Warning: Permanently added '[localhost]:27560' (ECDSA) to the list of known hosts. 2023/06/13 11:14:15 fuzzer started 2023/06/13 11:14:15 dialing manager at localhost:44925 syzkaller login: [ 37.752053] cgroup: Unknown subsys name 'net' [ 37.824044] cgroup: Unknown subsys name 'rlimit' 2023/06/13 11:14:31 syscalls: 2217 2023/06/13 11:14:31 code coverage: enabled 2023/06/13 11:14:31 comparison tracing: enabled 2023/06/13 11:14:31 extra coverage: enabled 2023/06/13 11:14:31 setuid sandbox: enabled 2023/06/13 11:14:31 namespace sandbox: enabled 2023/06/13 11:14:31 Android sandbox: enabled 2023/06/13 11:14:31 fault injection: enabled 2023/06/13 11:14:31 leak checking: enabled 2023/06/13 11:14:31 net packet injection: enabled 2023/06/13 11:14:31 net device setup: enabled 2023/06/13 11:14:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/06/13 11:14:31 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/06/13 11:14:31 USB emulation: enabled 2023/06/13 11:14:31 hci packet injection: enabled 2023/06/13 11:14:31 wifi device emulation: enabled 2023/06/13 11:14:31 802.15.4 emulation: enabled 2023/06/13 11:14:31 fetching corpus: 0, signal 0/2000 (executing program) 2023/06/13 11:14:31 fetching corpus: 46, signal 28244/31752 (executing program) 2023/06/13 11:14:31 fetching corpus: 96, signal 41696/46544 (executing program) 2023/06/13 11:14:31 fetching corpus: 146, signal 51232/57387 (executing program) 2023/06/13 11:14:31 fetching corpus: 196, signal 59046/66371 (executing program) 2023/06/13 11:14:32 fetching corpus: 246, signal 65704/74082 (executing program) 2023/06/13 11:14:32 fetching corpus: 296, signal 70196/79676 (executing program) 2023/06/13 11:14:32 fetching corpus: 346, signal 74101/84654 (executing program) 2023/06/13 11:14:32 fetching corpus: 396, signal 80219/91595 (executing program) 2023/06/13 11:14:32 fetching corpus: 446, signal 82943/95330 (executing program) 2023/06/13 11:14:32 fetching corpus: 496, signal 86301/99563 (executing program) 2023/06/13 11:14:32 fetching corpus: 546, signal 88643/102877 (executing program) 2023/06/13 11:14:32 fetching corpus: 596, signal 92101/107062 (executing program) 2023/06/13 11:14:32 fetching corpus: 646, signal 96339/111921 (executing program) 2023/06/13 11:14:32 fetching corpus: 696, signal 98867/115192 (executing program) 2023/06/13 11:14:33 fetching corpus: 746, signal 102208/119168 (executing program) 2023/06/13 11:14:33 fetching corpus: 796, signal 106175/123592 (executing program) 2023/06/13 11:14:33 fetching corpus: 846, signal 108179/126346 (executing program) 2023/06/13 11:14:33 fetching corpus: 896, signal 110287/129133 (executing program) 2023/06/13 11:14:33 fetching corpus: 946, signal 114048/133218 (executing program) 2023/06/13 11:14:33 fetching corpus: 996, signal 115970/135718 (executing program) 2023/06/13 11:14:33 fetching corpus: 1046, signal 118083/138334 (executing program) 2023/06/13 11:14:33 fetching corpus: 1096, signal 120253/140968 (executing program) 2023/06/13 11:14:33 fetching corpus: 1146, signal 122027/143231 (executing program) 2023/06/13 11:14:34 fetching corpus: 1196, signal 123824/145487 (executing program) 2023/06/13 11:14:34 fetching corpus: 1246, signal 125743/147831 (executing program) 2023/06/13 11:14:34 fetching corpus: 1296, signal 127528/150042 (executing program) 2023/06/13 11:14:34 fetching corpus: 1346, signal 129912/152636 (executing program) 2023/06/13 11:14:34 fetching corpus: 1396, signal 131270/154485 (executing program) 2023/06/13 11:14:34 fetching corpus: 1446, signal 133242/156713 (executing program) 2023/06/13 11:14:34 fetching corpus: 1496, signal 135514/159123 (executing program) 2023/06/13 11:14:34 fetching corpus: 1546, signal 137029/160975 (executing program) 2023/06/13 11:14:34 fetching corpus: 1596, signal 138272/162628 (executing program) 2023/06/13 11:14:35 fetching corpus: 1646, signal 139719/164360 (executing program) 2023/06/13 11:14:35 fetching corpus: 1696, signal 141504/166302 (executing program) 2023/06/13 11:14:35 fetching corpus: 1746, signal 143128/168063 (executing program) 2023/06/13 11:14:35 fetching corpus: 1796, signal 144021/169367 (executing program) 2023/06/13 11:14:35 fetching corpus: 1846, signal 145148/170803 (executing program) 2023/06/13 11:14:35 fetching corpus: 1896, signal 146413/172262 (executing program) 2023/06/13 11:14:35 fetching corpus: 1946, signal 147326/173496 (executing program) 2023/06/13 11:14:35 fetching corpus: 1996, signal 148375/174849 (executing program) 2023/06/13 11:14:35 fetching corpus: 2046, signal 149468/176163 (executing program) 2023/06/13 11:14:36 fetching corpus: 2096, signal 150389/177352 (executing program) 2023/06/13 11:14:36 fetching corpus: 2146, signal 151051/178370 (executing program) 2023/06/13 11:14:36 fetching corpus: 2196, signal 152668/179968 (executing program) 2023/06/13 11:14:36 fetching corpus: 2246, signal 153743/181183 (executing program) 2023/06/13 11:14:36 fetching corpus: 2296, signal 155008/182533 (executing program) 2023/06/13 11:14:36 fetching corpus: 2346, signal 156229/183848 (executing program) 2023/06/13 11:14:36 fetching corpus: 2396, signal 157462/185121 (executing program) 2023/06/13 11:14:36 fetching corpus: 2446, signal 158632/186355 (executing program) 2023/06/13 11:14:37 fetching corpus: 2496, signal 159732/187466 (executing program) 2023/06/13 11:14:37 fetching corpus: 2546, signal 160709/188506 (executing program) 2023/06/13 11:14:37 fetching corpus: 2596, signal 162262/189838 (executing program) 2023/06/13 11:14:37 fetching corpus: 2646, signal 163170/190781 (executing program) 2023/06/13 11:14:37 fetching corpus: 2696, signal 163964/191654 (executing program) 2023/06/13 11:14:37 fetching corpus: 2746, signal 164619/192496 (executing program) 2023/06/13 11:14:37 fetching corpus: 2796, signal 165513/193378 (executing program) 2023/06/13 11:14:37 fetching corpus: 2846, signal 166317/194228 (executing program) 2023/06/13 11:14:37 fetching corpus: 2896, signal 167209/195124 (executing program) 2023/06/13 11:14:38 fetching corpus: 2946, signal 167835/195894 (executing program) 2023/06/13 11:14:38 fetching corpus: 2996, signal 168755/196781 (executing program) 2023/06/13 11:14:38 fetching corpus: 3046, signal 169388/197506 (executing program) 2023/06/13 11:14:38 fetching corpus: 3096, signal 170500/198398 (executing program) 2023/06/13 11:14:38 fetching corpus: 3146, signal 171152/199135 (executing program) 2023/06/13 11:14:38 fetching corpus: 3196, signal 172283/200016 (executing program) 2023/06/13 11:14:38 fetching corpus: 3246, signal 173190/200798 (executing program) 2023/06/13 11:14:38 fetching corpus: 3296, signal 174258/201657 (executing program) 2023/06/13 11:14:38 fetching corpus: 3346, signal 175134/202463 (executing program) 2023/06/13 11:14:38 fetching corpus: 3396, signal 175812/203107 (executing program) 2023/06/13 11:14:39 fetching corpus: 3446, signal 176717/203881 (executing program) 2023/06/13 11:14:39 fetching corpus: 3496, signal 177566/204538 (executing program) 2023/06/13 11:14:39 fetching corpus: 3546, signal 178644/205280 (executing program) 2023/06/13 11:14:39 fetching corpus: 3596, signal 179206/205860 (executing program) 2023/06/13 11:14:39 fetching corpus: 3646, signal 180019/206479 (executing program) 2023/06/13 11:14:39 fetching corpus: 3696, signal 180941/207123 (executing program) 2023/06/13 11:14:39 fetching corpus: 3746, signal 181825/207723 (executing program) 2023/06/13 11:14:39 fetching corpus: 3796, signal 183108/208461 (executing program) 2023/06/13 11:14:40 fetching corpus: 3846, signal 183707/208960 (executing program) 2023/06/13 11:14:40 fetching corpus: 3896, signal 184567/209552 (executing program) 2023/06/13 11:14:40 fetching corpus: 3946, signal 185219/210029 (executing program) 2023/06/13 11:14:40 fetching corpus: 3996, signal 185869/210533 (executing program) 2023/06/13 11:14:40 fetching corpus: 4046, signal 186303/210934 (executing program) 2023/06/13 11:14:40 fetching corpus: 4096, signal 186879/211365 (executing program) 2023/06/13 11:14:40 fetching corpus: 4146, signal 187582/211808 (executing program) 2023/06/13 11:14:40 fetching corpus: 4196, signal 188146/212239 (executing program) 2023/06/13 11:14:40 fetching corpus: 4246, signal 188619/212638 (executing program) 2023/06/13 11:14:41 fetching corpus: 4295, signal 189502/213106 (executing program) 2023/06/13 11:14:41 fetching corpus: 4345, signal 190062/213502 (executing program) 2023/06/13 11:14:41 fetching corpus: 4395, signal 190596/213854 (executing program) 2023/06/13 11:14:41 fetching corpus: 4445, signal 191476/214287 (executing program) 2023/06/13 11:14:41 fetching corpus: 4495, signal 191745/214565 (executing program) 2023/06/13 11:14:41 fetching corpus: 4545, signal 192086/214889 (executing program) 2023/06/13 11:14:41 fetching corpus: 4595, signal 192571/215192 (executing program) 2023/06/13 11:14:41 fetching corpus: 4645, signal 193197/215559 (executing program) 2023/06/13 11:14:41 fetching corpus: 4695, signal 193631/215890 (executing program) 2023/06/13 11:14:41 fetching corpus: 4745, signal 194190/216195 (executing program) 2023/06/13 11:14:42 fetching corpus: 4795, signal 194754/216481 (executing program) 2023/06/13 11:14:42 fetching corpus: 4845, signal 195100/216730 (executing program) 2023/06/13 11:14:42 fetching corpus: 4895, signal 196092/217030 (executing program) 2023/06/13 11:14:42 fetching corpus: 4945, signal 196501/217286 (executing program) 2023/06/13 11:14:42 fetching corpus: 4993, signal 196855/217520 (executing program) 2023/06/13 11:14:42 fetching corpus: 5043, signal 197294/217774 (executing program) 2023/06/13 11:14:42 fetching corpus: 5093, signal 197660/217985 (executing program) 2023/06/13 11:14:42 fetching corpus: 5143, signal 198417/218245 (executing program) 2023/06/13 11:14:42 fetching corpus: 5193, signal 199282/218488 (executing program) 2023/06/13 11:14:42 fetching corpus: 5243, signal 200135/218705 (executing program) 2023/06/13 11:14:42 fetching corpus: 5293, signal 200519/218887 (executing program) 2023/06/13 11:14:43 fetching corpus: 5343, signal 200971/219051 (executing program) 2023/06/13 11:14:43 fetching corpus: 5393, signal 201506/219244 (executing program) 2023/06/13 11:14:43 fetching corpus: 5443, signal 201956/219347 (executing program) 2023/06/13 11:14:43 fetching corpus: 5493, signal 202474/219347 (executing program) 2023/06/13 11:14:43 fetching corpus: 5543, signal 202974/219364 (executing program) 2023/06/13 11:14:43 fetching corpus: 5593, signal 203436/219364 (executing program) 2023/06/13 11:14:43 fetching corpus: 5643, signal 203781/219364 (executing program) 2023/06/13 11:14:43 fetching corpus: 5693, signal 204188/219364 (executing program) 2023/06/13 11:14:43 fetching corpus: 5743, signal 204584/219364 (executing program) 2023/06/13 11:14:44 fetching corpus: 5793, signal 204960/219364 (executing program) 2023/06/13 11:14:44 fetching corpus: 5843, signal 205353/219364 (executing program) 2023/06/13 11:14:44 fetching corpus: 5893, signal 205852/219364 (executing program) 2023/06/13 11:14:44 fetching corpus: 5943, signal 206344/219364 (executing program) 2023/06/13 11:14:44 fetching corpus: 5993, signal 206687/219364 (executing program) 2023/06/13 11:14:44 fetching corpus: 6043, signal 207280/219364 (executing program) 2023/06/13 11:14:44 fetching corpus: 6093, signal 207627/219428 (executing program) 2023/06/13 11:14:44 fetching corpus: 6143, signal 208190/219428 (executing program) 2023/06/13 11:14:44 fetching corpus: 6193, signal 208597/219428 (executing program) 2023/06/13 11:14:45 fetching corpus: 6243, signal 208866/219428 (executing program) 2023/06/13 11:14:45 fetching corpus: 6293, signal 209171/219428 (executing program) 2023/06/13 11:14:45 fetching corpus: 6343, signal 209503/219428 (executing program) 2023/06/13 11:14:45 fetching corpus: 6393, signal 209834/219428 (executing program) 2023/06/13 11:14:45 fetching corpus: 6443, signal 210368/219428 (executing program) 2023/06/13 11:14:45 fetching corpus: 6493, signal 210755/219428 (executing program) 2023/06/13 11:14:45 fetching corpus: 6543, signal 211103/219428 (executing program) 2023/06/13 11:14:45 fetching corpus: 6593, signal 211513/219508 (executing program) 2023/06/13 11:14:45 fetching corpus: 6643, signal 211917/219508 (executing program) 2023/06/13 11:14:45 fetching corpus: 6693, signal 212427/219508 (executing program) 2023/06/13 11:14:46 fetching corpus: 6743, signal 212824/219508 (executing program) 2023/06/13 11:14:46 fetching corpus: 6793, signal 213079/219508 (executing program) 2023/06/13 11:14:46 fetching corpus: 6843, signal 213345/219508 (executing program) 2023/06/13 11:14:46 fetching corpus: 6893, signal 213845/219509 (executing program) 2023/06/13 11:14:46 fetching corpus: 6943, signal 214544/219510 (executing program) 2023/06/13 11:14:46 fetching corpus: 6993, signal 215121/219534 (executing program) 2023/06/13 11:14:46 fetching corpus: 7043, signal 215566/219534 (executing program) 2023/06/13 11:14:46 fetching corpus: 7092, signal 216334/219534 (executing program) 2023/06/13 11:14:46 fetching corpus: 7142, signal 216648/219534 (executing program) 2023/06/13 11:14:47 fetching corpus: 7192, signal 216931/219534 (executing program) 2023/06/13 11:14:47 fetching corpus: 7224, signal 217151/219534 (executing program) 2023/06/13 11:14:47 fetching corpus: 7224, signal 217151/219534 (executing program) 2023/06/13 11:14:49 starting 8 fuzzer processes 11:14:49 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000a40)=@polexpire={0xcc, 0x1b, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@mark={0xc}]}, 0xcc}}, 0x0) 11:14:49 executing program 1: prctl$PR_SET_MM_MAP(0x21, 0xe, 0x0, 0x0) 11:14:49 executing program 2: r0 = io_uring_setup(0x3b2c, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_PROBE(r0, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000eb"], 0x2) 11:14:49 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6, 0x4, {0x83}}]}, 0x1c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) io_submit(0x0, 0x2, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x28, 0xffffffffffffffff, &(0x7f0000000000)="aee60b9d3a16bf3a0d8f84f70adfb0d08dabbd09704165008be1315c6ce97074b640dda589f635ce9b68e9fb11261eb08eebe7583173caf4f348a65a57f974619ac98150491b3f637856cc6ba82696ed7f5e64b960518203f82de637e0a3d943372f48f716ae5f47a0d23a", 0x6b, 0x0, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x3, r0, &(0x7f0000000240)="35883ddb17a16d0a79de2b26aa8d9dea022651", 0x13, 0x3}]) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) write$P9_RLINK(r2, 0x0, 0x0) r3 = getpid() pidfd_open(r3, 0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000340)=r3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000003c0)={'veth1_virt_wifi\x00'}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000001c0)={@loopback}, 0x14) fallocate(r4, 0x3f, 0x2, 0x2) 11:14:49 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040), 0x4) [ 69.531094] audit: type=1400 audit(1686654889.753:6): avc: denied { execmem } for pid=261 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:14:49 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x17, &(0x7f0000000000), 0x4) 11:14:49 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x2, 0x94421, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/route\x00') 11:14:49 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0x0, 0x0) shmat(0x0, &(0x7f0000ff0000/0x3000)=nil, 0x4000) [ 70.855917] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.857359] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.859237] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.860716] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.862294] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.863870] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.866483] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.867759] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.869386] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.871378] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.873672] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 70.874734] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.892750] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.895144] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.896790] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 70.899047] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 70.900423] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 70.900538] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 70.902430] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 70.903434] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.905358] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.907414] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.908626] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.914367] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 70.915724] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 70.916101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.919358] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 70.919439] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 70.921884] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 70.924467] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 70.926157] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 70.926465] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 70.928681] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 70.936404] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.938867] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 70.940211] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.941848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 70.943259] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 70.944505] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 70.957250] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 70.978323] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 70.979454] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 71.003787] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.005957] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.007411] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.010143] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.011572] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 71.013040] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 72.985547] Bluetooth: hci0: command 0x0409 tx timeout [ 72.987035] Bluetooth: hci3: command 0x0409 tx timeout [ 72.987776] Bluetooth: hci5: command 0x0409 tx timeout [ 72.988718] Bluetooth: hci6: command 0x0409 tx timeout [ 72.989465] Bluetooth: hci1: command 0x0409 tx timeout [ 72.990209] Bluetooth: hci2: command 0x0409 tx timeout [ 73.050340] Bluetooth: hci4: command 0x0409 tx timeout [ 73.051698] Bluetooth: hci7: command 0x0409 tx timeout [ 75.034046] Bluetooth: hci2: command 0x041b tx timeout [ 75.034501] Bluetooth: hci1: command 0x041b tx timeout [ 75.034939] Bluetooth: hci6: command 0x041b tx timeout [ 75.035379] Bluetooth: hci5: command 0x041b tx timeout [ 75.035779] Bluetooth: hci3: command 0x041b tx timeout [ 75.036203] Bluetooth: hci0: command 0x041b tx timeout [ 75.097928] Bluetooth: hci7: command 0x041b tx timeout [ 75.098337] Bluetooth: hci4: command 0x041b tx timeout [ 77.081976] Bluetooth: hci0: command 0x040f tx timeout [ 77.082563] Bluetooth: hci3: command 0x040f tx timeout [ 77.083113] Bluetooth: hci5: command 0x040f tx timeout [ 77.083463] Bluetooth: hci6: command 0x040f tx timeout [ 77.083814] Bluetooth: hci1: command 0x040f tx timeout [ 77.084191] Bluetooth: hci2: command 0x040f tx timeout [ 77.145937] Bluetooth: hci4: command 0x040f tx timeout [ 77.146323] Bluetooth: hci7: command 0x040f tx timeout [ 79.129947] Bluetooth: hci2: command 0x0419 tx timeout [ 79.130353] Bluetooth: hci1: command 0x0419 tx timeout [ 79.130797] Bluetooth: hci6: command 0x0419 tx timeout [ 79.131171] Bluetooth: hci5: command 0x0419 tx timeout [ 79.131619] Bluetooth: hci3: command 0x0419 tx timeout [ 79.132396] Bluetooth: hci0: command 0x0419 tx timeout [ 79.193029] Bluetooth: hci7: command 0x0419 tx timeout [ 79.193495] Bluetooth: hci4: command 0x0419 tx timeout [ 99.766498] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.767112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.839507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.840362] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.888563] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.889171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.998336] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.998865] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.028203] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.028712] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.118865] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.120032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.602573] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.603123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.735161] audit: type=1400 audit(1686654920.957:7): avc: denied { open } for pid=3822 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 100.736490] audit: type=1400 audit(1686654920.957:8): avc: denied { kernel } for pid=3822 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:15:20 executing program 6: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 100.803911] hrtimer: interrupt took 20428 ns [ 100.838756] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.839301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:15:21 executing program 6: pipe(&(0x7f0000001480)={0xffffffffffffffff}) fsetxattr$security_selinux(r0, &(0x7f0000003100), 0x0, 0x0, 0x0) 11:15:21 executing program 2: r0 = io_uring_setup(0x3b2c, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_PROBE(r0, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000eb"], 0x2) [ 100.885949] audit: type=1400 audit(1686654921.108:9): avc: denied { relabelfrom } for pid=3836 comm="syz-executor.6" name="" dev="pipefs" ino=14116 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 11:15:21 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6, 0x4, {0x83}}]}, 0x1c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) io_submit(0x0, 0x2, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x28, 0xffffffffffffffff, &(0x7f0000000000)="aee60b9d3a16bf3a0d8f84f70adfb0d08dabbd09704165008be1315c6ce97074b640dda589f635ce9b68e9fb11261eb08eebe7583173caf4f348a65a57f974619ac98150491b3f637856cc6ba82696ed7f5e64b960518203f82de637e0a3d943372f48f716ae5f47a0d23a", 0x6b, 0x0, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x3, r0, &(0x7f0000000240)="35883ddb17a16d0a79de2b26aa8d9dea022651", 0x13, 0x3}]) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) write$P9_RLINK(r2, 0x0, 0x0) r3 = getpid() pidfd_open(r3, 0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000340)=r3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000003c0)={'veth1_virt_wifi\x00'}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000001c0)={@loopback}, 0x14) fallocate(r4, 0x3f, 0x2, 0x2) 11:15:21 executing program 2: r0 = io_uring_setup(0x3b2c, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_PROBE(r0, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000eb"], 0x2) 11:15:21 executing program 6: pipe(&(0x7f0000001480)={0xffffffffffffffff}) fsetxattr$security_selinux(r0, &(0x7f0000003100), 0x0, 0x0, 0x0) 11:15:21 executing program 6: pipe(&(0x7f0000001480)={0xffffffffffffffff}) fsetxattr$security_selinux(r0, &(0x7f0000003100), 0x0, 0x0, 0x0) 11:15:21 executing program 2: r0 = io_uring_setup(0x3b2c, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_PROBE(r0, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000eb"], 0x2) [ 101.116263] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.116776] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.161114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.161649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.575833] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.576417] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.599406] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.600106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.612017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.612518] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.624398] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.624860] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.877005] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.877571] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.899150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.899666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.972660] audit: type=1400 audit(1686654922.194:10): avc: denied { tracepoint } for pid=3938 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:15:22 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000a40)=@polexpire={0xcc, 0x1b, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@mark={0xc}]}, 0xcc}}, 0x0) 11:15:22 executing program 1: prctl$PR_SET_MM_MAP(0x21, 0xe, 0x0, 0x0) 11:15:22 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x17, &(0x7f0000000000), 0x4) 11:15:22 executing program 6: pipe(&(0x7f0000001480)={0xffffffffffffffff}) fsetxattr$security_selinux(r0, &(0x7f0000003100), 0x0, 0x0, 0x0) 11:15:22 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040), 0x4) 11:15:22 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x2, 0x94421, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/route\x00') 11:15:22 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6, 0x4, {0x83}}]}, 0x1c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) io_submit(0x0, 0x2, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x28, 0xffffffffffffffff, &(0x7f0000000000)="aee60b9d3a16bf3a0d8f84f70adfb0d08dabbd09704165008be1315c6ce97074b640dda589f635ce9b68e9fb11261eb08eebe7583173caf4f348a65a57f974619ac98150491b3f637856cc6ba82696ed7f5e64b960518203f82de637e0a3d943372f48f716ae5f47a0d23a", 0x6b, 0x0, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x3, r0, &(0x7f0000000240)="35883ddb17a16d0a79de2b26aa8d9dea022651", 0x13, 0x3}]) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) write$P9_RLINK(r2, 0x0, 0x0) r3 = getpid() pidfd_open(r3, 0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000340)=r3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000003c0)={'veth1_virt_wifi\x00'}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000001c0)={@loopback}, 0x14) fallocate(r4, 0x3f, 0x2, 0x2) 11:15:22 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6, 0x4, {0x83}}]}, 0x1c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) io_submit(0x0, 0x2, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x28, 0xffffffffffffffff, &(0x7f0000000000)="aee60b9d3a16bf3a0d8f84f70adfb0d08dabbd09704165008be1315c6ce97074b640dda589f635ce9b68e9fb11261eb08eebe7583173caf4f348a65a57f974619ac98150491b3f637856cc6ba82696ed7f5e64b960518203f82de637e0a3d943372f48f716ae5f47a0d23a", 0x6b, 0x0, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x3, r0, &(0x7f0000000240)="35883ddb17a16d0a79de2b26aa8d9dea022651", 0x13, 0x3}]) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) write$P9_RLINK(r2, 0x0, 0x0) r3 = getpid() pidfd_open(r3, 0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000340)=r3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000003c0)={'veth1_virt_wifi\x00'}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000001c0)={@loopback}, 0x14) fallocate(r4, 0x3f, 0x2, 0x2) 11:15:22 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x17, &(0x7f0000000000), 0x4) 11:15:22 executing program 1: prctl$PR_SET_MM_MAP(0x21, 0xe, 0x0, 0x0) 11:15:22 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000a40)=@polexpire={0xcc, 0x1b, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@mark={0xc}]}, 0xcc}}, 0x0) 11:15:22 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6, 0x4, {0x83}}]}, 0x1c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) io_submit(0x0, 0x2, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x28, 0xffffffffffffffff, &(0x7f0000000000)="aee60b9d3a16bf3a0d8f84f70adfb0d08dabbd09704165008be1315c6ce97074b640dda589f635ce9b68e9fb11261eb08eebe7583173caf4f348a65a57f974619ac98150491b3f637856cc6ba82696ed7f5e64b960518203f82de637e0a3d943372f48f716ae5f47a0d23a", 0x6b, 0x0, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x3, r0, &(0x7f0000000240)="35883ddb17a16d0a79de2b26aa8d9dea022651", 0x13, 0x3}]) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) write$P9_RLINK(r2, 0x0, 0x0) r3 = getpid() pidfd_open(r3, 0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000340)=r3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000003c0)={'veth1_virt_wifi\x00'}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000001c0)={@loopback}, 0x14) fallocate(r4, 0x3f, 0x2, 0x2) 11:15:22 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x2, 0x94421, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/route\x00') 11:15:22 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040), 0x4) 11:15:22 executing program 1: prctl$PR_SET_MM_MAP(0x21, 0xe, 0x0, 0x0) 11:15:22 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x17, &(0x7f0000000000), 0x4) 11:15:22 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6, 0x4, {0x83}}]}, 0x1c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) io_submit(0x0, 0x2, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x28, 0xffffffffffffffff, &(0x7f0000000000)="aee60b9d3a16bf3a0d8f84f70adfb0d08dabbd09704165008be1315c6ce97074b640dda589f635ce9b68e9fb11261eb08eebe7583173caf4f348a65a57f974619ac98150491b3f637856cc6ba82696ed7f5e64b960518203f82de637e0a3d943372f48f716ae5f47a0d23a", 0x6b, 0x0, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x3, r0, &(0x7f0000000240)="35883ddb17a16d0a79de2b26aa8d9dea022651", 0x13, 0x3}]) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) write$P9_RLINK(r2, 0x0, 0x0) r3 = getpid() pidfd_open(r3, 0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000340)=r3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000003c0)={'veth1_virt_wifi\x00'}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000001c0)={@loopback}, 0x14) fallocate(r4, 0x3f, 0x2, 0x2) 11:15:22 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6, 0x4, {0x83}}]}, 0x1c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) io_submit(0x0, 0x2, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x28, 0xffffffffffffffff, &(0x7f0000000000)="aee60b9d3a16bf3a0d8f84f70adfb0d08dabbd09704165008be1315c6ce97074b640dda589f635ce9b68e9fb11261eb08eebe7583173caf4f348a65a57f974619ac98150491b3f637856cc6ba82696ed7f5e64b960518203f82de637e0a3d943372f48f716ae5f47a0d23a", 0x6b, 0x0, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x3, r0, &(0x7f0000000240)="35883ddb17a16d0a79de2b26aa8d9dea022651", 0x13, 0x3}]) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) write$P9_RLINK(r2, 0x0, 0x0) r3 = getpid() pidfd_open(r3, 0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000340)=r3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000003c0)={'veth1_virt_wifi\x00'}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000001c0)={@loopback}, 0x14) fallocate(r4, 0x3f, 0x2, 0x2) 11:15:22 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x15f) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="2321202eff"], 0xa4) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 11:15:22 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000000)=0x7fffffff) 11:15:22 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040), 0x4) 11:15:22 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000a40)=@polexpire={0xcc, 0x1b, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@mark={0xc}]}, 0xcc}}, 0x0) 11:15:22 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x2, 0x94421, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/route\x00') [ 102.491666] EXT4-fs warning (device sda): ext4_block_to_path:105: block 2147483647 > max in inode 15989 [ 102.501496] EXT4-fs warning (device sda): ext4_block_to_path:105: block 2147483647 > max in inode 15989 [ 102.526826] process 'syz-executor.1' launched './file1' with NULL argv: empty string added 11:15:22 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000000)=0x7fffffff) 11:15:22 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x15f) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="2321202eff"], 0xa4) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) [ 102.608705] EXT4-fs warning (device sda): ext4_block_to_path:105: block 2147483647 > max in inode 15989 11:15:22 executing program 0: shmget(0x3, 0x6000, 0x0, &(0x7f0000ffa000/0x6000)=nil) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) io_uring_setup(0x7f8b, &(0x7f0000001100)) syz_io_uring_setup(0x6ee1, &(0x7f0000001180)={0x0, 0x0, 0x2, 0x0, 0x2ab}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000001200), &(0x7f0000001240)) 11:15:22 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6, 0x4, {0x83}}]}, 0x1c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) io_submit(0x0, 0x2, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x28, 0xffffffffffffffff, &(0x7f0000000000)="aee60b9d3a16bf3a0d8f84f70adfb0d08dabbd09704165008be1315c6ce97074b640dda589f635ce9b68e9fb11261eb08eebe7583173caf4f348a65a57f974619ac98150491b3f637856cc6ba82696ed7f5e64b960518203f82de637e0a3d943372f48f716ae5f47a0d23a", 0x6b, 0x0, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x3, r0, &(0x7f0000000240)="35883ddb17a16d0a79de2b26aa8d9dea022651", 0x13, 0x3}]) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) write$P9_RLINK(r2, 0x0, 0x0) r3 = getpid() pidfd_open(r3, 0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000340)=r3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000003c0)={'veth1_virt_wifi\x00'}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000001c0)={@loopback}, 0x14) fallocate(r4, 0x3f, 0x2, 0x2) 11:15:22 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6, 0x4, {0x83}}]}, 0x1c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) io_submit(0x0, 0x2, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x28, 0xffffffffffffffff, &(0x7f0000000000)="aee60b9d3a16bf3a0d8f84f70adfb0d08dabbd09704165008be1315c6ce97074b640dda589f635ce9b68e9fb11261eb08eebe7583173caf4f348a65a57f974619ac98150491b3f637856cc6ba82696ed7f5e64b960518203f82de637e0a3d943372f48f716ae5f47a0d23a", 0x6b, 0x0, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x3, r0, &(0x7f0000000240)="35883ddb17a16d0a79de2b26aa8d9dea022651", 0x13, 0x3}]) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) write$P9_RLINK(r2, 0x0, 0x0) r3 = getpid() pidfd_open(r3, 0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000340)=r3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000003c0)={'veth1_virt_wifi\x00'}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000001c0)={@loopback}, 0x14) fallocate(r4, 0x3f, 0x2, 0x2) 11:15:22 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x23800) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000180)=""/110, 0x6e}], 0x1) 11:15:22 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000000)=0x7fffffff) 11:15:22 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x15f) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="2321202eff"], 0xa4) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 11:15:22 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netlink\x00') pread64(r0, &(0x7f0000000080)=""/78, 0x5, 0xaa2) 11:15:22 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) read(r0, &(0x7f0000000440)=""/4096, 0x1000) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000000)) 11:15:22 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6, 0x4, {0x83}}]}, 0x1c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) io_submit(0x0, 0x2, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x28, 0xffffffffffffffff, &(0x7f0000000000)="aee60b9d3a16bf3a0d8f84f70adfb0d08dabbd09704165008be1315c6ce97074b640dda589f635ce9b68e9fb11261eb08eebe7583173caf4f348a65a57f974619ac98150491b3f637856cc6ba82696ed7f5e64b960518203f82de637e0a3d943372f48f716ae5f47a0d23a", 0x6b, 0x0, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x3, r0, &(0x7f0000000240)="35883ddb17a16d0a79de2b26aa8d9dea022651", 0x13, 0x3}]) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) write$P9_RLINK(r2, 0x0, 0x0) r3 = getpid() pidfd_open(r3, 0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000340)=r3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000003c0)={'veth1_virt_wifi\x00'}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000001c0)={@loopback}, 0x14) fallocate(r4, 0x3f, 0x2, 0x2) 11:15:22 executing program 0: shmget(0x3, 0x6000, 0x0, &(0x7f0000ffa000/0x6000)=nil) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) io_uring_setup(0x7f8b, &(0x7f0000001100)) syz_io_uring_setup(0x6ee1, &(0x7f0000001180)={0x0, 0x0, 0x2, 0x0, 0x2ab}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000001200), &(0x7f0000001240)) [ 102.825825] EXT4-fs warning (device sda): ext4_block_to_path:105: block 2147483647 > max in inode 15993 11:15:23 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x23800) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000180)=""/110, 0x6e}], 0x1) 11:15:23 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) read(r0, &(0x7f0000000440)=""/4096, 0x1000) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000000)) 11:15:23 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x23800) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000180)=""/110, 0x6e}], 0x1) 11:15:23 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x15f) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="2321202eff"], 0xa4) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 11:15:23 executing program 0: shmget(0x3, 0x6000, 0x0, &(0x7f0000ffa000/0x6000)=nil) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) io_uring_setup(0x7f8b, &(0x7f0000001100)) syz_io_uring_setup(0x6ee1, &(0x7f0000001180)={0x0, 0x0, 0x2, 0x0, 0x2ab}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000001200), &(0x7f0000001240)) 11:15:23 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000000)=0x7fffffff) 11:15:23 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x23800) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000180)=""/110, 0x6e}], 0x1) 11:15:23 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netlink\x00') pread64(r0, &(0x7f0000000080)=""/78, 0x5, 0xaa2) 11:15:23 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x23800) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000180)=""/110, 0x6e}], 0x1) 11:15:23 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) read(r0, &(0x7f0000000440)=""/4096, 0x1000) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000000)) [ 103.093688] EXT4-fs warning (device sda): ext4_block_to_path:105: block 2147483647 > max in inode 16011 11:15:23 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x23800) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000180)=""/110, 0x6e}], 0x1) 11:15:23 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netlink\x00') pread64(r0, &(0x7f0000000080)=""/78, 0x5, 0xaa2) 11:15:23 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) read(r0, &(0x7f0000000440)=""/4096, 0x1000) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000000)) 11:15:23 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) read(r0, &(0x7f0000000440)=""/4096, 0x1000) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000000)) 11:15:23 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x23800) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000180)=""/110, 0x6e}], 0x1) 11:15:23 executing program 0: shmget(0x3, 0x6000, 0x0, &(0x7f0000ffa000/0x6000)=nil) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) io_uring_setup(0x7f8b, &(0x7f0000001100)) syz_io_uring_setup(0x6ee1, &(0x7f0000001180)={0x0, 0x0, 0x2, 0x0, 0x2ab}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000001200), &(0x7f0000001240)) 11:15:23 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netlink\x00') pread64(r0, &(0x7f0000000080)=""/78, 0x5, 0xaa2) 11:15:23 executing program 1: fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2400, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000800)='./file0\x00', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000000)=""/55, 0x37, 0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0xb) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x100000000000000, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() [ 103.459141] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4080 'syz-executor.5' 11:15:23 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) read(r0, &(0x7f0000000440)=""/4096, 0x1000) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000000)) 11:15:23 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2840}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = fsopen(&(0x7f0000000340)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f00000001c0)='./file0\x00') renameat(r1, &(0x7f0000000140)='./file0/file0\x00', r1, &(0x7f0000000180)='./file1\x00') openat(r1, &(0x7f0000000000)='./file2\x00', 0x60180, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) lsetxattr$trusted_overlay_origin(0x0, &(0x7f0000000040), &(0x7f0000000180), 0x2, 0x2) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:15:23 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) 11:15:23 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) read(r0, &(0x7f0000000440)=""/4096, 0x1000) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000000)) 11:15:23 executing program 1: fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2400, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000800)='./file0\x00', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000000)=""/55, 0x37, 0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0xb) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x100000000000000, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() 11:15:23 executing program 4: clock_settime(0xa112d859a0fd71ef, &(0x7f0000000200)) [ 103.475462] loop5: detected capacity change from 0 to 40 11:15:23 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000000)=0x10001, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c) 11:15:23 executing program 3: ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) pread64(r0, &(0x7f00000002c0)=""/4096, 0x1000, 0x47be) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000053c0)=[{{0x0, 0x0, &(0x7f00000004c0)=[{0x0}], 0x1}}], 0x1, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xb, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x4, 0x7f, 0x0, 0x0, 0x0, 0x5, 0x4088, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1080, 0x0, 0x4, 0x7, 0x0, 0x3ff, 0x0, 0x0, 0xffffffff}, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0xd99) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f0000000240)="b1", 0x1, 0x0) fallocate(r2, 0x20, 0x0, 0xffff77ff000) r3 = socket$inet6(0xa, 0x3, 0x42) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) sendfile(r3, r2, 0x0, 0x1a000) dup2(r3, r3) 11:15:23 executing program 4: clock_settime(0xa112d859a0fd71ef, &(0x7f0000000200)) 11:15:23 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000000)=0x10001, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c) [ 103.575913] audit: type=1400 audit(1686654923.797:11): avc: denied { write } for pid=4090 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:15:23 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) 11:15:23 executing program 1: fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2400, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000800)='./file0\x00', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000000)=""/55, 0x37, 0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0xb) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x100000000000000, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() 11:15:23 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000000)=0x10001, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c) 11:15:23 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000000)=0x10001, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c) 11:15:23 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) 11:15:23 executing program 4: clock_settime(0xa112d859a0fd71ef, &(0x7f0000000200)) 11:15:23 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r0) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x2c, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}]}, 0x2c}}, 0x0) [ 103.794748] syz-executor.5: attempt to access beyond end of device [ 103.794748] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 103.795956] Buffer I/O error on dev loop5, logical block 10, lost async page write 11:15:24 executing program 1: fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2400, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000800)='./file0\x00', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000000)=""/55, 0x37, 0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0xb) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x100000000000000, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() 11:15:24 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) 11:15:24 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000000)=0x10001, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c) 11:15:24 executing program 3: ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) pread64(r0, &(0x7f00000002c0)=""/4096, 0x1000, 0x47be) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000053c0)=[{{0x0, 0x0, &(0x7f00000004c0)=[{0x0}], 0x1}}], 0x1, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xb, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x4, 0x7f, 0x0, 0x0, 0x0, 0x5, 0x4088, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1080, 0x0, 0x4, 0x7, 0x0, 0x3ff, 0x0, 0x0, 0xffffffff}, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0xd99) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f0000000240)="b1", 0x1, 0x0) fallocate(r2, 0x20, 0x0, 0xffff77ff000) r3 = socket$inet6(0xa, 0x3, 0x42) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) sendfile(r3, r2, 0x0, 0x1a000) dup2(r3, r3) 11:15:24 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r0) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x2c, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}]}, 0x2c}}, 0x0) 11:15:24 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2840}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = fsopen(&(0x7f0000000340)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f00000001c0)='./file0\x00') renameat(r1, &(0x7f0000000140)='./file0/file0\x00', r1, &(0x7f0000000180)='./file1\x00') openat(r1, &(0x7f0000000000)='./file2\x00', 0x60180, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) lsetxattr$trusted_overlay_origin(0x0, &(0x7f0000000040), &(0x7f0000000180), 0x2, 0x2) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:15:24 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000000)=0x10001, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c) 11:15:24 executing program 4: clock_settime(0xa112d859a0fd71ef, &(0x7f0000000200)) [ 103.951722] loop5: detected capacity change from 0 to 40 11:15:24 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r0) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x2c, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}]}, 0x2c}}, 0x0) 11:15:24 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2840}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = fsopen(&(0x7f0000000340)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f00000001c0)='./file0\x00') renameat(r1, &(0x7f0000000140)='./file0/file0\x00', r1, &(0x7f0000000180)='./file1\x00') openat(r1, &(0x7f0000000000)='./file2\x00', 0x60180, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) lsetxattr$trusted_overlay_origin(0x0, &(0x7f0000000040), &(0x7f0000000180), 0x2, 0x2) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:15:24 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2840}], 0x0, &(0x7f0000000140)=ANY=[]) r0 = fsopen(&(0x7f0000000340)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f00000001c0)='./file0\x00') renameat(r1, &(0x7f0000000140)='./file0/file0\x00', r1, &(0x7f0000000180)='./file1\x00') openat(r1, &(0x7f0000000000)='./file2\x00', 0x60180, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) lsetxattr$trusted_overlay_origin(0x0, &(0x7f0000000040), &(0x7f0000000180), 0x2, 0x2) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0xfffffdef) 11:15:24 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000000)=0x10001, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c) 11:15:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000900)=@un=@abs, 0x80) [ 104.880804] loop2: detected capacity change from 0 to 40 [ 104.892587] loop0: detected capacity change from 0 to 40 11:15:25 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r0) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x2c, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}]}, 0x2c}}, 0x0) [ 105.065751] syz-executor.2: attempt to access beyond end of device [ 105.065751] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 105.067190] Buffer I/O error on dev loop2, logical block 10, lost async page write 11:15:25 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000900)=@un=@abs, 0x80) 11:15:25 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000900)=@un=@abs, 0x80) 11:15:25 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x2c, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000700100000f000000000000000000000004000000000002000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d6f4655f000000000000000001000000000000000b0000000004000008000000d2c20100120300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e33373631313835303700"/192, 0xc0, 0x400}, {&(0x7f0000010100)="000000000000000000000000c7b2a4502ed64a6eb421652eb677bbba010040000c00000000000000d6f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000003800000000000000", 0x40, 0x540}, {&(0x7f0000010300)="0300000004000000000000000000000000000000010400"/32, 0x20, 0x640}, {&(0x7f0000010400)="03000000040000000500000017000f000300040000000000000000000f008551", 0x20, 0x800}, {&(0x7f0000010500)="ff010000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d6f4655fd6f4655fd6f4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d6f4655fd7f4655fd7f4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000030000000", 0x40, 0x1800}, {&(0x7f0000010f00)="20000000681d5748681d574800000000d6f4655f00"/32, 0x20, 0x1880}, {&(0x7f0000011000)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000500000000200000004000000520000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x1c00}, {&(0x7f0000011100)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000600000000200000004000000620000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d6f4655f00"/160, 0xa0, 0x2000}, {&(0x7f0000011200)="c0410000002c0000d6f4655fd6f4655fd6f4655f00000000000002002000000000000800000000000af301000400000000000000000000000b00000040000000", 0x40, 0x3c00}, {&(0x7f0000011300)="20000000000000000000000000000000d6f4655f000000000000000000000000000002ea00"/64, 0x40, 0x3c80}, {&(0x7f0000011400)="ed4100003c000000d7f4655fd7f4655fd7f4655f0000000000000200000000000000001003000000020000000d0000001000050166696c65300000000e0000002800050766696c653100000000000000000000000000000000000000000000000000000097bbe33d00000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000000002ea04070000000000000000000000000000646174610000000000000000", 0xc0, 0x4000}, {&(0x7f0000011500)="ed8100001a040000d7f4655fd7f4655fd7f4655f00000000000001002000000000000800010000000af301000400000000000000000000000200000070000000000000000000000000000000000000000000000000000000000000000000000000000000ba8b7ff700000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000", 0xa0, 0x4400}, {&(0x7f0000011600)="ffa1000026000000d7f4655fd7f4655fd7f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3337363131383530372f66696c65302f66696c6530000000000000000000000000000000000000000000008cbe886300000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000", 0xa0, 0x4800}, {&(0x7f0000011700)="ed8100000a000000d7f4655fd7f4655fd7f4655f000000000000010000000000000000100100000073797a6b616c6c65727300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d33368e00000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000000002ea040700000000000000000000000000006461746106015403000000000600000000000000786174747231000006014c0300000000060000000000000078617474723200"/256, 0x100, 0x4c00}, {&(0x7f0000011800)="0000000000000000000000000000000078617474723200007861747472310000ed81000028230000d7f4655fd7f4655fd7f4655f00000000000002002000000000000800010000000af30100040000000000000000000000090000008000000000000000000000000000000000000000000000000000000000000000000000000000000072b2bc0c00000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000", 0xc0, 0x4fe0}, {&(0x7f0000011900)="ed81000064000000d7f4655fd7f4655fd7f4655f000000000000010000000000000000100100000073797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c0ac393e100000000000000000000000000000000000000000000000020000000681d5748681d5748681d5748d7f4655f681d57480000000000000000000002ea04073403000000002800000000000000646174610000000000000000", 0xc0, 0x5400}, {&(0x7f0000011a00)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lersyzkallersyzkallersyzkallersyzkallers', 0x40, 0x57c0}, {&(0x7f0000011b00)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0xc000}, {&(0x7f0000011c00)="0b0000000c0001022e000000020000000c0002022e2e000000000000e8030000", 0x20, 0x10000}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0x10400}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0x10800}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0x10c00}, {&(0x7f0000012000)="00000000000400"/32, 0x20, 0x11000}, {&(0x7f0000012100)="00000000000400"/32, 0x20, 0x11400}, {&(0x7f0000012200)="00000000000400"/32, 0x20, 0x11800}, {&(0x7f0000012300)="00000000000400"/32, 0x20, 0x11c00}, {&(0x7f0000012400)="00000000000400"/32, 0x20, 0x12000}, {&(0x7f0000012500)="00000000000400"/32, 0x20, 0x12400}, {&(0x7f0000012600)="00000000000400"/32, 0x20, 0x12800}, {&(0x7f0000012700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x14000}, {&(0x7f0000012800)="0200"/32, 0x20, 0x14400}, {&(0x7f0000012900)="0300"/32, 0x20, 0x14800}, {&(0x7f0000012a00)="0400"/32, 0x20, 0x14c00}, {&(0x7f0000012b00)="0500"/32, 0x20, 0x15000}, {&(0x7f0000012c00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000100"/96, 0x60, 0x15400}, {&(0x7f0000012d00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x18000}, {&(0x7f0000012e00)="0200"/32, 0x20, 0x18400}, {&(0x7f0000012f00)="0300"/32, 0x20, 0x18800}, {&(0x7f0000013000)="0400"/32, 0x20, 0x18c00}, {&(0x7f0000013100)="0500"/32, 0x20, 0x19000}, {&(0x7f0000013200)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000100"/96, 0x60, 0x19400}, {&(0x7f0000013300)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x1c000}], 0x0, &(0x7f0000013800)) [ 105.136696] loop6: detected capacity change from 0 to 1024 [ 105.287612] syz-executor.0: attempt to access beyond end of device [ 105.287612] loop0: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 105.290551] Buffer I/O error on dev loop0, logical block 10, lost async page write [ 105.402600] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.430599] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.515109] watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [syz-executor.3:4134] [ 128.515647] Modules linked in: [ 128.515865] irq event stamp: 213402 [ 128.516105] hardirqs last enabled at (213401): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 128.516754] hardirqs last disabled at (213402): [] sysvec_apic_timer_interrupt+0xf/0x90 [ 128.518642] softirqs last enabled at (213306): [] irq_exit_rcu+0x93/0xc0 [ 128.520342] softirqs last disabled at (213301): [] irq_exit_rcu+0x93/0xc0 [ 128.520848] CPU: 1 PID: 4134 Comm: syz-executor.3 Not tainted 6.4.0-rc6-next-20230613 #1 [ 128.521322] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.521838] RIP: 0010:__sanitizer_cov_trace_pc+0xb/0x70 [ 128.522214] Code: c0 e9 f9 c0 06 03 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 8b 05 9d 81 b7 7e <89> c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 00 8b 03 00 a9 [ 128.523701] RSP: 0018:ffff88804004f320 EFLAGS: 00000206 [ 128.524153] RAX: 0000000000000000 RBX: 000000000000ffd8 RCX: ffffffff83c33bb2 [ 128.524747] RDX: ffff88803db1d1c0 RSI: 0000000000000000 RDI: 0000000000000005 [ 128.525338] RBP: 0000000000000028 R08: 0000000000000005 R09: 0000000000000000 [ 128.525946] R10: 000000000000ffd8 R11: 0000000000000001 R12: 0000000000000001 [ 128.526543] R13: dffffc0000000000 R14: ffff88803e2e4000 R15: 0000000000000001 [ 128.527138] FS: 00007f528613f700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 128.527807] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.528295] CR2: 0000001b2c42e000 CR3: 000000001ca50000 CR4: 0000000000350ee0 [ 128.528892] Call Trace: [ 128.529123] [ 128.529319] ? watchdog_timer_fn+0x375/0x460 [ 128.529728] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 128.530136] ? __hrtimer_run_queues+0x17f/0xb60 [ 128.530443] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 128.530760] ? ktime_get_update_offsets_now+0x25a/0x360 [ 128.531095] ? hrtimer_interrupt+0x2ef/0x750 [ 128.531388] ? __sysvec_apic_timer_interrupt+0xff/0x380 [ 128.531714] ? sysvec_apic_timer_interrupt+0x69/0x90 [ 128.532028] [ 128.532172] [ 128.532317] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 128.532662] ? __ip6_append_data.isra.0+0xc02/0x4560 [ 128.532979] ? __sanitizer_cov_trace_pc+0xb/0x70 [ 128.533286] __ip6_append_data.isra.0+0xc0f/0x4560 [ 128.533601] ? __pfx_lock_release+0x10/0x10 [ 128.533883] ? __pfx_raw6_getfrag+0x10/0x10 [ 128.534163] ? __pfx___ip6_append_data.isra.0+0x10/0x10 [ 128.534489] ? ip6_mtu+0x1b4/0x3a0 [ 128.534725] ? ip6_setup_cork+0xcff/0x1550 [ 128.535001] ? __pfx_raw6_getfrag+0x10/0x10 [ 128.535272] ip6_append_data+0x1d4/0x530 [ 128.535532] rawv6_sendmsg+0x156e/0x3dc0 [ 128.535791] ? lock_acquire+0x19a/0x4c0 [ 128.536051] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 128.536341] ? jbd2_journal_stop+0x5cc/0xde0 [ 128.536619] ? lockdep_hardirqs_on_prepare+0x27b/0x3f0 [ 128.536944] ? kasan_quarantine_put+0x81/0x1d0 [ 128.537238] ? kasan_quarantine_put+0x81/0x1d0 [ 128.537531] ? jbd2_journal_stop+0x5cc/0xde0 [ 128.537829] ? kmem_cache_free+0x10d/0x4d0 [ 128.538112] ? sock_has_perm+0x1e2/0x270 [ 128.538384] ? __pfx_sock_has_perm+0x10/0x10 [ 128.538687] ? __pfx_lock_release+0x10/0x10 [ 128.538970] ? __ext4_journal_stop+0x10b/0x1f0 [ 128.539287] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 128.539582] inet_sendmsg+0x121/0x150 [ 128.539839] ? __pfx_inet_sendmsg+0x10/0x10 [ 128.540128] sock_sendmsg+0x19b/0x200 [ 128.540390] splice_to_socket+0x949/0xe10 [ 128.540686] ? __pfx_splice_to_socket+0x10/0x10 [ 128.541007] ? __pfx_filemap_splice_read+0x10/0x10 [ 128.541354] ? fsnotify_perm.part.0+0x227/0x610 [ 128.541689] ? ext4_file_splice_read+0x109/0x160 [ 128.542008] ? __pfx_splice_to_socket+0x10/0x10 [ 128.542327] direct_splice_actor+0x119/0x180 [ 128.542616] splice_direct_to_actor+0x349/0x9d0 [ 128.542915] ? __pfx_direct_splice_actor+0x10/0x10 [ 128.543228] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 128.543554] ? security_file_permission+0xb5/0xe0 [ 128.543857] do_splice_direct+0x1bb/0x290 [ 128.544121] ? __pfx_do_splice_direct+0x10/0x10 [ 128.544421] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 128.544746] ? security_file_permission+0xb5/0xe0 [ 128.545050] do_sendfile+0xb4b/0x12f0 [ 128.545302] ? __pfx_do_sendfile+0x10/0x10 [ 128.545566] ? __pfx___schedule+0x10/0x10 [ 128.545836] ? xfd_validate_state+0x51/0x170 [ 128.546122] ? restore_fpregs_from_fpstate+0xc3/0x1a0 [ 128.546446] __x64_sys_sendfile64+0x1d5/0x210 [ 128.546733] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 128.547047] ? lockdep_hardirqs_on_prepare+0x27b/0x3f0 [ 128.547371] do_syscall_64+0x3f/0x90 [ 128.547616] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 128.547937] RIP: 0033:0x7f5288beab19 [ 128.548169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.549243] RSP: 002b:00007f528613f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 128.549707] RAX: ffffffffffffffda RBX: 00007f5288cfe020 RCX: 00007f5288beab19 [ 128.550133] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000008 [ 128.550559] RBP: 00007f5288c44f6d R08: 0000000000000000 R09: 0000000000000000 [ 128.550987] R10: 000000000001a000 R11: 0000000000000246 R12: 0000000000000000 [ 128.551414] R13: 00007fff3ffcd42f R14: 00007f528613f300 R15: 0000000000022000 [ 128.551853] [ 128.552003] Sending NMI from CPU 1 to CPUs 0: [ 128.552298] NMI backtrace for cpu 0 skipped: idling at default_idle+0xf/0x20 VM DIAGNOSIS: 11:15:47 Registers: info registers vcpu 0 RAX=00000000000a9cc9 RBX=0000000000000000 RCX=ffffffff8450650e RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff81288995 RBP=dffffc0000000000 RSP=ffffffff85407e10 R8 =0000000000000001 R9 =ffffed100d9c6a00 R10=ffff88806ce35003 R11=0000000000000001 R12=ffffffff85d3a1d0 R13=1ffffffff0a80fc7 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8450749f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1bd4f5bf58 CR3=000000000e7a6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000004178269400000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000002e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff825054d5 RDI=ffffffff87f640a0 RBP=ffffffff87f64060 RSP=ffff88806cf099c0 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002e R11=0000000000000001 R12=000000000000002e R13=ffffffff87f64060 R14=0000000000000010 R15=ffffffff825054c0 RIP=ffffffff8250552d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f528613f700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2c42e000 CR3=000000001ca50000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000