] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 90.484907] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.486216] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 90.488574] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 90.500992] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 90.502812] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.505981] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.506561] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 90.510993] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 90.512194] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.512304] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 90.519063] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.525332] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 90.526622] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.547016] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 90.549837] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 90.550638] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 90.555963] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 90.556039] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 90.560005] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 90.560049] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 90.562397] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 90.594974] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 90.600979] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 90.604943] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 92.464761] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 92.528091] Bluetooth: hci2: command 0x0409 tx timeout [ 92.528717] Bluetooth: hci5: command 0x0409 tx timeout [ 92.529177] Bluetooth: hci1: command 0x0409 tx timeout [ 92.529621] Bluetooth: hci0: command 0x0409 tx timeout [ 92.591756] Bluetooth: hci7: command 0x0409 tx timeout [ 92.592314] Bluetooth: hci4: command 0x0409 tx timeout [ 92.656750] Bluetooth: hci6: command 0x0409 tx timeout [ 94.575908] Bluetooth: hci0: command 0x041b tx timeout [ 94.576322] Bluetooth: hci1: command 0x041b tx timeout [ 94.576731] Bluetooth: hci5: command 0x041b tx timeout [ 94.577088] Bluetooth: hci2: command 0x041b tx timeout [ 94.640737] Bluetooth: hci4: command 0x041b tx timeout [ 94.641604] Bluetooth: hci7: command 0x041b tx timeout [ 94.703794] Bluetooth: hci6: command 0x041b tx timeout [ 96.624015] Bluetooth: hci2: command 0x040f tx timeout [ 96.624063] Bluetooth: hci5: command 0x040f tx timeout [ 96.624805] Bluetooth: hci1: command 0x040f tx timeout [ 96.625183] Bluetooth: hci0: command 0x040f tx timeout [ 96.687810] Bluetooth: hci7: command 0x040f tx timeout [ 96.688512] Bluetooth: hci4: command 0x040f tx timeout [ 96.751777] Bluetooth: hci6: command 0x040f tx timeout [ 97.584784] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 98.671766] Bluetooth: hci1: command 0x0419 tx timeout [ 98.673081] Bluetooth: hci0: command 0x0419 tx timeout [ 98.673466] Bluetooth: hci5: command 0x0419 tx timeout [ 98.674007] Bluetooth: hci2: command 0x0419 tx timeout [ 98.737197] Bluetooth: hci4: command 0x0419 tx timeout [ 98.737722] Bluetooth: hci7: command 0x0419 tx timeout [ 98.800771] Bluetooth: hci6: command 0x0419 tx timeout [ 102.640956] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 107.567773] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 112.815736] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 115.697573] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 115.707469] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 115.721455] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 115.745614] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 115.756562] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 115.759139] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 117.807785] Bluetooth: hci3: command 0x0409 tx timeout [ 119.855746] Bluetooth: hci3: command 0x041b tx timeout [ 121.904723] Bluetooth: hci3: command 0x040f tx timeout [ 123.952807] Bluetooth: hci3: command 0x0419 tx timeout [ 146.221368] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.222312] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.223843] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 146.423215] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.424187] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.425639] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 146.560094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.561009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.569253] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 146.655411] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.656436] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.657965] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 146.753763] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.754365] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.810800] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 147.049063] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.049710] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.051174] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 147.083277] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.084035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.085454] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 147.290445] EXT4-fs: test_dummy_encryption option not supported [ 147.298893] EXT4-fs: test_dummy_encryption option not supported [ 147.323066] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.323833] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.325393] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 147.615424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.615999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.617361] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 147.776558] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.777168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.778764] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 147.797504] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.798057] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.799407] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 147.936516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 147.937317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.938781] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 148.007703] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.008431] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.009760] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 148.029095] audit: type=1400 audit(1669895009.765:7): avc: denied { open } for pid=3708 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 148.030550] audit: type=1400 audit(1669895009.766:8): avc: denied { kernel } for pid=3708 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 148.095220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.096057] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.097716] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 148.104689] hrtimer: interrupt took 17953 ns [ 148.940629] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 148.948599] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 159.140855] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.142231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.144625] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 159.173283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.174305] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.176377] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:43:41 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 11:43:41 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x5601, 0x0) 11:43:41 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x5601, 0x0) 11:43:41 executing program 7: r0 = syz_open_dev$loop(0x0, 0x0, 0x0) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000380), 0x4080, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='cmdline\x00') read$hiddev(r2, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f0000000140)=ANY=[@ANYBLOB="76fe912bf8885b434784eb5149af17b7fe3306212215c6c11f8e8a870bdcb53f8c35894c432d53f5558a7e613b72f6089f192ad1044c2b3b2c7d3fbaaec05eb72a7383f68148c2f2505917fda0116776605da7bae6", @ANYRES64]) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x80000001) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000380)={r0, 0x8, 0x1, 0x400}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x4, 0x0, &(0x7f0000000000)) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x4, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="0431"], 0xa) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_train_complete={{0x4f, 0x1}}}, 0x4) eventfd2(0xae, 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, 0x0, 0x2, 0x70bd2b, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040840}, 0x40091) fallocate(r3, 0x0, 0x0, 0x87ffffc) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r4, &(0x7f0000000080)="01", 0x292e9) 11:43:41 executing program 2: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:43:41 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001800), r0) sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000001840)={0x14, r1, 0x1, 0x0, 0x0, {0x21}}, 0x14}}, 0x0) 11:43:41 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 11:43:41 executing program 4: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x0, 0x6, 0x89}) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffbffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001280)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000013c0)='/sys/module/pcmcia_core', 0x0, 0x0) dup2(r2, r2) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23, 0x10001, @mcast1, 0x11}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = dup(r3) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r5, 0x29, 0x37, &(0x7f0000000100)={0x2b, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x81}, @ra={0x5, 0x2, 0x2744}]}, 0x10) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000140)={0x40000008}) 11:43:41 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001800), r0) sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000001840)={0x14, r1, 0x1, 0x0, 0x0, {0x21}}, 0x14}}, 0x0) 11:43:41 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x5601, 0x0) 11:43:41 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 11:43:41 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x5601, 0x0) 11:43:41 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 11:43:41 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x5601, 0x0) [ 159.845933] Bluetooth: hci0: unexpected event 0x31 length: 7 > 6 [ 160.590513] Bluetooth: hci0: Opcode 0x c03 failed: -4 11:43:43 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001800), r0) sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000001840)={0x14, r1, 0x1, 0x0, 0x0, {0x21}}, 0x14}}, 0x0) 11:43:43 executing program 4: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x0, 0x6, 0x89}) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffbffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001280)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000013c0)='/sys/module/pcmcia_core', 0x0, 0x0) dup2(r2, r2) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23, 0x10001, @mcast1, 0x11}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = dup(r3) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r5, 0x29, 0x37, &(0x7f0000000100)={0x2b, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x81}, @ra={0x5, 0x2, 0x2744}]}, 0x10) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000140)={0x40000008}) 11:43:43 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x5601, 0x0) 11:43:43 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 11:43:43 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 11:43:43 executing program 3: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:43:43 executing program 7: r0 = syz_open_dev$loop(0x0, 0x0, 0x0) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000380), 0x4080, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='cmdline\x00') read$hiddev(r2, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f0000000140)=ANY=[@ANYBLOB="76fe912bf8885b434784eb5149af17b7fe3306212215c6c11f8e8a870bdcb53f8c35894c432d53f5558a7e613b72f6089f192ad1044c2b3b2c7d3fbaaec05eb72a7383f68148c2f2505917fda0116776605da7bae6", @ANYRES64]) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x80000001) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000380)={r0, 0x8, 0x1, 0x400}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x4, 0x0, &(0x7f0000000000)) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x4, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="0431"], 0xa) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_train_complete={{0x4f, 0x1}}}, 0x4) eventfd2(0xae, 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, 0x0, 0x2, 0x70bd2b, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040840}, 0x40091) fallocate(r3, 0x0, 0x0, 0x87ffffc) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r4, &(0x7f0000000080)="01", 0x292e9) 11:43:43 executing program 2: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 160.633808] Bluetooth: hci0: unexpected event 0x31 length: 7 > 6 11:43:43 executing program 1: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:43:44 executing program 5: syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @remote}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "05764bebd1d6a0ad5fa927cc88b0fd52"}]}}}}}}}, 0x0) 11:43:44 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80084504, 0x0) 11:43:44 executing program 0: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000000, 0x12, r0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1, 0x0, 0x0) syncfs(0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0x3, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000040)={r2, 0xb58a, 0x100000001, 0x2}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) fsync(0xffffffffffffffff) 11:43:44 executing program 7: r0 = syz_open_dev$loop(0x0, 0x0, 0x0) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000380), 0x4080, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='cmdline\x00') read$hiddev(r2, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f0000000140)=ANY=[@ANYBLOB="76fe912bf8885b434784eb5149af17b7fe3306212215c6c11f8e8a870bdcb53f8c35894c432d53f5558a7e613b72f6089f192ad1044c2b3b2c7d3fbaaec05eb72a7383f68148c2f2505917fda0116776605da7bae6", @ANYRES64]) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x80000001) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000380)={r0, 0x8, 0x1, 0x400}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x4, 0x0, &(0x7f0000000000)) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x4, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="0431"], 0xa) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_train_complete={{0x4f, 0x1}}}, 0x4) eventfd2(0xae, 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, 0x0, 0x2, 0x70bd2b, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040840}, 0x40091) fallocate(r3, 0x0, 0x0, 0x87ffffc) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r4, &(0x7f0000000080)="01", 0x292e9) 11:43:44 executing program 5: waitid(0x0, 0xffffffffffffffff, 0x0, 0x20bf056def880394, 0x0) [ 162.105597] Bluetooth: hci0: unexpected event 0x31 length: 7 > 6 [ 162.724887] Bluetooth: hci0: unexpected event 0x31 length: 7 > 6 [ 162.846901] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 162.917153] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 163.089601] Bluetooth: hci0: Opcode 0x c03 failed: -4 11:43:48 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80084504, 0x0) 11:43:48 executing program 5: modify_ldt$write(0x1, &(0x7f0000000000), 0x10) modify_ldt$write(0xffffc90000000000, &(0x7f0000000040), 0x10) 11:43:48 executing program 0: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000000, 0x12, r0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1, 0x0, 0x0) syncfs(0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0x3, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000040)={r2, 0xb58a, 0x100000001, 0x2}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) fsync(0xffffffffffffffff) 11:43:48 executing program 7: r0 = syz_open_dev$loop(0x0, 0x0, 0x0) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000380), 0x4080, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='cmdline\x00') read$hiddev(r2, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f0000000140)=ANY=[@ANYBLOB="76fe912bf8885b434784eb5149af17b7fe3306212215c6c11f8e8a870bdcb53f8c35894c432d53f5558a7e613b72f6089f192ad1044c2b3b2c7d3fbaaec05eb72a7383f68148c2f2505917fda0116776605da7bae6", @ANYRES64]) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x80000001) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000380)={r0, 0x8, 0x1, 0x400}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x4, 0x0, &(0x7f0000000000)) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x4, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="0431"], 0xa) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_train_complete={{0x4f, 0x1}}}, 0x4) eventfd2(0xae, 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, 0x0, 0x2, 0x70bd2b, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040840}, 0x40091) fallocate(r3, 0x0, 0x0, 0x87ffffc) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r4, &(0x7f0000000080)="01", 0x292e9) 11:43:48 executing program 4: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x0, 0x6, 0x89}) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffbffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001280)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000013c0)='/sys/module/pcmcia_core', 0x0, 0x0) dup2(r2, r2) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23, 0x10001, @mcast1, 0x11}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = dup(r3) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r5, 0x29, 0x37, &(0x7f0000000100)={0x2b, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x81}, @ra={0x5, 0x2, 0x2744}]}, 0x10) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000140)={0x40000008}) 11:43:48 executing program 1: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:43:48 executing program 2: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:43:48 executing program 3: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:43:48 executing program 5: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000000, 0x12, r0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1, 0x0, 0x0) syncfs(0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0x3, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000040)={r2, 0xb58a, 0x100000001, 0x2}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) fsync(0xffffffffffffffff) 11:43:48 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80084504, 0x0) 11:43:48 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80084504, 0x0) 11:43:48 executing program 0: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000000, 0x12, r0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1, 0x0, 0x0) syncfs(0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0x3, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000040)={r2, 0xb58a, 0x100000001, 0x2}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) fsync(0xffffffffffffffff) 11:43:48 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x75, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0) socket$inet_udp(0x2, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 11:43:48 executing program 5: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000000, 0x12, r0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1, 0x0, 0x0) syncfs(0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0x3, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000040)={r2, 0xb58a, 0x100000001, 0x2}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) fsync(0xffffffffffffffff) [ 166.765825] Bluetooth: hci0: unexpected event 0x31 length: 7 > 6 [ 167.197967] audit: type=1400 audit(1669895028.934:9): avc: denied { write } for pid=4053 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 167.605053] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 167.622271] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 167.643430] Bluetooth: hci0: Opcode 0x c03 failed: -4 11:43:50 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x75, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0) socket$inet_udp(0x2, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 11:43:50 executing program 0: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000000, 0x12, r0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1, 0x0, 0x0) syncfs(0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0x3, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000040)={r2, 0xb58a, 0x100000001, 0x2}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) fsync(0xffffffffffffffff) 11:43:50 executing program 5: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000000, 0x12, r0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1, 0x0, 0x0) syncfs(0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0x3, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000040)={r2, 0xb58a, 0x100000001, 0x2}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) fsync(0xffffffffffffffff) 11:43:50 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:43:50 executing program 1: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:43:50 executing program 4: r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat(r0, &(0x7f0000000080)='./file0\x00', 0x40000, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect(r1, &(0x7f00000000c0)=@phonet={0x23, 0x0, 0x2, 0x2}, 0x80) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'}) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0}}, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xc}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="94031c855deb"}, 0x14) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) 11:43:50 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x4000) 11:43:50 executing program 3: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 168.437692] loop7: detected capacity change from 0 to 40 [ 168.497122] device lo entered promiscuous mode 11:43:50 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x75, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0) socket$inet_udp(0x2, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 11:43:50 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f0000000380)={0x0, "e7591341bd03eeb4d3db27a2fcf00ba0f5344b8cdca28d0923087f7cf416c1f5dfd330efdedae9b85ecf96b7232096909a55becd3f9892c98027b65c8a0a99c08813fe9c55cf4619b7ec32dc0a203b8be11e8052d6bb60cc4f6aad16c45f727a6fede7cc9ce282e103808786399b15144605f454a570aaf06bd78604ebda6b769130fa3da63ad3fde16eda0f8ade84a2f2677c4d984ccc28488e5545057795408262e8e1a1a64202a29ced67439d49b95f9cd59f08543f90f250cde1d7436a4bae7fe4e120faba4f362da97a19edd5d0a75f8a3cdf90e295cb6f015d4b5369fbb3064eeda713a30ae98ad52c034affe6391b9844d37498a8fa8b6cf4d69391a3ba5acce2f6ec0fd976e08b3a67a066d0a6eeab1e566db8d910c44ea79e41508f54278b2898163f6e4e22aa5167265db34dc3bebd4aeadcfb61083d9006419a366131aa80a230ee4825530734d8a525fe715c9d7ff4a2c81edabb8a25a18df9cd7e9fcfa2314b10911e7de25dfd08627b9e97f94fdc2dec3d5d3ba5971d698dc671022a89f45276488a847a46bd8c0f664af786496b924935e462f59c843f4e237814f2914c962882da874a1f0047ee2b86375596b98cc0194adfabad855300effaa5a4a519c4940804891912f1af4e6dfdde0f2d11a94bd27e07f3e5c17f249ccad7adff7a2d21e2dc7f61600687faa0b18c49272bab1c75ab18f3e702a7fec1"}) 11:43:50 executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) recvmmsg(r0, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010040, 0x0) 11:43:50 executing program 5: r0 = open$dir(&(0x7f0000000200)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000240)=""/220, 0xdc) getdents64(r0, 0x0, 0x0) 11:43:50 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x75, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0) socket$inet_udp(0x2, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 11:43:50 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) 11:43:50 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETAW(r0, 0x4b32, 0x0) 11:43:50 executing program 0: clone3(&(0x7f00000001c0)={0x123363500, &(0x7f0000000180)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pidfd_send_signal(r0, 0x0, &(0x7f0000000000)={0x0, 0x0, 0xfffffff9}, 0x0) [ 168.881964] syz-executor.7: attempt to access beyond end of device [ 168.881964] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 168.883312] Buffer I/O error on dev loop7, logical block 10, lost async page write 11:43:50 executing program 6: syz_80211_inject_frame(&(0x7f0000000300)=@device_b, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x2ff3, &(0x7f0000000100)={0x0, 0xc25, 0x20, 0x1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000002880), 0x4000101, 0x0) 11:43:50 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 169.028405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.052958] loop7: detected capacity change from 0 to 40 [ 169.251321] syz-executor.7: attempt to access beyond end of device [ 169.251321] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 169.252879] Buffer I/O error on dev loop7, logical block 10, lost async page write [ 169.257990] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 169.268837] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 169.699253] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 11:43:51 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETAW(r0, 0x4b32, 0x0) 11:43:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:43:51 executing program 0: clone3(&(0x7f00000001c0)={0x123363500, &(0x7f0000000180)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pidfd_send_signal(r0, 0x0, &(0x7f0000000000)={0x0, 0x0, 0xfffffff9}, 0x0) 11:43:51 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:43:51 executing program 3: r0 = syz_open_dev$loop(0x0, 0x40000000000002, 0x38d40) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000000}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(0xffffffffffffffff, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00') write$binfmt_aout(r2, &(0x7f0000000500)={{0x10b, 0x3, 0x5, 0xc6, 0x3b, 0x5, 0x15f, 0x1ea44656}, "8f50ba5b8d22b679908b5f67d23a437bceeff6412c8a120c7222669424424991a77225898b55ca6befbff3fd276bd7d165410f4b51bf5436816f782662ab3db5d5e6062bc14262802b8f1e16e79b32a69b1e8f3fbd63ce3d6d3e3b66fad7", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x97e) setxattr$trusted_overlay_origin(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400), 0x0, 0x0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000380)={r0, 0x0, 0x1, 0x400}) ioctl$BTRFS_IOC_BALANCE(r3, 0x5000940c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f0000000040)) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r4, &(0x7f0000000080)="01", 0x292e9) 11:43:51 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:43:51 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) stat(&(0x7f0000003a80)='./cgroup/cgroup.procs\x00', &(0x7f0000000380)) 11:43:51 executing program 4: r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat(r0, &(0x7f0000000080)='./file0\x00', 0x40000, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect(r1, &(0x7f00000000c0)=@phonet={0x23, 0x0, 0x2, 0x2}, 0x80) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'}) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0}}, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xc}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="94031c855deb"}, 0x14) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) 11:43:51 executing program 0: clone3(&(0x7f00000001c0)={0x123363500, &(0x7f0000000180)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pidfd_send_signal(r0, 0x0, &(0x7f0000000000)={0x0, 0x0, 0xfffffff9}, 0x0) [ 169.937620] loop7: detected capacity change from 0 to 40 [ 169.940469] loop2: detected capacity change from 0 to 40 [ 169.978879] loop1: detected capacity change from 0 to 40 [ 169.984301] device lo left promiscuous mode 11:43:51 executing program 0: clone3(&(0x7f00000001c0)={0x123363500, &(0x7f0000000180)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pidfd_send_signal(r0, 0x0, &(0x7f0000000000)={0x0, 0x0, 0xfffffff9}, 0x0) 11:43:51 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETAW(r0, 0x4b32, 0x0) [ 170.022284] device lo entered promiscuous mode 11:43:51 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETAW(r0, 0x4b32, 0x0) 11:43:52 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$unix(r1, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) 11:43:52 executing program 0: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) dup2(r0, r1) 11:43:52 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$sock_timeval(r0, 0x1, 0x42, &(0x7f0000000100)={0x0, 0xea60}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 11:43:52 executing program 0: prctl$PR_GET_TSC(0x19, &(0x7f0000000000)) prctl$PR_GET_TSC(0x25, &(0x7f0000000040)) [ 170.890720] syz-executor.7: attempt to access beyond end of device [ 170.890720] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 170.893688] Buffer I/O error on dev loop7, logical block 10, lost async page write 11:43:52 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 11:43:52 executing program 4: r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat(r0, &(0x7f0000000080)='./file0\x00', 0x40000, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect(r1, &(0x7f00000000c0)=@phonet={0x23, 0x0, 0x2, 0x2}, 0x80) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'}) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0}}, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xc}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="94031c855deb"}, 0x14) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) 11:43:52 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10005}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc042, 0x36) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) pwrite64(r1, &(0x7f00000000c0)='9', 0x1, 0x8040000) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) openat$cgroup_int(r1, 0x0, 0x2, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffff) openat$sr(0xffffffffffffff9c, 0x0, 0x44b43, 0x0) 11:43:52 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x14, 0x0, &(0x7f0000000100)) 11:43:52 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:43:52 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:43:52 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:43:52 executing program 3: r0 = syz_open_dev$loop(0x0, 0x40000000000002, 0x38d40) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000000}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(0xffffffffffffffff, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00') write$binfmt_aout(r2, &(0x7f0000000500)={{0x10b, 0x3, 0x5, 0xc6, 0x3b, 0x5, 0x15f, 0x1ea44656}, "8f50ba5b8d22b679908b5f67d23a437bceeff6412c8a120c7222669424424991a77225898b55ca6befbff3fd276bd7d165410f4b51bf5436816f782662ab3db5d5e6062bc14262802b8f1e16e79b32a69b1e8f3fbd63ce3d6d3e3b66fad7", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x97e) setxattr$trusted_overlay_origin(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400), 0x0, 0x0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000380)={r0, 0x0, 0x1, 0x400}) ioctl$BTRFS_IOC_BALANCE(r3, 0x5000940c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f0000000040)) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r4, &(0x7f0000000080)="01", 0x292e9) [ 171.098341] device lo left promiscuous mode [ 171.115469] loop1: detected capacity change from 0 to 40 [ 171.122176] loop2: detected capacity change from 0 to 40 [ 171.166579] device lo entered promiscuous mode [ 171.208712] loop7: detected capacity change from 0 to 40 11:43:52 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) stat(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000200)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x24e1, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)=0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_complete(0x0) 11:43:53 executing program 4: r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat(r0, &(0x7f0000000080)='./file0\x00', 0x40000, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect(r1, &(0x7f00000000c0)=@phonet={0x23, 0x0, 0x2, 0x2}, 0x80) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'}) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0}}, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xc}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="94031c855deb"}, 0x14) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) [ 172.073534] device lo left promiscuous mode [ 172.079036] device lo entered promiscuous mode [ 172.098920] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 172.155539] syz-executor.1: attempt to access beyond end of device [ 172.155539] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 172.157326] Buffer I/O error on dev loop1, logical block 10, lost async page write 11:43:53 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 11:43:53 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:43:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 172.269893] [ 172.270049] ====================================================== [ 172.270465] WARNING: possible circular locking dependency detected [ 172.270873] 6.1.0-rc7-next-20221201 #1 Not tainted [ 172.271196] ------------------------------------------------------ [ 172.271607] syz-executor.5/4176 is trying to acquire lock: [ 172.271982] ffff88800bd98400 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: ext4_bmap+0x52/0x470 [ 172.276169] [ 172.276169] but task is already holding lock: [ 172.276562] ffff88801052c3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48f/0xc10 [ 172.277236] [ 172.277236] which lock already depends on the new lock. [ 172.277236] [ 172.277781] [ 172.277781] the existing dependency chain (in reverse order) is: [ 172.278281] [ 172.278281] -> #4 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 172.278806] mutex_lock_io_nested+0x14c/0x1330 [ 172.279161] jbd2_journal_flush+0x19e/0xc10 [ 172.279508] __ext4_ioctl+0x9c5/0x4500 [ 172.279816] __x64_sys_ioctl+0x19e/0x210 [ 172.280133] do_syscall_64+0x3f/0x90 [ 172.280434] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 172.280825] [ 172.280825] -> #3 (&journal->j_barrier){+.+.}-{3:3}: [ 172.281298] __mutex_lock+0x136/0x14e0 [ 172.281608] jbd2_journal_lock_updates+0x162/0x310 [ 172.281983] ext4_change_inode_journal_flag+0x187/0x550 [ 172.282377] ext4_fileattr_set+0x14fb/0x19f0 [ 172.282712] vfs_fileattr_set+0x780/0xb90 [ 172.283034] do_vfs_ioctl+0xa6c/0x1af0 [ 172.283338] __x64_sys_ioctl+0x110/0x210 [ 172.283648] do_syscall_64+0x3f/0x90 [ 172.283953] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 172.284350] [ 172.284350] -> #2 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 172.284839] percpu_down_write+0x51/0x350 [ 172.285185] ext4_change_inode_journal_flag+0x17f/0x550 [ 172.285583] ext4_fileattr_set+0x14fb/0x19f0 [ 172.285914] vfs_fileattr_set+0x780/0xb90 [ 172.286238] do_vfs_ioctl+0xa6c/0x1af0 [ 172.286542] __x64_sys_ioctl+0x110/0x210 [ 172.286863] do_syscall_64+0x3f/0x90 [ 172.287164] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 172.287563] [ 172.287563] -> #1 (mapping.invalidate_lock){++++}-{3:3}: [ 172.288044] down_write+0x94/0x220 [ 172.288337] ext4_setattr+0x99d/0x2940 [ 172.288652] notify_change+0xca5/0x1400 [ 172.288982] do_truncate+0x143/0x200 [ 172.289303] do_sys_ftruncate+0x53c/0x720 [ 172.289647] do_syscall_64+0x3f/0x90 [ 172.289953] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 172.290330] [ 172.290330] -> #0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}: [ 172.290829] __lock_acquire+0x2a02/0x5e70 [ 172.291160] lock_acquire+0x1a6/0x530 [ 172.291455] down_read+0x9c/0x450 [ 172.291734] ext4_bmap+0x52/0x470 [ 172.292014] bmap+0xb0/0x130 [ 172.292416] jbd2_journal_bmap+0xac/0x190 [ 172.292771] jbd2_journal_flush+0x857/0xc10 [ 172.293117] __ext4_ioctl+0x9c5/0x4500 [ 172.293419] __x64_sys_ioctl+0x19e/0x210 [ 172.293726] do_syscall_64+0x3f/0x90 [ 172.294017] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 172.294401] [ 172.294401] other info that might help us debug this: [ 172.294401] [ 172.294925] Chain exists of: [ 172.294925] &sb->s_type->i_mutex_key#6 --> &journal->j_barrier --> &journal->j_checkpoint_mutex [ 172.294925] [ 172.295818] Possible unsafe locking scenario: [ 172.295818] [ 172.296213] CPU0 CPU1 [ 172.296514] ---- ---- [ 172.296824] lock(&journal->j_checkpoint_mutex); [ 172.297166] lock(&journal->j_barrier); [ 172.297636] lock(&journal->j_checkpoint_mutex); [ 172.298138] lock(&sb->s_type->i_mutex_key#6); [ 172.298466] [ 172.298466] *** DEADLOCK *** [ 172.298466] [ 172.298867] 2 locks held by syz-executor.5/4176: [ 172.299185] #0: ffff88801052c170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x162/0x310 [ 172.299885] #1: ffff88801052c3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48f/0xc10 [ 172.300610] [ 172.300610] stack backtrace: [ 172.300920] CPU: 0 PID: 4176 Comm: syz-executor.5 Not tainted 6.1.0-rc7-next-20221201 #1 [ 172.301470] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 172.302034] Call Trace: [ 172.302214] [ 172.302373] dump_stack_lvl+0x8f/0xb7 [ 172.302655] check_noncircular+0x263/0x2e0 [ 172.302955] ? __pfx_check_noncircular+0x10/0x10 [ 172.303291] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 172.303679] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 172.304009] __lock_acquire+0x2a02/0x5e70 [ 172.304319] ? __pfx___lock_acquire+0x10/0x10 [ 172.304645] ? mark_lock.part.0+0xef/0x2f70 [ 172.304956] lock_acquire+0x1a6/0x530 [ 172.305248] ? ext4_bmap+0x52/0x470 [ 172.305515] ? __pfx_lock_acquire+0x10/0x10 [ 172.305825] ? lock_is_held_type+0xdb/0x130 [ 172.306136] down_read+0x9c/0x450 [ 172.306392] ? ext4_bmap+0x52/0x470 [ 172.306658] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 172.307051] ? __pfx_down_read+0x10/0x10 [ 172.307345] ? lockdep_hardirqs_on+0x7d/0x100 [ 172.307663] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 172.308048] ext4_bmap+0x52/0x470 [ 172.308306] ? bmap+0x17/0x130 [ 172.308537] ? __pfx_ext4_bmap+0x10/0x10 [ 172.308824] bmap+0xb0/0x130 [ 172.309056] ? __pfx_do_raw_write_lock+0x10/0x10 [ 172.309405] jbd2_journal_bmap+0xac/0x190 [ 172.309709] ? __pfx_jbd2_journal_bmap+0x10/0x10 [ 172.310059] ? _raw_write_unlock+0x28/0x50 [ 172.310350] ? jbd2_mark_journal_empty+0x309/0x3f0 [ 172.310705] jbd2_journal_flush+0x857/0xc10 [ 172.311018] ? __pfx_jbd2_journal_flush+0x10/0x10 [ 172.311356] ? _raw_spin_unlock_irqrestore+0x37/0x60 [ 172.311710] ? __ext4_ioctl.cold+0x5/0x86 [ 172.312007] __ext4_ioctl+0x9c5/0x4500 [ 172.312286] ? perf_trace_run_bpf_submit+0xf3/0x1c0 [ 172.312641] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 172.313024] ? __pfx___ext4_ioctl+0x10/0x10 [ 172.313337] ? perf_trace_preemptirq_template+0x272/0x410 [ 172.313733] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 172.314150] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 172.314571] ? lock_is_held_type+0xdb/0x130 [ 172.314880] ? irqentry_enter+0x2a/0x60 [ 172.315170] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 172.315555] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 172.315948] ? lockdep_hardirqs_on+0x7d/0x100 [ 172.316278] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 172.316659] ? __pfx_ext4_ioctl+0x10/0x10 [ 172.316952] ? ext4_ioctl+0x17/0x30 [ 172.317220] ? __sanitizer_cov_trace_pc+0x47/0x70 [ 172.317567] ? __pfx_ext4_ioctl+0x10/0x10 [ 172.317865] __x64_sys_ioctl+0x19e/0x210 [ 172.318150] do_syscall_64+0x3f/0x90 [ 172.318424] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 172.318799] RIP: 0033:0x7f4535e9db19 [ 172.319064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 172.320277] RSP: 002b:00007f4533413188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 172.320795] RAX: ffffffffffffffda RBX: 00007f4535fb0f60 RCX: 00007f4535e9db19 [ 172.321297] RDX: 0000000020000000 RSI: 000000004004662b RDI: 0000000000000005 [ 172.321787] RBP: 00007f4535ef7f6d R08: 0000000000000000 R09: 0000000000000000 [ 172.322280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 172.322769] R13: 00007ffd6ce0e0bf R14: 00007f4533413300 R15: 0000000000022000 [ 172.323264] 11:43:54 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 11:43:54 executing program 0: r0 = socket$inet(0x2, 0xa, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) [ 172.919078] syz-executor.0 uses obsolete (PF_INET,SOCK_PACKET) [ 172.923201] loop1: detected capacity change from 0 to 40 [ 172.926716] loop2: detected capacity change from 0 to 40 11:43:54 executing program 3: r0 = syz_open_dev$loop(0x0, 0x40000000000002, 0x38d40) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000000}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(0xffffffffffffffff, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00') write$binfmt_aout(r2, &(0x7f0000000500)={{0x10b, 0x3, 0x5, 0xc6, 0x3b, 0x5, 0x15f, 0x1ea44656}, "8f50ba5b8d22b679908b5f67d23a437bceeff6412c8a120c7222669424424991a77225898b55ca6befbff3fd276bd7d165410f4b51bf5436816f782662ab3db5d5e6062bc14262802b8f1e16e79b32a69b1e8f3fbd63ce3d6d3e3b66fad7", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x97e) setxattr$trusted_overlay_origin(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400), 0x0, 0x0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000380)={r0, 0x0, 0x1, 0x400}) ioctl$BTRFS_IOC_BALANCE(r3, 0x5000940c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f0000000040)) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r4, &(0x7f0000000080)="01", 0x292e9) 11:43:54 executing program 0: r0 = socket$inet(0x2, 0xa, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) 11:43:54 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) stat(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000200)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x24e1, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)=0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_complete(0x0) 11:43:54 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 11:43:54 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) stat(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000200)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x24e1, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)=0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_complete(0x0) 11:43:54 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) [ 173.032314] syz-executor.2: attempt to access beyond end of device [ 173.032314] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 173.033423] Buffer I/O error on dev loop2, logical block 10, lost async page write 11:43:54 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) [ 173.045718] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 173.076837] syz-executor.1: attempt to access beyond end of device [ 173.076837] loop1: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 173.078963] Buffer I/O error on dev loop1, logical block 10, lost async page write 11:43:54 executing program 0: r0 = socket$inet(0x2, 0xa, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) 11:44:03 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 11:44:03 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x0, 0x3800411, &(0x7f0000000840)=ANY=[]) lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 11:44:03 executing program 0: r0 = socket$inet(0x2, 0xa, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) 11:44:03 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) stat(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000200)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x24e1, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)=0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_complete(0x0) 11:44:03 executing program 1: prctl$PR_MCE_KILL(0x21, 0x0, 0x0) 11:44:03 executing program 3: r0 = syz_open_dev$loop(0x0, 0x40000000000002, 0x38d40) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000000}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(0xffffffffffffffff, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00') write$binfmt_aout(r2, &(0x7f0000000500)={{0x10b, 0x3, 0x5, 0xc6, 0x3b, 0x5, 0x15f, 0x1ea44656}, "8f50ba5b8d22b679908b5f67d23a437bceeff6412c8a120c7222669424424991a77225898b55ca6befbff3fd276bd7d165410f4b51bf5436816f782662ab3db5d5e6062bc14262802b8f1e16e79b32a69b1e8f3fbd63ce3d6d3e3b66fad7", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x97e) setxattr$trusted_overlay_origin(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400), 0x0, 0x0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000380)={r0, 0x0, 0x1, 0x400}) ioctl$BTRFS_IOC_BALANCE(r3, 0x5000940c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f0000000040)) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r4, &(0x7f0000000080)="01", 0x292e9) 11:44:03 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) stat(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000200)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x24e1, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)=0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_complete(0x0) 11:44:03 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 11:44:03 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x121042, 0x21) pwritev(r2, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000000)="dbf225f5a4568675d4b9d93506777ce8e7e1", 0x12}, {&(0x7f0000000240)}], 0x3, 0x8001, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) [ 174.677057] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow 11:44:03 executing program 0: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x2}, 0x0, 0x0, r0) r1 = add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000200)="8b", 0x1, r0) keyctl$KEYCTL_MOVE(0x1e, r1, r0, 0xfffffffffffffffe, 0x0) VM DIAGNOSIS: 11:43:54 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff824842c0 RDI=ffffffff87fb1ae0 RBP=ffffffff87fb1aa0 RSP=ffff88804698f080 R8 =0000000000000004 R9 =0000000000000010 R10=0000000000000010 R11=0000000000000001 R12=0000000000002710 R13=0000000000000020 R14=fffffbfff0ff63ac R15=dffffc0000000000 RIP=ffffffff82484315 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4533413700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0327095000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0327093000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055d5edb2f4e8 CR3=000000000f520000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00323a372f6b636f6c622f7665642f73 XMM02=00ff0000000000000000000000000000 XMM03=696e656420737365636341002f737973 XMM04=00000000000000000000000000000000 XMM05=ffffffff00000004000055d5edb2dbf0 XMM06=000055d5edb1a6100000000000000000 XMM07=00000000000000000000000000000000 XMM08=610064253a64252f6b636f6c622f7665 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=ffff88800f1f6000 RCX=1ffff11001e3ef29 RDX=1ffff110031ad465 RSI=0000000000000000 RDI=ffff888018d6a328 RBP=ffff88800f1f7800 RSP=ffff88800ce3f3c0 R8 =0000000000000191 R9 =ffff88806cf393c8 R10=0000000000000001 R11=1ffff11003202016 R12=ffff88800f1f6000 R13=dffffc0000000000 R14=ffff888018d6a200 R15=ffff88800f1f6000 RIP=ffffffff81244556 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f84737cd8c0 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 ffff888000000000 00000000 00000000 TR =0040 fffffe5f5a6da000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe5f5a6d8000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055d5edb1a1f0 CR3=000000000f024000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffff000000000000ffff00ff00000000 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=00000000000000000000000000000000 XMM05=02010001000100ff0000000000000000 XMM06=0000000500000006000055d5edb43350 XMM07=00000000000000000000000000000000 XMM08=7269762f736563697665642f7379732f XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000