Warning: Permanently added '[localhost]:5603' (ECDSA) to the list of known hosts. 2023/03/27 11:23:24 fuzzer started 2023/03/27 11:23:24 dialing manager at localhost:45291 syzkaller login: [ 34.969965] cgroup: Unknown subsys name 'net' [ 35.083521] cgroup: Unknown subsys name 'rlimit' 2023/03/27 11:23:38 syscalls: 2217 2023/03/27 11:23:38 code coverage: enabled 2023/03/27 11:23:38 comparison tracing: enabled 2023/03/27 11:23:38 extra coverage: enabled 2023/03/27 11:23:38 setuid sandbox: enabled 2023/03/27 11:23:38 namespace sandbox: enabled 2023/03/27 11:23:38 Android sandbox: enabled 2023/03/27 11:23:38 fault injection: enabled 2023/03/27 11:23:38 leak checking: enabled 2023/03/27 11:23:38 net packet injection: enabled 2023/03/27 11:23:38 net device setup: enabled 2023/03/27 11:23:38 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/03/27 11:23:38 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/03/27 11:23:38 USB emulation: enabled 2023/03/27 11:23:38 hci packet injection: enabled 2023/03/27 11:23:38 wifi device emulation: enabled 2023/03/27 11:23:38 802.15.4 emulation: enabled 2023/03/27 11:23:38 fetching corpus: 0, signal 0/2000 (executing program) 2023/03/27 11:23:38 fetching corpus: 50, signal 31443/34821 (executing program) 2023/03/27 11:23:38 fetching corpus: 100, signal 45965/50608 (executing program) 2023/03/27 11:23:39 fetching corpus: 150, signal 53818/59758 (executing program) 2023/03/27 11:23:39 fetching corpus: 200, signal 59256/66464 (executing program) 2023/03/27 11:23:39 fetching corpus: 250, signal 64975/73269 (executing program) 2023/03/27 11:23:39 fetching corpus: 300, signal 69436/78856 (executing program) 2023/03/27 11:23:39 fetching corpus: 350, signal 75315/85651 (executing program) 2023/03/27 11:23:39 fetching corpus: 400, signal 80806/91954 (executing program) 2023/03/27 11:23:39 fetching corpus: 450, signal 83803/95904 (executing program) 2023/03/27 11:23:39 fetching corpus: 500, signal 86535/99551 (executing program) 2023/03/27 11:23:40 fetching corpus: 550, signal 91579/105137 (executing program) 2023/03/27 11:23:40 fetching corpus: 600, signal 94776/109066 (executing program) 2023/03/27 11:23:40 fetching corpus: 650, signal 97438/112502 (executing program) 2023/03/27 11:23:40 fetching corpus: 700, signal 101192/116849 (executing program) 2023/03/27 11:23:40 fetching corpus: 750, signal 103884/120122 (executing program) 2023/03/27 11:23:40 fetching corpus: 800, signal 107491/124175 (executing program) 2023/03/27 11:23:40 fetching corpus: 850, signal 109438/126770 (executing program) 2023/03/27 11:23:41 fetching corpus: 900, signal 111582/129458 (executing program) 2023/03/27 11:23:41 fetching corpus: 950, signal 113253/131782 (executing program) 2023/03/27 11:23:41 fetching corpus: 1000, signal 115182/134249 (executing program) 2023/03/27 11:23:41 fetching corpus: 1050, signal 118851/138097 (executing program) 2023/03/27 11:23:41 fetching corpus: 1100, signal 121700/141210 (executing program) 2023/03/27 11:23:41 fetching corpus: 1150, signal 123699/143645 (executing program) 2023/03/27 11:23:41 fetching corpus: 1200, signal 125469/145808 (executing program) 2023/03/27 11:23:41 fetching corpus: 1250, signal 127990/148518 (executing program) 2023/03/27 11:23:41 fetching corpus: 1300, signal 129882/150759 (executing program) 2023/03/27 11:23:42 fetching corpus: 1350, signal 131236/152514 (executing program) 2023/03/27 11:23:42 fetching corpus: 1400, signal 132868/154457 (executing program) 2023/03/27 11:23:42 fetching corpus: 1450, signal 134099/156096 (executing program) 2023/03/27 11:23:42 fetching corpus: 1500, signal 135482/157722 (executing program) 2023/03/27 11:23:42 fetching corpus: 1550, signal 137647/159945 (executing program) 2023/03/27 11:23:42 fetching corpus: 1600, signal 139573/161965 (executing program) 2023/03/27 11:23:42 fetching corpus: 1650, signal 141210/163793 (executing program) 2023/03/27 11:23:42 fetching corpus: 1700, signal 142767/165480 (executing program) 2023/03/27 11:23:43 fetching corpus: 1750, signal 144039/166989 (executing program) 2023/03/27 11:23:43 fetching corpus: 1800, signal 145975/168864 (executing program) 2023/03/27 11:23:43 fetching corpus: 1850, signal 148143/170804 (executing program) 2023/03/27 11:23:43 fetching corpus: 1900, signal 149216/172050 (executing program) 2023/03/27 11:23:43 fetching corpus: 1950, signal 150841/173643 (executing program) 2023/03/27 11:23:43 fetching corpus: 2000, signal 153373/175839 (executing program) 2023/03/27 11:23:43 fetching corpus: 2050, signal 154176/176910 (executing program) 2023/03/27 11:23:44 fetching corpus: 2100, signal 156137/178618 (executing program) 2023/03/27 11:23:44 fetching corpus: 2150, signal 157252/179812 (executing program) 2023/03/27 11:23:44 fetching corpus: 2200, signal 158151/180815 (executing program) 2023/03/27 11:23:44 fetching corpus: 2250, signal 159444/182052 (executing program) 2023/03/27 11:23:44 fetching corpus: 2300, signal 160610/183255 (executing program) 2023/03/27 11:23:44 fetching corpus: 2350, signal 161613/184241 (executing program) 2023/03/27 11:23:44 fetching corpus: 2400, signal 162793/185397 (executing program) 2023/03/27 11:23:44 fetching corpus: 2450, signal 163846/186397 (executing program) 2023/03/27 11:23:44 fetching corpus: 2500, signal 164581/187253 (executing program) 2023/03/27 11:23:44 fetching corpus: 2550, signal 165796/188328 (executing program) 2023/03/27 11:23:45 fetching corpus: 2600, signal 167332/189545 (executing program) 2023/03/27 11:23:45 fetching corpus: 2650, signal 168505/190532 (executing program) 2023/03/27 11:23:45 fetching corpus: 2700, signal 169294/191307 (executing program) 2023/03/27 11:23:45 fetching corpus: 2750, signal 170189/192120 (executing program) 2023/03/27 11:23:45 fetching corpus: 2800, signal 170994/192919 (executing program) 2023/03/27 11:23:45 fetching corpus: 2850, signal 171893/193682 (executing program) 2023/03/27 11:23:45 fetching corpus: 2900, signal 172662/194401 (executing program) 2023/03/27 11:23:45 fetching corpus: 2950, signal 173947/195316 (executing program) 2023/03/27 11:23:46 fetching corpus: 3000, signal 175035/196110 (executing program) 2023/03/27 11:23:46 fetching corpus: 3050, signal 176115/196911 (executing program) 2023/03/27 11:23:46 fetching corpus: 3100, signal 176566/197384 (executing program) 2023/03/27 11:23:46 fetching corpus: 3150, signal 177484/198099 (executing program) 2023/03/27 11:23:46 fetching corpus: 3200, signal 178185/198690 (executing program) 2023/03/27 11:23:46 fetching corpus: 3250, signal 178650/199175 (executing program) 2023/03/27 11:23:46 fetching corpus: 3300, signal 179253/199715 (executing program) 2023/03/27 11:23:46 fetching corpus: 3350, signal 179789/200230 (executing program) 2023/03/27 11:23:46 fetching corpus: 3400, signal 180594/200837 (executing program) 2023/03/27 11:23:47 fetching corpus: 3450, signal 181229/201341 (executing program) 2023/03/27 11:23:47 fetching corpus: 3500, signal 181986/201884 (executing program) 2023/03/27 11:23:47 fetching corpus: 3550, signal 182751/202411 (executing program) 2023/03/27 11:23:47 fetching corpus: 3600, signal 183680/202978 (executing program) 2023/03/27 11:23:47 fetching corpus: 3650, signal 184338/203438 (executing program) 2023/03/27 11:23:47 fetching corpus: 3700, signal 185118/203939 (executing program) 2023/03/27 11:23:47 fetching corpus: 3750, signal 186629/204599 (executing program) 2023/03/27 11:23:47 fetching corpus: 3800, signal 187544/205072 (executing program) 2023/03/27 11:23:48 fetching corpus: 3850, signal 188476/205541 (executing program) 2023/03/27 11:23:48 fetching corpus: 3900, signal 189042/205906 (executing program) 2023/03/27 11:23:48 fetching corpus: 3950, signal 190027/206340 (executing program) 2023/03/27 11:23:48 fetching corpus: 4000, signal 190945/206762 (executing program) 2023/03/27 11:23:48 fetching corpus: 4050, signal 191700/207136 (executing program) 2023/03/27 11:23:48 fetching corpus: 4100, signal 192075/207401 (executing program) 2023/03/27 11:23:48 fetching corpus: 4150, signal 192820/207770 (executing program) 2023/03/27 11:23:48 fetching corpus: 4200, signal 193147/208046 (executing program) 2023/03/27 11:23:49 fetching corpus: 4250, signal 193600/208307 (executing program) 2023/03/27 11:23:49 fetching corpus: 4300, signal 194480/208650 (executing program) 2023/03/27 11:23:49 fetching corpus: 4350, signal 194927/208878 (executing program) 2023/03/27 11:23:49 fetching corpus: 4400, signal 195482/209094 (executing program) 2023/03/27 11:23:49 fetching corpus: 4450, signal 196103/209348 (executing program) 2023/03/27 11:23:49 fetching corpus: 4500, signal 196768/209599 (executing program) 2023/03/27 11:23:49 fetching corpus: 4550, signal 197742/209871 (executing program) 2023/03/27 11:23:49 fetching corpus: 4600, signal 198364/210082 (executing program) 2023/03/27 11:23:50 fetching corpus: 4650, signal 198866/210278 (executing program) 2023/03/27 11:23:50 fetching corpus: 4700, signal 199474/210439 (executing program) 2023/03/27 11:23:50 fetching corpus: 4750, signal 199952/210609 (executing program) 2023/03/27 11:23:50 fetching corpus: 4800, signal 200720/210779 (executing program) 2023/03/27 11:23:50 fetching corpus: 4850, signal 201443/210938 (executing program) 2023/03/27 11:23:50 fetching corpus: 4900, signal 201896/211079 (executing program) 2023/03/27 11:23:50 fetching corpus: 4950, signal 202521/211222 (executing program) 2023/03/27 11:23:51 fetching corpus: 5000, signal 203082/211350 (executing program) 2023/03/27 11:23:51 fetching corpus: 5050, signal 203438/211450 (executing program) 2023/03/27 11:23:51 fetching corpus: 5100, signal 204047/211560 (executing program) 2023/03/27 11:23:51 fetching corpus: 5150, signal 204557/211643 (executing program) 2023/03/27 11:23:51 fetching corpus: 5200, signal 205191/211710 (executing program) 2023/03/27 11:23:51 fetching corpus: 5250, signal 205851/211771 (executing program) 2023/03/27 11:23:51 fetching corpus: 5300, signal 206255/211786 (executing program) 2023/03/27 11:23:51 fetching corpus: 5350, signal 206692/211786 (executing program) 2023/03/27 11:23:51 fetching corpus: 5400, signal 207093/211786 (executing program) 2023/03/27 11:23:52 fetching corpus: 5450, signal 207647/211786 (executing program) 2023/03/27 11:23:52 fetching corpus: 5500, signal 208513/211786 (executing program) 2023/03/27 11:23:52 fetching corpus: 5533, signal 208839/211786 (executing program) 2023/03/27 11:23:52 fetching corpus: 5533, signal 208839/211786 (executing program) 2023/03/27 11:23:54 starting 8 fuzzer processes 11:23:54 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x18, 0x3a, 0xff, @local, @local, {[], @ndisc_ns={0x87, 0x0, 0x0, @remote, [{0x0, 0x0, "3ff3"}]}}}}}}, 0x0) 11:23:54 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0) [ 64.572086] audit: type=1400 audit(1679916234.730:6): avc: denied { execmem } for pid=259 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:23:54 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x121042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0, 0x1) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="dbf225f5a4", 0x5}, {&(0x7f0000000240)}], 0x2, 0x8001, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000040)) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) r4 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000005d80)=ANY=[@ANYBLOB="010000000100000018", @ANYRES32=r4, @ANYBLOB="058000000000004000"]) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4, @perf_config_ext={0x203}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3800000000000}, 0x0, 0xffffffffffffffff, r4, 0x0) sendfile(r2, r2, 0x0, 0x100000) 11:23:54 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000180)=0x4, 0x4) sendmmsg$sock(r0, &(0x7f0000002d40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000140)="eaec", 0xffec}], 0x1}}], 0x1, 0x0) 11:23:54 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000000c0)=0x3, 0x4) sendmmsg$inet(r0, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="1a", 0x1}], 0x1}}], 0x1, 0x0) 11:23:54 executing program 5: pwritev(0xffffffffffffffff, 0x0, 0x54, 0xfffffffe, 0x3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(0xffffffffffffffff, 0x942e, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r3, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x124}}, './file1\x00'}) fcntl$setpipe(r4, 0x407, 0x3372) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x203}, 0x0, 0xf223, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3800000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, 0x0, 0x100000) 11:23:54 executing program 6: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8970, &(0x7f0000000000)={'sit0\x00', 0x0}) 11:23:54 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) close(r0) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) [ 65.743371] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.746309] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.747692] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.761155] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.762697] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.764048] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.932363] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 65.935301] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 65.936893] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 65.939461] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.941330] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 65.942678] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 65.948308] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 65.949984] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 65.951202] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 65.956112] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 65.957655] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 65.958974] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 65.959986] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 65.963955] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 65.965060] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 65.971068] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 65.972084] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 65.972967] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.978626] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 65.979691] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.983142] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 65.984264] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 65.985543] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 65.988020] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 65.989493] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 65.990559] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 65.992111] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 65.993478] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.995094] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.998755] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 66.002845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 66.003807] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 66.023720] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 66.027531] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 66.028495] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 66.029377] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 66.052113] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 66.053297] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 66.062259] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 66.063366] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 66.063470] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 66.065443] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.829414] Bluetooth: hci0: command 0x0409 tx timeout [ 68.020996] Bluetooth: hci6: command 0x0409 tx timeout [ 68.021530] Bluetooth: hci7: command 0x0409 tx timeout [ 68.021984] Bluetooth: hci4: command 0x0409 tx timeout [ 68.022409] Bluetooth: hci5: command 0x0409 tx timeout [ 68.083914] Bluetooth: hci3: command 0x0409 tx timeout [ 68.148924] Bluetooth: hci2: command 0x0409 tx timeout [ 68.149569] Bluetooth: hci1: command 0x0409 tx timeout [ 69.876894] Bluetooth: hci0: command 0x041b tx timeout [ 70.068531] Bluetooth: hci5: command 0x041b tx timeout [ 70.069862] Bluetooth: hci4: command 0x041b tx timeout [ 70.070551] Bluetooth: hci7: command 0x041b tx timeout [ 70.071340] Bluetooth: hci6: command 0x041b tx timeout [ 70.133665] Bluetooth: hci3: command 0x041b tx timeout [ 70.196005] Bluetooth: hci1: command 0x041b tx timeout [ 70.196717] Bluetooth: hci2: command 0x041b tx timeout [ 71.923869] Bluetooth: hci0: command 0x040f tx timeout [ 72.115885] Bluetooth: hci6: command 0x040f tx timeout [ 72.116295] Bluetooth: hci7: command 0x040f tx timeout [ 72.116651] Bluetooth: hci4: command 0x040f tx timeout [ 72.117461] Bluetooth: hci5: command 0x040f tx timeout [ 72.180881] Bluetooth: hci3: command 0x040f tx timeout [ 72.243914] Bluetooth: hci2: command 0x040f tx timeout [ 72.244326] Bluetooth: hci1: command 0x040f tx timeout [ 73.971988] Bluetooth: hci0: command 0x0419 tx timeout [ 74.164092] Bluetooth: hci5: command 0x0419 tx timeout [ 74.164964] Bluetooth: hci4: command 0x0419 tx timeout [ 74.165715] Bluetooth: hci7: command 0x0419 tx timeout [ 74.166649] Bluetooth: hci6: command 0x0419 tx timeout [ 74.228731] Bluetooth: hci3: command 0x0419 tx timeout [ 74.291911] Bluetooth: hci1: command 0x0419 tx timeout [ 74.292680] Bluetooth: hci2: command 0x0419 tx timeout [ 108.288515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.289216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.290427] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 108.412740] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.413352] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.414588] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 109.281698] audit: type=1400 audit(1679916279.440:7): avc: denied { open } for pid=3683 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 109.283090] audit: type=1400 audit(1679916279.440:8): avc: denied { kernel } for pid=3683 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:24:39 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) close(r0) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) 11:24:39 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) close(r0) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) 11:24:39 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) close(r0) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) 11:24:39 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) close(r0) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) 11:24:39 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) close(r0) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) 11:24:40 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) close(r0) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) 11:24:40 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) close(r0) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) 11:24:40 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) close(r0) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) [ 110.178285] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.178901] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.180281] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 110.233025] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.233615] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.234939] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 110.314269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.315117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.316319] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 110.414303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.414922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.416274] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 111.089359] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.090317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.091704] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 111.215845] hrtimer: interrupt took 29245 ns [ 111.222240] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.222771] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.224096] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 111.871297] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.872194] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.873376] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 111.934775] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.935426] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.937350] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 112.006609] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.007227] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.008360] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 112.093833] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.094438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.095955] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 112.210101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.210725] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.212335] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 112.268037] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.268624] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.270154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 112.336031] IPv4: Oversized IP packet from 172.20.20.10 [ 112.340569] IPv4: Oversized IP packet from 172.20.20.10 [ 112.351186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.351792] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.353727] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 112.386878] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.387487] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.389463] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:24:43 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x80000) close(r0) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) 11:24:43 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000000c0)=0x3, 0x4) sendmmsg$inet(r0, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="1a", 0x1}], 0x1}}], 0x1, 0x0) 11:24:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000180)=0x4, 0x4) sendmmsg$sock(r0, &(0x7f0000002d40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000140)="eaec", 0xffec}], 0x1}}], 0x1, 0x0) 11:24:43 executing program 5: pwritev(0xffffffffffffffff, 0x0, 0x54, 0xfffffffe, 0x3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(0xffffffffffffffff, 0x942e, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r3, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x124}}, './file1\x00'}) fcntl$setpipe(r4, 0x407, 0x3372) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x203}, 0x0, 0xf223, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3800000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, 0x0, 0x100000) 11:24:43 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0) 11:24:43 executing program 6: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8970, &(0x7f0000000000)={'sit0\x00', 0x0}) 11:24:43 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x18, 0x3a, 0xff, @local, @local, {[], @ndisc_ns={0x87, 0x0, 0x0, @remote, [{0x0, 0x0, "3ff3"}]}}}}}}, 0x0) 11:24:43 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0) [ 112.913803] IPv4: Oversized IP packet from 172.20.20.10 11:24:43 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000000c0)=0x3, 0x4) sendmmsg$inet(r0, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="1a", 0x1}], 0x1}}], 0x1, 0x0) 11:24:43 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x18, 0x3a, 0xff, @local, @local, {[], @ndisc_ns={0x87, 0x0, 0x0, @remote, [{0x0, 0x0, "3ff3"}]}}}}}}, 0x0) 11:24:43 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0) 11:24:43 executing program 6: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8970, &(0x7f0000000000)={'sit0\x00', 0x0}) 11:24:43 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0) 11:24:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000180)=0x4, 0x4) sendmmsg$sock(r0, &(0x7f0000002d40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000140)="eaec", 0xffec}], 0x1}}], 0x1, 0x0) 11:24:43 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000000c0)=0x3, 0x4) sendmmsg$inet(r0, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="1a", 0x1}], 0x1}}], 0x1, 0x0) 11:24:43 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0) 11:24:43 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x18, 0x3a, 0xff, @local, @local, {[], @ndisc_ns={0x87, 0x0, 0x0, @remote, [{0x0, 0x0, "3ff3"}]}}}}}}, 0x0) 11:24:43 executing program 6: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8970, &(0x7f0000000000)={'sit0\x00', 0x0}) 11:24:43 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000100)={0x0, 0x0}) 11:24:43 executing program 5: pwritev(0xffffffffffffffff, 0x0, 0x54, 0xfffffffe, 0x3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(0xffffffffffffffff, 0x942e, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r3, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x124}}, './file1\x00'}) fcntl$setpipe(r4, 0x407, 0x3372) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x203}, 0x0, 0xf223, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3800000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, 0x0, 0x100000) [ 113.266066] IPv4: Oversized IP packet from 172.20.20.10 11:24:43 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0) 11:24:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000180)=0x4, 0x4) sendmmsg$sock(r0, &(0x7f0000002d40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000140)="eaec", 0xffec}], 0x1}}], 0x1, 0x0) [ 113.359750] IPv4: Oversized IP packet from 172.20.20.10 [ 113.658594] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4000 'syz-executor.2' 11:24:43 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigqueueinfo(r0, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x1000}) 11:24:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x5460, &(0x7f0000000340)) 11:24:43 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000100)={0x0, 0x0}) 11:24:43 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3ff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4040, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8040000) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) 11:24:43 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000300)="200000000002000019000000900100000f000000000000000000000004000000000002000020000020000000d1f4655fd1f4655f0100ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f00000002c0)) 11:24:43 executing program 5: pwritev(0xffffffffffffffff, 0x0, 0x54, 0xfffffffe, 0x3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(0xffffffffffffffff, 0x942e, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r3, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x124}}, './file1\x00'}) fcntl$setpipe(r4, 0x407, 0x3372) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x203}, 0x0, 0xf223, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3800000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, 0x0, 0x100000) 11:24:43 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000100)={0x0, 0x0}) 11:24:43 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) sendmmsg$inet(r1, &(0x7f0000005f00)=[{{&(0x7f0000000180)={0x2, 0x4e24, @dev}, 0x10, 0x0}}, {{&(0x7f0000000380)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x10}}, @ip_ttl={{0x14}}], 0x28}}], 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 113.673605] loop2: detected capacity change from 0 to 4 [ 113.683240] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 113.683912] EXT4-fs (loop2): fragment/cluster size (16384) != block size (1024) [ 113.696682] loop2: detected capacity change from 0 to 4 [ 113.699675] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 113.700241] EXT4-fs (loop2): fragment/cluster size (16384) != block size (1024) 11:24:43 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000100)={0x0, 0x0}) 11:24:43 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000100)={0x0, 0x0}) 11:24:43 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x5460, &(0x7f0000000340)) [ 113.786316] loop2: detected capacity change from 0 to 4 [ 113.788133] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 113.788663] EXT4-fs (loop2): fragment/cluster size (16384) != block size (1024) 11:24:43 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3ff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4040, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8040000) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) 11:24:43 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigqueueinfo(r0, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x1000}) 11:24:43 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000300)="200000000002000019000000900100000f000000000000000000000004000000000002000020000020000000d1f4655fd1f4655f0100ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f00000002c0)) 11:24:43 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) sendmmsg$inet(r1, &(0x7f0000005f00)=[{{&(0x7f0000000180)={0x2, 0x4e24, @dev}, 0x10, 0x0}}, {{&(0x7f0000000380)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x10}}, @ip_ttl={{0x14}}], 0x28}}], 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 11:24:43 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000100)={0x0, 0x0}) 11:24:43 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000100)={0x0, 0x0}) 11:24:44 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000300)="200000000002000019000000900100000f000000000000000000000004000000000002000020000020000000d1f4655fd1f4655f0100ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f00000002c0)) 11:24:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x5460, &(0x7f0000000340)) [ 114.592180] loop2: detected capacity change from 0 to 4 [ 114.619247] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 114.620250] EXT4-fs (loop2): fragment/cluster size (16384) != block size (1024) 11:24:44 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigqueueinfo(r0, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x1000}) 11:24:44 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) sendmmsg$inet(r1, &(0x7f0000005f00)=[{{&(0x7f0000000180)={0x2, 0x4e24, @dev}, 0x10, 0x0}}, {{&(0x7f0000000380)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x10}}, @ip_ttl={{0x14}}], 0x28}}], 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 11:24:44 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3ff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4040, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8040000) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) 11:24:44 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0) 11:24:44 executing program 7: mount_setattr(0xffffffffffffff9c, 0x0, 0xa100, 0x0, 0x0) 11:24:44 executing program 7: mount_setattr(0xffffffffffffff9c, 0x0, 0xa100, 0x0, 0x0) 11:24:44 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0) 11:24:44 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3ff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4040, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8040000) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) 11:24:44 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) sendmmsg$inet(r1, &(0x7f0000005f00)=[{{&(0x7f0000000180)={0x2, 0x4e24, @dev}, 0x10, 0x0}}, {{&(0x7f0000000380)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x10}}, @ip_ttl={{0x14}}], 0x28}}], 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 11:24:44 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000300)="200000000002000019000000900100000f000000000000000000000004000000000002000020000020000000d1f4655fd1f4655f0100ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f00000002c0)) 11:24:44 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x5460, &(0x7f0000000340)) 11:24:44 executing program 7: mount_setattr(0xffffffffffffff9c, 0x0, 0xa100, 0x0, 0x0) 11:24:44 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigqueueinfo(r0, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x1000}) [ 114.774143] loop2: detected capacity change from 0 to 4 [ 114.777793] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 114.778492] EXT4-fs (loop2): fragment/cluster size (16384) != block size (1024) 11:24:44 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0) 11:24:44 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffff13, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x9}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(r2, r1) 11:24:44 executing program 7: mount_setattr(0xffffffffffffff9c, 0x0, 0xa100, 0x0, 0x0) 11:24:45 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000008480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000006740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 11:24:45 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffff13, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x9}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(r2, r1) 11:24:45 executing program 0: mremap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ffa000/0x4000)=nil) msgsnd(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02"], 0xfd1, 0x0) 11:24:45 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xfffffdef, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @remote}, @redirect={0x4, 0x0, 0x0, @multicast1, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1, @local, {[@rr={0x7, 0x13, 0x0, [@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr, @multicast2]}, @rr={0x7, 0x2b, 0x0, [@dev, @rand_addr, @private, @loopback, @empty, @remote, @empty, @loopback, @local, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}}}, 0x0) 11:24:45 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000600)='/proc/cpuinfo\x00', 0x0, 0x0) 11:24:45 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0) 11:24:45 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x2, &(0x7f0000000200)=[{0x14}, {0x6}]}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 11:24:45 executing program 3: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000000)={0x2005}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='status\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000100)) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 115.798550] audit: type=1326 audit(1679916285.957:9): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4086 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f150f3c4b19 code=0x0 11:24:45 executing program 0: mremap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ffa000/0x4000)=nil) msgsnd(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02"], 0xfd1, 0x0) [ 115.840225] general protection fault, probably for non-canonical address 0xdffffc0004000028: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 115.841008] KASAN: probably user-memory-access in range [0x0000000020000140-0x0000000020000147] [ 115.841606] CPU: 1 PID: 4089 Comm: syz-executor.3 Not tainted 6.3.0-rc3-next-20230327 #1 [ 115.842174] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.844824] RIP: 0010:do_iter_read+0x481/0x750 [ 115.846491] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 115.847701] RSP: 0018:ffff88803e597c78 EFLAGS: 00010216 [ 115.848082] RAX: 0000000020000140 RBX: ffff88803e597d60 RCX: ffffc900037df000 [ 115.848558] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 115.849068] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 115.849728] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88801f654a00 [ 115.850395] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 115.851072] FS: 00007fe395b2b700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 115.851822] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.852378] CR2: 00007ffc6a027e08 CR3: 000000003ef8e000 CR4: 0000000000350ee0 [ 115.853041] Call Trace: [ 115.853291] [ 115.853516] ? import_iovec+0x87/0xb0 [ 115.853891] vfs_readv+0xe5/0x160 [ 115.854246] ? __pfx_vfs_readv+0x10/0x10 [ 115.854646] ? __fget_files+0x24e/0x480 [ 115.855031] ? lock_release+0x1e3/0x680 [ 115.855435] ? __schedule+0x995/0x2a00 [ 115.855830] ? __fget_files+0x270/0x480 [ 115.856232] __x64_sys_preadv+0x233/0x310 [ 115.856643] ? __pfx___x64_sys_preadv+0x10/0x10 [ 115.857100] ? lockdep_hardirqs_on_prepare+0x27b/0x3f0 [ 115.857615] do_syscall_64+0x3f/0x90 [ 115.857979] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 115.858475] RIP: 0033:0x7fe3985b5b19 [ 115.858836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.860543] RSP: 002b:00007fe395b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 115.861203] RAX: ffffffffffffffda RBX: 00007fe3986c8f60 RCX: 00007fe3985b5b19 [ 115.861720] RDX: 0000000000000001 RSI: 0000000020001140 RDI: 0000000000000006 [ 115.862234] RBP: 00007fe39860ff6d R08: 0000000000000000 R09: 0000000000000000 [ 115.862746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.863257] R13: 00007ffca0c553ef R14: 00007fe395b2b300 R15: 0000000000022000 [ 115.863774] [ 115.863950] Modules linked in: [ 115.864228] ---[ end trace 0000000000000000 ]--- [ 115.864578] RIP: 0010:do_iter_read+0x481/0x750 [ 115.864933] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 115.866242] RSP: 0018:ffff88803e597c78 EFLAGS: 00010216 [ 115.866621] RAX: 0000000020000140 RBX: ffff88803e597d60 RCX: ffffc900037df000 [ 115.867149] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 115.867680] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 115.868199] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88801f654a00 [ 115.868698] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 115.869214] FS: 00007fe395b2b700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 115.869779] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.870206] CR2: 00007ffc6a027e08 CR3: 000000003ef8e000 CR4: 0000000000350ee0 11:24:46 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6dc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000040)=0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) stat(&(0x7f0000000240)='./file1\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r3, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = getgid() r6 = getegid() fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="02000000010001000000000002000400", @ANYRES32=r3, @ANYBLOB="02000400", @ANYRES32=0xee00, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32, @ANYBLOB="040000000000000008000200", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00', @ANYRES32, @ANYBLOB="08000400", @ANYRES32=0xee00, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="08000400", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="10000000000000002000000000000000"], 0x8c, 0x1) setresuid(r2, r2, r3) getgid() getegid() 11:24:46 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) readv(r1, 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) 11:24:46 executing program 7: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) flock(r0, 0x2) [ 115.902507] audit: type=1400 audit(1679916286.061:10): avc: denied { write } for pid=4093 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:24:46 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000008480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000006740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 11:24:46 executing program 0: mremap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ffa000/0x4000)=nil) msgsnd(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02"], 0xfd1, 0x0) 11:24:46 executing program 7: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) flock(r0, 0x2) 11:24:46 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) readv(r1, 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) 11:24:46 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000008480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000006740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 11:24:46 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffff13, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x9}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(r2, r1) 11:24:46 executing program 7: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) flock(r0, 0x2) 11:24:46 executing program 0: mremap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ffa000/0x4000)=nil) msgsnd(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02"], 0xfd1, 0x0) 11:24:46 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) readv(r1, 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) 11:24:46 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6dc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000040)=0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) stat(&(0x7f0000000240)='./file1\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r3, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = getgid() r6 = getegid() fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="02000000010001000000000002000400", @ANYRES32=r3, @ANYBLOB="02000400", @ANYRES32=0xee00, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32, @ANYBLOB="040000000000000008000200", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00', @ANYRES32, @ANYBLOB="08000400", @ANYRES32=0xee00, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="08000400", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="10000000000000002000000000000000"], 0x8c, 0x1) setresuid(r2, r2, r3) getgid() getegid() [ 116.633283] audit: type=1326 audit(1679916286.792:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4086 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f150f3c4b19 code=0x0 [ 116.662378] general protection fault, probably for non-canonical address 0xdffffc0004000028: 0000 [#2] PREEMPT SMP KASAN NOPTI [ 116.663799] KASAN: probably user-memory-access in range [0x0000000020000140-0x0000000020000147] [ 116.664853] CPU: 0 PID: 4110 Comm: syz-executor.3 Tainted: G D 6.3.0-rc3-next-20230327 #1 [ 116.665991] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.666976] RIP: 0010:do_iter_read+0x481/0x750 [ 116.667560] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 116.669726] RSP: 0018:ffff88804182fc78 EFLAGS: 00010216 [ 116.670374] RAX: 0000000020000140 RBX: ffff88804182fd60 RCX: ffffc900041e4000 [ 116.671235] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 116.672121] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 116.672959] R10: 0000000000001000 R11: 0000000000000001 R12: ffff888016414000 [ 116.673799] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 116.674639] FS: 00007fe395b0a700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 116.675584] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.676283] CR2: 00007fe395ac7ff8 CR3: 000000003ef8e000 CR4: 0000000000350ef0 [ 116.677118] Call Trace: [ 116.677431] [ 116.677718] ? import_iovec+0x87/0xb0 [ 116.678195] vfs_readv+0xe5/0x160 [ 116.678638] ? __pfx_vfs_readv+0x10/0x10 [ 116.679144] ? lock_release+0x4d8/0x680 [ 116.679652] ? do_futex+0x13a/0x380 [ 116.680152] ? __fget_files+0x270/0x480 [ 116.680643] __x64_sys_preadv+0x233/0x310 [ 116.681163] ? __pfx___x64_sys_preadv+0x10/0x10 [ 116.681739] ? switch_fpu_return+0x157/0x2e0 [ 116.682295] do_syscall_64+0x3f/0x90 [ 116.682767] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 116.683397] RIP: 0033:0x7fe3985b5b19 [ 116.683852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 116.685971] RSP: 002b:00007fe395b0a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 116.686869] RAX: ffffffffffffffda RBX: 00007fe3986c9020 RCX: 00007fe3985b5b19 [ 116.687714] RDX: 0000000000000001 RSI: 0000000020001140 RDI: 0000000000000006 [ 116.688565] RBP: 00007fe39860ff6d R08: 0000000000000000 R09: 0000000000000000 [ 116.689407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.690245] R13: 00007ffca0c553ef R14: 00007fe395b0a300 R15: 0000000000022000 [ 116.691103] [ 116.691391] Modules linked in: [ 116.691860] ---[ end trace 0000000000000000 ]--- [ 116.692450] RIP: 0010:do_iter_read+0x481/0x750 [ 116.693068] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 116.695267] RSP: 0018:ffff88803e597c78 EFLAGS: 00010216 [ 116.695961] RAX: 0000000020000140 RBX: ffff88803e597d60 RCX: ffffc900037df000 [ 116.696853] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 116.697717] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 116.698590] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88801f654a00 [ 116.699460] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 116.700342] FS: 00007fe395b0a700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 116.701320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.702038] CR2: 00007fe395ac7ff8 CR3: 000000003ef8e000 CR4: 0000000000350ef0 11:24:46 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x2, &(0x7f0000000200)=[{0x14}, {0x6}]}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) [ 116.749113] audit: type=1326 audit(1679916286.908:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4134 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f150f3c4b19 code=0x0 11:24:47 executing program 7: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) flock(r0, 0x2) 11:24:47 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000008480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000006740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 11:24:47 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6dc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000040)=0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) stat(&(0x7f0000000240)='./file1\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r3, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = getgid() r6 = getegid() fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="02000000010001000000000002000400", @ANYRES32=r3, @ANYBLOB="02000400", @ANYRES32=0xee00, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32, @ANYBLOB="040000000000000008000200", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00', @ANYRES32, @ANYBLOB="08000400", @ANYRES32=0xee00, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="08000400", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="10000000000000002000000000000000"], 0x8c, 0x1) setresuid(r2, r2, r3) getgid() getegid() 11:24:47 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) readv(r1, 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) 11:24:47 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffff13, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x9}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(r2, r1) 11:24:47 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6dc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000040)=0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) stat(&(0x7f0000000240)='./file1\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r3, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = getgid() r6 = getegid() fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="02000000010001000000000002000400", @ANYRES32=r3, @ANYBLOB="02000400", @ANYRES32=0xee00, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32, @ANYBLOB="040000000000000008000200", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00', @ANYRES32, @ANYBLOB="08000400", @ANYRES32=0xee00, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="08000400", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="10000000000000002000000000000000"], 0x8c, 0x1) setresuid(r2, r2, r3) getgid() getegid() 11:24:47 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x2, &(0x7f0000000200)=[{0x14}, {0x6}]}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 11:24:47 executing program 3: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000000)={0x2005}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='status\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000100)) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 117.687384] audit: type=1326 audit(1679916287.846:13): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4143 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f150f3c4b19 code=0x0 [ 117.724680] general protection fault, probably for non-canonical address 0xdffffc0004000028: 0000 [#3] PREEMPT SMP KASAN NOPTI [ 117.726210] KASAN: probably user-memory-access in range [0x0000000020000140-0x0000000020000147] [ 117.727342] CPU: 1 PID: 4152 Comm: syz-executor.3 Tainted: G D 6.3.0-rc3-next-20230327 #1 [ 117.728591] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.729658] RIP: 0010:do_iter_read+0x481/0x750 [ 117.730292] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 117.732687] RSP: 0018:ffff888041b47c78 EFLAGS: 00010216 [ 117.733410] RAX: 0000000020000140 RBX: ffff888041b47d60 RCX: ffffc900037df000 [ 117.734363] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 117.735303] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 117.736261] R10: 0000000000001000 R11: 0000000000000001 R12: ffff888015bf1400 [ 117.737195] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 117.738137] FS: 00007fe395b2b700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 117.739209] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.740008] CR2: 0000001b2c329000 CR3: 000000000c468000 CR4: 0000000000350ee0 [ 117.740962] Call Trace: [ 117.741320] [ 117.741643] vfs_readv+0xe5/0x160 [ 117.742138] ? __pfx_vfs_readv+0x10/0x10 [ 117.742702] ? lock_release+0x4d8/0x680 [ 117.743272] ? finish_task_switch.isra.0+0x203/0x830 [ 117.743991] ? trace_hardirqs_on+0x16/0x100 [ 117.744610] ? __schedule+0x995/0x2a00 [ 117.745199] ? __fget_files+0x270/0x480 [ 117.745783] __x64_sys_preadv+0x233/0x310 [ 117.746396] ? __pfx___x64_sys_preadv+0x10/0x10 [ 117.747085] do_syscall_64+0x3f/0x90 [ 117.747631] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 117.748381] RIP: 0033:0x7fe3985b5b19 [ 117.748914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.751430] RSP: 002b:00007fe395b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 117.752513] RAX: ffffffffffffffda RBX: 00007fe3986c8f60 RCX: 00007fe3985b5b19 [ 117.753508] RDX: 0000000000000001 RSI: 0000000020001140 RDI: 0000000000000006 [ 117.754500] RBP: 00007fe39860ff6d R08: 0000000000000000 R09: 0000000000000000 [ 117.755506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.756487] R13: 00007ffca0c553ef R14: 00007fe395b2b300 R15: 0000000000022000 [ 117.757443] [ 117.757762] Modules linked in: [ 117.758962] ---[ end trace 0000000000000000 ]--- [ 117.759597] RIP: 0010:do_iter_read+0x481/0x750 [ 117.760441] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 117.762805] RSP: 0018:ffff88803e597c78 EFLAGS: 00010216 [ 117.763553] RAX: 0000000020000140 RBX: ffff88803e597d60 RCX: ffffc900037df000 [ 117.764520] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 117.765466] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 117.766407] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88801f654a00 [ 117.767340] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 117.768290] FS: 00007fe395b2b700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 117.769352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.770125] CR2: 0000001b2c329000 CR3: 000000000c468000 CR4: 0000000000350ee0 11:24:48 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000008480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000006740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 11:24:48 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x2, &(0x7f0000000200)=[{0x14}, {0x6}]}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 11:24:48 executing program 4: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000000)={0x2005}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='status\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000100)) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:24:48 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000008480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000006740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 11:24:48 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6dc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000040)=0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) stat(&(0x7f0000000240)='./file1\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r3, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = getgid() r6 = getegid() fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="02000000010001000000000002000400", @ANYRES32=r3, @ANYBLOB="02000400", @ANYRES32=0xee00, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32, @ANYBLOB="040000000000000008000200", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00', @ANYRES32, @ANYBLOB="08000400", @ANYRES32=0xee00, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="08000400", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="10000000000000002000000000000000"], 0x8c, 0x1) setresuid(r2, r2, r3) getgid() getegid() 11:24:48 executing program 3: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000000)={0x2005}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='status\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000100)) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:24:48 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6dc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000040)=0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) stat(&(0x7f0000000240)='./file1\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r3, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = getgid() r6 = getegid() fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="02000000010001000000000002000400", @ANYRES32=r3, @ANYBLOB="02000400", @ANYRES32=0xee00, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32, @ANYBLOB="040000000000000008000200", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00', @ANYRES32, @ANYBLOB="08000400", @ANYRES32=0xee00, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="08000400", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="10000000000000002000000000000000"], 0x8c, 0x1) setresuid(r2, r2, r3) getgid() getegid() 11:24:48 executing program 7: keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_secret(0x0) process_vm_readv(0x0, &(0x7f0000000240)=[{&(0x7f0000000800)=""/154, 0x9a}, {&(0x7f00000003c0)=""/177, 0xb1}, {&(0x7f0000000040)=""/4, 0x4}, {&(0x7f00000002c0)=""/110, 0x6e}], 0x4, &(0x7f00000006c0)=[{&(0x7f0000000480)=""/9, 0x9}, {&(0x7f00000004c0)=""/155, 0x9b}, {&(0x7f0000000580)=""/25, 0x19}, {&(0x7f00000005c0)=""/108, 0x6c}, {&(0x7f0000000640)=""/113, 0x71}], 0x5, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r2, 0x80087601, &(0x7f0000001500)) perf_event_open(&(0x7f00000006c0)={0x3, 0x80, 0x5, 0x64, 0x7, 0xe0, 0x0, 0xfffffffffffffffc, 0x800, 0xc, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_bp={&(0x7f0000000340), 0x19}, 0xda0b7480d4516fc2, 0x10001, 0x1, 0x3, 0x8, 0x80, 0x7, 0x0, 0x3f}, 0x0, 0xc, r2, 0x1) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000100)) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9", 0x1dc}], 0x1) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) syncfs(0xffffffffffffffff) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000680)={0x7, 0x20, 0x1, 0x20, 0x2c, "409334394a845720775f6c26427eda19eac4ad", 0x8, 0x15a}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) [ 118.625588] audit: type=1326 audit(1679916288.784:14): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4168 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f150f3c4b19 code=0x0 [ 118.637806] general protection fault, probably for non-canonical address 0xdffffc0004000028: 0000 [#4] PREEMPT SMP KASAN NOPTI [ 118.638719] KASAN: probably user-memory-access in range [0x0000000020000140-0x0000000020000147] [ 118.639406] CPU: 0 PID: 4166 Comm: syz-executor.4 Tainted: G D 6.3.0-rc3-next-20230327 #1 [ 118.640144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.640791] RIP: 0010:do_iter_read+0x481/0x750 [ 118.641168] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 118.642603] RSP: 0018:ffff88803e6cfc78 EFLAGS: 00010216 [ 118.643044] RAX: 0000000020000140 RBX: ffff88803e6cfd60 RCX: ffffc90003fe3000 [ 118.643622] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 118.644211] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 118.644778] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88800eb44000 [ 118.645341] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 118.645912] FS: 00007fe743020700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 118.646551] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.647023] CR2: 0000001b2c429000 CR3: 000000003e59e000 CR4: 0000000000350ef0 [ 118.647585] Call Trace: [ 118.647789] [ 118.647982] ? import_iovec+0x87/0xb0 [ 118.648291] vfs_readv+0xe5/0x160 [ 118.648577] ? __pfx_vfs_readv+0x10/0x10 [ 118.648900] ? lock_release+0x4d8/0x680 [ 118.649225] ? kmem_cache_free+0xff/0x4a0 [ 118.649565] ? do_futex+0x13a/0x380 [ 118.649865] ? __fget_files+0x270/0x480 [ 118.650185] __x64_sys_preadv+0x233/0x310 [ 118.650523] ? __pfx___x64_sys_preadv+0x10/0x10 [ 118.650904] do_syscall_64+0x3f/0x90 [ 118.651204] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 118.651611] RIP: 0033:0x7fe745aaab19 [ 118.651902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.653285] RSP: 002b:00007fe743020188 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 118.653878] RAX: ffffffffffffffda RBX: 00007fe745bbdf60 RCX: 00007fe745aaab19 [ 118.654423] RDX: 0000000000000001 RSI: 0000000020001140 RDI: 0000000000000006 [ 118.654973] RBP: 00007fe745b04f6d R08: 0000000000000000 R09: 0000000000000000 [ 118.655517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.656090] R13: 00007ffc6a0293ff R14: 00007fe743020300 R15: 0000000000022000 [ 118.656641] [ 118.656824] Modules linked in: [ 118.657208] ---[ end trace 0000000000000000 ]--- [ 118.657578] RIP: 0010:do_iter_read+0x481/0x750 [ 118.657967] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 118.659368] RSP: 0018:ffff88803e597c78 EFLAGS: 00010216 [ 118.659785] RAX: 0000000020000140 RBX: ffff88803e597d60 RCX: ffffc900037df000 [ 118.660357] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 118.660917] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 118.661462] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88801f654a00 [ 118.662030] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 118.662582] FS: 00007fe743020700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 118.663215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.663663] CR2: 0000001b2c429000 CR3: 000000003e59e000 CR4: 0000000000350ef0 11:24:48 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000008480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000006740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 118.710268] general protection fault, probably for non-canonical address 0xdffffc0004000028: 0000 [#5] PREEMPT SMP KASAN NOPTI [ 118.711463] KASAN: probably user-memory-access in range [0x0000000020000140-0x0000000020000147] [ 118.712515] CPU: 1 PID: 4176 Comm: syz-executor.3 Tainted: G D 6.3.0-rc3-next-20230327 #1 [ 118.713473] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.714294] RIP: 0010:do_iter_read+0x481/0x750 [ 118.714793] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 118.716618] RSP: 0018:ffff88801995fc78 EFLAGS: 00010216 [ 118.717157] RAX: 0000000020000140 RBX: ffff88801995fd60 RCX: ffffc900037df000 [ 118.717887] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 118.718611] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 118.719318] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88800ed17b80 [ 118.720043] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 118.720757] FS: 00007fe395b2b700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 118.721551] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.722139] CR2: 00007fe395b2aff8 CR3: 00000000162f6000 CR4: 0000000000350ee0 [ 118.722850] Call Trace: [ 118.723115] [ 118.723353] ? import_iovec+0x87/0xb0 [ 118.723753] vfs_readv+0xe5/0x160 [ 118.724178] ? __pfx_vfs_readv+0x10/0x10 [ 118.724601] ? lock_release+0x4d8/0x680 [ 118.725022] ? kmem_cache_free+0xff/0x4a0 [ 118.725473] ? do_futex+0x13a/0x380 [ 118.725877] ? __fget_files+0x270/0x480 [ 118.726288] __x64_sys_preadv+0x233/0x310 [ 118.726726] ? __pfx___x64_sys_preadv+0x10/0x10 [ 118.727227] do_syscall_64+0x3f/0x90 [ 118.727618] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 118.728160] RIP: 0033:0x7fe3985b5b19 [ 118.728541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.730336] RSP: 002b:00007fe395b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 118.731079] RAX: ffffffffffffffda RBX: 00007fe3986c8f60 RCX: 00007fe3985b5b19 [ 118.731786] RDX: 0000000000000001 RSI: 0000000020001140 RDI: 0000000000000006 [ 118.732516] RBP: 00007fe39860ff6d R08: 0000000000000000 R09: 0000000000000000 [ 118.733230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.733941] R13: 00007ffca0c553ef R14: 00007fe395b2b300 R15: 0000000000022000 [ 118.734646] [ 118.734883] Modules linked in: [ 118.735415] ---[ end trace 0000000000000000 ]--- [ 118.735915] RIP: 0010:do_iter_read+0x481/0x750 [ 118.736511] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 118.738248] RSP: 0018:ffff88803e597c78 EFLAGS: 00010216 [ 118.738790] RAX: 0000000020000140 RBX: ffff88803e597d60 RCX: ffffc900037df000 [ 118.739522] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 118.740246] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 118.740961] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88801f654a00 [ 118.741667] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 118.742404] FS: 00007fe395b2b700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 118.743225] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.743842] CR2: 00007fe395b2aff8 CR3: 00000000162f6000 CR4: 0000000000350ee0 11:24:49 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000008480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000006740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 11:24:49 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000008480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000006740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 11:24:49 executing program 7: keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_secret(0x0) process_vm_readv(0x0, &(0x7f0000000240)=[{&(0x7f0000000800)=""/154, 0x9a}, {&(0x7f00000003c0)=""/177, 0xb1}, {&(0x7f0000000040)=""/4, 0x4}, {&(0x7f00000002c0)=""/110, 0x6e}], 0x4, &(0x7f00000006c0)=[{&(0x7f0000000480)=""/9, 0x9}, {&(0x7f00000004c0)=""/155, 0x9b}, {&(0x7f0000000580)=""/25, 0x19}, {&(0x7f00000005c0)=""/108, 0x6c}, {&(0x7f0000000640)=""/113, 0x71}], 0x5, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r2, 0x80087601, &(0x7f0000001500)) perf_event_open(&(0x7f00000006c0)={0x3, 0x80, 0x5, 0x64, 0x7, 0xe0, 0x0, 0xfffffffffffffffc, 0x800, 0xc, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_bp={&(0x7f0000000340), 0x19}, 0xda0b7480d4516fc2, 0x10001, 0x1, 0x3, 0x8, 0x80, 0x7, 0x0, 0x3f}, 0x0, 0xc, r2, 0x1) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000100)) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9", 0x1dc}], 0x1) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) syncfs(0xffffffffffffffff) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000680)={0x7, 0x20, 0x1, 0x20, 0x2c, "409334394a845720775f6c26427eda19eac4ad", 0x8, 0x15a}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) 11:24:49 executing program 1: keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_secret(0x0) process_vm_readv(0x0, &(0x7f0000000240)=[{&(0x7f0000000800)=""/154, 0x9a}, {&(0x7f00000003c0)=""/177, 0xb1}, {&(0x7f0000000040)=""/4, 0x4}, {&(0x7f00000002c0)=""/110, 0x6e}], 0x4, &(0x7f00000006c0)=[{&(0x7f0000000480)=""/9, 0x9}, {&(0x7f00000004c0)=""/155, 0x9b}, {&(0x7f0000000580)=""/25, 0x19}, {&(0x7f00000005c0)=""/108, 0x6c}, {&(0x7f0000000640)=""/113, 0x71}], 0x5, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r2, 0x80087601, &(0x7f0000001500)) perf_event_open(&(0x7f00000006c0)={0x3, 0x80, 0x5, 0x64, 0x7, 0xe0, 0x0, 0xfffffffffffffffc, 0x800, 0xc, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_bp={&(0x7f0000000340), 0x19}, 0xda0b7480d4516fc2, 0x10001, 0x1, 0x3, 0x8, 0x80, 0x7, 0x0, 0x3f}, 0x0, 0xc, r2, 0x1) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000100)) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9", 0x1dc}], 0x1) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) syncfs(0xffffffffffffffff) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000680)={0x7, 0x20, 0x1, 0x20, 0x2c, "409334394a845720775f6c26427eda19eac4ad", 0x8, 0x15a}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) 11:24:49 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6dc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000040)=0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) stat(&(0x7f0000000240)='./file1\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r3, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = getgid() r6 = getegid() fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="02000000010001000000000002000400", @ANYRES32=r3, @ANYBLOB="02000400", @ANYRES32=0xee00, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32, @ANYBLOB="040000000000000008000200", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00', @ANYRES32, @ANYBLOB="08000400", @ANYRES32=0xee00, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="08000400", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="10000000000000002000000000000000"], 0x8c, 0x1) setresuid(r2, r2, r3) getgid() getegid() 11:24:49 executing program 4: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000000)={0x2005}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='status\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000100)) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:24:49 executing program 6: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000004880)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @dev}, 0x10, 0x0}}], 0x17, 0x8080) sendmsg$inet(r0, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) 11:24:49 executing program 3: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000000)={0x2005}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='status\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000100)) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:24:49 executing program 6: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000004880)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @dev}, 0x10, 0x0}}], 0x17, 0x8080) sendmsg$inet(r0, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) [ 119.601761] general protection fault, probably for non-canonical address 0xdffffc0004000028: 0000 [#6] PREEMPT SMP KASAN NOPTI [ 119.602561] KASAN: probably user-memory-access in range [0x0000000020000140-0x0000000020000147] [ 119.603125] CPU: 1 PID: 4202 Comm: syz-executor.4 Tainted: G D 6.3.0-rc3-next-20230327 #1 [ 119.603736] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.604498] RIP: 0010:do_iter_read+0x481/0x750 [ 119.604826] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 119.606020] RSP: 0018:ffff8880407cfc78 EFLAGS: 00010216 [ 119.606384] RAX: 0000000020000140 RBX: ffff8880407cfd60 RCX: ffffc90003fe3000 [ 119.606855] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 119.607327] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 119.607800] R10: 0000000000001000 R11: 0000000000000001 R12: ffff888016249900 [ 119.608296] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 119.608771] FS: 00007fe743020700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 119.609293] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.609679] CR2: 0000001b2c429000 CR3: 000000000d956000 CR4: 0000000000350ee0 [ 119.610157] Call Trace: [ 119.610339] [ 119.610509] ? import_iovec+0x87/0xb0 [ 119.610786] vfs_readv+0xe5/0x160 [ 119.611042] ? __pfx_vfs_readv+0x10/0x10 [ 119.611327] ? lock_release+0x4d8/0x680 [ 119.611614] ? kmem_cache_free+0xff/0x4a0 [ 119.611914] ? do_futex+0x13a/0x380 [ 119.612192] ? __fget_files+0x270/0x480 [ 119.612477] __x64_sys_preadv+0x233/0x310 [ 119.612773] ? __pfx___x64_sys_preadv+0x10/0x10 [ 119.613108] do_syscall_64+0x3f/0x90 [ 119.613374] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 119.613731] RIP: 0033:0x7fe745aaab19 [ 119.613983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.615181] RSP: 002b:00007fe743020188 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 119.615689] RAX: ffffffffffffffda RBX: 00007fe745bbdf60 RCX: 00007fe745aaab19 [ 119.616178] RDX: 0000000000000001 RSI: 0000000020001140 RDI: 0000000000000006 [ 119.616654] RBP: 00007fe745b04f6d R08: 0000000000000000 R09: 0000000000000000 [ 119.617129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.617593] R13: 00007ffc6a0293ff R14: 00007fe743020300 R15: 0000000000022000 [ 119.618070] [ 119.618231] Modules linked in: [ 119.618540] ---[ end trace 0000000000000000 ]--- [ 119.618888] RIP: 0010:do_iter_read+0x481/0x750 [ 119.619238] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 11:24:49 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000008480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000006740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 119.620544] RSP: 0018:ffff88803e597c78 EFLAGS: 00010216 [ 119.620557] RAX: 0000000020000140 RBX: ffff88803e597d60 RCX: ffffc900037df000 [ 119.620568] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 119.620579] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 11:24:49 executing program 1: keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_secret(0x0) process_vm_readv(0x0, &(0x7f0000000240)=[{&(0x7f0000000800)=""/154, 0x9a}, {&(0x7f00000003c0)=""/177, 0xb1}, {&(0x7f0000000040)=""/4, 0x4}, {&(0x7f00000002c0)=""/110, 0x6e}], 0x4, &(0x7f00000006c0)=[{&(0x7f0000000480)=""/9, 0x9}, {&(0x7f00000004c0)=""/155, 0x9b}, {&(0x7f0000000580)=""/25, 0x19}, {&(0x7f00000005c0)=""/108, 0x6c}, {&(0x7f0000000640)=""/113, 0x71}], 0x5, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r2, 0x80087601, &(0x7f0000001500)) perf_event_open(&(0x7f00000006c0)={0x3, 0x80, 0x5, 0x64, 0x7, 0xe0, 0x0, 0xfffffffffffffffc, 0x800, 0xc, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_bp={&(0x7f0000000340), 0x19}, 0xda0b7480d4516fc2, 0x10001, 0x1, 0x3, 0x8, 0x80, 0x7, 0x0, 0x3f}, 0x0, 0xc, r2, 0x1) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000100)) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9", 0x1dc}], 0x1) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) syncfs(0xffffffffffffffff) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000680)={0x7, 0x20, 0x1, 0x20, 0x2c, "409334394a845720775f6c26427eda19eac4ad", 0x8, 0x15a}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) 11:24:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000004880)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @dev}, 0x10, 0x0}}], 0x17, 0x8080) sendmsg$inet(r0, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) [ 119.620588] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88801f654a00 [ 119.620598] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 11:24:49 executing program 6: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000004880)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @dev}, 0x10, 0x0}}], 0x17, 0x8080) sendmsg$inet(r0, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) [ 119.620610] FS: 00007fe743020700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 119.620624] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.620636] CR2: 0000001b2c429000 CR3: 000000000d956000 CR4: 0000000000350ee0 [ 119.626166] general protection fault, probably for non-canonical address 0xdffffc0004000028: 0000 [#7] PREEMPT SMP KASAN NOPTI [ 119.626197] KASAN: probably user-memory-access in range [0x0000000020000140-0x0000000020000147] 11:24:49 executing program 6: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000004880)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @dev}, 0x10, 0x0}}], 0x17, 0x8080) sendmsg$inet(r0, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) [ 119.626215] CPU: 0 PID: 4206 Comm: syz-executor.3 Tainted: G D 6.3.0-rc3-next-20230327 #1 [ 119.626241] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.626254] RIP: 0010:do_iter_read+0x481/0x750 [ 119.626291] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 11:24:49 executing program 2: openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000200)={0x523620}, 0x18) 11:24:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000004880)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @dev}, 0x10, 0x0}}], 0x17, 0x8080) sendmsg$inet(r0, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) [ 119.626314] RSP: 0018:ffff88803f597c78 EFLAGS: 00010216 [ 119.626333] RAX: 0000000020000140 RBX: ffff88803f597d60 RCX: ffffc900037df000 [ 119.626349] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 119.626364] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 11:24:49 executing program 2: openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000200)={0x523620}, 0x18) [ 119.626379] R10: 0000000000001000 R11: 0000000000000001 R12: ffff888010228f00 [ 119.626394] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 119.626413] FS: 00007fe395b2b700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 119.626433] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.626452] CR2: 0000001b2c328000 CR3: 0000000016f30000 CR4: 0000000000350ef0 [ 119.626467] Call Trace: [ 119.626472] [ 119.626482] ? import_iovec+0x87/0xb0 [ 119.626511] vfs_readv+0xe5/0x160 [ 119.626537] ? __pfx_vfs_readv+0x10/0x10 11:24:49 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) munmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmget(0x3, 0x4000, 0x80, &(0x7f0000fea000/0x4000)=nil) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ff4000/0x4000)=nil) shmctl$IPC_RMID(r2, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmget$private(0x0, 0x2000, 0x8, &(0x7f0000fea000/0x2000)=nil) [ 119.626565] ? lock_release+0x4d8/0x680 [ 119.626601] ? finish_task_switch.isra.0+0x203/0x830 [ 119.626633] ? trace_hardirqs_on+0x16/0x100 [ 119.626661] ? do_futex+0x13a/0x380 [ 119.626698] ? __fget_files+0x270/0x480 [ 119.626725] __x64_sys_preadv+0x233/0x310 [ 119.626758] ? __pfx___x64_sys_preadv+0x10/0x10 [ 119.626796] do_syscall_64+0x3f/0x90 [ 119.626826] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 119.626855] RIP: 0033:0x7fe3985b5b19 [ 119.626870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.626892] RSP: 002b:00007fe395b2b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 119.626913] RAX: ffffffffffffffda RBX: 00007fe3986c8f60 RCX: 00007fe3985b5b19 [ 119.626928] RDX: 0000000000000001 RSI: 0000000020001140 RDI: 0000000000000006 [ 119.626943] RBP: 00007fe39860ff6d R08: 0000000000000000 R09: 0000000000000000 [ 119.626957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.626971] R13: 00007ffca0c553ef R14: 00007fe395b2b300 R15: 0000000000022000 [ 119.626994] [ 119.627000] Modules linked in: [ 119.627097] ---[ end trace 0000000000000000 ]--- [ 119.627107] RIP: 0010:do_iter_read+0x481/0x750 [ 119.627137] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 119.627159] RSP: 0018:ffff88803e597c78 EFLAGS: 00010216 [ 119.627177] RAX: 0000000020000140 RBX: ffff88803e597d60 RCX: ffffc900037df000 [ 119.627192] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 119.627207] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 119.627222] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88801f654a00 [ 119.627236] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 119.627254] FS: 00007fe395b2b700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 119.627274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.627292] CR2: 0000001b2c328000 CR3: 0000000016f30000 CR4: 0000000000350ef0 11:24:50 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000004880)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @dev}, 0x10, 0x0}}], 0x17, 0x8080) sendmsg$inet(r0, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) 11:24:50 executing program 4: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000000)={0x2005}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='status\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x4004f506, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000100)) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11:24:50 executing program 2: openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000200)={0x523620}, 0x18) 11:24:50 executing program 7: keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_secret(0x0) process_vm_readv(0x0, &(0x7f0000000240)=[{&(0x7f0000000800)=""/154, 0x9a}, {&(0x7f00000003c0)=""/177, 0xb1}, {&(0x7f0000000040)=""/4, 0x4}, {&(0x7f00000002c0)=""/110, 0x6e}], 0x4, &(0x7f00000006c0)=[{&(0x7f0000000480)=""/9, 0x9}, {&(0x7f00000004c0)=""/155, 0x9b}, {&(0x7f0000000580)=""/25, 0x19}, {&(0x7f00000005c0)=""/108, 0x6c}, {&(0x7f0000000640)=""/113, 0x71}], 0x5, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r2, 0x80087601, &(0x7f0000001500)) perf_event_open(&(0x7f00000006c0)={0x3, 0x80, 0x5, 0x64, 0x7, 0xe0, 0x0, 0xfffffffffffffffc, 0x800, 0xc, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_bp={&(0x7f0000000340), 0x19}, 0xda0b7480d4516fc2, 0x10001, 0x1, 0x3, 0x8, 0x80, 0x7, 0x0, 0x3f}, 0x0, 0xc, r2, 0x1) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000100)) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9", 0x1dc}], 0x1) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) syncfs(0xffffffffffffffff) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000680)={0x7, 0x20, 0x1, 0x20, 0x2c, "409334394a845720775f6c26427eda19eac4ad", 0x8, 0x15a}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) 11:24:50 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) munmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmget(0x3, 0x4000, 0x80, &(0x7f0000fea000/0x4000)=nil) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ff4000/0x4000)=nil) shmctl$IPC_RMID(r2, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmget$private(0x0, 0x2000, 0x8, &(0x7f0000fea000/0x2000)=nil) 11:24:50 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) munmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmget(0x3, 0x4000, 0x80, &(0x7f0000fea000/0x4000)=nil) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ff4000/0x4000)=nil) shmctl$IPC_RMID(r2, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmget$private(0x0, 0x2000, 0x8, &(0x7f0000fea000/0x2000)=nil) 11:24:50 executing program 1: keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_secret(0x0) process_vm_readv(0x0, &(0x7f0000000240)=[{&(0x7f0000000800)=""/154, 0x9a}, {&(0x7f00000003c0)=""/177, 0xb1}, {&(0x7f0000000040)=""/4, 0x4}, {&(0x7f00000002c0)=""/110, 0x6e}], 0x4, &(0x7f00000006c0)=[{&(0x7f0000000480)=""/9, 0x9}, {&(0x7f00000004c0)=""/155, 0x9b}, {&(0x7f0000000580)=""/25, 0x19}, {&(0x7f00000005c0)=""/108, 0x6c}, {&(0x7f0000000640)=""/113, 0x71}], 0x5, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r2, 0x80087601, &(0x7f0000001500)) perf_event_open(&(0x7f00000006c0)={0x3, 0x80, 0x5, 0x64, 0x7, 0xe0, 0x0, 0xfffffffffffffffc, 0x800, 0xc, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_bp={&(0x7f0000000340), 0x19}, 0xda0b7480d4516fc2, 0x10001, 0x1, 0x3, 0x8, 0x80, 0x7, 0x0, 0x3f}, 0x0, 0xc, r2, 0x1) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000100)) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9", 0x1dc}], 0x1) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) syncfs(0xffffffffffffffff) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000680)={0x7, 0x20, 0x1, 0x20, 0x2c, "409334394a845720775f6c26427eda19eac4ad", 0x8, 0x15a}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) [ 120.565726] general protection fault, probably for non-canonical address 0xdffffc0004000028: 0000 [#8] PREEMPT SMP KASAN NOPTI [ 120.567326] KASAN: probably user-memory-access in range [0x0000000020000140-0x0000000020000147] [ 120.568431] CPU: 0 PID: 4248 Comm: syz-executor.4 Tainted: G D 6.3.0-rc3-next-20230327 #1 [ 120.569626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.570663] RIP: 0010:do_iter_read+0x481/0x750 [ 120.571277] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 120.573552] RSP: 0018:ffff888041117c78 EFLAGS: 00010216 [ 120.574240] RAX: 0000000020000140 RBX: ffff888041117d60 RCX: ffffc90003fe3000 [ 120.575201] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 120.576120] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 120.577029] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88800d9bf680 [ 120.577931] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 120.578840] FS: 00007fe743020700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 120.579864] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.580625] CR2: 0000001b2c429000 CR3: 00000000180a0000 CR4: 0000000000350ef0 [ 120.581532] Call Trace: [ 120.581868] [ 120.582173] ? import_iovec+0x87/0xb0 [ 120.582681] vfs_readv+0xe5/0x160 [ 120.583155] ? __pfx_vfs_readv+0x10/0x10 [ 120.583698] ? lock_release+0x4d8/0x680 [ 120.584259] ? finish_task_switch.isra.0+0x203/0x830 [ 120.584931] ? trace_hardirqs_on+0x16/0x100 [ 120.585506] ? __schedule+0x995/0x2a00 [ 120.586040] ? __fget_files+0x270/0x480 [ 120.586568] __x64_sys_preadv+0x233/0x310 [ 120.587126] ? __pfx___x64_sys_preadv+0x10/0x10 [ 120.587750] ? switch_fpu_return+0x157/0x2e0 [ 120.588351] do_syscall_64+0x3f/0x90 [ 120.588848] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 120.589527] RIP: 0033:0x7fe745aaab19 [ 120.590014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.592309] RSP: 002b:00007fe743020188 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 11:24:50 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) munmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmget(0x3, 0x4000, 0x80, &(0x7f0000fea000/0x4000)=nil) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ff4000/0x4000)=nil) shmctl$IPC_RMID(r2, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmget$private(0x0, 0x2000, 0x8, &(0x7f0000fea000/0x2000)=nil) [ 120.593275] RAX: ffffffffffffffda RBX: 00007fe745bbdf60 RCX: 00007fe745aaab19 [ 120.594281] RDX: 0000000000000001 RSI: 0000000020001140 RDI: 0000000000000006 [ 120.595173] RBP: 00007fe745b04f6d R08: 0000000000000000 R09: 0000000000000000 [ 120.596079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.596972] R13: 00007ffc6a0293ff R14: 00007fe743020300 R15: 0000000000022000 [ 120.597877] [ 120.598185] Modules linked in: [ 120.598760] ---[ end trace 0000000000000000 ]--- [ 120.599389] RIP: 0010:do_iter_read+0x481/0x750 [ 120.600027] Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00 [ 120.602327] RSP: 0018:ffff88803e597c78 EFLAGS: 00010216 [ 120.603057] RAX: 0000000020000140 RBX: ffff88803e597d60 RCX: ffffc900037df000 [ 120.604053] RDX: 0000000004000028 RSI: ffffffff81855c98 RDI: 0000000000000007 [ 120.605015] RBP: 0000000000001000 R08: 0000000000000007 R09: 0000000000000000 [ 120.605987] R10: 0000000000001000 R11: 0000000000000001 R12: ffff88801f654a00 [ 120.606937] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84923b60 [ 120.607888] FS: 00007fe743020700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 120.608965] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.609734] CR2: 0000001b2c429000 CR3: 00000000180a0000 CR4: 0000000000350ef0 11:24:50 executing program 7: keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_secret(0x0) process_vm_readv(0x0, &(0x7f0000000240)=[{&(0x7f0000000800)=""/154, 0x9a}, {&(0x7f00000003c0)=""/177, 0xb1}, {&(0x7f0000000040)=""/4, 0x4}, {&(0x7f00000002c0)=""/110, 0x6e}], 0x4, &(0x7f00000006c0)=[{&(0x7f0000000480)=""/9, 0x9}, {&(0x7f00000004c0)=""/155, 0x9b}, {&(0x7f0000000580)=""/25, 0x19}, {&(0x7f00000005c0)=""/108, 0x6c}, {&(0x7f0000000640)=""/113, 0x71}], 0x5, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r2, 0x80087601, &(0x7f0000001500)) perf_event_open(&(0x7f00000006c0)={0x3, 0x80, 0x5, 0x64, 0x7, 0xe0, 0x0, 0xfffffffffffffffc, 0x800, 0xc, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_bp={&(0x7f0000000340), 0x19}, 0xda0b7480d4516fc2, 0x10001, 0x1, 0x3, 0x8, 0x80, 0x7, 0x0, 0x3f}, 0x0, 0xc, r2, 0x1) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000100)) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9", 0x1dc}], 0x1) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) syncfs(0xffffffffffffffff) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000680)={0x7, 0x20, 0x1, 0x20, 0x2c, "409334394a845720775f6c26427eda19eac4ad", 0x8, 0x15a}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) 11:24:50 executing program 2: openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000200)={0x523620}, 0x18) 11:24:50 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) munmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmget(0x3, 0x4000, 0x80, &(0x7f0000fea000/0x4000)=nil) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ff4000/0x4000)=nil) shmctl$IPC_RMID(r2, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmget$private(0x0, 0x2000, 0x8, &(0x7f0000fea000/0x2000)=nil) 11:24:51 executing program 2: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) munmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmget(0x3, 0x4000, 0x80, &(0x7f0000fea000/0x4000)=nil) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ff4000/0x4000)=nil) shmctl$IPC_RMID(r2, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmget$private(0x0, 0x2000, 0x8, &(0x7f0000fea000/0x2000)=nil) 11:24:51 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000200)=@dstopts={0x0, 0xfe, '\x00', [@generic={0x0, 0x87, "268dd2ca7e08446bf5bc765394df3b4dd30baadd7835055fba2f9ebfa56e8c48e52acd6a14bdfd853c37572f4578a3d966101db42fdeb8c20ec4b75ad36cbb68f05ffcff09b615c2b45e2f144fa5bf1113ffc10722c13960724a939dd17c7ae52bfb76fdf7e7ea40b35c802dc06dd60b7054fde419b7274b5023b084c7e973b233f4cfd6f314bf"}, @generic={0x0, 0x766, "59ad5ac7a6cd7fa348a7432236b541281083243a3dd86a32ee9ea233dae0d6c6bb1880cc91160fbf1f088225760438534ca1f9090c2eeac7faa90682d00e1955aee0cdbc25bcee327e1ce2a700abfdf053e666979cf92650873073270c16119bac26ff9166d3e8140583095d7e5e3e9c15a1d16a04e74e78ae2eb3f9dbf7c0ea1725e1bf43aff559b9c432ab15a0d43556c5810848ffed51038d7e638813e3b67af319177fa9e14561d080864a857e05ffae3626ebe96e4ae99dde8ff6c685908753d5af2f305e0353f902d2c1c5da630059350454a4b9c348605d8f209af78728649e00814347a59ba2a9d76b3e17369e082a75100971635ec70fe0c36bd4756f443b596a11ad3b494c3b18bd157205dd0547e8f985caf09f25bd8b33f4bc5ba3cac2fbbd195dba716e083c05d7c705d88b35aadeb96eb0ff27def8c70f744ca1e17a5b405e6e7203311acbaa185ce97e9a22bf35cbfb822e12096f17585f56ae8a6e8613e36587dda2bc0a627defeab32dac999326db92ed88680b3f805b1f6575ca2c474b196d06841415178de0ced69e6ea7a422b75b5c852ebb9590c0a9ade027d17f47477d756a939617e547b1817d161850562cfa507a615457a6f5373f77cf675a726ff570776fa80efe0bf18543c928440f6bacd65fa3e04bf7cb391d2ff7f5aac23001a9732dc8a4de977dc45fbccd45f9e7210cabc05e0649f6d94562bf85487dc5da53bec40eea79809629ce7350a810d1bf4f480e433b7f4ed2782899e4b97600af1c9b9cbb821bdefd0eff4af0bb2bf0692ac56ced55bdfe1255fb3cb972c82d20e3f3f7b5ebdccf4fcfe3cfefe3605193ce8b7e2bea68b3b696d961c98cb46e442a71343f2558816fdad3c4ac5f7d16532580d697eb3843aa0233f93eafa3e6fb9b6faddf0f77d3a7c05f7fd65b311214170c06e42430e28eafa35a9364925436783e2c2f669281138f1477c4caa697ceade8919fac2881f4d8800f7cec386a317e5ad7dfb296420ad810e1d44fa8eb1e2323704b9fcee9221667030dd839682571080bb9801f2c22ff9e3740f49714338e28d6b6db88941270de773c77273e48f18c320be3854ef5887b89ab6eb6c7af78314ebad56f0a07eaff7da280061325b8511ad00815e24f2cad2dee89733a4810792abd557aa30761acffcb3403d18b0bd39cd72b6df39d1b80714cc3e32b8be8f3d4ba20c0513f930a3c3901919c9ae009a43b405c6e91bbdec15b4e57a50e69e7fc6833e1b324399dce82c6bd3887c22dbcdc6eb23e1c3637ddd8f71d53e622796775ef84c475883bbbbf35c9a4154531d7b1fc811a6128d163905e5f15824881ae4387c6e9309efe9a8aa82f2d75716af3f31d9c1234218419a2a3c7cb57bae66516600eb5a880a23c281f6916f1a2373988d8809dbfc1840fa72f8f95c4aa9fc3a04941c8da02276fb7873c15899d21beed9b233a159086f7c792a3218fc352e08ab1d8bc8e6c58e3e31dddab3726e7d95cb9e061904bb427c1b1ecb3ea845c3165c7d34fff7e23a3d7b0b974e3bc3d42cf9bedf768671e7a45c51b24dd37cc31a321214739ffdb05b9c989bd7e49ac01be34a0577b0d075ae54ad250ece3ee4cdfbb8f2fe6b954c37bd14f07c1a905a37f8312dfc124848d8aaeb626624c2f1a12996dc5931872f14fa0243e37da1a2e5351bfd39358582a9e20865d72a1c45cc219af37b13a8a9bf045cda33ff47dc0d39c0935c40362aafa08be8352f64701de2c604615671ac2c94589c266c768c5758e34b57607ff79985a317d2dfda91c5eb8bb0e4d631c18733a83c50d03d7ce2a33cb5558ef7aec395d1f0bc3722fc06a151d1712959f03e300fdd49fe99a329320f3e3949f4e2c338c08fbcf5b9733792ba20378f74fc1fffb1a1124f39015b284f4f64f9db664986fc5ed030b92f31d5730ff6746de5af26c046416696ad715296f17cfb489877370903835af9866d72e3ea8417a8ba9dbeb5df7093efdbe55f49dde5b94e6424cee0b97173bd4c2f9f92719416e2350c18d7f423236e907457f8d0ae01489beb533cbb0262aaed44e13a3fe679e95922b30bd213d7c46ff9d1f8840f28ffbe6e947ebdb0d27f0e6f3b54f2d6f61d1e571b74146467fb22470906a7d7c4c45f2bae7996fe5df2eddb5f953a93eb2c2bfae61ff47c35fd55a18dfd31c371fc6ac76d250060e8fb11b56f01dfbf3568a0595698b957c2d6523dd0628513896af41a6abcb558e864fb192a1d69b6437dc774b9ca3fa9e07951f0cf9c962c5fc07f7f08f91dfbcc3b6305ff34dcef8770d6eebd4844f8b24c9808f4091468fee3ea6ed958e9427684af488ede5fe8328986da5511cc85f1d89f41fb88fcef3f5a24c5bc89e477c6570638529449c5d7f38bef30563ef54547da35ee6f08f815fe96916ddb15c7afe688d2867c6c60abc1943883ef149fad32c6d09ef6a1e0c6ef97bdcfe81a9042cc825bb2d4f6ffa475277b8384ead8513cb706906941051f4ef5c9328dea493759ac5bedd55fe95ee3e9492df25d049000e822f74cce60297dc61df35bf72e987bb9874c8178456c2bab7f1447690fa8c4f85b75f26e1fe5601840d54eddd8bc42f44503e4d3db952597887306e321cf74bc440c7574ca364b174d27d1ad1f84723f3d8c70816c6e1157a327455"}]}, 0x800) mount$9p_fd(0x20100000, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hfs\x00', 0x110000, 0x0) 11:24:51 executing program 7: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) 11:24:51 executing program 1: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x1e53, &(0x7f0000000080), &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000001440), &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f00000002c0), 0x0) 11:24:51 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) 11:24:51 executing program 1: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x1e53, &(0x7f0000000080), &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000001440), &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f00000002c0), 0x0) 11:24:52 executing program 7: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) 11:24:52 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) munmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmget(0x3, 0x4000, 0x80, &(0x7f0000fea000/0x4000)=nil) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ff4000/0x4000)=nil) shmctl$IPC_RMID(r2, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmget$private(0x0, 0x2000, 0x8, &(0x7f0000fea000/0x2000)=nil) 11:24:52 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000200)=@dstopts={0x0, 0xfe, '\x00', [@generic={0x0, 0x87, "268dd2ca7e08446bf5bc765394df3b4dd30baadd7835055fba2f9ebfa56e8c48e52acd6a14bdfd853c37572f4578a3d966101db42fdeb8c20ec4b75ad36cbb68f05ffcff09b615c2b45e2f144fa5bf1113ffc10722c13960724a939dd17c7ae52bfb76fdf7e7ea40b35c802dc06dd60b7054fde419b7274b5023b084c7e973b233f4cfd6f314bf"}, @generic={0x0, 0x766, "59ad5ac7a6cd7fa348a7432236b541281083243a3dd86a32ee9ea233dae0d6c6bb1880cc91160fbf1f088225760438534ca1f9090c2eeac7faa90682d00e1955aee0cdbc25bcee327e1ce2a700abfdf053e666979cf92650873073270c16119bac26ff9166d3e8140583095d7e5e3e9c15a1d16a04e74e78ae2eb3f9dbf7c0ea1725e1bf43aff559b9c432ab15a0d43556c5810848ffed51038d7e638813e3b67af319177fa9e14561d080864a857e05ffae3626ebe96e4ae99dde8ff6c685908753d5af2f305e0353f902d2c1c5da630059350454a4b9c348605d8f209af78728649e00814347a59ba2a9d76b3e17369e082a75100971635ec70fe0c36bd4756f443b596a11ad3b494c3b18bd157205dd0547e8f985caf09f25bd8b33f4bc5ba3cac2fbbd195dba716e083c05d7c705d88b35aadeb96eb0ff27def8c70f744ca1e17a5b405e6e7203311acbaa185ce97e9a22bf35cbfb822e12096f17585f56ae8a6e8613e36587dda2bc0a627defeab32dac999326db92ed88680b3f805b1f6575ca2c474b196d06841415178de0ced69e6ea7a422b75b5c852ebb9590c0a9ade027d17f47477d756a939617e547b1817d161850562cfa507a615457a6f5373f77cf675a726ff570776fa80efe0bf18543c928440f6bacd65fa3e04bf7cb391d2ff7f5aac23001a9732dc8a4de977dc45fbccd45f9e7210cabc05e0649f6d94562bf85487dc5da53bec40eea79809629ce7350a810d1bf4f480e433b7f4ed2782899e4b97600af1c9b9cbb821bdefd0eff4af0bb2bf0692ac56ced55bdfe1255fb3cb972c82d20e3f3f7b5ebdccf4fcfe3cfefe3605193ce8b7e2bea68b3b696d961c98cb46e442a71343f2558816fdad3c4ac5f7d16532580d697eb3843aa0233f93eafa3e6fb9b6faddf0f77d3a7c05f7fd65b311214170c06e42430e28eafa35a9364925436783e2c2f669281138f1477c4caa697ceade8919fac2881f4d8800f7cec386a317e5ad7dfb296420ad810e1d44fa8eb1e2323704b9fcee9221667030dd839682571080bb9801f2c22ff9e3740f49714338e28d6b6db88941270de773c77273e48f18c320be3854ef5887b89ab6eb6c7af78314ebad56f0a07eaff7da280061325b8511ad00815e24f2cad2dee89733a4810792abd557aa30761acffcb3403d18b0bd39cd72b6df39d1b80714cc3e32b8be8f3d4ba20c0513f930a3c3901919c9ae009a43b405c6e91bbdec15b4e57a50e69e7fc6833e1b324399dce82c6bd3887c22dbcdc6eb23e1c3637ddd8f71d53e622796775ef84c475883bbbbf35c9a4154531d7b1fc811a6128d163905e5f15824881ae4387c6e9309efe9a8aa82f2d75716af3f31d9c1234218419a2a3c7cb57bae66516600eb5a880a23c281f6916f1a2373988d8809dbfc1840fa72f8f95c4aa9fc3a04941c8da02276fb7873c15899d21beed9b233a159086f7c792a3218fc352e08ab1d8bc8e6c58e3e31dddab3726e7d95cb9e061904bb427c1b1ecb3ea845c3165c7d34fff7e23a3d7b0b974e3bc3d42cf9bedf768671e7a45c51b24dd37cc31a321214739ffdb05b9c989bd7e49ac01be34a0577b0d075ae54ad250ece3ee4cdfbb8f2fe6b954c37bd14f07c1a905a37f8312dfc124848d8aaeb626624c2f1a12996dc5931872f14fa0243e37da1a2e5351bfd39358582a9e20865d72a1c45cc219af37b13a8a9bf045cda33ff47dc0d39c0935c40362aafa08be8352f64701de2c604615671ac2c94589c266c768c5758e34b57607ff79985a317d2dfda91c5eb8bb0e4d631c18733a83c50d03d7ce2a33cb5558ef7aec395d1f0bc3722fc06a151d1712959f03e300fdd49fe99a329320f3e3949f4e2c338c08fbcf5b9733792ba20378f74fc1fffb1a1124f39015b284f4f64f9db664986fc5ed030b92f31d5730ff6746de5af26c046416696ad715296f17cfb489877370903835af9866d72e3ea8417a8ba9dbeb5df7093efdbe55f49dde5b94e6424cee0b97173bd4c2f9f92719416e2350c18d7f423236e907457f8d0ae01489beb533cbb0262aaed44e13a3fe679e95922b30bd213d7c46ff9d1f8840f28ffbe6e947ebdb0d27f0e6f3b54f2d6f61d1e571b74146467fb22470906a7d7c4c45f2bae7996fe5df2eddb5f953a93eb2c2bfae61ff47c35fd55a18dfd31c371fc6ac76d250060e8fb11b56f01dfbf3568a0595698b957c2d6523dd0628513896af41a6abcb558e864fb192a1d69b6437dc774b9ca3fa9e07951f0cf9c962c5fc07f7f08f91dfbcc3b6305ff34dcef8770d6eebd4844f8b24c9808f4091468fee3ea6ed958e9427684af488ede5fe8328986da5511cc85f1d89f41fb88fcef3f5a24c5bc89e477c6570638529449c5d7f38bef30563ef54547da35ee6f08f815fe96916ddb15c7afe688d2867c6c60abc1943883ef149fad32c6d09ef6a1e0c6ef97bdcfe81a9042cc825bb2d4f6ffa475277b8384ead8513cb706906941051f4ef5c9328dea493759ac5bedd55fe95ee3e9492df25d049000e822f74cce60297dc61df35bf72e987bb9874c8178456c2bab7f1447690fa8c4f85b75f26e1fe5601840d54eddd8bc42f44503e4d3db952597887306e321cf74bc440c7574ca364b174d27d1ad1f84723f3d8c70816c6e1157a327455"}]}, 0x800) mount$9p_fd(0x20100000, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hfs\x00', 0x110000, 0x0) 11:24:52 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000200)=@dstopts={0x0, 0xfe, '\x00', [@generic={0x0, 0x87, "268dd2ca7e08446bf5bc765394df3b4dd30baadd7835055fba2f9ebfa56e8c48e52acd6a14bdfd853c37572f4578a3d966101db42fdeb8c20ec4b75ad36cbb68f05ffcff09b615c2b45e2f144fa5bf1113ffc10722c13960724a939dd17c7ae52bfb76fdf7e7ea40b35c802dc06dd60b7054fde419b7274b5023b084c7e973b233f4cfd6f314bf"}, @generic={0x0, 0x766, "59ad5ac7a6cd7fa348a7432236b541281083243a3dd86a32ee9ea233dae0d6c6bb1880cc91160fbf1f088225760438534ca1f9090c2eeac7faa90682d00e1955aee0cdbc25bcee327e1ce2a700abfdf053e666979cf92650873073270c16119bac26ff9166d3e8140583095d7e5e3e9c15a1d16a04e74e78ae2eb3f9dbf7c0ea1725e1bf43aff559b9c432ab15a0d43556c5810848ffed51038d7e638813e3b67af319177fa9e14561d080864a857e05ffae3626ebe96e4ae99dde8ff6c685908753d5af2f305e0353f902d2c1c5da630059350454a4b9c348605d8f209af78728649e00814347a59ba2a9d76b3e17369e082a75100971635ec70fe0c36bd4756f443b596a11ad3b494c3b18bd157205dd0547e8f985caf09f25bd8b33f4bc5ba3cac2fbbd195dba716e083c05d7c705d88b35aadeb96eb0ff27def8c70f744ca1e17a5b405e6e7203311acbaa185ce97e9a22bf35cbfb822e12096f17585f56ae8a6e8613e36587dda2bc0a627defeab32dac999326db92ed88680b3f805b1f6575ca2c474b196d06841415178de0ced69e6ea7a422b75b5c852ebb9590c0a9ade027d17f47477d756a939617e547b1817d161850562cfa507a615457a6f5373f77cf675a726ff570776fa80efe0bf18543c928440f6bacd65fa3e04bf7cb391d2ff7f5aac23001a9732dc8a4de977dc45fbccd45f9e7210cabc05e0649f6d94562bf85487dc5da53bec40eea79809629ce7350a810d1bf4f480e433b7f4ed2782899e4b97600af1c9b9cbb821bdefd0eff4af0bb2bf0692ac56ced55bdfe1255fb3cb972c82d20e3f3f7b5ebdccf4fcfe3cfefe3605193ce8b7e2bea68b3b696d961c98cb46e442a71343f2558816fdad3c4ac5f7d16532580d697eb3843aa0233f93eafa3e6fb9b6faddf0f77d3a7c05f7fd65b311214170c06e42430e28eafa35a9364925436783e2c2f669281138f1477c4caa697ceade8919fac2881f4d8800f7cec386a317e5ad7dfb296420ad810e1d44fa8eb1e2323704b9fcee9221667030dd839682571080bb9801f2c22ff9e3740f49714338e28d6b6db88941270de773c77273e48f18c320be3854ef5887b89ab6eb6c7af78314ebad56f0a07eaff7da280061325b8511ad00815e24f2cad2dee89733a4810792abd557aa30761acffcb3403d18b0bd39cd72b6df39d1b80714cc3e32b8be8f3d4ba20c0513f930a3c3901919c9ae009a43b405c6e91bbdec15b4e57a50e69e7fc6833e1b324399dce82c6bd3887c22dbcdc6eb23e1c3637ddd8f71d53e622796775ef84c475883bbbbf35c9a4154531d7b1fc811a6128d163905e5f15824881ae4387c6e9309efe9a8aa82f2d75716af3f31d9c1234218419a2a3c7cb57bae66516600eb5a880a23c281f6916f1a2373988d8809dbfc1840fa72f8f95c4aa9fc3a04941c8da02276fb7873c15899d21beed9b233a159086f7c792a3218fc352e08ab1d8bc8e6c58e3e31dddab3726e7d95cb9e061904bb427c1b1ecb3ea845c3165c7d34fff7e23a3d7b0b974e3bc3d42cf9bedf768671e7a45c51b24dd37cc31a321214739ffdb05b9c989bd7e49ac01be34a0577b0d075ae54ad250ece3ee4cdfbb8f2fe6b954c37bd14f07c1a905a37f8312dfc124848d8aaeb626624c2f1a12996dc5931872f14fa0243e37da1a2e5351bfd39358582a9e20865d72a1c45cc219af37b13a8a9bf045cda33ff47dc0d39c0935c40362aafa08be8352f64701de2c604615671ac2c94589c266c768c5758e34b57607ff79985a317d2dfda91c5eb8bb0e4d631c18733a83c50d03d7ce2a33cb5558ef7aec395d1f0bc3722fc06a151d1712959f03e300fdd49fe99a329320f3e3949f4e2c338c08fbcf5b9733792ba20378f74fc1fffb1a1124f39015b284f4f64f9db664986fc5ed030b92f31d5730ff6746de5af26c046416696ad715296f17cfb489877370903835af9866d72e3ea8417a8ba9dbeb5df7093efdbe55f49dde5b94e6424cee0b97173bd4c2f9f92719416e2350c18d7f423236e907457f8d0ae01489beb533cbb0262aaed44e13a3fe679e95922b30bd213d7c46ff9d1f8840f28ffbe6e947ebdb0d27f0e6f3b54f2d6f61d1e571b74146467fb22470906a7d7c4c45f2bae7996fe5df2eddb5f953a93eb2c2bfae61ff47c35fd55a18dfd31c371fc6ac76d250060e8fb11b56f01dfbf3568a0595698b957c2d6523dd0628513896af41a6abcb558e864fb192a1d69b6437dc774b9ca3fa9e07951f0cf9c962c5fc07f7f08f91dfbcc3b6305ff34dcef8770d6eebd4844f8b24c9808f4091468fee3ea6ed958e9427684af488ede5fe8328986da5511cc85f1d89f41fb88fcef3f5a24c5bc89e477c6570638529449c5d7f38bef30563ef54547da35ee6f08f815fe96916ddb15c7afe688d2867c6c60abc1943883ef149fad32c6d09ef6a1e0c6ef97bdcfe81a9042cc825bb2d4f6ffa475277b8384ead8513cb706906941051f4ef5c9328dea493759ac5bedd55fe95ee3e9492df25d049000e822f74cce60297dc61df35bf72e987bb9874c8178456c2bab7f1447690fa8c4f85b75f26e1fe5601840d54eddd8bc42f44503e4d3db952597887306e321cf74bc440c7574ca364b174d27d1ad1f84723f3d8c70816c6e1157a327455"}]}, 0x800) mount$9p_fd(0x20100000, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hfs\x00', 0x110000, 0x0) 11:24:52 executing program 2: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) munmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmget(0x3, 0x4000, 0x80, &(0x7f0000fea000/0x4000)=nil) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ff4000/0x4000)=nil) shmctl$IPC_RMID(r2, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmget$private(0x0, 0x2000, 0x8, &(0x7f0000fea000/0x2000)=nil) 11:24:52 executing program 3: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x1e53, &(0x7f0000000080), &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000001440), &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f00000002c0), 0x0) 11:24:52 executing program 1: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x1e53, &(0x7f0000000080), &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000001440), &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f00000002c0), 0x0) 11:24:52 executing program 6: r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x1000001, &(0x7f00000000c0)) renameat(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00') 11:24:52 executing program 7: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) 11:24:52 executing program 3: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x1e53, &(0x7f0000000080), &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000001440), &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f00000002c0), 0x0) 11:24:52 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000200)=@dstopts={0x0, 0xfe, '\x00', [@generic={0x0, 0x87, "268dd2ca7e08446bf5bc765394df3b4dd30baadd7835055fba2f9ebfa56e8c48e52acd6a14bdfd853c37572f4578a3d966101db42fdeb8c20ec4b75ad36cbb68f05ffcff09b615c2b45e2f144fa5bf1113ffc10722c13960724a939dd17c7ae52bfb76fdf7e7ea40b35c802dc06dd60b7054fde419b7274b5023b084c7e973b233f4cfd6f314bf"}, @generic={0x0, 0x766, "59ad5ac7a6cd7fa348a7432236b541281083243a3dd86a32ee9ea233dae0d6c6bb1880cc91160fbf1f088225760438534ca1f9090c2eeac7faa90682d00e1955aee0cdbc25bcee327e1ce2a700abfdf053e666979cf92650873073270c16119bac26ff9166d3e8140583095d7e5e3e9c15a1d16a04e74e78ae2eb3f9dbf7c0ea1725e1bf43aff559b9c432ab15a0d43556c5810848ffed51038d7e638813e3b67af319177fa9e14561d080864a857e05ffae3626ebe96e4ae99dde8ff6c685908753d5af2f305e0353f902d2c1c5da630059350454a4b9c348605d8f209af78728649e00814347a59ba2a9d76b3e17369e082a75100971635ec70fe0c36bd4756f443b596a11ad3b494c3b18bd157205dd0547e8f985caf09f25bd8b33f4bc5ba3cac2fbbd195dba716e083c05d7c705d88b35aadeb96eb0ff27def8c70f744ca1e17a5b405e6e7203311acbaa185ce97e9a22bf35cbfb822e12096f17585f56ae8a6e8613e36587dda2bc0a627defeab32dac999326db92ed88680b3f805b1f6575ca2c474b196d06841415178de0ced69e6ea7a422b75b5c852ebb9590c0a9ade027d17f47477d756a939617e547b1817d161850562cfa507a615457a6f5373f77cf675a726ff570776fa80efe0bf18543c928440f6bacd65fa3e04bf7cb391d2ff7f5aac23001a9732dc8a4de977dc45fbccd45f9e7210cabc05e0649f6d94562bf85487dc5da53bec40eea79809629ce7350a810d1bf4f480e433b7f4ed2782899e4b97600af1c9b9cbb821bdefd0eff4af0bb2bf0692ac56ced55bdfe1255fb3cb972c82d20e3f3f7b5ebdccf4fcfe3cfefe3605193ce8b7e2bea68b3b696d961c98cb46e442a71343f2558816fdad3c4ac5f7d16532580d697eb3843aa0233f93eafa3e6fb9b6faddf0f77d3a7c05f7fd65b311214170c06e42430e28eafa35a9364925436783e2c2f669281138f1477c4caa697ceade8919fac2881f4d8800f7cec386a317e5ad7dfb296420ad810e1d44fa8eb1e2323704b9fcee9221667030dd839682571080bb9801f2c22ff9e3740f49714338e28d6b6db88941270de773c77273e48f18c320be3854ef5887b89ab6eb6c7af78314ebad56f0a07eaff7da280061325b8511ad00815e24f2cad2dee89733a4810792abd557aa30761acffcb3403d18b0bd39cd72b6df39d1b80714cc3e32b8be8f3d4ba20c0513f930a3c3901919c9ae009a43b405c6e91bbdec15b4e57a50e69e7fc6833e1b324399dce82c6bd3887c22dbcdc6eb23e1c3637ddd8f71d53e622796775ef84c475883bbbbf35c9a4154531d7b1fc811a6128d163905e5f15824881ae4387c6e9309efe9a8aa82f2d75716af3f31d9c1234218419a2a3c7cb57bae66516600eb5a880a23c281f6916f1a2373988d8809dbfc1840fa72f8f95c4aa9fc3a04941c8da02276fb7873c15899d21beed9b233a159086f7c792a3218fc352e08ab1d8bc8e6c58e3e31dddab3726e7d95cb9e061904bb427c1b1ecb3ea845c3165c7d34fff7e23a3d7b0b974e3bc3d42cf9bedf768671e7a45c51b24dd37cc31a321214739ffdb05b9c989bd7e49ac01be34a0577b0d075ae54ad250ece3ee4cdfbb8f2fe6b954c37bd14f07c1a905a37f8312dfc124848d8aaeb626624c2f1a12996dc5931872f14fa0243e37da1a2e5351bfd39358582a9e20865d72a1c45cc219af37b13a8a9bf045cda33ff47dc0d39c0935c40362aafa08be8352f64701de2c604615671ac2c94589c266c768c5758e34b57607ff79985a317d2dfda91c5eb8bb0e4d631c18733a83c50d03d7ce2a33cb5558ef7aec395d1f0bc3722fc06a151d1712959f03e300fdd49fe99a329320f3e3949f4e2c338c08fbcf5b9733792ba20378f74fc1fffb1a1124f39015b284f4f64f9db664986fc5ed030b92f31d5730ff6746de5af26c046416696ad715296f17cfb489877370903835af9866d72e3ea8417a8ba9dbeb5df7093efdbe55f49dde5b94e6424cee0b97173bd4c2f9f92719416e2350c18d7f423236e907457f8d0ae01489beb533cbb0262aaed44e13a3fe679e95922b30bd213d7c46ff9d1f8840f28ffbe6e947ebdb0d27f0e6f3b54f2d6f61d1e571b74146467fb22470906a7d7c4c45f2bae7996fe5df2eddb5f953a93eb2c2bfae61ff47c35fd55a18dfd31c371fc6ac76d250060e8fb11b56f01dfbf3568a0595698b957c2d6523dd0628513896af41a6abcb558e864fb192a1d69b6437dc774b9ca3fa9e07951f0cf9c962c5fc07f7f08f91dfbcc3b6305ff34dcef8770d6eebd4844f8b24c9808f4091468fee3ea6ed958e9427684af488ede5fe8328986da5511cc85f1d89f41fb88fcef3f5a24c5bc89e477c6570638529449c5d7f38bef30563ef54547da35ee6f08f815fe96916ddb15c7afe688d2867c6c60abc1943883ef149fad32c6d09ef6a1e0c6ef97bdcfe81a9042cc825bb2d4f6ffa475277b8384ead8513cb706906941051f4ef5c9328dea493759ac5bedd55fe95ee3e9492df25d049000e822f74cce60297dc61df35bf72e987bb9874c8178456c2bab7f1447690fa8c4f85b75f26e1fe5601840d54eddd8bc42f44503e4d3db952597887306e321cf74bc440c7574ca364b174d27d1ad1f84723f3d8c70816c6e1157a327455"}]}, 0x800) mount$9p_fd(0x20100000, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hfs\x00', 0x110000, 0x0) 11:24:52 executing program 6: r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x1000001, &(0x7f00000000c0)) renameat(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00') 11:24:52 executing program 1: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x1e53, &(0x7f0000000080), &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000001440), &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f00000002c0), 0x0) 11:24:52 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000200)=@dstopts={0x0, 0xfe, '\x00', [@generic={0x0, 0x87, "268dd2ca7e08446bf5bc765394df3b4dd30baadd7835055fba2f9ebfa56e8c48e52acd6a14bdfd853c37572f4578a3d966101db42fdeb8c20ec4b75ad36cbb68f05ffcff09b615c2b45e2f144fa5bf1113ffc10722c13960724a939dd17c7ae52bfb76fdf7e7ea40b35c802dc06dd60b7054fde419b7274b5023b084c7e973b233f4cfd6f314bf"}, @generic={0x0, 0x766, "59ad5ac7a6cd7fa348a7432236b541281083243a3dd86a32ee9ea233dae0d6c6bb1880cc91160fbf1f088225760438534ca1f9090c2eeac7faa90682d00e1955aee0cdbc25bcee327e1ce2a700abfdf053e666979cf92650873073270c16119bac26ff9166d3e8140583095d7e5e3e9c15a1d16a04e74e78ae2eb3f9dbf7c0ea1725e1bf43aff559b9c432ab15a0d43556c5810848ffed51038d7e638813e3b67af319177fa9e14561d080864a857e05ffae3626ebe96e4ae99dde8ff6c685908753d5af2f305e0353f902d2c1c5da630059350454a4b9c348605d8f209af78728649e00814347a59ba2a9d76b3e17369e082a75100971635ec70fe0c36bd4756f443b596a11ad3b494c3b18bd157205dd0547e8f985caf09f25bd8b33f4bc5ba3cac2fbbd195dba716e083c05d7c705d88b35aadeb96eb0ff27def8c70f744ca1e17a5b405e6e7203311acbaa185ce97e9a22bf35cbfb822e12096f17585f56ae8a6e8613e36587dda2bc0a627defeab32dac999326db92ed88680b3f805b1f6575ca2c474b196d06841415178de0ced69e6ea7a422b75b5c852ebb9590c0a9ade027d17f47477d756a939617e547b1817d161850562cfa507a615457a6f5373f77cf675a726ff570776fa80efe0bf18543c928440f6bacd65fa3e04bf7cb391d2ff7f5aac23001a9732dc8a4de977dc45fbccd45f9e7210cabc05e0649f6d94562bf85487dc5da53bec40eea79809629ce7350a810d1bf4f480e433b7f4ed2782899e4b97600af1c9b9cbb821bdefd0eff4af0bb2bf0692ac56ced55bdfe1255fb3cb972c82d20e3f3f7b5ebdccf4fcfe3cfefe3605193ce8b7e2bea68b3b696d961c98cb46e442a71343f2558816fdad3c4ac5f7d16532580d697eb3843aa0233f93eafa3e6fb9b6faddf0f77d3a7c05f7fd65b311214170c06e42430e28eafa35a9364925436783e2c2f669281138f1477c4caa697ceade8919fac2881f4d8800f7cec386a317e5ad7dfb296420ad810e1d44fa8eb1e2323704b9fcee9221667030dd839682571080bb9801f2c22ff9e3740f49714338e28d6b6db88941270de773c77273e48f18c320be3854ef5887b89ab6eb6c7af78314ebad56f0a07eaff7da280061325b8511ad00815e24f2cad2dee89733a4810792abd557aa30761acffcb3403d18b0bd39cd72b6df39d1b80714cc3e32b8be8f3d4ba20c0513f930a3c3901919c9ae009a43b405c6e91bbdec15b4e57a50e69e7fc6833e1b324399dce82c6bd3887c22dbcdc6eb23e1c3637ddd8f71d53e622796775ef84c475883bbbbf35c9a4154531d7b1fc811a6128d163905e5f15824881ae4387c6e9309efe9a8aa82f2d75716af3f31d9c1234218419a2a3c7cb57bae66516600eb5a880a23c281f6916f1a2373988d8809dbfc1840fa72f8f95c4aa9fc3a04941c8da02276fb7873c15899d21beed9b233a159086f7c792a3218fc352e08ab1d8bc8e6c58e3e31dddab3726e7d95cb9e061904bb427c1b1ecb3ea845c3165c7d34fff7e23a3d7b0b974e3bc3d42cf9bedf768671e7a45c51b24dd37cc31a321214739ffdb05b9c989bd7e49ac01be34a0577b0d075ae54ad250ece3ee4cdfbb8f2fe6b954c37bd14f07c1a905a37f8312dfc124848d8aaeb626624c2f1a12996dc5931872f14fa0243e37da1a2e5351bfd39358582a9e20865d72a1c45cc219af37b13a8a9bf045cda33ff47dc0d39c0935c40362aafa08be8352f64701de2c604615671ac2c94589c266c768c5758e34b57607ff79985a317d2dfda91c5eb8bb0e4d631c18733a83c50d03d7ce2a33cb5558ef7aec395d1f0bc3722fc06a151d1712959f03e300fdd49fe99a329320f3e3949f4e2c338c08fbcf5b9733792ba20378f74fc1fffb1a1124f39015b284f4f64f9db664986fc5ed030b92f31d5730ff6746de5af26c046416696ad715296f17cfb489877370903835af9866d72e3ea8417a8ba9dbeb5df7093efdbe55f49dde5b94e6424cee0b97173bd4c2f9f92719416e2350c18d7f423236e907457f8d0ae01489beb533cbb0262aaed44e13a3fe679e95922b30bd213d7c46ff9d1f8840f28ffbe6e947ebdb0d27f0e6f3b54f2d6f61d1e571b74146467fb22470906a7d7c4c45f2bae7996fe5df2eddb5f953a93eb2c2bfae61ff47c35fd55a18dfd31c371fc6ac76d250060e8fb11b56f01dfbf3568a0595698b957c2d6523dd0628513896af41a6abcb558e864fb192a1d69b6437dc774b9ca3fa9e07951f0cf9c962c5fc07f7f08f91dfbcc3b6305ff34dcef8770d6eebd4844f8b24c9808f4091468fee3ea6ed958e9427684af488ede5fe8328986da5511cc85f1d89f41fb88fcef3f5a24c5bc89e477c6570638529449c5d7f38bef30563ef54547da35ee6f08f815fe96916ddb15c7afe688d2867c6c60abc1943883ef149fad32c6d09ef6a1e0c6ef97bdcfe81a9042cc825bb2d4f6ffa475277b8384ead8513cb706906941051f4ef5c9328dea493759ac5bedd55fe95ee3e9492df25d049000e822f74cce60297dc61df35bf72e987bb9874c8178456c2bab7f1447690fa8c4f85b75f26e1fe5601840d54eddd8bc42f44503e4d3db952597887306e321cf74bc440c7574ca364b174d27d1ad1f84723f3d8c70816c6e1157a327455"}]}, 0x800) mount$9p_fd(0x20100000, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hfs\x00', 0x110000, 0x0) 11:24:52 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000200)=@dstopts={0x0, 0xfe, '\x00', [@generic={0x0, 0x87, "268dd2ca7e08446bf5bc765394df3b4dd30baadd7835055fba2f9ebfa56e8c48e52acd6a14bdfd853c37572f4578a3d966101db42fdeb8c20ec4b75ad36cbb68f05ffcff09b615c2b45e2f144fa5bf1113ffc10722c13960724a939dd17c7ae52bfb76fdf7e7ea40b35c802dc06dd60b7054fde419b7274b5023b084c7e973b233f4cfd6f314bf"}, @generic={0x0, 0x766, "59ad5ac7a6cd7fa348a7432236b541281083243a3dd86a32ee9ea233dae0d6c6bb1880cc91160fbf1f088225760438534ca1f9090c2eeac7faa90682d00e1955aee0cdbc25bcee327e1ce2a700abfdf053e666979cf92650873073270c16119bac26ff9166d3e8140583095d7e5e3e9c15a1d16a04e74e78ae2eb3f9dbf7c0ea1725e1bf43aff559b9c432ab15a0d43556c5810848ffed51038d7e638813e3b67af319177fa9e14561d080864a857e05ffae3626ebe96e4ae99dde8ff6c685908753d5af2f305e0353f902d2c1c5da630059350454a4b9c348605d8f209af78728649e00814347a59ba2a9d76b3e17369e082a75100971635ec70fe0c36bd4756f443b596a11ad3b494c3b18bd157205dd0547e8f985caf09f25bd8b33f4bc5ba3cac2fbbd195dba716e083c05d7c705d88b35aadeb96eb0ff27def8c70f744ca1e17a5b405e6e7203311acbaa185ce97e9a22bf35cbfb822e12096f17585f56ae8a6e8613e36587dda2bc0a627defeab32dac999326db92ed88680b3f805b1f6575ca2c474b196d06841415178de0ced69e6ea7a422b75b5c852ebb9590c0a9ade027d17f47477d756a939617e547b1817d161850562cfa507a615457a6f5373f77cf675a726ff570776fa80efe0bf18543c928440f6bacd65fa3e04bf7cb391d2ff7f5aac23001a9732dc8a4de977dc45fbccd45f9e7210cabc05e0649f6d94562bf85487dc5da53bec40eea79809629ce7350a810d1bf4f480e433b7f4ed2782899e4b97600af1c9b9cbb821bdefd0eff4af0bb2bf0692ac56ced55bdfe1255fb3cb972c82d20e3f3f7b5ebdccf4fcfe3cfefe3605193ce8b7e2bea68b3b696d961c98cb46e442a71343f2558816fdad3c4ac5f7d16532580d697eb3843aa0233f93eafa3e6fb9b6faddf0f77d3a7c05f7fd65b311214170c06e42430e28eafa35a9364925436783e2c2f669281138f1477c4caa697ceade8919fac2881f4d8800f7cec386a317e5ad7dfb296420ad810e1d44fa8eb1e2323704b9fcee9221667030dd839682571080bb9801f2c22ff9e3740f49714338e28d6b6db88941270de773c77273e48f18c320be3854ef5887b89ab6eb6c7af78314ebad56f0a07eaff7da280061325b8511ad00815e24f2cad2dee89733a4810792abd557aa30761acffcb3403d18b0bd39cd72b6df39d1b80714cc3e32b8be8f3d4ba20c0513f930a3c3901919c9ae009a43b405c6e91bbdec15b4e57a50e69e7fc6833e1b324399dce82c6bd3887c22dbcdc6eb23e1c3637ddd8f71d53e622796775ef84c475883bbbbf35c9a4154531d7b1fc811a6128d163905e5f15824881ae4387c6e9309efe9a8aa82f2d75716af3f31d9c1234218419a2a3c7cb57bae66516600eb5a880a23c281f6916f1a2373988d8809dbfc1840fa72f8f95c4aa9fc3a04941c8da02276fb7873c15899d21beed9b233a159086f7c792a3218fc352e08ab1d8bc8e6c58e3e31dddab3726e7d95cb9e061904bb427c1b1ecb3ea845c3165c7d34fff7e23a3d7b0b974e3bc3d42cf9bedf768671e7a45c51b24dd37cc31a321214739ffdb05b9c989bd7e49ac01be34a0577b0d075ae54ad250ece3ee4cdfbb8f2fe6b954c37bd14f07c1a905a37f8312dfc124848d8aaeb626624c2f1a12996dc5931872f14fa0243e37da1a2e5351bfd39358582a9e20865d72a1c45cc219af37b13a8a9bf045cda33ff47dc0d39c0935c40362aafa08be8352f64701de2c604615671ac2c94589c266c768c5758e34b57607ff79985a317d2dfda91c5eb8bb0e4d631c18733a83c50d03d7ce2a33cb5558ef7aec395d1f0bc3722fc06a151d1712959f03e300fdd49fe99a329320f3e3949f4e2c338c08fbcf5b9733792ba20378f74fc1fffb1a1124f39015b284f4f64f9db664986fc5ed030b92f31d5730ff6746de5af26c046416696ad715296f17cfb489877370903835af9866d72e3ea8417a8ba9dbeb5df7093efdbe55f49dde5b94e6424cee0b97173bd4c2f9f92719416e2350c18d7f423236e907457f8d0ae01489beb533cbb0262aaed44e13a3fe679e95922b30bd213d7c46ff9d1f8840f28ffbe6e947ebdb0d27f0e6f3b54f2d6f61d1e571b74146467fb22470906a7d7c4c45f2bae7996fe5df2eddb5f953a93eb2c2bfae61ff47c35fd55a18dfd31c371fc6ac76d250060e8fb11b56f01dfbf3568a0595698b957c2d6523dd0628513896af41a6abcb558e864fb192a1d69b6437dc774b9ca3fa9e07951f0cf9c962c5fc07f7f08f91dfbcc3b6305ff34dcef8770d6eebd4844f8b24c9808f4091468fee3ea6ed958e9427684af488ede5fe8328986da5511cc85f1d89f41fb88fcef3f5a24c5bc89e477c6570638529449c5d7f38bef30563ef54547da35ee6f08f815fe96916ddb15c7afe688d2867c6c60abc1943883ef149fad32c6d09ef6a1e0c6ef97bdcfe81a9042cc825bb2d4f6ffa475277b8384ead8513cb706906941051f4ef5c9328dea493759ac5bedd55fe95ee3e9492df25d049000e822f74cce60297dc61df35bf72e987bb9874c8178456c2bab7f1447690fa8c4f85b75f26e1fe5601840d54eddd8bc42f44503e4d3db952597887306e321cf74bc440c7574ca364b174d27d1ad1f84723f3d8c70816c6e1157a327455"}]}, 0x800) mount$9p_fd(0x20100000, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hfs\x00', 0x110000, 0x0) 11:24:52 executing program 6: r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x1000001, &(0x7f00000000c0)) renameat(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00') 11:24:52 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) munmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmget(0x3, 0x4000, 0x80, &(0x7f0000fea000/0x4000)=nil) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ff4000/0x4000)=nil) shmctl$IPC_RMID(r2, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmget$private(0x0, 0x2000, 0x8, &(0x7f0000fea000/0x2000)=nil) 11:24:52 executing program 3: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x1e53, &(0x7f0000000080), &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000001440), &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f00000002c0), 0x0) 11:24:52 executing program 7: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) 11:24:52 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000200)=@dstopts={0x0, 0xfe, '\x00', [@generic={0x0, 0x87, "268dd2ca7e08446bf5bc765394df3b4dd30baadd7835055fba2f9ebfa56e8c48e52acd6a14bdfd853c37572f4578a3d966101db42fdeb8c20ec4b75ad36cbb68f05ffcff09b615c2b45e2f144fa5bf1113ffc10722c13960724a939dd17c7ae52bfb76fdf7e7ea40b35c802dc06dd60b7054fde419b7274b5023b084c7e973b233f4cfd6f314bf"}, @generic={0x0, 0x766, "59ad5ac7a6cd7fa348a7432236b541281083243a3dd86a32ee9ea233dae0d6c6bb1880cc91160fbf1f088225760438534ca1f9090c2eeac7faa90682d00e1955aee0cdbc25bcee327e1ce2a700abfdf053e666979cf92650873073270c16119bac26ff9166d3e8140583095d7e5e3e9c15a1d16a04e74e78ae2eb3f9dbf7c0ea1725e1bf43aff559b9c432ab15a0d43556c5810848ffed51038d7e638813e3b67af319177fa9e14561d080864a857e05ffae3626ebe96e4ae99dde8ff6c685908753d5af2f305e0353f902d2c1c5da630059350454a4b9c348605d8f209af78728649e00814347a59ba2a9d76b3e17369e082a75100971635ec70fe0c36bd4756f443b596a11ad3b494c3b18bd157205dd0547e8f985caf09f25bd8b33f4bc5ba3cac2fbbd195dba716e083c05d7c705d88b35aadeb96eb0ff27def8c70f744ca1e17a5b405e6e7203311acbaa185ce97e9a22bf35cbfb822e12096f17585f56ae8a6e8613e36587dda2bc0a627defeab32dac999326db92ed88680b3f805b1f6575ca2c474b196d06841415178de0ced69e6ea7a422b75b5c852ebb9590c0a9ade027d17f47477d756a939617e547b1817d161850562cfa507a615457a6f5373f77cf675a726ff570776fa80efe0bf18543c928440f6bacd65fa3e04bf7cb391d2ff7f5aac23001a9732dc8a4de977dc45fbccd45f9e7210cabc05e0649f6d94562bf85487dc5da53bec40eea79809629ce7350a810d1bf4f480e433b7f4ed2782899e4b97600af1c9b9cbb821bdefd0eff4af0bb2bf0692ac56ced55bdfe1255fb3cb972c82d20e3f3f7b5ebdccf4fcfe3cfefe3605193ce8b7e2bea68b3b696d961c98cb46e442a71343f2558816fdad3c4ac5f7d16532580d697eb3843aa0233f93eafa3e6fb9b6faddf0f77d3a7c05f7fd65b311214170c06e42430e28eafa35a9364925436783e2c2f669281138f1477c4caa697ceade8919fac2881f4d8800f7cec386a317e5ad7dfb296420ad810e1d44fa8eb1e2323704b9fcee9221667030dd839682571080bb9801f2c22ff9e3740f49714338e28d6b6db88941270de773c77273e48f18c320be3854ef5887b89ab6eb6c7af78314ebad56f0a07eaff7da280061325b8511ad00815e24f2cad2dee89733a4810792abd557aa30761acffcb3403d18b0bd39cd72b6df39d1b80714cc3e32b8be8f3d4ba20c0513f930a3c3901919c9ae009a43b405c6e91bbdec15b4e57a50e69e7fc6833e1b324399dce82c6bd3887c22dbcdc6eb23e1c3637ddd8f71d53e622796775ef84c475883bbbbf35c9a4154531d7b1fc811a6128d163905e5f15824881ae4387c6e9309efe9a8aa82f2d75716af3f31d9c1234218419a2a3c7cb57bae66516600eb5a880a23c281f6916f1a2373988d8809dbfc1840fa72f8f95c4aa9fc3a04941c8da02276fb7873c15899d21beed9b233a159086f7c792a3218fc352e08ab1d8bc8e6c58e3e31dddab3726e7d95cb9e061904bb427c1b1ecb3ea845c3165c7d34fff7e23a3d7b0b974e3bc3d42cf9bedf768671e7a45c51b24dd37cc31a321214739ffdb05b9c989bd7e49ac01be34a0577b0d075ae54ad250ece3ee4cdfbb8f2fe6b954c37bd14f07c1a905a37f8312dfc124848d8aaeb626624c2f1a12996dc5931872f14fa0243e37da1a2e5351bfd39358582a9e20865d72a1c45cc219af37b13a8a9bf045cda33ff47dc0d39c0935c40362aafa08be8352f64701de2c604615671ac2c94589c266c768c5758e34b57607ff79985a317d2dfda91c5eb8bb0e4d631c18733a83c50d03d7ce2a33cb5558ef7aec395d1f0bc3722fc06a151d1712959f03e300fdd49fe99a329320f3e3949f4e2c338c08fbcf5b9733792ba20378f74fc1fffb1a1124f39015b284f4f64f9db664986fc5ed030b92f31d5730ff6746de5af26c046416696ad715296f17cfb489877370903835af9866d72e3ea8417a8ba9dbeb5df7093efdbe55f49dde5b94e6424cee0b97173bd4c2f9f92719416e2350c18d7f423236e907457f8d0ae01489beb533cbb0262aaed44e13a3fe679e95922b30bd213d7c46ff9d1f8840f28ffbe6e947ebdb0d27f0e6f3b54f2d6f61d1e571b74146467fb22470906a7d7c4c45f2bae7996fe5df2eddb5f953a93eb2c2bfae61ff47c35fd55a18dfd31c371fc6ac76d250060e8fb11b56f01dfbf3568a0595698b957c2d6523dd0628513896af41a6abcb558e864fb192a1d69b6437dc774b9ca3fa9e07951f0cf9c962c5fc07f7f08f91dfbcc3b6305ff34dcef8770d6eebd4844f8b24c9808f4091468fee3ea6ed958e9427684af488ede5fe8328986da5511cc85f1d89f41fb88fcef3f5a24c5bc89e477c6570638529449c5d7f38bef30563ef54547da35ee6f08f815fe96916ddb15c7afe688d2867c6c60abc1943883ef149fad32c6d09ef6a1e0c6ef97bdcfe81a9042cc825bb2d4f6ffa475277b8384ead8513cb706906941051f4ef5c9328dea493759ac5bedd55fe95ee3e9492df25d049000e822f74cce60297dc61df35bf72e987bb9874c8178456c2bab7f1447690fa8c4f85b75f26e1fe5601840d54eddd8bc42f44503e4d3db952597887306e321cf74bc440c7574ca364b174d27d1ad1f84723f3d8c70816c6e1157a327455"}]}, 0x800) mount$9p_fd(0x20100000, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hfs\x00', 0x110000, 0x0) 11:24:54 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) 11:24:54 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x121042, 0x0) mount(0x0, 0x0, 0x0, 0x1000, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) ioctl$SG_EMULATED_HOST(r2, 0x80081270, &(0x7f0000000000)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_io_uring_setup(0x6634, 0x0, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000380), 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x40) flock(r0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r5, &(0x7f0000000380)=[{&(0x7f0000000140)="e0686d0b2aef6464c4dc37c6199b288ab2dfe6ef550cfc0fc3987306eb232101aba03385fe12fcd9038a8ba74995d0ffbb58d7ec7b6905b489e1eec4c7e967eb004688126d7da59c68fd2e18a345970ca2ceed407b9126932519ec9606468fd2ce98bf859ce9f5fad9dd2a35dea6f6d02aa18841f53591c2df67d9359b61593db3407e668c1bc99827c18dbc3500a572aedfbc30e234aad1e3a9593dae4fa72eb55e2deec2bc24538d18420888583d7ee2b218d07a3707494ec90b", 0xbb}], 0x1, 0x7fffff8, 0x1) openat(r4, 0x0, 0x101380, 0x6) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext={0x203}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3800000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r3, 0x0, 0x100000) 11:24:54 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000a940)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="280000001d0001000000000000faffff07"], 0x28}], 0x1}, 0x0) 11:24:54 executing program 3: io_setup(0x3f, &(0x7f0000000000)=0x0) pkey_mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0xffffffffffffffff) io_submit(r0, 0x1, &(0x7f0000002480)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) 11:24:54 executing program 0: syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[]) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x490401, 0x0) 11:24:54 executing program 2: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) munmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmget(0x3, 0x4000, 0x80, &(0x7f0000fea000/0x4000)=nil) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ff4000/0x4000)=nil) shmctl$IPC_RMID(r2, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmget$private(0x0, 0x2000, 0x8, &(0x7f0000fea000/0x2000)=nil) 11:24:54 executing program 6: r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x1000001, &(0x7f00000000c0)) renameat(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00') 11:24:54 executing program 1: prctl$PR_SET_KEEPCAPS(0x8, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0x6, 0x4) r0 = socket$inet_udp(0x2, 0x2, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x84128, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x49, &(0x7f0000000200)={0x77359400}, 0x10) [ 124.264560] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'. 11:24:54 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000a940)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="280000001d0001000000000000faffff07"], 0x28}], 0x1}, 0x0) [ 124.407424] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'. 11:24:54 executing program 6: r0 = memfd_create(&(0x7f0000000140)='\x00\x00\x9f\xf4\vA*i\x96\xe1\x81\xf2\xd4>\xec\xd9l\xe6t%\xd1\x154N\xf6\x9e\xafi\x02\x18\xfb\xd5\xcaX\x15-\xf5j\x8f\x017\xbb9Z\x06$\xb7\n\xf5\xd9\xec\r\x15\xf9\n\xd7\xed\xa6\x8a\xf3\xed\xc5\xbc%J\xd6\xa1*\xedC\xed\x88#\x9bF\n\xa4\x9c\v\x007\xad\xcf\x92\xd8n2?\xc6n[\x0f\x98\x12\xe0\xd2\xc6\x9e\xdb\x97A\xed\xc9s\x8c\xa1\x80=j9\x97\xfb5\xf8\x8f\x8e\xf9\x1e\xd0\xcdn-mH\xc2j|\x1c\xb0\x93\xe0\xfc\xcf4y\xe9\x91\xda\xa7~v\xa1c\xd3\x13\x14\x9eu\x84\x83rm\x01\xdc4\x19[\x9chDvf\n\xb5\x97\x14\xb2W\xbez\x10\x88\xc9\x1a\x97\xe6\\\xa9', 0x0) fgetxattr(r0, &(0x7f0000000040)=@known='security.selinux\x00', &(0x7f00000000c0)=""/65, 0xfffffffffffffe1d) 11:24:54 executing program 3: io_setup(0x3f, &(0x7f0000000000)=0x0) pkey_mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0xffffffffffffffff) io_submit(r0, 0x1, &(0x7f0000002480)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) VM DIAGNOSIS: 11:24:46 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffc900055ee000 RDX=0000000000040000 RSI=ffffffff8360fa71 RDI=0000000000000005 RBP=ffff888019a993c0 RSP=ffff88804168fc90 R8 =0000000000000005 R9 =0000000000000001 R10=0000000000000001 R11=0000000000000001 R12=0000000000000002 R13=ffff888019a994a4 R14=ffff88803e7539b8 R15=ffff888019a993c0 RIP=ffffffff814b88eb RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fafe4c42700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2c523000 CR3=00000000100b8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff824f8615 RDI=ffffffff87f0bdc0 RBP=ffffffff87f0bd80 RSP=ffff88803e597630 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=ffffffff87f0bd80 R14=ffffffff87f0bdd0 R15=ffffffff87f0c038 RIP=ffffffff824f866d RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe395b2b700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffc6a027e08 CR3=000000003ef8e000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000