Warning: Permanently added '[localhost]:28327' (ECDSA) to the list of known hosts. 2022/10/31 13:30:04 fuzzer started 2022/10/31 13:30:05 dialing manager at localhost:40945 syzkaller login: [ 52.166558] cgroup: Unknown subsys name 'net' [ 52.259746] cgroup: Unknown subsys name 'rlimit' 2022/10/31 13:30:19 syscalls: 2217 2022/10/31 13:30:19 code coverage: enabled 2022/10/31 13:30:19 comparison tracing: enabled 2022/10/31 13:30:19 extra coverage: enabled 2022/10/31 13:30:19 setuid sandbox: enabled 2022/10/31 13:30:19 namespace sandbox: enabled 2022/10/31 13:30:19 Android sandbox: enabled 2022/10/31 13:30:19 fault injection: enabled 2022/10/31 13:30:19 leak checking: enabled 2022/10/31 13:30:19 net packet injection: enabled 2022/10/31 13:30:19 net device setup: enabled 2022/10/31 13:30:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/31 13:30:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/31 13:30:19 USB emulation: enabled 2022/10/31 13:30:19 hci packet injection: enabled 2022/10/31 13:30:19 wifi device emulation: enabled 2022/10/31 13:30:19 802.15.4 emulation: enabled 2022/10/31 13:30:19 fetching corpus: 0, signal 0/2000 (executing program) 2022/10/31 13:30:19 fetching corpus: 50, signal 24159/27815 (executing program) 2022/10/31 13:30:19 fetching corpus: 100, signal 47335/52394 (executing program) 2022/10/31 13:30:19 fetching corpus: 150, signal 56246/62760 (executing program) 2022/10/31 13:30:19 fetching corpus: 200, signal 63724/71620 (executing program) 2022/10/31 13:30:20 fetching corpus: 250, signal 72290/81448 (executing program) 2022/10/31 13:30:20 fetching corpus: 300, signal 79105/89463 (executing program) 2022/10/31 13:30:20 fetching corpus: 350, signal 82923/94570 (executing program) 2022/10/31 13:30:20 fetching corpus: 400, signal 89634/102358 (executing program) 2022/10/31 13:30:20 fetching corpus: 450, signal 93513/107407 (executing program) 2022/10/31 13:30:20 fetching corpus: 500, signal 99432/114272 (executing program) 2022/10/31 13:30:20 fetching corpus: 550, signal 103838/119701 (executing program) 2022/10/31 13:30:20 fetching corpus: 600, signal 106669/123568 (executing program) 2022/10/31 13:30:21 fetching corpus: 650, signal 109480/127445 (executing program) 2022/10/31 13:30:21 fetching corpus: 700, signal 114582/133303 (executing program) 2022/10/31 13:30:21 fetching corpus: 750, signal 118267/137871 (executing program) 2022/10/31 13:30:21 fetching corpus: 800, signal 121738/142128 (executing program) 2022/10/31 13:30:21 fetching corpus: 850, signal 124216/145508 (executing program) 2022/10/31 13:30:21 fetching corpus: 900, signal 127219/149323 (executing program) 2022/10/31 13:30:21 fetching corpus: 950, signal 129910/152782 (executing program) 2022/10/31 13:30:22 fetching corpus: 1000, signal 131563/155361 (executing program) 2022/10/31 13:30:22 fetching corpus: 1050, signal 134622/159099 (executing program) 2022/10/31 13:30:22 fetching corpus: 1100, signal 137671/162829 (executing program) 2022/10/31 13:30:22 fetching corpus: 1150, signal 139814/165707 (executing program) 2022/10/31 13:30:22 fetching corpus: 1200, signal 142344/168863 (executing program) 2022/10/31 13:30:22 fetching corpus: 1250, signal 144855/172075 (executing program) 2022/10/31 13:30:22 fetching corpus: 1300, signal 149461/176875 (executing program) 2022/10/31 13:30:22 fetching corpus: 1350, signal 152350/180257 (executing program) 2022/10/31 13:30:23 fetching corpus: 1400, signal 153553/182223 (executing program) 2022/10/31 13:30:23 fetching corpus: 1450, signal 155514/184797 (executing program) 2022/10/31 13:30:23 fetching corpus: 1500, signal 157380/187268 (executing program) 2022/10/31 13:30:23 fetching corpus: 1550, signal 158624/189200 (executing program) 2022/10/31 13:30:23 fetching corpus: 1600, signal 160412/191553 (executing program) 2022/10/31 13:30:23 fetching corpus: 1650, signal 162397/194046 (executing program) 2022/10/31 13:30:23 fetching corpus: 1700, signal 164401/196454 (executing program) 2022/10/31 13:30:24 fetching corpus: 1750, signal 165905/198535 (executing program) 2022/10/31 13:30:24 fetching corpus: 1800, signal 168008/201053 (executing program) 2022/10/31 13:30:24 fetching corpus: 1850, signal 169140/202798 (executing program) 2022/10/31 13:30:24 fetching corpus: 1900, signal 170942/204989 (executing program) 2022/10/31 13:30:24 fetching corpus: 1950, signal 172466/206982 (executing program) 2022/10/31 13:30:24 fetching corpus: 2000, signal 173774/208744 (executing program) 2022/10/31 13:30:24 fetching corpus: 2050, signal 175422/210795 (executing program) 2022/10/31 13:30:25 fetching corpus: 2100, signal 176542/212458 (executing program) 2022/10/31 13:30:25 fetching corpus: 2150, signal 178259/214464 (executing program) 2022/10/31 13:30:25 fetching corpus: 2200, signal 179928/216508 (executing program) 2022/10/31 13:30:25 fetching corpus: 2250, signal 181916/218666 (executing program) 2022/10/31 13:30:25 fetching corpus: 2300, signal 182918/220124 (executing program) 2022/10/31 13:30:25 fetching corpus: 2350, signal 183960/221630 (executing program) 2022/10/31 13:30:25 fetching corpus: 2400, signal 185647/223520 (executing program) 2022/10/31 13:30:26 fetching corpus: 2450, signal 186557/224888 (executing program) 2022/10/31 13:30:26 fetching corpus: 2500, signal 187678/226406 (executing program) 2022/10/31 13:30:26 fetching corpus: 2550, signal 188647/227793 (executing program) 2022/10/31 13:30:26 fetching corpus: 2600, signal 190083/229531 (executing program) 2022/10/31 13:30:26 fetching corpus: 2650, signal 191214/230967 (executing program) 2022/10/31 13:30:26 fetching corpus: 2700, signal 192815/232707 (executing program) 2022/10/31 13:30:26 fetching corpus: 2750, signal 193944/234123 (executing program) 2022/10/31 13:30:26 fetching corpus: 2800, signal 195056/235588 (executing program) 2022/10/31 13:30:27 fetching corpus: 2850, signal 195911/236852 (executing program) 2022/10/31 13:30:27 fetching corpus: 2900, signal 196828/238121 (executing program) 2022/10/31 13:30:27 fetching corpus: 2950, signal 197978/239523 (executing program) 2022/10/31 13:30:27 fetching corpus: 3000, signal 198897/240782 (executing program) 2022/10/31 13:30:27 fetching corpus: 3050, signal 200288/242282 (executing program) 2022/10/31 13:30:27 fetching corpus: 3100, signal 201526/243684 (executing program) 2022/10/31 13:30:27 fetching corpus: 3150, signal 202766/245024 (executing program) 2022/10/31 13:30:28 fetching corpus: 3200, signal 203752/246261 (executing program) 2022/10/31 13:30:28 fetching corpus: 3250, signal 204608/247411 (executing program) 2022/10/31 13:30:28 fetching corpus: 3300, signal 205818/248714 (executing program) 2022/10/31 13:30:28 fetching corpus: 3350, signal 206776/249862 (executing program) 2022/10/31 13:30:28 fetching corpus: 3400, signal 208008/251138 (executing program) 2022/10/31 13:30:28 fetching corpus: 3450, signal 209064/252336 (executing program) 2022/10/31 13:30:29 fetching corpus: 3500, signal 210122/253486 (executing program) 2022/10/31 13:30:29 fetching corpus: 3550, signal 211108/254572 (executing program) 2022/10/31 13:30:29 fetching corpus: 3600, signal 211692/255462 (executing program) 2022/10/31 13:30:29 fetching corpus: 3650, signal 212346/256386 (executing program) 2022/10/31 13:30:29 fetching corpus: 3700, signal 213439/257540 (executing program) 2022/10/31 13:30:29 fetching corpus: 3750, signal 214459/258597 (executing program) 2022/10/31 13:30:29 fetching corpus: 3800, signal 215461/259697 (executing program) 2022/10/31 13:30:30 fetching corpus: 3850, signal 216800/260912 (executing program) 2022/10/31 13:30:30 fetching corpus: 3900, signal 217649/261825 (executing program) 2022/10/31 13:30:30 fetching corpus: 3950, signal 218294/262708 (executing program) 2022/10/31 13:30:30 fetching corpus: 4000, signal 219228/263640 (executing program) 2022/10/31 13:30:30 fetching corpus: 4050, signal 219822/264429 (executing program) 2022/10/31 13:30:30 fetching corpus: 4100, signal 220656/265354 (executing program) 2022/10/31 13:30:30 fetching corpus: 4150, signal 221377/266228 (executing program) 2022/10/31 13:30:31 fetching corpus: 4200, signal 222011/267036 (executing program) 2022/10/31 13:30:31 fetching corpus: 4250, signal 222761/267897 (executing program) 2022/10/31 13:30:31 fetching corpus: 4300, signal 223460/268753 (executing program) 2022/10/31 13:30:31 fetching corpus: 4350, signal 224224/269571 (executing program) 2022/10/31 13:30:31 fetching corpus: 4400, signal 225977/270820 (executing program) 2022/10/31 13:30:31 fetching corpus: 4450, signal 226899/271715 (executing program) 2022/10/31 13:30:31 fetching corpus: 4500, signal 227419/272390 (executing program) 2022/10/31 13:30:32 fetching corpus: 4550, signal 228383/273235 (executing program) 2022/10/31 13:30:32 fetching corpus: 4600, signal 229228/273997 (executing program) 2022/10/31 13:30:32 fetching corpus: 4650, signal 230199/274869 (executing program) 2022/10/31 13:30:32 fetching corpus: 4700, signal 231040/275649 (executing program) 2022/10/31 13:30:32 fetching corpus: 4750, signal 231572/276277 (executing program) 2022/10/31 13:30:32 fetching corpus: 4800, signal 232050/276905 (executing program) 2022/10/31 13:30:33 fetching corpus: 4850, signal 232776/277574 (executing program) 2022/10/31 13:30:33 fetching corpus: 4900, signal 233787/278409 (executing program) 2022/10/31 13:30:33 fetching corpus: 4950, signal 234746/279189 (executing program) 2022/10/31 13:30:33 fetching corpus: 5000, signal 235427/279857 (executing program) 2022/10/31 13:30:33 fetching corpus: 5050, signal 236365/280609 (executing program) 2022/10/31 13:30:33 fetching corpus: 5100, signal 237213/281312 (executing program) 2022/10/31 13:30:33 fetching corpus: 5150, signal 237965/281982 (executing program) 2022/10/31 13:30:33 fetching corpus: 5200, signal 238730/282619 (executing program) 2022/10/31 13:30:34 fetching corpus: 5250, signal 239275/283215 (executing program) 2022/10/31 13:30:34 fetching corpus: 5300, signal 239858/283803 (executing program) 2022/10/31 13:30:34 fetching corpus: 5350, signal 240370/284356 (executing program) 2022/10/31 13:30:34 fetching corpus: 5400, signal 240983/284913 (executing program) 2022/10/31 13:30:34 fetching corpus: 5450, signal 241425/285401 (executing program) 2022/10/31 13:30:34 fetching corpus: 5500, signal 242232/286010 (executing program) 2022/10/31 13:30:35 fetching corpus: 5550, signal 242906/286547 (executing program) 2022/10/31 13:30:35 fetching corpus: 5600, signal 243566/287101 (executing program) 2022/10/31 13:30:35 fetching corpus: 5650, signal 244427/287712 (executing program) 2022/10/31 13:30:35 fetching corpus: 5700, signal 245092/288260 (executing program) 2022/10/31 13:30:35 fetching corpus: 5750, signal 245683/288773 (executing program) 2022/10/31 13:30:35 fetching corpus: 5800, signal 246208/289246 (executing program) 2022/10/31 13:30:35 fetching corpus: 5850, signal 246772/289705 (executing program) 2022/10/31 13:30:36 fetching corpus: 5900, signal 247465/290212 (executing program) 2022/10/31 13:30:36 fetching corpus: 5950, signal 248197/290690 (executing program) 2022/10/31 13:30:36 fetching corpus: 6000, signal 248701/291109 (executing program) 2022/10/31 13:30:36 fetching corpus: 6050, signal 249159/291537 (executing program) 2022/10/31 13:30:36 fetching corpus: 6100, signal 249841/292000 (executing program) 2022/10/31 13:30:36 fetching corpus: 6150, signal 250309/292440 (executing program) 2022/10/31 13:30:36 fetching corpus: 6200, signal 250987/292912 (executing program) 2022/10/31 13:30:36 fetching corpus: 6250, signal 251341/293295 (executing program) 2022/10/31 13:30:37 fetching corpus: 6300, signal 251890/293728 (executing program) 2022/10/31 13:30:37 fetching corpus: 6350, signal 252406/294137 (executing program) 2022/10/31 13:30:37 fetching corpus: 6400, signal 252925/294552 (executing program) 2022/10/31 13:30:37 fetching corpus: 6450, signal 253682/294991 (executing program) 2022/10/31 13:30:37 fetching corpus: 6500, signal 254249/295372 (executing program) 2022/10/31 13:30:37 fetching corpus: 6550, signal 254786/295778 (executing program) 2022/10/31 13:30:37 fetching corpus: 6600, signal 255301/296163 (executing program) 2022/10/31 13:30:37 fetching corpus: 6650, signal 255718/296515 (executing program) 2022/10/31 13:30:38 fetching corpus: 6700, signal 256139/296863 (executing program) 2022/10/31 13:30:38 fetching corpus: 6750, signal 256545/297205 (executing program) 2022/10/31 13:30:38 fetching corpus: 6799, signal 257191/297530 (executing program) 2022/10/31 13:30:38 fetching corpus: 6849, signal 257661/297879 (executing program) 2022/10/31 13:30:38 fetching corpus: 6899, signal 258104/298199 (executing program) 2022/10/31 13:30:38 fetching corpus: 6949, signal 258543/298529 (executing program) 2022/10/31 13:30:38 fetching corpus: 6999, signal 258921/298839 (executing program) 2022/10/31 13:30:39 fetching corpus: 7049, signal 259594/299135 (executing program) 2022/10/31 13:30:39 fetching corpus: 7099, signal 260176/299437 (executing program) 2022/10/31 13:30:39 fetching corpus: 7149, signal 260886/299805 (executing program) 2022/10/31 13:30:39 fetching corpus: 7199, signal 261304/300063 (executing program) 2022/10/31 13:30:39 fetching corpus: 7249, signal 261777/300331 (executing program) 2022/10/31 13:30:39 fetching corpus: 7299, signal 262217/300620 (executing program) 2022/10/31 13:30:39 fetching corpus: 7349, signal 262806/300875 (executing program) 2022/10/31 13:30:39 fetching corpus: 7399, signal 263286/301129 (executing program) 2022/10/31 13:30:40 fetching corpus: 7449, signal 263649/301317 (executing program) 2022/10/31 13:30:40 fetching corpus: 7499, signal 264114/301317 (executing program) 2022/10/31 13:30:40 fetching corpus: 7549, signal 264409/301318 (executing program) 2022/10/31 13:30:40 fetching corpus: 7599, signal 264845/301320 (executing program) 2022/10/31 13:30:40 fetching corpus: 7649, signal 265225/301320 (executing program) 2022/10/31 13:30:40 fetching corpus: 7699, signal 265852/301322 (executing program) 2022/10/31 13:30:40 fetching corpus: 7749, signal 266248/301324 (executing program) 2022/10/31 13:30:40 fetching corpus: 7799, signal 266677/301326 (executing program) 2022/10/31 13:30:40 fetching corpus: 7849, signal 267222/301339 (executing program) 2022/10/31 13:30:41 fetching corpus: 7899, signal 267629/301344 (executing program) 2022/10/31 13:30:41 fetching corpus: 7949, signal 267933/301344 (executing program) 2022/10/31 13:30:41 fetching corpus: 7999, signal 268372/301345 (executing program) 2022/10/31 13:30:41 fetching corpus: 8049, signal 268890/301347 (executing program) 2022/10/31 13:30:41 fetching corpus: 8099, signal 269317/301352 (executing program) 2022/10/31 13:30:41 fetching corpus: 8149, signal 269708/301353 (executing program) 2022/10/31 13:30:41 fetching corpus: 8199, signal 270068/301353 (executing program) 2022/10/31 13:30:41 fetching corpus: 8249, signal 270642/301355 (executing program) 2022/10/31 13:30:42 fetching corpus: 8299, signal 271172/301355 (executing program) 2022/10/31 13:30:42 fetching corpus: 8349, signal 271741/301358 (executing program) 2022/10/31 13:30:42 fetching corpus: 8399, signal 272031/301358 (executing program) 2022/10/31 13:30:42 fetching corpus: 8449, signal 272497/301358 (executing program) 2022/10/31 13:30:42 fetching corpus: 8499, signal 273099/301374 (executing program) 2022/10/31 13:30:42 fetching corpus: 8549, signal 273473/301374 (executing program) 2022/10/31 13:30:42 fetching corpus: 8599, signal 273915/301378 (executing program) 2022/10/31 13:30:43 fetching corpus: 8649, signal 274274/301378 (executing program) 2022/10/31 13:30:43 fetching corpus: 8699, signal 274621/301378 (executing program) 2022/10/31 13:30:43 fetching corpus: 8749, signal 274887/301378 (executing program) 2022/10/31 13:30:43 fetching corpus: 8799, signal 275417/301386 (executing program) 2022/10/31 13:30:43 fetching corpus: 8849, signal 275787/301386 (executing program) 2022/10/31 13:30:43 fetching corpus: 8899, signal 276183/301386 (executing program) 2022/10/31 13:30:43 fetching corpus: 8949, signal 276523/301388 (executing program) 2022/10/31 13:30:44 fetching corpus: 8999, signal 276789/301388 (executing program) 2022/10/31 13:30:44 fetching corpus: 9049, signal 277233/301394 (executing program) 2022/10/31 13:30:44 fetching corpus: 9099, signal 277566/301394 (executing program) 2022/10/31 13:30:44 fetching corpus: 9149, signal 278375/301394 (executing program) 2022/10/31 13:30:44 fetching corpus: 9199, signal 278710/301396 (executing program) 2022/10/31 13:30:44 fetching corpus: 9249, signal 279039/301397 (executing program) 2022/10/31 13:30:44 fetching corpus: 9299, signal 279345/301397 (executing program) 2022/10/31 13:30:44 fetching corpus: 9349, signal 279689/301402 (executing program) 2022/10/31 13:30:44 fetching corpus: 9399, signal 280093/301403 (executing program) 2022/10/31 13:30:45 fetching corpus: 9449, signal 280445/301406 (executing program) 2022/10/31 13:30:45 fetching corpus: 9499, signal 280811/301407 (executing program) 2022/10/31 13:30:45 fetching corpus: 9549, signal 281385/301410 (executing program) 2022/10/31 13:30:45 fetching corpus: 9599, signal 281696/301410 (executing program) 2022/10/31 13:30:45 fetching corpus: 9649, signal 282068/301410 (executing program) 2022/10/31 13:30:45 fetching corpus: 9699, signal 282604/301412 (executing program) 2022/10/31 13:30:45 fetching corpus: 9749, signal 283006/301412 (executing program) 2022/10/31 13:30:45 fetching corpus: 9799, signal 283331/301412 (executing program) 2022/10/31 13:30:46 fetching corpus: 9849, signal 283617/301414 (executing program) 2022/10/31 13:30:46 fetching corpus: 9899, signal 284072/301414 (executing program) 2022/10/31 13:30:46 fetching corpus: 9949, signal 284417/301417 (executing program) 2022/10/31 13:30:46 fetching corpus: 9999, signal 285157/301430 (executing program) 2022/10/31 13:30:46 fetching corpus: 10049, signal 285476/301431 (executing program) 2022/10/31 13:30:46 fetching corpus: 10099, signal 285792/301431 (executing program) 2022/10/31 13:30:46 fetching corpus: 10149, signal 286308/301432 (executing program) 2022/10/31 13:30:46 fetching corpus: 10199, signal 286730/301510 (executing program) 2022/10/31 13:30:46 fetching corpus: 10249, signal 287060/301511 (executing program) 2022/10/31 13:30:47 fetching corpus: 10299, signal 287416/301511 (executing program) 2022/10/31 13:30:47 fetching corpus: 10349, signal 287752/301511 (executing program) 2022/10/31 13:30:47 fetching corpus: 10399, signal 288211/301512 (executing program) 2022/10/31 13:30:47 fetching corpus: 10449, signal 288733/301513 (executing program) 2022/10/31 13:30:47 fetching corpus: 10499, signal 289060/301516 (executing program) 2022/10/31 13:30:47 fetching corpus: 10549, signal 289441/301516 (executing program) 2022/10/31 13:30:47 fetching corpus: 10599, signal 289718/301516 (executing program) 2022/10/31 13:30:47 fetching corpus: 10649, signal 289972/301516 (executing program) 2022/10/31 13:30:48 fetching corpus: 10699, signal 290189/301517 (executing program) 2022/10/31 13:30:48 fetching corpus: 10749, signal 290473/301517 (executing program) 2022/10/31 13:30:48 fetching corpus: 10799, signal 290826/301517 (executing program) 2022/10/31 13:30:48 fetching corpus: 10849, signal 291068/301517 (executing program) 2022/10/31 13:30:48 fetching corpus: 10899, signal 291365/301523 (executing program) 2022/10/31 13:30:48 fetching corpus: 10949, signal 291950/301632 (executing program) 2022/10/31 13:30:48 fetching corpus: 10999, signal 292193/301632 (executing program) 2022/10/31 13:30:48 fetching corpus: 11049, signal 292737/301632 (executing program) 2022/10/31 13:30:49 fetching corpus: 11099, signal 293016/301632 (executing program) 2022/10/31 13:30:49 fetching corpus: 11149, signal 293278/301632 (executing program) 2022/10/31 13:30:49 fetching corpus: 11199, signal 293570/301632 (executing program) 2022/10/31 13:30:49 fetching corpus: 11249, signal 293920/301632 (executing program) 2022/10/31 13:30:49 fetching corpus: 11299, signal 294330/301632 (executing program) 2022/10/31 13:30:49 fetching corpus: 11349, signal 294845/301688 (executing program) 2022/10/31 13:30:49 fetching corpus: 11399, signal 295154/301688 (executing program) 2022/10/31 13:30:49 fetching corpus: 11411, signal 295241/301688 (executing program) 2022/10/31 13:30:49 fetching corpus: 11411, signal 295241/301688 (executing program) 2022/10/31 13:30:52 starting 8 fuzzer processes 13:30:52 executing program 0: syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000880), 0xffffffffffffffff) 13:30:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8940, &(0x7f0000002440)={{0x2, 0x0, @loopback}, {0x0, @remote}, 0x0, {0x2, 0x0, @empty}, 'wlan0\x00'}) 13:30:52 executing program 2: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @udp={{0xc, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0xa010101, @remote, {[@timestamp_addr={0x44, 0x1c, 0xf, 0x3, 0x0, [{@dev}, {@local}, {@loopback}]}]}}, {0x0, 0x0, 0x8}}}}}, 0x0) [ 99.388464] audit: type=1400 audit(1667223052.618:6): avc: denied { execmem } for pid=286 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 13:30:52 executing program 3: syz_emit_ethernet(0xbe, &(0x7f0000001180)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x88, 0x0, @private=0xa010102, @local}, {0x0, 0x0, 0x7, 0x0, @wg=@initiation={0x1, 0x0, "9cc34027cad83ed73be4f93e7326b9e1da67ee3561924fa66bfa0cb75cff5171", "117ad553083cf29887cf5f29c7a6c95c7558a7482e05b26986482338c4a4807a788dafc8181760316d293733eea7f8d3", "a75e81563131a3cfe7a7f5a39f877d4c3d74923d6412b791b7128fae", {"45ce2e1db012ba00", "e313e602785b0268a2ed03bd928c6509"}}}}}}}, 0x0) 13:30:52 executing program 4: mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000180)={'trans=unix,', {[{@version_L, 0x22}]}}) 13:30:52 executing program 5: perf_event_open(&(0x7f00000004c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x6}, 0x801, 0x0, 0x2, 0x0, 0x9, 0x3, 0x2}, 0x0, 0x3, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x3, 0x0, 0x4, 0x8001, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) ioctl$FIONCLEX(r0, 0x5450) io_setup(0xb, &(0x7f0000000140)=0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) io_submit(r1, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818e348b4", 0x7b, 0x8, 0x0, 0x2}]) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) 13:30:52 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, 0x0, 0x0, 0x0, 0x0) 13:30:52 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmget(0x3, 0x2000, 0x2, &(0x7f0000fee000/0x2000)=nil) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd273}, 0x0, 0xe, r1, 0xc) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x4, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) [ 100.631578] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 100.634936] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 100.637756] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 100.642516] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 100.645712] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 100.648827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.656791] Bluetooth: hci0: HCI_REQ-0x0c1a [ 100.685497] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 100.689028] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 100.690585] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 100.699407] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 100.700730] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 100.702976] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 100.708287] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 100.709432] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 100.712201] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 100.712940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 100.715667] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 100.717771] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 100.719748] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 100.721337] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 100.722658] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 100.722697] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 100.726034] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 100.746956] Bluetooth: hci2: HCI_REQ-0x0c1a [ 100.747059] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 100.749766] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 100.751093] Bluetooth: hci1: HCI_REQ-0x0c1a [ 100.762498] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 100.764290] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 100.769262] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 100.770677] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 100.772522] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 100.773590] Bluetooth: hci3: HCI_REQ-0x0c1a [ 100.773706] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 100.777027] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 100.778744] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 100.816172] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 100.816269] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 100.817940] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 100.819281] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 100.822372] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 100.824418] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 100.825678] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 100.832411] Bluetooth: hci7: HCI_REQ-0x0c1a [ 100.840792] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 100.841942] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 100.846415] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 100.850492] Bluetooth: hci4: HCI_REQ-0x0c1a [ 100.852987] Bluetooth: hci6: HCI_REQ-0x0c1a [ 100.870238] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 100.876241] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 100.885212] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 100.891442] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 100.892351] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 100.906942] Bluetooth: hci5: HCI_REQ-0x0c1a [ 102.711390] Bluetooth: hci0: command 0x0409 tx timeout [ 102.775029] Bluetooth: hci2: command 0x0409 tx timeout [ 102.776489] Bluetooth: hci1: command 0x0409 tx timeout [ 102.837979] Bluetooth: hci3: command 0x0409 tx timeout [ 102.902356] Bluetooth: hci4: command 0x0409 tx timeout [ 102.903412] Bluetooth: hci7: command 0x0409 tx timeout [ 102.904665] Bluetooth: hci6: command 0x0409 tx timeout [ 102.965990] Bluetooth: hci5: command 0x0409 tx timeout [ 104.758020] Bluetooth: hci0: command 0x041b tx timeout [ 104.822689] Bluetooth: hci1: command 0x041b tx timeout [ 104.823522] Bluetooth: hci2: command 0x041b tx timeout [ 104.885974] Bluetooth: hci3: command 0x041b tx timeout [ 104.950224] Bluetooth: hci6: command 0x041b tx timeout [ 104.951042] Bluetooth: hci7: command 0x041b tx timeout [ 104.951715] Bluetooth: hci4: command 0x041b tx timeout [ 105.013993] Bluetooth: hci5: command 0x041b tx timeout [ 106.806095] Bluetooth: hci0: command 0x040f tx timeout [ 106.870347] Bluetooth: hci2: command 0x040f tx timeout [ 106.871151] Bluetooth: hci1: command 0x040f tx timeout [ 106.934015] Bluetooth: hci3: command 0x040f tx timeout [ 106.998069] Bluetooth: hci4: command 0x040f tx timeout [ 106.999036] Bluetooth: hci7: command 0x040f tx timeout [ 106.999743] Bluetooth: hci6: command 0x040f tx timeout [ 107.062066] Bluetooth: hci5: command 0x040f tx timeout [ 108.853992] Bluetooth: hci0: command 0x0419 tx timeout [ 108.918141] Bluetooth: hci1: command 0x0419 tx timeout [ 108.918588] Bluetooth: hci2: command 0x0419 tx timeout [ 108.981962] Bluetooth: hci3: command 0x0419 tx timeout [ 109.045924] Bluetooth: hci6: command 0x0419 tx timeout [ 109.046378] Bluetooth: hci7: command 0x0419 tx timeout [ 109.046756] Bluetooth: hci4: command 0x0419 tx timeout [ 109.110085] Bluetooth: hci5: command 0x0419 tx timeout [ 162.703485] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 162.706306] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 162.708508] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 162.715426] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 162.718391] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 162.724937] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 162.730285] Bluetooth: hci0: HCI_REQ-0x0c1a [ 162.933050] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 162.934656] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 162.964114] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 162.965304] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 162.967952] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 162.971083] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 162.972696] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 162.974254] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 162.975435] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 162.984222] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 162.985833] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 162.988164] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 162.989402] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 162.992197] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 162.997534] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 162.997560] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 162.999805] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 163.004374] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 163.004493] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 163.006447] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 163.008693] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 163.011466] Bluetooth: hci4: HCI_REQ-0x0c1a [ 163.012119] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 163.015108] Bluetooth: hci3: HCI_REQ-0x0c1a [ 163.016276] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 163.017740] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 163.021727] Bluetooth: hci2: HCI_REQ-0x0c1a [ 163.044150] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 163.045312] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 163.050303] Bluetooth: hci6: HCI_REQ-0x0c1a [ 163.058670] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 163.060368] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 163.065252] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 163.066718] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 163.067837] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 163.070752] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 163.072307] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 163.073347] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 163.075198] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 163.079160] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 163.080182] Bluetooth: hci5: HCI_REQ-0x0c1a [ 163.103182] Bluetooth: hci7: HCI_REQ-0x0c1a [ 164.789966] Bluetooth: hci0: command 0x0409 tx timeout [ 164.917906] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 165.045977] Bluetooth: hci3: command 0x0409 tx timeout [ 165.046064] Bluetooth: hci2: command 0x0409 tx timeout [ 165.046617] Bluetooth: hci4: command 0x0409 tx timeout [ 165.109965] Bluetooth: hci5: command 0x0409 tx timeout [ 165.110619] Bluetooth: hci6: command 0x0409 tx timeout [ 165.111479] Bluetooth: hci7: command 0x0409 tx timeout [ 166.838011] Bluetooth: hci0: command 0x041b tx timeout [ 167.094074] Bluetooth: hci4: command 0x041b tx timeout [ 167.095476] Bluetooth: hci2: command 0x041b tx timeout [ 167.096229] Bluetooth: hci3: command 0x041b tx timeout [ 167.157982] Bluetooth: hci7: command 0x041b tx timeout [ 167.158721] Bluetooth: hci6: command 0x041b tx timeout [ 167.159474] Bluetooth: hci5: command 0x041b tx timeout [ 168.122095] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 168.123712] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 168.125530] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 168.129241] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 168.131637] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 168.132614] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 168.137420] Bluetooth: hci1: HCI_REQ-0x0c1a [ 168.885979] Bluetooth: hci0: command 0x040f tx timeout [ 169.142009] Bluetooth: hci3: command 0x040f tx timeout [ 169.142039] Bluetooth: hci2: command 0x040f tx timeout [ 169.142435] Bluetooth: hci4: command 0x040f tx timeout [ 169.205928] Bluetooth: hci5: command 0x040f tx timeout [ 169.206343] Bluetooth: hci6: command 0x040f tx timeout [ 169.206691] Bluetooth: hci7: command 0x040f tx timeout [ 170.166049] Bluetooth: hci1: command 0x0409 tx timeout [ 170.933966] Bluetooth: hci0: command 0x0419 tx timeout [ 171.189994] Bluetooth: hci2: command 0x0419 tx timeout [ 171.190412] Bluetooth: hci4: command 0x0419 tx timeout [ 171.190766] Bluetooth: hci3: command 0x0419 tx timeout [ 171.253924] Bluetooth: hci7: command 0x0419 tx timeout [ 171.254351] Bluetooth: hci6: command 0x0419 tx timeout [ 171.254695] Bluetooth: hci5: command 0x0419 tx timeout [ 172.214024] Bluetooth: hci1: command 0x041b tx timeout [ 174.261920] Bluetooth: hci1: command 0x040f tx timeout [ 176.309906] Bluetooth: hci1: command 0x0419 tx timeout [ 224.309473] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.310639] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.314688] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 224.337162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.338307] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.340541] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:32:58 executing program 2: r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000a40), 0x80800, 0x0) ioctl$CDROMVOLCTRL(r0, 0x530a, 0x0) 13:32:58 executing program 2: r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000a40), 0x80800, 0x0) ioctl$CDROMVOLCTRL(r0, 0x530a, 0x0) 13:32:58 executing program 2: r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000a40), 0x80800, 0x0) ioctl$CDROMVOLCTRL(r0, 0x530a, 0x0) 13:32:58 executing program 2: r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000a40), 0x80800, 0x0) ioctl$CDROMVOLCTRL(r0, 0x530a, 0x0) [ 225.161366] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 225.164380] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 225.166648] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 225.170087] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 225.174188] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 225.175570] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 225.179186] Bluetooth: hci2: HCI_REQ-0x0c1a 13:32:58 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_mtu(r0, 0x0, 0x16, 0x0, &(0x7f0000000040)) [ 225.254193] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 225.255544] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 225.256209] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 225.258475] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 225.259496] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 225.260254] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 13:32:58 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) clone3(&(0x7f0000004c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 225.263295] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 225.264325] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 225.265229] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 225.268162] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 225.269287] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 225.269317] Bluetooth: hci6: HCI_REQ-0x0c1a [ 225.271248] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 225.275800] Bluetooth: hci3: HCI_REQ-0x0c1a 13:32:58 executing program 2: msgrcv(0x0, &(0x7f0000001300)={0x0, ""/205}, 0xd5, 0x0, 0x0) 13:32:58 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e1503"], 0x20) [ 225.488102] Bluetooth: hci1: unexpected subevent 0x03 length: 28 > 9 [ 225.488962] Bluetooth: hci1: unexpected subevent 0x03 length: 28 > 9 [ 226.741936] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 227.190029] Bluetooth: hci2: command 0x0409 tx timeout [ 227.191557] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 227.193688] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 227.253948] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 227.317958] Bluetooth: hci6: command 0x0409 tx timeout [ 227.319093] Bluetooth: hci3: command 0x0409 tx timeout [ 229.239293] Bluetooth: hci2: command 0x041b tx timeout [ 229.366971] Bluetooth: hci3: command 0x041b tx timeout [ 229.367745] Bluetooth: hci6: command 0x041b tx timeout [ 230.366573] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 230.368575] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 230.369946] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 230.372463] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 230.373734] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 230.374702] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 230.386406] Bluetooth: hci7: HCI_REQ-0x0c1a [ 231.285941] Bluetooth: hci2: command 0x040f tx timeout [ 231.286392] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 231.413926] Bluetooth: hci6: command 0x040f tx timeout [ 231.414485] Bluetooth: hci3: command 0x040f tx timeout [ 231.990906] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 232.375443] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 232.439046] Bluetooth: hci7: command 0x0409 tx timeout [ 233.334171] Bluetooth: hci2: command 0x0419 tx timeout [ 233.461974] Bluetooth: hci3: command 0x0419 tx timeout [ 233.462734] Bluetooth: hci6: command 0x0419 tx timeout [ 234.487150] Bluetooth: hci7: command 0x041b tx timeout [ 234.747942] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 234.750067] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 234.751598] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 234.756294] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 234.760275] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 234.761804] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 234.767088] Bluetooth: hci4: HCI_REQ-0x0c1a [ 235.325020] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 235.327324] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 235.330057] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 235.334017] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 235.335725] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 235.336753] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 235.344948] Bluetooth: hci5: HCI_REQ-0x0c1a [ 236.150018] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 236.534039] Bluetooth: hci7: command 0x040f tx timeout [ 236.853963] Bluetooth: hci4: command 0x0409 tx timeout [ 237.366073] Bluetooth: hci5: command 0x0409 tx timeout [ 238.582969] Bluetooth: hci7: command 0x0419 tx timeout [ 238.903142] Bluetooth: hci4: command 0x041b tx timeout [ 239.034101] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 239.035271] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 239.036063] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 239.038621] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 239.039492] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 239.040152] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 239.042709] Bluetooth: hci0: HCI_REQ-0x0c1a [ 239.415001] Bluetooth: hci5: command 0x041b tx timeout [ 240.949991] Bluetooth: hci4: command 0x040f tx timeout [ 241.079003] Bluetooth: hci0: command 0x0409 tx timeout [ 241.462908] Bluetooth: hci5: command 0x040f tx timeout [ 242.998979] Bluetooth: hci4: command 0x0419 tx timeout [ 243.125942] Bluetooth: hci0: command 0x041b tx timeout [ 243.510938] Bluetooth: hci5: command 0x0419 tx timeout [ 245.174022] Bluetooth: hci0: command 0x040f tx timeout [ 247.221972] Bluetooth: hci0: command 0x0419 tx timeout [ 266.032524] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.033198] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.082758] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 266.160412] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.161067] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.162583] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 269.472526] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.473931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.477627] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 269.632830] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.633951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.636114] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 270.500682] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.501818] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.504664] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 270.653248] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.654440] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.658811] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 270.813729] audit: type=1400 audit(1667223224.042:7): avc: denied { open } for pid=9604 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 270.816671] audit: type=1400 audit(1667223224.043:8): avc: denied { kernel } for pid=9604 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 270.841863] hrtimer: interrupt took 19487 ns [ 271.696401] BUG: unable to handle page fault for address: ffffed100fffc000 [ 271.697293] #PF: supervisor write access in kernel mode [ 271.697910] #PF: error_code(0x0002) - not-present page [ 271.698516] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 271.702603] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 271.703201] CPU: 1 PID: 9605 Comm: syz-executor.7 Not tainted 6.1.0-rc3-next-20221031 #1 [ 271.704161] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 271.705130] RIP: 0010:__memset+0x24/0x50 [ 271.705647] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 271.707812] RSP: 0018:ffff888041b37cc0 EFLAGS: 00010216 [ 271.708455] RAX: 0000000000000000 RBX: ffff88800bf610c0 RCX: 1ffffe21fe5fc152 [ 271.709281] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 271.710111] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec218 [ 271.710946] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 271.711771] R13: ffff88800bf610c0 R14: ffffffff815f27a0 R15: 1ffff1100111ca1f [ 271.712624] FS: 00007fa0e2f27700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 271.713557] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 271.714245] CR2: ffffed100fffc000 CR3: 000000001503e000 CR4: 0000000000350ee0 [ 271.715093] Call Trace: [ 271.715415] [ 271.715697] kasan_unpoison+0x23/0x60 [ 271.716172] mempool_exit+0x1c2/0x330 [ 271.716669] bioset_exit+0x2c9/0x630 [ 271.717136] ? _raw_spin_unlock_irq+0x1f/0x60 [ 271.717707] disk_release+0x143/0x490 [ 271.718183] ? disk_release+0x0/0x490 [ 271.718657] ? device_release+0x0/0x250 [ 271.719148] device_release+0xa2/0x250 [ 271.719627] ? device_release+0x0/0x250 [ 271.720114] kobject_put+0x173/0x280 [ 271.720598] put_device+0x1b/0x40 [ 271.721034] put_disk+0x41/0x60 [ 271.721451] loop_control_ioctl+0x4d1/0x630 [ 271.721992] ? loop_control_ioctl+0x0/0x630 [ 271.722527] ? selinux_file_ioctl+0xb1/0x270 [ 271.723085] ? loop_control_ioctl+0x0/0x630 [ 271.723611] __x64_sys_ioctl+0x19a/0x220 [ 271.724117] do_syscall_64+0x3b/0xa0 [ 271.724596] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 271.725215] RIP: 0033:0x7fa0e59b1b19 [ 271.725665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 271.727779] RSP: 002b:00007fa0e2f27188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 271.728688] RAX: ffffffffffffffda RBX: 00007fa0e5ac4f60 RCX: 00007fa0e59b1b19 [ 271.729534] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 271.730370] RBP: 00007fa0e5a0bf6d R08: 0000000000000000 R09: 0000000000000000 [ 271.731215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 271.732054] R13: 00007ffd7d0508df R14: 00007fa0e2f27300 R15: 0000000000022000 [ 271.732926] [ 271.733217] Modules linked in: [ 271.733611] CR2: ffffed100fffc000 [ 271.734026] ---[ end trace 0000000000000000 ]--- [ 271.734585] RIP: 0010:__memset+0x24/0x50 [ 271.735104] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 271.737250] RSP: 0018:ffff888041b37cc0 EFLAGS: 00010216 [ 271.737891] RAX: 0000000000000000 RBX: ffff88800bf610c0 RCX: 1ffffe21fe5fc152 [ 271.738738] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 271.739568] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec218 [ 271.740421] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 271.741245] R13: ffff88800bf610c0 R14: ffffffff815f27a0 R15: 1ffff1100111ca1f [ 271.742086] FS: 00007fa0e2f27700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 271.743038] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 271.743718] CR2: ffffed100fffc000 CR3: 000000001503e000 CR4: 0000000000350ee0 [ 271.797780] syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET) [ 274.247927] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' [ 274.291547] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.292501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 274.295063] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 274.312978] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht' [ 274.367282] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.368527] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 274.369644] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 274.850698] 9pnet: Unknown protocol version 9p2000.L" [ 276.130554] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht' [ 276.156460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 276.157051] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.157645] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 276.163202] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' [ 276.195373] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 276.196109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.196708] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 277.285974] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht' [ 277.298233] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.298781] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.299650] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 277.303252] ieee80211 phy15: Selected rate control algorithm 'minstrel_ht' [ 277.319155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.319725] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.320531] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 277.523275] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht' [ 277.546173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.547625] ieee80211 phy17: Selected rate control algorithm 'minstrel_ht' [ 277.548581] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.555389] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 277.568531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.569079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.569666] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 277.609937] perf: interrupt took too long (5274 > 5240), lowering kernel.perf_event_max_sample_rate to 37000 [ 277.613643] perf: interrupt took too long (10494 > 10473), lowering kernel.perf_event_max_sample_rate to 19000 [ 277.632297] perf: interrupt took too long (13121 > 13117), lowering kernel.perf_event_max_sample_rate to 15000 [ 277.680536] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 277.681316] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 277.681890] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 277.682434] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00 [ 277.683025] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 2 [ 277.684831] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 277.685315] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.685972] Buffer I/O error on dev sr0, logical block 0, async page read [ 277.687413] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 277.687927] I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.688452] Buffer I/O error on dev sr0, logical block 1, async page read [ 277.689287] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 277.689620] I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.690127] Buffer I/O error on dev sr0, logical block 2, async page read [ 277.691515] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 277.691875] I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.692372] Buffer I/O error on dev sr0, logical block 3, async page read [ 277.696711] perf: interrupt took too long (16403 > 16401), lowering kernel.perf_event_max_sample_rate to 12000 [ 277.699625] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 277.700455] I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.701605] Buffer I/O error on dev sr0, logical block 4, async page read [ 277.705482] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 277.706281] I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.707475] Buffer I/O error on dev sr0, logical block 5, async page read [ 277.709619] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 277.710474] I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.711663] Buffer I/O error on dev sr0, logical block 6, async page read [ 277.717811] perf: interrupt took too long (20506 > 20503), lowering kernel.perf_event_max_sample_rate to 9000 [ 277.720521] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 277.721338] I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.722547] Buffer I/O error on dev sr0, logical block 7, async page read 13:33:51 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ip6_tables_targets\x00') pread64(r0, &(0x7f0000000140)=""/91, 0x5b, 0x3) 13:33:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xff) 13:33:51 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmget(0x3, 0x2000, 0x2, &(0x7f0000fee000/0x2000)=nil) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd273}, 0x0, 0xe, r1, 0xc) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x4, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) 13:33:51 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@abs, 0xf) 13:33:51 executing program 4: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmget(0x3, 0x2000, 0x2, &(0x7f0000fee000/0x2000)=nil) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd273}, 0x0, 0xe, r1, 0xc) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x4, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) 13:33:51 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f00000001c0)=ANY=[], 0x8) setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f0000000380)=@routing, 0x8) 13:33:51 executing program 5: perf_event_open(&(0x7f00000004c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x6}, 0x801, 0x0, 0x2, 0x0, 0x9, 0x3, 0x2}, 0x0, 0x3, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x3, 0x0, 0x4, 0x8001, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) ioctl$FIONCLEX(r0, 0x5450) io_setup(0xb, &(0x7f0000000140)=0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) io_submit(r1, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818e348b4", 0x7b, 0x8, 0x0, 0x2}]) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) 13:33:51 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) read$rfkill(r0, &(0x7f0000001780), 0x8) 13:33:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xff) 13:33:51 executing program 3: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) 13:33:51 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x10) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0', [{0x20, '\\$\x19&!\xb2(}'}, {}, {}]}, 0x16) fcntl$setpipe(r0, 0x407, 0x10001) 13:33:51 executing program 1: r0 = syz_io_uring_setup(0x2b2, &(0x7f0000000080)={0x0, 0xa3e1, 0x10, 0x2, 0xe}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000000)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x223da, &(0x7f0000000380)={0x0, 0xf58c, 0x1, 0x2, 0x165, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000004c0)=0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @empty}}) syz_io_uring_submit(0x0, r1, &(0x7f0000000480)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r2, 0x0, &(0x7f00000005c0)="453e92a679fd068458f8f106dec0496268466a0112e2a731235d0f169a80f6b506c05fde9e48c618dcbdcadc3ececa76247f8df996d7122834c72d1f9f39c6662e94094c02f7c05dbc70a7ddeafd6ba768e6907998b981c97c148b7dfb796cca54be2cfa14e57c9c5d135081065bb91cf20783c8ef5beb69515a8ad19e0a0f3290e50eaf64dc34126ec6c11cddef5a89eaa83147c442f2e8bae72dbfee4e87839ca9821b1248cc85a6fe37cb1378fc11a540cdaf54a813b26297507fc26cbd286950", 0xc2, 0x0, 0x1}, 0x5) syz_io_uring_setup(0x4169, &(0x7f0000000140)={0x0, 0x76d1, 0x8, 0x1, 0x30c}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) socket$inet_tcp(0x2, 0x1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[0xffffffffffffffff, r3], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r4, 0x0, 0x0, 0x87ffffc) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSKBMODE(r5, 0x4b4d, &(0x7f0000000100)) [ 278.729770] BUG: unable to handle page fault for address: ffffed100fffc000 [ 278.730720] #PF: supervisor write access in kernel mode [ 278.731402] #PF: error_code(0x0002) - not-present page [ 278.732079] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 278.732987] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI [ 278.733656] CPU: 1 PID: 10141 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 278.734890] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 278.735948] RIP: 0010:__memset+0x24/0x50 [ 278.736542] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 278.738845] RSP: 0018:ffff8880426b7cc0 EFLAGS: 00010216 [ 278.739475] RAX: 0000000000000000 RBX: ffff88800bf61240 RCX: 1ffffe21fe5fc158 [ 278.740297] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 278.741168] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec248 [ 278.742016] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 278.742837] R13: ffff88800bf61240 R14: ffffffff815f27a0 R15: 1ffff1100111c61f [ 278.743673] FS: 00007f119d556700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 278.744643] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 278.744661] CR2: ffffed100fffc000 CR3: 0000000039356000 CR4: 0000000000350ee0 [ 278.744678] Call Trace: [ 278.744684] [ 278.744691] kasan_unpoison+0x23/0x60 [ 278.744719] mempool_exit+0x1c2/0x330 [ 278.744755] bioset_exit+0x2c9/0x630 [ 278.744786] ? _raw_spin_unlock_irq+0x1f/0x60 [ 278.744830] disk_release+0x143/0x490 [ 278.744859] ? disk_release+0x0/0x490 [ 278.744888] ? device_release+0x0/0x250 [ 278.744913] device_release+0xa2/0x250 [ 278.744939] ? device_release+0x0/0x250 [ 278.744962] kobject_put+0x173/0x280 [ 278.744991] put_device+0x1b/0x40 [ 278.745015] put_disk+0x41/0x60 [ 278.745041] loop_control_ioctl+0x4d1/0x630 [ 278.745076] ? loop_control_ioctl+0x0/0x630 [ 278.745107] ? selinux_file_ioctl+0xb1/0x270 [ 278.745150] ? loop_control_ioctl+0x0/0x630 [ 278.745184] __x64_sys_ioctl+0x19a/0x220 [ 278.745221] do_syscall_64+0x3b/0xa0 [ 278.745255] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 278.745284] RIP: 0033:0x7f119ffe0b19 [ 278.745301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 278.745323] RSP: 002b:00007f119d556188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 278.745346] RAX: ffffffffffffffda RBX: 00007f11a00f3f60 RCX: 00007f119ffe0b19 [ 278.745363] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000005 [ 278.745377] RBP: 00007f11a003af6d R08: 0000000000000000 R09: 0000000000000000 [ 278.745392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 278.745407] R13: 00007ffd3babf14f R14: 00007f119d556300 R15: 0000000000022000 [ 278.745434] [ 278.745441] Modules linked in: [ 278.745452] CR2: ffffed100fffc000 [ 278.745462] ---[ end trace 0000000000000000 ]--- [ 278.745472] RIP: 0010:__memset+0x24/0x50 [ 278.745514] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 278.745535] RSP: 0018:ffff888041b37cc0 EFLAGS: 00010216 [ 278.745554] RAX: 0000000000000000 RBX: ffff88800bf610c0 RCX: 1ffffe21fe5fc152 [ 278.745569] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 278.745584] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec218 [ 278.745600] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 278.745615] R13: ffff88800bf610c0 R14: ffffffff815f27a0 R15: 1ffff1100111ca1f [ 278.745638] FS: 00007f119d556700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 278.745660] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 278.745677] CR2: ffffed100fffc000 CR3: 0000000039356000 CR4: 0000000000350ee0 [ 278.774377] BUG: unable to handle page fault for address: ffffed100fffc000 [ 278.774411] #PF: supervisor write access in kernel mode [ 278.774432] #PF: error_code(0x0002) - not-present page [ 278.774453] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 278.774506] Oops: 0002 [#3] PREEMPT SMP KASAN NOPTI [ 278.774530] CPU: 1 PID: 10147 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 278.774560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 278.774573] RIP: 0010:__memset+0x24/0x50 [ 278.774627] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 278.774653] RSP: 0018:ffff88804270fcc0 EFLAGS: 00010216 [ 278.774674] RAX: 0000000000000000 RBX: ffff88800bf613c0 RCX: 1ffffe21fe5fc15e [ 278.774692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 278.774709] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec278 [ 278.774727] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 278.774744] R13: ffff88800bf613c0 R14: ffffffff815f27a0 R15: 1ffff1100111c21f [ 278.774766] FS: 00007fa0e2f27700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 278.774793] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 278.774812] CR2: ffffed100fffc000 CR3: 000000000edca000 CR4: 0000000000350ee0 [ 278.774830] Call Trace: [ 278.774837] [ 278.774851] kasan_unpoison+0x23/0x60 [ 278.774880] mempool_exit+0x1c2/0x330 [ 278.774920] bioset_exit+0x2c9/0x630 [ 278.774954] ? _raw_spin_unlock_irq+0x1f/0x60 [ 278.775003] disk_release+0x143/0x490 [ 278.775036] ? disk_release+0x0/0x490 [ 278.775069] ? device_release+0x0/0x250 [ 278.775098] device_release+0xa2/0x250 [ 278.775126] ? device_release+0x0/0x250 [ 278.775153] kobject_put+0x173/0x280 [ 278.775185] put_device+0x1b/0x40 [ 278.775212] put_disk+0x41/0x60 [ 278.775242] loop_control_ioctl+0x4d1/0x630 [ 278.775281] ? loop_control_ioctl+0x0/0x630 [ 278.775316] ? selinux_file_ioctl+0xb1/0x270 [ 278.775368] ? loop_control_ioctl+0x0/0x630 [ 278.775422] __x64_sys_ioctl+0x19a/0x220 [ 278.775481] do_syscall_64+0x3b/0xa0 [ 278.775524] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 278.775556] RIP: 0033:0x7fa0e59b1b19 [ 278.775576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 278.775601] RSP: 002b:00007fa0e2f27188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 278.775627] RAX: ffffffffffffffda RBX: 00007fa0e5ac4f60 RCX: 00007fa0e59b1b19 [ 278.775645] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000005 [ 278.775662] RBP: 00007fa0e5a0bf6d R08: 0000000000000000 R09: 0000000000000000 [ 278.775678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 278.775695] R13: 00007ffd7d0508df R14: 00007fa0e2f27300 R15: 0000000000022000 [ 278.775725] [ 278.775733] Modules linked in: [ 278.775746] CR2: ffffed100fffc000 [ 278.775757] ---[ end trace 0000000000000000 ]--- [ 278.775767] RIP: 0010:__memset+0x24/0x50 [ 278.775814] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 278.775839] RSP: 0018:ffff888041b37cc0 EFLAGS: 00010216 [ 278.775859] RAX: 0000000000000000 RBX: ffff88800bf610c0 RCX: 1ffffe21fe5fc152 [ 278.775877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 278.775894] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec218 [ 278.775911] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 278.775928] R13: ffff88800bf610c0 R14: ffffffff815f27a0 R15: 1ffff1100111ca1f [ 278.775949] FS: 00007fa0e2f27700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 278.775976] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 278.775995] CR2: ffffed100fffc000 CR3: 000000000edca000 CR4: 0000000000350ee0 [ 278.892238] rfkill: input handler disabled [ 278.894795] rfkill: input handler enabled [ 278.969782] rfkill: input handler disabled [ 278.970900] rfkill: input handler enabled 13:33:52 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@loopback, 0x7}, 0x20) 13:33:52 executing program 5: perf_event_open(&(0x7f00000004c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x6}, 0x801, 0x0, 0x2, 0x0, 0x9, 0x3, 0x2}, 0x0, 0x3, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x3, 0x0, 0x4, 0x8001, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) ioctl$FIONCLEX(r0, 0x5450) io_setup(0xb, &(0x7f0000000140)=0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) io_submit(r1, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818e348b4", 0x7b, 0x8, 0x0, 0x2}]) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) 13:33:52 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xff) 13:33:52 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x10) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0', [{0x20, '\\$\x19&!\xb2(}'}, {}, {}]}, 0x16) fcntl$setpipe(r0, 0x407, 0x10001) 13:33:52 executing program 1: r0 = syz_io_uring_setup(0x2b2, &(0x7f0000000080)={0x0, 0xa3e1, 0x10, 0x2, 0xe}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000000)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x223da, &(0x7f0000000380)={0x0, 0xf58c, 0x1, 0x2, 0x165, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000004c0)=0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @empty}}) syz_io_uring_submit(0x0, r1, &(0x7f0000000480)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r2, 0x0, &(0x7f00000005c0)="453e92a679fd068458f8f106dec0496268466a0112e2a731235d0f169a80f6b506c05fde9e48c618dcbdcadc3ececa76247f8df996d7122834c72d1f9f39c6662e94094c02f7c05dbc70a7ddeafd6ba768e6907998b981c97c148b7dfb796cca54be2cfa14e57c9c5d135081065bb91cf20783c8ef5beb69515a8ad19e0a0f3290e50eaf64dc34126ec6c11cddef5a89eaa83147c442f2e8bae72dbfee4e87839ca9821b1248cc85a6fe37cb1378fc11a540cdaf54a813b26297507fc26cbd286950", 0xc2, 0x0, 0x1}, 0x5) syz_io_uring_setup(0x4169, &(0x7f0000000140)={0x0, 0x76d1, 0x8, 0x1, 0x30c}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) socket$inet_tcp(0x2, 0x1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[0xffffffffffffffff, r3], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r4, 0x0, 0x0, 0x87ffffc) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSKBMODE(r5, 0x4b4d, &(0x7f0000000100)) 13:33:52 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmget(0x3, 0x2000, 0x2, &(0x7f0000fee000/0x2000)=nil) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd273}, 0x0, 0xe, r1, 0xc) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x4, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) 13:33:52 executing program 4: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmget(0x3, 0x2000, 0x2, &(0x7f0000fee000/0x2000)=nil) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd273}, 0x0, 0xe, r1, 0xc) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x4, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) 13:33:52 executing program 0: r0 = syz_io_uring_setup(0x2b2, &(0x7f0000000080)={0x0, 0xa3e1, 0x10, 0x2, 0xe}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000000)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x223da, &(0x7f0000000380)={0x0, 0xf58c, 0x1, 0x2, 0x165, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000004c0)=0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @empty}}) syz_io_uring_submit(0x0, r1, &(0x7f0000000480)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r2, 0x0, &(0x7f00000005c0)="453e92a679fd068458f8f106dec0496268466a0112e2a731235d0f169a80f6b506c05fde9e48c618dcbdcadc3ececa76247f8df996d7122834c72d1f9f39c6662e94094c02f7c05dbc70a7ddeafd6ba768e6907998b981c97c148b7dfb796cca54be2cfa14e57c9c5d135081065bb91cf20783c8ef5beb69515a8ad19e0a0f3290e50eaf64dc34126ec6c11cddef5a89eaa83147c442f2e8bae72dbfee4e87839ca9821b1248cc85a6fe37cb1378fc11a540cdaf54a813b26297507fc26cbd286950", 0xc2, 0x0, 0x1}, 0x5) syz_io_uring_setup(0x4169, &(0x7f0000000140)={0x0, 0x76d1, 0x8, 0x1, 0x30c}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) socket$inet_tcp(0x2, 0x1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[0xffffffffffffffff, r3], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r4, 0x0, 0x0, 0x87ffffc) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSKBMODE(r5, 0x4b4d, &(0x7f0000000100)) 13:33:52 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000001cc0)={&(0x7f0000000580), 0x6e, &(0x7f0000001bc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) 13:33:52 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xff) [ 279.651052] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 279.651906] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 279.652496] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 279.653083] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00 [ 279.653691] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 2 [ 279.678562] BUG: unable to handle page fault for address: ffffed100fffc000 [ 279.679439] #PF: supervisor write access in kernel mode [ 279.680060] #PF: error_code(0x0002) - not-present page [ 279.680699] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 279.681515] Oops: 0002 [#4] PREEMPT SMP KASAN NOPTI [ 279.682122] CPU: 1 PID: 10184 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 279.683245] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 279.684209] RIP: 0010:__memset+0x24/0x50 [ 279.684738] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 279.686878] RSP: 0018:ffff888042987cc0 EFLAGS: 00010216 [ 279.687515] RAX: 0000000000000000 RBX: ffff88800bf61540 RCX: 1ffffe21fe5fc164 [ 279.688365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 279.689223] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec2a8 [ 279.690087] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 279.690103] R13: ffff88800bf61540 R14: ffffffff815f27a0 R15: 1ffff1100111ee1f [ 279.690122] FS: 00007fa0e2f27700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 279.690145] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 279.690162] CR2: ffffed100fffc000 CR3: 000000000bd08000 CR4: 0000000000350ee0 [ 279.690178] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 279.690192] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 [ 279.690208] Call Trace: [ 279.690216] [ 279.690223] kasan_unpoison+0x23/0x60 [ 279.690251] mempool_exit+0x1c2/0x330 [ 279.690287] bioset_exit+0x2c9/0x630 [ 279.690319] ? _raw_spin_unlock_irq+0x1f/0x60 [ 279.690362] disk_release+0x143/0x490 [ 279.690391] ? disk_release+0x0/0x490 [ 279.690425] ? device_release+0x0/0x250 [ 279.690450] device_release+0xa2/0x250 [ 279.690475] ? device_release+0x0/0x250 [ 279.690499] kobject_put+0x173/0x280 [ 279.690528] put_device+0x1b/0x40 [ 279.690552] put_disk+0x41/0x60 [ 279.690578] loop_control_ioctl+0x4d1/0x630 [ 279.690613] ? loop_control_ioctl+0x0/0x630 [ 279.690644] ? selinux_file_ioctl+0xb1/0x270 [ 279.690687] ? loop_control_ioctl+0x0/0x630 [ 279.690720] __x64_sys_ioctl+0x19a/0x220 [ 279.690757] do_syscall_64+0x3b/0xa0 [ 279.690792] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 279.690821] RIP: 0033:0x7fa0e59b1b19 [ 279.690839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 13:33:52 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x10) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0', [{0x20, '\\$\x19&!\xb2(}'}, {}, {}]}, 0x16) fcntl$setpipe(r0, 0x407, 0x10001) 13:33:53 executing program 4: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmget(0x3, 0x2000, 0x2, &(0x7f0000fee000/0x2000)=nil) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd273}, 0x0, 0xe, r1, 0xc) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x4, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) [ 279.690861] RSP: 002b:00007fa0e2f27188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 279.690884] RAX: ffffffffffffffda RBX: 00007fa0e5ac4f60 RCX: 00007fa0e59b1b19 [ 279.690900] RDX: 0000000000000003 RSI: 0000000000004c81 RDI: 0000000000000005 [ 279.690914] RBP: 00007fa0e5a0bf6d R08: 0000000000000000 R09: 0000000000000000 [ 279.690929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 279.690944] R13: 00007ffd7d0508df R14: 00007fa0e2f27300 R15: 0000000000022000 [ 279.690971] [ 279.690978] Modules linked in: [ 279.690989] CR2: ffffed100fffc000 [ 279.690999] ---[ end trace 0000000000000000 ]--- [ 279.691009] RIP: 0010:__memset+0x24/0x50 [ 279.691050] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 279.691072] RSP: 0018:ffff888041b37cc0 EFLAGS: 00010216 [ 279.691090] RAX: 0000000000000000 RBX: ffff88800bf610c0 RCX: 1ffffe21fe5fc152 [ 279.691106] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 13:33:53 executing program 5: perf_event_open(&(0x7f00000004c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x6}, 0x801, 0x0, 0x2, 0x0, 0x9, 0x3, 0x2}, 0x0, 0x3, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x3, 0x0, 0x4, 0x8001, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) ioctl$FIONCLEX(r0, 0x5450) io_setup(0xb, &(0x7f0000000140)=0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) io_submit(r1, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818e348b4", 0x7b, 0x8, 0x0, 0x2}]) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) [ 279.691121] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec218 [ 279.691136] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 279.691151] R13: ffff88800bf610c0 R14: ffffffff815f27a0 R15: 1ffff1100111ca1f [ 279.691170] FS: 00007fa0e2f27700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 279.691192] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 279.691209] CR2: ffffed100fffc000 CR3: 000000000bd08000 CR4: 0000000000350ee0 [ 279.691225] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 279.691239] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 [ 279.732570] perf: interrupt took too long (298782 > 25632), lowering kernel.perf_event_max_sample_rate to 1000 [ 279.768503] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 279.768562] Buffer I/O error on dev sr0, logical block 0, async page read [ 279.769220] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 279.769281] Buffer I/O error on dev sr0, logical block 1, async page read [ 279.769671] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 279.770225] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 279.770513] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 279.770809] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 279.771725] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 279.772145] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 279.966015] BUG: unable to handle page fault for address: ffffed100fffc000 [ 279.967088] #PF: supervisor write access in kernel mode [ 279.967917] #PF: error_code(0x0002) - not-present page [ 279.968834] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 279.970045] Oops: 0002 [#5] PREEMPT SMP KASAN NOPTI [ 279.970958] CPU: 1 PID: 10200 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 279.972621] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 279.973985] RIP: 0010:__memset+0x24/0x50 [ 279.974753] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 279.977713] RSP: 0018:ffff88804365fcc0 EFLAGS: 00010216 [ 279.978623] RAX: 0000000000000000 RBX: ffff88800bf616c0 RCX: 1ffffe21fe5fc16a [ 279.979829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 279.981063] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec2d8 [ 279.982242] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 279.983434] R13: ffff88800bf616c0 R14: ffffffff815f27a0 R15: 1ffff1100111ea1f [ 279.984666] FS: 00007f119d556700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 279.986006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 279.987041] CR2: ffffed100fffc000 CR3: 0000000040c9a000 CR4: 0000000000350ee0 [ 279.988376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 279.989747] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 [ 279.991085] Call Trace: [ 279.991586] [ 279.992031] kasan_unpoison+0x23/0x60 [ 279.992821] mempool_exit+0x1c2/0x330 [ 279.993603] bioset_exit+0x2c9/0x630 [ 279.994342] ? _raw_spin_unlock_irq+0x1f/0x60 [ 279.995199] disk_release+0x143/0x490 [ 279.995918] ? disk_release+0x0/0x490 [ 279.996710] ? device_release+0x0/0x250 [ 279.997503] device_release+0xa2/0x250 [ 279.998288] ? device_release+0x0/0x250 [ 279.999081] kobject_put+0x173/0x280 [ 279.999831] put_device+0x1b/0x40 [ 280.000551] put_disk+0x41/0x60 [ 280.001193] loop_control_ioctl+0x4d1/0x630 [ 280.001998] ? loop_control_ioctl+0x0/0x630 [ 280.002803] ? selinux_file_ioctl+0xb1/0x270 [ 280.003688] ? loop_control_ioctl+0x0/0x630 [ 280.004454] __x64_sys_ioctl+0x19a/0x220 [ 280.005127] do_syscall_64+0x3b/0xa0 [ 280.005736] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 280.006727] RIP: 0033:0x7f119ffe0b19 [ 280.007378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 280.010254] RSP: 002b:00007f119d556188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 280.011318] RAX: ffffffffffffffda RBX: 00007f11a00f3f60 RCX: 00007f119ffe0b19 [ 280.012322] RDX: 0000000000000004 RSI: 0000000000004c81 RDI: 0000000000000005 [ 280.013332] RBP: 00007f11a003af6d R08: 0000000000000000 R09: 0000000000000000 [ 280.014334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.015320] R13: 00007ffd3babf14f R14: 00007f119d556300 R15: 0000000000022000 [ 280.016332] [ 280.016663] Modules linked in: [ 280.017094] CR2: ffffed100fffc000 [ 280.017631] ---[ end trace 0000000000000000 ]--- [ 280.018314] RIP: 0010:__memset+0x24/0x50 [ 280.018993] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 280.021906] RSP: 0018:ffff888041b37cc0 EFLAGS: 00010216 [ 280.022759] RAX: 0000000000000000 RBX: ffff88800bf610c0 RCX: 1ffffe21fe5fc152 [ 280.023881] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 280.025006] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec218 [ 280.026101] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 280.027188] R13: ffff88800bf610c0 R14: ffffffff815f27a0 R15: 1ffff1100111ca1f [ 280.028268] FS: 00007f119d556700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 280.029607] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 280.030532] CR2: ffffed100fffc000 CR3: 0000000040c9a000 CR4: 0000000000350ee0 [ 280.031654] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 280.032787] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 [ 280.054560] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 280.055918] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 280.056813] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 280.057697] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00 [ 280.059922] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 280.061318] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 280.062320] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 280.064239] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 280.065327] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 280.066419] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 280.067500] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 280.068740] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 13:33:53 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r2, 0x5380) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, 0x0) r3 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x1, 0xd6c2}) ioctl$SCSI_IOCTL_DOORLOCK(r3, 0x5380) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000180000018000000", @ANYRES32=0xffffffffffffffff, @ANYRES64=r0]) r5 = getpgid(0xffffffffffffffff) perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x9, 0x4, 0x80, 0x1f, 0x0, 0x40, 0x208, 0x8, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xc1, 0x2, @perf_bp={&(0x7f0000000000), 0x9}, 0x0, 0x2, 0x1, 0x6, 0xfffffffffffffffe, 0x8, 0x7, 0x0, 0x0, 0x0, 0x1f}, r5, 0x5, 0xffffffffffffffff, 0x2) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000180)={'\x00', 0x200, 0x5, 0x10000, 0x7, 0x7fff}) syz_open_procfs(0x0, 0x0) 13:33:53 executing program 0: r0 = syz_io_uring_setup(0x2b2, &(0x7f0000000080)={0x0, 0xa3e1, 0x10, 0x2, 0xe}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000000)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x223da, &(0x7f0000000380)={0x0, 0xf58c, 0x1, 0x2, 0x165, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000004c0)=0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @empty}}) syz_io_uring_submit(0x0, r1, &(0x7f0000000480)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r2, 0x0, &(0x7f00000005c0)="453e92a679fd068458f8f106dec0496268466a0112e2a731235d0f169a80f6b506c05fde9e48c618dcbdcadc3ececa76247f8df996d7122834c72d1f9f39c6662e94094c02f7c05dbc70a7ddeafd6ba768e6907998b981c97c148b7dfb796cca54be2cfa14e57c9c5d135081065bb91cf20783c8ef5beb69515a8ad19e0a0f3290e50eaf64dc34126ec6c11cddef5a89eaa83147c442f2e8bae72dbfee4e87839ca9821b1248cc85a6fe37cb1378fc11a540cdaf54a813b26297507fc26cbd286950", 0xc2, 0x0, 0x1}, 0x5) syz_io_uring_setup(0x4169, &(0x7f0000000140)={0x0, 0x76d1, 0x8, 0x1, 0x30c}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) socket$inet_tcp(0x2, 0x1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[0xffffffffffffffff, r3], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r4, 0x0, 0x0, 0x87ffffc) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSKBMODE(r5, 0x4b4d, &(0x7f0000000100)) 13:33:53 executing program 1: r0 = syz_io_uring_setup(0x2b2, &(0x7f0000000080)={0x0, 0xa3e1, 0x10, 0x2, 0xe}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000000)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x223da, &(0x7f0000000380)={0x0, 0xf58c, 0x1, 0x2, 0x165, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000004c0)=0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @empty}}) syz_io_uring_submit(0x0, r1, &(0x7f0000000480)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r2, 0x0, &(0x7f00000005c0)="453e92a679fd068458f8f106dec0496268466a0112e2a731235d0f169a80f6b506c05fde9e48c618dcbdcadc3ececa76247f8df996d7122834c72d1f9f39c6662e94094c02f7c05dbc70a7ddeafd6ba768e6907998b981c97c148b7dfb796cca54be2cfa14e57c9c5d135081065bb91cf20783c8ef5beb69515a8ad19e0a0f3290e50eaf64dc34126ec6c11cddef5a89eaa83147c442f2e8bae72dbfee4e87839ca9821b1248cc85a6fe37cb1378fc11a540cdaf54a813b26297507fc26cbd286950", 0xc2, 0x0, 0x1}, 0x5) syz_io_uring_setup(0x4169, &(0x7f0000000140)={0x0, 0x76d1, 0x8, 0x1, 0x30c}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) socket$inet_tcp(0x2, 0x1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[0xffffffffffffffff, r3], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r4, 0x0, 0x0, 0x87ffffc) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSKBMODE(r5, 0x4b4d, &(0x7f0000000100)) 13:33:53 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', 0x400402, 0xa1) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000400)={0x4, 0x4, {0x3, @struct, 0x0, 0x7, 0x0, 0x6, 0x8080, 0x6, 0x48, @usage=0x7f, 0x9, 0xb60, [0x4, 0x100, 0x3, 0xfffffffffffffffc, 0x3, 0x5]}, {0x0, @struct={0x6cc, 0xff}, 0x0, 0x3, 0x9, 0x3, 0xffff, 0x9, 0x420, @struct={0x200, 0x3}, 0x1, 0xfffffffc, [0xfffffffffffffff9, 0x1, 0x8, 0x4, 0x2]}, {0x4, @usage=0x2, 0x0, 0x8, 0x0, 0x0, 0x7, 0x9, 0x440, @struct={0x1ff, 0x80000000}, 0x66a3311b, 0xfc7d, [0x9, 0x9, 0x4, 0xffffffffffffff0d, 0x3, 0x3]}, {0x7, 0x5608, 0x1}}) 13:33:53 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmget(0x3, 0x2000, 0x2, &(0x7f0000fee000/0x2000)=nil) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd273}, 0x0, 0xe, r1, 0xc) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x4, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) 13:33:53 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x10) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0', [{0x20, '\\$\x19&!\xb2(}'}, {}, {}]}, 0x16) fcntl$setpipe(r0, 0x407, 0x10001) 13:33:53 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000001cc0)={&(0x7f0000000580), 0x6e, &(0x7f0000001bc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) 13:33:53 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fadvise64(r0, 0x0, 0x0, 0x2) [ 280.869717] BUG: unable to handle page fault for address: ffffed100fffc000 [ 280.870365] #PF: supervisor write access in kernel mode [ 280.870785] #PF: error_code(0x0002) - not-present page [ 280.871233] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 280.871786] Oops: 0002 [#6] PREEMPT SMP KASAN NOPTI [ 280.872221] CPU: 1 PID: 10222 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 280.873015] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 280.873705] RIP: 0010:__memset+0x24/0x50 [ 280.874048] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 280.875508] RSP: 0018:ffff88803917fcc0 EFLAGS: 00010216 [ 280.875957] RAX: 0000000000000000 RBX: ffff88800bf61840 RCX: 1ffffe21fe5fc170 [ 280.876900] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 280.877921] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec308 [ 280.879140] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 280.880281] R13: ffff88800bf61840 R14: ffffffff815f27a0 R15: 1ffff1100111e61f [ 280.881456] FS: 00007fa0e2f27700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 280.882811] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 280.883674] CR2: ffffed100fffc000 CR3: 000000001983c000 CR4: 0000000000350ee0 [ 280.884718] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 280.885917] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 [ 280.887003] Call Trace: [ 280.887389] [ 280.887750] kasan_unpoison+0x23/0x60 [ 280.888330] mempool_exit+0x1c2/0x330 [ 280.888927] bioset_exit+0x2c9/0x630 [ 280.889630] ? _raw_spin_unlock_irq+0x1f/0x60 [ 280.890389] disk_release+0x143/0x490 13:33:54 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8943, &(0x7f0000000000)={'syz_tun\x00', 0x0}) [ 280.891098] ? disk_release+0x0/0x490 [ 280.891917] ? device_release+0x0/0x250 [ 280.892540] device_release+0xa2/0x250 [ 280.892962] ? device_release+0x0/0x250 [ 280.893329] kobject_put+0x173/0x280 [ 280.893675] put_device+0x1b/0x40 [ 280.894004] put_disk+0x41/0x60 [ 280.894362] loop_control_ioctl+0x4d1/0x630 [ 280.894919] ? loop_control_ioctl+0x0/0x630 [ 280.895329] ? selinux_file_ioctl+0xb1/0x270 [ 280.895746] ? loop_control_ioctl+0x0/0x630 [ 280.896145] __x64_sys_ioctl+0x19a/0x220 [ 280.896559] do_syscall_64+0x3b/0xa0 [ 280.897045] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 280.897590] RIP: 0033:0x7fa0e59b1b19 [ 280.897932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 280.899564] RSP: 002b:00007fa0e2f27188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 280.900393] RAX: ffffffffffffffda RBX: 00007fa0e5ac4f60 RCX: 00007fa0e59b1b19 [ 280.901052] RDX: 0000000000000005 RSI: 0000000000004c81 RDI: 0000000000000005 [ 280.901703] RBP: 00007fa0e5a0bf6d R08: 0000000000000000 R09: 0000000000000000 [ 280.902412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.903163] R13: 00007ffd7d0508df R14: 00007fa0e2f27300 R15: 0000000000022000 [ 280.903814] [ 280.904044] Modules linked in: [ 280.904346] CR2: ffffed100fffc000 [ 280.904670] ---[ end trace 0000000000000000 ]--- [ 280.905223] RIP: 0010:__memset+0x24/0x50 [ 280.905675] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 280.907272] RSP: 0018:ffff888041b37cc0 EFLAGS: 00010216 [ 280.907761] RAX: 0000000000000000 RBX: ffff88800bf610c0 RCX: 1ffffe21fe5fc152 [ 280.908393] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 280.909043] RBP: ffff88800bf843c0 R08: 0000000000000005 R09: ffffed10017ec218 [ 280.909727] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf843c0 [ 280.910419] R13: ffff88800bf610c0 R14: ffffffff815f27a0 R15: 1ffff1100111ca1f [ 280.911066] FS: 00007fa0e2f27700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 280.911806] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 280.912340] CR2: ffffed100fffc000 CR3: 000000001983c000 CR4: 0000000000350ee0 [ 280.912962] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 280.913557] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 13:33:54 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r2, 0x5380) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, 0x0) r3 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x1, 0xd6c2}) ioctl$SCSI_IOCTL_DOORLOCK(r3, 0x5380) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000180000018000000", @ANYRES32=0xffffffffffffffff, @ANYRES64=r0]) r5 = getpgid(0xffffffffffffffff) perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x9, 0x4, 0x80, 0x1f, 0x0, 0x40, 0x208, 0x8, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xc1, 0x2, @perf_bp={&(0x7f0000000000), 0x9}, 0x0, 0x2, 0x1, 0x6, 0xfffffffffffffffe, 0x8, 0x7, 0x0, 0x0, 0x0, 0x1f}, r5, 0x5, 0xffffffffffffffff, 0x2) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000180)={'\x00', 0x200, 0x5, 0x10000, 0x7, 0x7fff}) syz_open_procfs(0x0, 0x0) 13:33:54 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000001140)=ANY=[@ANYBLOB="2c0000001000010000000000000000000c00000002000000d0"], 0x2c}], 0x1}, 0x0) [ 280.992386] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 13:33:54 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) accept4$bt_l2cap(r0, 0x0, 0x0, 0x0) 13:33:54 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8943, &(0x7f0000000000)={'syz_tun\x00', 0x0}) 13:33:54 executing program 1: r0 = syz_io_uring_setup(0x2b2, &(0x7f0000000080)={0x0, 0xa3e1, 0x10, 0x2, 0xe}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000000)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x223da, &(0x7f0000000380)={0x0, 0xf58c, 0x1, 0x2, 0x165, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000004c0)=0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @empty}}) syz_io_uring_submit(0x0, r1, &(0x7f0000000480)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r2, 0x0, &(0x7f00000005c0)="453e92a679fd068458f8f106dec0496268466a0112e2a731235d0f169a80f6b506c05fde9e48c618dcbdcadc3ececa76247f8df996d7122834c72d1f9f39c6662e94094c02f7c05dbc70a7ddeafd6ba768e6907998b981c97c148b7dfb796cca54be2cfa14e57c9c5d135081065bb91cf20783c8ef5beb69515a8ad19e0a0f3290e50eaf64dc34126ec6c11cddef5a89eaa83147c442f2e8bae72dbfee4e87839ca9821b1248cc85a6fe37cb1378fc11a540cdaf54a813b26297507fc26cbd286950", 0xc2, 0x0, 0x1}, 0x5) syz_io_uring_setup(0x4169, &(0x7f0000000140)={0x0, 0x76d1, 0x8, 0x1, 0x30c}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) socket$inet_tcp(0x2, 0x1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[0xffffffffffffffff, r3], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r4, 0x0, 0x0, 0x87ffffc) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSKBMODE(r5, 0x4b4d, &(0x7f0000000100)) 13:33:54 executing program 0: r0 = syz_io_uring_setup(0x2b2, &(0x7f0000000080)={0x0, 0xa3e1, 0x10, 0x2, 0xe}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000000)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x223da, &(0x7f0000000380)={0x0, 0xf58c, 0x1, 0x2, 0x165, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000004c0)=0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @empty}}) syz_io_uring_submit(0x0, r1, &(0x7f0000000480)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r2, 0x0, &(0x7f00000005c0)="453e92a679fd068458f8f106dec0496268466a0112e2a731235d0f169a80f6b506c05fde9e48c618dcbdcadc3ececa76247f8df996d7122834c72d1f9f39c6662e94094c02f7c05dbc70a7ddeafd6ba768e6907998b981c97c148b7dfb796cca54be2cfa14e57c9c5d135081065bb91cf20783c8ef5beb69515a8ad19e0a0f3290e50eaf64dc34126ec6c11cddef5a89eaa83147c442f2e8bae72dbfee4e87839ca9821b1248cc85a6fe37cb1378fc11a540cdaf54a813b26297507fc26cbd286950", 0xc2, 0x0, 0x1}, 0x5) syz_io_uring_setup(0x4169, &(0x7f0000000140)={0x0, 0x76d1, 0x8, 0x1, 0x30c}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) socket$inet_tcp(0x2, 0x1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000800)=[0xffffffffffffffff, r3], 0x2) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r4, 0x0, 0x0, 0x87ffffc) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSKBMODE(r5, 0x4b4d, &(0x7f0000000100)) 13:33:54 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000001140)=ANY=[@ANYBLOB="2c0000001000010000000000000000000c00000002000000d0"], 0x2c}], 0x1}, 0x0) 13:33:54 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r2, 0x5380) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, 0x0) r3 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x1, 0xd6c2}) ioctl$SCSI_IOCTL_DOORLOCK(r3, 0x5380) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000180000018000000", @ANYRES32=0xffffffffffffffff, @ANYRES64=r0]) r5 = getpgid(0xffffffffffffffff) perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x9, 0x4, 0x80, 0x1f, 0x0, 0x40, 0x208, 0x8, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xc1, 0x2, @perf_bp={&(0x7f0000000000), 0x9}, 0x0, 0x2, 0x1, 0x6, 0xfffffffffffffffe, 0x8, 0x7, 0x0, 0x0, 0x0, 0x1f}, r5, 0x5, 0xffffffffffffffff, 0x2) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000180)={'\x00', 0x200, 0x5, 0x10000, 0x7, 0x7fff}) syz_open_procfs(0x0, 0x0) 13:33:54 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000001cc0)={&(0x7f0000000580), 0x6e, &(0x7f0000001bc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) [ 281.696347] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. VM DIAGNOSIS: 13:33:45 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=ffffffff816f4988 RCX=0000000000000001 RDX=1ffff110074c4eb1 RSI=ffff88803a627d68 RDI=ffffffff816f4988 RBP=ffff88803a627588 RSP=ffff88803a627500 R8 =ffffffff85ce1226 R9 =ffffffff85ce122a R10=ffffed10074c4eb3 R11=ffff88803a627570 R12=ffff88803a6275f8 R13=0000000000000000 R14=ffff888036481ac0 R15=ffff888016b14d10 RIP=ffffffff811e5e2b RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806d000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe152dc6c000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe152dc6a000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f74c075e368 CR3=000000003c10a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=322e6f732e6c6462696c2f756e672d78 XMM02=00322e6f732e6c6462696c2f756e672d XMM03=78756e696c2d34365f3638782f62696c XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82451091 RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff888041b374e0 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000066 R11=0000000000000001 R12=0000000000000066 R13=ffffffff879a19a0 R14=0000000000000010 R15=ffffffff82451080 RIP=ffffffff824510e9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fa0e2f27700 00000000 00000000 GS =0000 ffff88806d100000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe76c6a6f000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe76c6a6d000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed100fffc000 CR3=000000001503e000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00524f52524500400000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000