Warning: Permanently added '[localhost]:39111' (ECDSA) to the list of known hosts. 2022/10/31 11:11:21 fuzzer started 2022/10/31 11:11:22 dialing manager at localhost:40945 syzkaller login: [ 36.242446] cgroup: Unknown subsys name 'net' [ 36.372722] cgroup: Unknown subsys name 'rlimit' 2022/10/31 11:11:36 syscalls: 2217 2022/10/31 11:11:36 code coverage: enabled 2022/10/31 11:11:36 comparison tracing: enabled 2022/10/31 11:11:36 extra coverage: enabled 2022/10/31 11:11:36 setuid sandbox: enabled 2022/10/31 11:11:36 namespace sandbox: enabled 2022/10/31 11:11:36 Android sandbox: enabled 2022/10/31 11:11:36 fault injection: enabled 2022/10/31 11:11:36 leak checking: enabled 2022/10/31 11:11:36 net packet injection: enabled 2022/10/31 11:11:36 net device setup: enabled 2022/10/31 11:11:36 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/31 11:11:36 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/31 11:11:36 USB emulation: enabled 2022/10/31 11:11:36 hci packet injection: enabled 2022/10/31 11:11:36 wifi device emulation: enabled 2022/10/31 11:11:36 802.15.4 emulation: enabled 2022/10/31 11:11:36 fetching corpus: 0, signal 0/2000 (executing program) 2022/10/31 11:11:36 fetching corpus: 50, signal 30881/34130 (executing program) 2022/10/31 11:11:36 fetching corpus: 100, signal 43003/47419 (executing program) 2022/10/31 11:11:36 fetching corpus: 150, signal 56500/61755 (executing program) 2022/10/31 11:11:36 fetching corpus: 200, signal 63652/69802 (executing program) 2022/10/31 11:11:36 fetching corpus: 250, signal 69953/76875 (executing program) 2022/10/31 11:11:37 fetching corpus: 300, signal 76135/83688 (executing program) 2022/10/31 11:11:37 fetching corpus: 350, signal 80406/88651 (executing program) 2022/10/31 11:11:37 fetching corpus: 400, signal 85051/93892 (executing program) 2022/10/31 11:11:37 fetching corpus: 450, signal 88015/97514 (executing program) 2022/10/31 11:11:37 fetching corpus: 500, signal 90814/100895 (executing program) 2022/10/31 11:11:37 fetching corpus: 550, signal 93885/104441 (executing program) 2022/10/31 11:11:37 fetching corpus: 600, signal 96359/107379 (executing program) 2022/10/31 11:11:38 fetching corpus: 650, signal 99385/110745 (executing program) 2022/10/31 11:11:38 fetching corpus: 700, signal 102156/113825 (executing program) 2022/10/31 11:11:38 fetching corpus: 750, signal 104469/116463 (executing program) 2022/10/31 11:11:38 fetching corpus: 800, signal 106182/118581 (executing program) 2022/10/31 11:11:38 fetching corpus: 850, signal 108645/121302 (executing program) 2022/10/31 11:11:38 fetching corpus: 900, signal 110296/123296 (executing program) 2022/10/31 11:11:38 fetching corpus: 950, signal 112215/125461 (executing program) 2022/10/31 11:11:39 fetching corpus: 1000, signal 113669/127181 (executing program) 2022/10/31 11:11:39 fetching corpus: 1050, signal 115738/129324 (executing program) 2022/10/31 11:11:39 fetching corpus: 1100, signal 117629/131329 (executing program) 2022/10/31 11:11:39 fetching corpus: 1150, signal 119371/133166 (executing program) 2022/10/31 11:11:39 fetching corpus: 1200, signal 121122/134916 (executing program) 2022/10/31 11:11:39 fetching corpus: 1250, signal 123213/136885 (executing program) 2022/10/31 11:11:39 fetching corpus: 1300, signal 126044/139326 (executing program) 2022/10/31 11:11:40 fetching corpus: 1350, signal 127236/140664 (executing program) 2022/10/31 11:11:40 fetching corpus: 1400, signal 128685/142091 (executing program) 2022/10/31 11:11:40 fetching corpus: 1450, signal 129812/143306 (executing program) 2022/10/31 11:11:40 fetching corpus: 1500, signal 131131/144632 (executing program) 2022/10/31 11:11:40 fetching corpus: 1550, signal 132371/145853 (executing program) 2022/10/31 11:11:40 fetching corpus: 1600, signal 133823/147207 (executing program) 2022/10/31 11:11:40 fetching corpus: 1650, signal 135035/148336 (executing program) 2022/10/31 11:11:40 fetching corpus: 1700, signal 136579/149585 (executing program) 2022/10/31 11:11:40 fetching corpus: 1750, signal 137401/150419 (executing program) 2022/10/31 11:11:41 fetching corpus: 1800, signal 139097/151707 (executing program) 2022/10/31 11:11:41 fetching corpus: 1850, signal 140248/152656 (executing program) 2022/10/31 11:11:41 fetching corpus: 1900, signal 141792/153798 (executing program) 2022/10/31 11:11:41 fetching corpus: 1950, signal 143140/154789 (executing program) 2022/10/31 11:11:41 fetching corpus: 2000, signal 144409/155752 (executing program) 2022/10/31 11:11:41 fetching corpus: 2050, signal 145283/156472 (executing program) 2022/10/31 11:11:42 fetching corpus: 2100, signal 145984/157122 (executing program) 2022/10/31 11:11:42 fetching corpus: 2150, signal 147218/157939 (executing program) 2022/10/31 11:11:42 fetching corpus: 2200, signal 148692/158880 (executing program) 2022/10/31 11:11:42 fetching corpus: 2250, signal 150067/159731 (executing program) 2022/10/31 11:11:42 fetching corpus: 2300, signal 150814/160262 (executing program) 2022/10/31 11:11:42 fetching corpus: 2350, signal 152003/161014 (executing program) 2022/10/31 11:11:42 fetching corpus: 2400, signal 152926/161539 (executing program) 2022/10/31 11:11:43 fetching corpus: 2450, signal 154437/162313 (executing program) 2022/10/31 11:11:43 fetching corpus: 2500, signal 155199/162775 (executing program) 2022/10/31 11:11:43 fetching corpus: 2550, signal 156090/163232 (executing program) 2022/10/31 11:11:43 fetching corpus: 2600, signal 157303/163858 (executing program) 2022/10/31 11:11:43 fetching corpus: 2650, signal 157883/164182 (executing program) 2022/10/31 11:11:43 fetching corpus: 2700, signal 158691/164559 (executing program) 2022/10/31 11:11:43 fetching corpus: 2750, signal 159338/164842 (executing program) 2022/10/31 11:11:44 fetching corpus: 2800, signal 160543/165301 (executing program) 2022/10/31 11:11:44 fetching corpus: 2850, signal 162200/165907 (executing program) 2022/10/31 11:11:44 fetching corpus: 2900, signal 163033/166227 (executing program) 2022/10/31 11:11:44 fetching corpus: 2950, signal 163595/166440 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/166577 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/166611 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/166650 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/166683 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/166724 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/166760 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/166798 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/166847 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/166896 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/166935 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/166980 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167031 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167075 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167120 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167158 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167205 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167260 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167292 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167336 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167375 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167412 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167459 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167503 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167517 (executing program) 2022/10/31 11:11:44 fetching corpus: 2968, signal 163943/167517 (executing program) 2022/10/31 11:11:47 starting 8 fuzzer processes 11:11:47 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2b, &(0x7f0000000000)={0x77359400}, 0x10) 11:11:47 executing program 1: futex(0x0, 0xb, 0x0, 0x0, 0x0, 0x0) 11:11:47 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r0) 11:11:47 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4ea3, 0x4e20, 0x8}}}}}, 0x0) 11:11:47 executing program 4: migrate_pages(0x0, 0x9, 0x0, &(0x7f0000000180)=0x10010) 11:11:47 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000080), &(0x7f00000000c0)='system_u:object_r:systemd_systemctl_exec_t:s0\x00', 0x2e, 0x0) [ 61.693240] audit: type=1400 audit(1667214707.896:6): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:11:47 executing program 7: r0 = syz_io_uring_setup(0x1a8a, &(0x7f0000000100), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_FILES(r0, 0x14, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2) 11:11:47 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigpending(0x0, 0x0) [ 62.956476] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.960006] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.961936] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.965404] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.967328] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.968801] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.978578] Bluetooth: hci0: HCI_REQ-0x0c1a [ 62.991810] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.998030] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.999686] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 63.004238] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 63.005965] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 63.007491] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.012195] Bluetooth: hci1: HCI_REQ-0x0c1a [ 63.028434] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 63.035105] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 63.037486] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 63.041671] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 63.046097] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 63.048756] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 63.085274] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 63.087187] Bluetooth: hci2: HCI_REQ-0x0c1a [ 63.088721] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 63.090688] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 63.105460] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 63.107175] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 63.108654] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 63.110455] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 63.112939] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 63.118791] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 63.120492] Bluetooth: hci5: HCI_REQ-0x0c1a [ 63.121026] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 63.123028] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 63.126543] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 63.128708] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 63.130176] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 63.134612] Bluetooth: hci6: HCI_REQ-0x0c1a [ 63.165161] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 63.169303] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 63.170342] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 63.177693] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 63.181350] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 63.186538] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 63.188027] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 63.189327] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 63.199278] Bluetooth: hci7: HCI_REQ-0x0c1a [ 63.249101] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 63.259581] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 63.272691] Bluetooth: hci4: HCI_REQ-0x0c1a [ 65.033297] Bluetooth: hci1: command 0x0409 tx timeout [ 65.034051] Bluetooth: hci0: command 0x0409 tx timeout [ 65.097512] Bluetooth: hci2: command 0x0409 tx timeout [ 65.098607] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 65.161944] Bluetooth: hci6: command 0x0409 tx timeout [ 65.163107] Bluetooth: hci5: command 0x0409 tx timeout [ 65.225017] Bluetooth: hci7: command 0x0409 tx timeout [ 65.290041] Bluetooth: hci4: command 0x0409 tx timeout [ 67.081708] Bluetooth: hci0: command 0x041b tx timeout [ 67.082117] Bluetooth: hci1: command 0x041b tx timeout [ 67.144910] Bluetooth: hci2: command 0x041b tx timeout [ 67.208967] Bluetooth: hci5: command 0x041b tx timeout [ 67.209401] Bluetooth: hci6: command 0x041b tx timeout [ 67.272906] Bluetooth: hci7: command 0x041b tx timeout [ 67.336962] Bluetooth: hci4: command 0x041b tx timeout [ 69.128986] Bluetooth: hci1: command 0x040f tx timeout [ 69.129091] Bluetooth: hci0: command 0x040f tx timeout [ 69.192905] Bluetooth: hci2: command 0x040f tx timeout [ 69.256910] Bluetooth: hci6: command 0x040f tx timeout [ 69.256920] Bluetooth: hci5: command 0x040f tx timeout [ 69.320895] Bluetooth: hci7: command 0x040f tx timeout [ 69.384898] Bluetooth: hci4: command 0x040f tx timeout [ 70.280947] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 71.176985] Bluetooth: hci1: command 0x0419 tx timeout [ 71.177396] Bluetooth: hci0: command 0x0419 tx timeout [ 71.241902] Bluetooth: hci2: command 0x0419 tx timeout [ 71.304945] Bluetooth: hci6: command 0x0419 tx timeout [ 71.305353] Bluetooth: hci5: command 0x0419 tx timeout [ 71.368916] Bluetooth: hci7: command 0x0419 tx timeout [ 71.433023] Bluetooth: hci4: command 0x0419 tx timeout [ 74.760917] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 77.432241] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.436714] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.439124] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.447052] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.451665] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 77.453552] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.459915] Bluetooth: hci3: HCI_REQ-0x0c1a [ 79.496952] Bluetooth: hci3: command 0x0409 tx timeout [ 81.544967] Bluetooth: hci3: command 0x041b tx timeout [ 83.593040] Bluetooth: hci3: command 0x040f tx timeout [ 85.640932] Bluetooth: hci3: command 0x0419 tx timeout [ 113.684671] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.685505] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.686794] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 113.971646] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.972689] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.026953] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 114.064095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.064822] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.066648] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 114.245130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.245749] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.247223] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 114.638738] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.639406] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.641107] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 114.755395] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.756137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.758095] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 114.924410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.925011] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.926405] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:12:41 executing program 1: futex(0x0, 0xb, 0x0, 0x0, 0x0, 0x0) [ 115.003618] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.004277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.005793] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 11:12:41 executing program 1: futex(0x0, 0xb, 0x0, 0x0, 0x0, 0x0) [ 115.102350] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.102945] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.105393] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:12:41 executing program 1: futex(0x0, 0xb, 0x0, 0x0, 0x0, 0x0) [ 115.189706] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.190788] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:12:41 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4ea3, 0x4e20, 0x8}}}}}, 0x0) [ 115.234392] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 115.272784] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.273451] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.275272] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 11:12:41 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4ea3, 0x4e20, 0x8}}}}}, 0x0) [ 115.366447] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.367087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.368534] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:12:41 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4ea3, 0x4e20, 0x8}}}}}, 0x0) 11:12:42 executing program 7: r0 = syz_io_uring_setup(0x1a8a, &(0x7f0000000100), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_FILES(r0, 0x14, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2) [ 115.974636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.975982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.978018] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 11:12:42 executing program 7: r0 = syz_io_uring_setup(0x1a8a, &(0x7f0000000100), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_FILES(r0, 0x14, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2) [ 116.114996] SELinux: Context system_u:object_r:systemd_systemctl_exec_t:s0 is not valid (left unmapped). [ 116.160344] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.161330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.163278] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 116.657671] audit: type=1400 audit(1667214762.860:7): avc: denied { open } for pid=3846 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.659265] audit: type=1400 audit(1667214762.860:8): avc: denied { kernel } for pid=3846 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 120.942634] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.943942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.946333] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 120.973069] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.974283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.976499] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:12:47 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2b, &(0x7f0000000000)={0x77359400}, 0x10) 11:12:47 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r0) 11:12:47 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x50, 0x0, &(0x7f0000000080)=0x1b000000) 11:12:47 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigpending(0x0, 0x0) 11:12:47 executing program 3: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 11:12:47 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000080), &(0x7f00000000c0)='system_u:object_r:systemd_systemctl_exec_t:s0\x00', 0x2e, 0x0) 11:12:47 executing program 7: r0 = syz_io_uring_setup(0x1a8a, &(0x7f0000000100), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_FILES(r0, 0x14, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2) 11:12:47 executing program 4: mknod(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) link(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='./file0\x00') 11:12:47 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2b, &(0x7f0000000000)={0x77359400}, 0x10) 11:12:47 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigpending(0x0, 0x0) 11:12:47 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigpending(0x0, 0x0) 11:12:47 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x50, 0x0, &(0x7f0000000080)=0x1b000000) 11:12:47 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000080), &(0x7f00000000c0)='system_u:object_r:systemd_systemctl_exec_t:s0\x00', 0x2e, 0x0) 11:12:47 executing program 3: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 11:12:47 executing program 4: mknod(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) link(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='./file0\x00') 11:12:47 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r0) 11:12:48 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x2b, &(0x7f0000000000)={0x77359400}, 0x10) 11:12:48 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x50, 0x0, &(0x7f0000000080)=0x1b000000) 11:12:48 executing program 4: mknod(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) link(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='./file0\x00') 11:12:48 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigpending(0x0, 0x0) 11:12:48 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000080), &(0x7f00000000c0)='system_u:object_r:systemd_systemctl_exec_t:s0\x00', 0x2e, 0x0) 11:12:48 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigpending(0x0, 0x0) 11:12:48 executing program 3: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 11:12:48 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r0) 11:12:48 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x0, 0x0) stat(0x0, 0x0) chmod(0x0, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0) 11:12:48 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x50, 0x0, &(0x7f0000000080)=0x1b000000) 11:12:48 executing program 3: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 11:12:48 executing program 4: mknod(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) link(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='./file0\x00') 11:12:48 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigpending(0x0, 0x0) 11:12:48 executing program 5: geteuid() geteuid() socketpair(0x0, 0x80000, 0x10000, &(0x7f0000000000)) gettid() lstat(&(0x7f0000002a00)='./file0\x00', &(0x7f0000002a40)) syz_mount_image$nfs(&(0x7f0000003d80), &(0x7f0000003dc0)='./file0\x00', 0x6, 0x5, &(0x7f0000004280)=[{&(0x7f0000003e00)="18a6d67f6a860a47d1354b1f715438d655e0e261145f290cf1e6a46b34452d1622ab5ca6ef3479d17a4b4581267cabfd1d97d857e2310a1b54a8e4739977ddda8c4853adcf8dec19bef2f78959adce48df756cfcc583a5bc834240137ced7d907623152c53a1be96411da6f183953a6d3503c4441210575e4c7bf19dccdaf11a171d127ea70b5e5db5e9c0290e7c76d4b739949f661b2a6f5798bceaba120b30aebb6ec0579b14406c1361808a89538fd23ca45abf77b36b8d98f814d181e2250f056e3da5547ef4bc2034bff6290b269c02f8285cf1a97371824746838c8062c9a4d6b22563820502c6a95abe64d7196754fe74b3", 0xf5, 0x4}, {&(0x7f0000003f00)="c008b0de26078e280fc4cf4a4f25beb06054bc596f46b8a441df0230c117f1bea6084bbb976f5dd3f5ba194adaf615b6220579ce19d8e46bdd551d706ff22dc0dbd08fe28923a657a066cf716211f3c1c656e0147ef44f93f4fc80f6208f24131835f1442717b5a5a58ae457a499a951fe453e8a4172f214b983e4a1bcef70334d3adfa859cfded8c815a0c1b6", 0x8d, 0xa3}, {&(0x7f0000003fc0)="7d45ed73d6df08b62c293216ac4a448897b459665eff78a256ded85e6c1b78f8fa1c5943afa4cf215340af4aa679a940c0d84b9139ac4c336cbe2839045dc5e8fb96dba38186a06f2750ae941b7bfeb4f1b6c16919b487312f44e63b6fa50153b1eec954241488d0e478fa305f8a2d36fb3b23c651910ffd4de6dc2181bed7e0e4471fc3380d8892c52942d9e3cdf3077b96b212da01217e09576972eec8f08b058fed992d8121d766f04daf5f198670020da3d6a8c799c5ac6a44d963eaa3eabc428e51ce4cf9d2cc9e96ba4cf9ba5574ba1afe43512b6bae9668510c46250a79c905ce97d53d4904de972c5b61359d18e14932545fec017097b0f938fd3f", 0xff, 0x7fffffff}, {&(0x7f00000040c0)="1a2fd03462629f18ad4cd3da8d94d1004085d7005f8bc0b1855c38fe22e142b8b5d3cc56eee23f8d254dbd18daf1c17512d7d5eab7dc7c6e85d2e9a3ef86283ed0389919531b7ad766a3a13a013670619936cc2569d3b4935357d2ebd9704c431bea56f26b1d606f14088add949028e9506e014dbf32c6d290bab2d732df2907111e67bf4691c3451e8a9b9eb7f42dbc51bc524eff80d0ec30d8", 0x9a, 0x1f}, {&(0x7f0000004180)="ead4b76dc63d2bf3709e2f47cb31255424c8c76d85e5b5c10facc15882536d73f5b789f13113cb065e9b1e72b7832cf35314bc3f72f9b5991c2f05691d29559eb40ca4b682dd6e841e1871cb52ff27e310fa74391909f63667a3c3511ac14c673fdbc120e58ac626d94493065e5ce186b149e056efaca14953d0ad24f61358bac94486a375562be71c55c67aeb0ab4180be1305431a2ded0a1b996e032a96011b59211ab5a474ee78965a52cbe9728c16e70191bf81d5416781909ed9c8bcb4c786fae5c4c47adbd30ea5213a322f448c20ee3165b8c6d4c3a8263b27b2a00b8a8c76973", 0xe4, 0x100}], 0x0, &(0x7f0000004300)={[], [{@dont_measure}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000004340), 0x40200, 0x0) memfd_create(&(0x7f00000048c0)='%\x00', 0x3) syz_open_dev$hidraw(&(0x7f0000004900), 0x2, 0x800) socket$nl_generic(0x10, 0x3, 0x10) 11:12:48 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x0, 0x0) stat(0x0, 0x0) chmod(0x0, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0) 11:12:48 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x0, 0x0) stat(0x0, 0x0) chmod(0x0, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0) [ 122.448566] loop5: detected capacity change from 0 to 264192 [ 122.454553] nfs: Unknown parameter 'dont_measure' 11:12:48 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) r1 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) open_by_handle_at(r1, &(0x7f0000000240)=@FILEID_INO32_GEN={0x8, 0x1, {0x8}}, 0x0) [ 122.464720] loop2: detected capacity change from 0 to 40 11:12:48 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x0) 11:12:48 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x0, 0x0) stat(0x0, 0x0) chmod(0x0, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0) 11:12:48 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x0, 0x0) stat(0x0, 0x0) chmod(0x0, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0) [ 122.558308] loop5: detected capacity change from 0 to 264192 [ 122.559597] nfs: Unknown parameter 'dont_measure' 11:12:48 executing program 3: syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@multicast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '#\x00\b', 0x14, 0x2c, 0x0, @empty, @local, {[@hopopts={0x3b}], {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) 11:12:48 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) r1 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) open_by_handle_at(r1, &(0x7f0000000240)=@FILEID_INO32_GEN={0x8, 0x1, {0x8}}, 0x0) 11:12:48 executing program 3: syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@multicast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '#\x00\b', 0x14, 0x2c, 0x0, @empty, @local, {[@hopopts={0x3b}], {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) 11:12:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x1, &(0x7f0000001000)=[&(0x7f0000ffd000/0x2000)=nil], 0x0, &(0x7f0000001080), 0x0) 11:12:48 executing program 4: openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') lseek(r0, 0x0, 0x0) 11:12:48 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x0) 11:12:48 executing program 5: geteuid() geteuid() socketpair(0x0, 0x80000, 0x10000, &(0x7f0000000000)) gettid() lstat(&(0x7f0000002a00)='./file0\x00', &(0x7f0000002a40)) syz_mount_image$nfs(&(0x7f0000003d80), &(0x7f0000003dc0)='./file0\x00', 0x6, 0x5, &(0x7f0000004280)=[{&(0x7f0000003e00)="18a6d67f6a860a47d1354b1f715438d655e0e261145f290cf1e6a46b34452d1622ab5ca6ef3479d17a4b4581267cabfd1d97d857e2310a1b54a8e4739977ddda8c4853adcf8dec19bef2f78959adce48df756cfcc583a5bc834240137ced7d907623152c53a1be96411da6f183953a6d3503c4441210575e4c7bf19dccdaf11a171d127ea70b5e5db5e9c0290e7c76d4b739949f661b2a6f5798bceaba120b30aebb6ec0579b14406c1361808a89538fd23ca45abf77b36b8d98f814d181e2250f056e3da5547ef4bc2034bff6290b269c02f8285cf1a97371824746838c8062c9a4d6b22563820502c6a95abe64d7196754fe74b3", 0xf5, 0x4}, {&(0x7f0000003f00)="c008b0de26078e280fc4cf4a4f25beb06054bc596f46b8a441df0230c117f1bea6084bbb976f5dd3f5ba194adaf615b6220579ce19d8e46bdd551d706ff22dc0dbd08fe28923a657a066cf716211f3c1c656e0147ef44f93f4fc80f6208f24131835f1442717b5a5a58ae457a499a951fe453e8a4172f214b983e4a1bcef70334d3adfa859cfded8c815a0c1b6", 0x8d, 0xa3}, {&(0x7f0000003fc0)="7d45ed73d6df08b62c293216ac4a448897b459665eff78a256ded85e6c1b78f8fa1c5943afa4cf215340af4aa679a940c0d84b9139ac4c336cbe2839045dc5e8fb96dba38186a06f2750ae941b7bfeb4f1b6c16919b487312f44e63b6fa50153b1eec954241488d0e478fa305f8a2d36fb3b23c651910ffd4de6dc2181bed7e0e4471fc3380d8892c52942d9e3cdf3077b96b212da01217e09576972eec8f08b058fed992d8121d766f04daf5f198670020da3d6a8c799c5ac6a44d963eaa3eabc428e51ce4cf9d2cc9e96ba4cf9ba5574ba1afe43512b6bae9668510c46250a79c905ce97d53d4904de972c5b61359d18e14932545fec017097b0f938fd3f", 0xff, 0x7fffffff}, {&(0x7f00000040c0)="1a2fd03462629f18ad4cd3da8d94d1004085d7005f8bc0b1855c38fe22e142b8b5d3cc56eee23f8d254dbd18daf1c17512d7d5eab7dc7c6e85d2e9a3ef86283ed0389919531b7ad766a3a13a013670619936cc2569d3b4935357d2ebd9704c431bea56f26b1d606f14088add949028e9506e014dbf32c6d290bab2d732df2907111e67bf4691c3451e8a9b9eb7f42dbc51bc524eff80d0ec30d8", 0x9a, 0x1f}, {&(0x7f0000004180)="ead4b76dc63d2bf3709e2f47cb31255424c8c76d85e5b5c10facc15882536d73f5b789f13113cb065e9b1e72b7832cf35314bc3f72f9b5991c2f05691d29559eb40ca4b682dd6e841e1871cb52ff27e310fa74391909f63667a3c3511ac14c673fdbc120e58ac626d94493065e5ce186b149e056efaca14953d0ad24f61358bac94486a375562be71c55c67aeb0ab4180be1305431a2ded0a1b996e032a96011b59211ab5a474ee78965a52cbe9728c16e70191bf81d5416781909ed9c8bcb4c786fae5c4c47adbd30ea5213a322f448c20ee3165b8c6d4c3a8263b27b2a00b8a8c76973", 0xe4, 0x100}], 0x0, &(0x7f0000004300)={[], [{@dont_measure}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000004340), 0x40200, 0x0) memfd_create(&(0x7f00000048c0)='%\x00', 0x3) syz_open_dev$hidraw(&(0x7f0000004900), 0x2, 0x800) socket$nl_generic(0x10, 0x3, 0x10) 11:12:48 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x0, 0x0) stat(0x0, 0x0) chmod(0x0, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0) 11:12:48 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x0, 0x0) stat(0x0, 0x0) chmod(0x0, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, 0xffffffffffffffff, 0x0) [ 122.726342] loop2: detected capacity change from 0 to 40 [ 122.777712] loop5: detected capacity change from 0 to 264192 [ 122.779794] nfs: Unknown parameter 'dont_measure' 11:12:49 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) r1 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) open_by_handle_at(r1, &(0x7f0000000240)=@FILEID_INO32_GEN={0x8, 0x1, {0x8}}, 0x0) 11:12:49 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x0) 11:12:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x1, &(0x7f0000001000)=[&(0x7f0000ffd000/0x2000)=nil], 0x0, &(0x7f0000001080), 0x0) 11:12:49 executing program 3: syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@multicast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '#\x00\b', 0x14, 0x2c, 0x0, @empty, @local, {[@hopopts={0x3b}], {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) 11:12:49 executing program 4: openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') lseek(r0, 0x0, 0x0) 11:12:49 executing program 5: geteuid() geteuid() socketpair(0x0, 0x80000, 0x10000, &(0x7f0000000000)) gettid() lstat(&(0x7f0000002a00)='./file0\x00', &(0x7f0000002a40)) syz_mount_image$nfs(&(0x7f0000003d80), &(0x7f0000003dc0)='./file0\x00', 0x6, 0x5, &(0x7f0000004280)=[{&(0x7f0000003e00)="18a6d67f6a860a47d1354b1f715438d655e0e261145f290cf1e6a46b34452d1622ab5ca6ef3479d17a4b4581267cabfd1d97d857e2310a1b54a8e4739977ddda8c4853adcf8dec19bef2f78959adce48df756cfcc583a5bc834240137ced7d907623152c53a1be96411da6f183953a6d3503c4441210575e4c7bf19dccdaf11a171d127ea70b5e5db5e9c0290e7c76d4b739949f661b2a6f5798bceaba120b30aebb6ec0579b14406c1361808a89538fd23ca45abf77b36b8d98f814d181e2250f056e3da5547ef4bc2034bff6290b269c02f8285cf1a97371824746838c8062c9a4d6b22563820502c6a95abe64d7196754fe74b3", 0xf5, 0x4}, {&(0x7f0000003f00)="c008b0de26078e280fc4cf4a4f25beb06054bc596f46b8a441df0230c117f1bea6084bbb976f5dd3f5ba194adaf615b6220579ce19d8e46bdd551d706ff22dc0dbd08fe28923a657a066cf716211f3c1c656e0147ef44f93f4fc80f6208f24131835f1442717b5a5a58ae457a499a951fe453e8a4172f214b983e4a1bcef70334d3adfa859cfded8c815a0c1b6", 0x8d, 0xa3}, {&(0x7f0000003fc0)="7d45ed73d6df08b62c293216ac4a448897b459665eff78a256ded85e6c1b78f8fa1c5943afa4cf215340af4aa679a940c0d84b9139ac4c336cbe2839045dc5e8fb96dba38186a06f2750ae941b7bfeb4f1b6c16919b487312f44e63b6fa50153b1eec954241488d0e478fa305f8a2d36fb3b23c651910ffd4de6dc2181bed7e0e4471fc3380d8892c52942d9e3cdf3077b96b212da01217e09576972eec8f08b058fed992d8121d766f04daf5f198670020da3d6a8c799c5ac6a44d963eaa3eabc428e51ce4cf9d2cc9e96ba4cf9ba5574ba1afe43512b6bae9668510c46250a79c905ce97d53d4904de972c5b61359d18e14932545fec017097b0f938fd3f", 0xff, 0x7fffffff}, {&(0x7f00000040c0)="1a2fd03462629f18ad4cd3da8d94d1004085d7005f8bc0b1855c38fe22e142b8b5d3cc56eee23f8d254dbd18daf1c17512d7d5eab7dc7c6e85d2e9a3ef86283ed0389919531b7ad766a3a13a013670619936cc2569d3b4935357d2ebd9704c431bea56f26b1d606f14088add949028e9506e014dbf32c6d290bab2d732df2907111e67bf4691c3451e8a9b9eb7f42dbc51bc524eff80d0ec30d8", 0x9a, 0x1f}, {&(0x7f0000004180)="ead4b76dc63d2bf3709e2f47cb31255424c8c76d85e5b5c10facc15882536d73f5b789f13113cb065e9b1e72b7832cf35314bc3f72f9b5991c2f05691d29559eb40ca4b682dd6e841e1871cb52ff27e310fa74391909f63667a3c3511ac14c673fdbc120e58ac626d94493065e5ce186b149e056efaca14953d0ad24f61358bac94486a375562be71c55c67aeb0ab4180be1305431a2ded0a1b996e032a96011b59211ab5a474ee78965a52cbe9728c16e70191bf81d5416781909ed9c8bcb4c786fae5c4c47adbd30ea5213a322f448c20ee3165b8c6d4c3a8263b27b2a00b8a8c76973", 0xe4, 0x100}], 0x0, &(0x7f0000004300)={[], [{@dont_measure}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000004340), 0x40200, 0x0) memfd_create(&(0x7f00000048c0)='%\x00', 0x3) syz_open_dev$hidraw(&(0x7f0000004900), 0x2, 0x800) socket$nl_generic(0x10, 0x3, 0x10) [ 122.932925] loop2: detected capacity change from 0 to 40 11:12:49 executing program 6: openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') lseek(r0, 0x0, 0x0) 11:12:49 executing program 4: openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') lseek(r0, 0x0, 0x0) [ 123.037040] loop5: detected capacity change from 0 to 264192 [ 123.039402] nfs: Unknown parameter 'dont_measure' 11:12:49 executing program 3: syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@multicast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '#\x00\b', 0x14, 0x2c, 0x0, @empty, @local, {[@hopopts={0x3b}], {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) 11:12:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x1, &(0x7f0000001000)=[&(0x7f0000ffd000/0x2000)=nil], 0x0, &(0x7f0000001080), 0x0) 11:12:49 executing program 0: geteuid() geteuid() socketpair(0x0, 0x80000, 0x10000, &(0x7f0000000000)) gettid() lstat(&(0x7f0000002a00)='./file0\x00', &(0x7f0000002a40)) syz_mount_image$nfs(&(0x7f0000003d80), &(0x7f0000003dc0)='./file0\x00', 0x6, 0x5, &(0x7f0000004280)=[{&(0x7f0000003e00)="18a6d67f6a860a47d1354b1f715438d655e0e261145f290cf1e6a46b34452d1622ab5ca6ef3479d17a4b4581267cabfd1d97d857e2310a1b54a8e4739977ddda8c4853adcf8dec19bef2f78959adce48df756cfcc583a5bc834240137ced7d907623152c53a1be96411da6f183953a6d3503c4441210575e4c7bf19dccdaf11a171d127ea70b5e5db5e9c0290e7c76d4b739949f661b2a6f5798bceaba120b30aebb6ec0579b14406c1361808a89538fd23ca45abf77b36b8d98f814d181e2250f056e3da5547ef4bc2034bff6290b269c02f8285cf1a97371824746838c8062c9a4d6b22563820502c6a95abe64d7196754fe74b3", 0xf5, 0x4}, {&(0x7f0000003f00)="c008b0de26078e280fc4cf4a4f25beb06054bc596f46b8a441df0230c117f1bea6084bbb976f5dd3f5ba194adaf615b6220579ce19d8e46bdd551d706ff22dc0dbd08fe28923a657a066cf716211f3c1c656e0147ef44f93f4fc80f6208f24131835f1442717b5a5a58ae457a499a951fe453e8a4172f214b983e4a1bcef70334d3adfa859cfded8c815a0c1b6", 0x8d, 0xa3}, {&(0x7f0000003fc0)="7d45ed73d6df08b62c293216ac4a448897b459665eff78a256ded85e6c1b78f8fa1c5943afa4cf215340af4aa679a940c0d84b9139ac4c336cbe2839045dc5e8fb96dba38186a06f2750ae941b7bfeb4f1b6c16919b487312f44e63b6fa50153b1eec954241488d0e478fa305f8a2d36fb3b23c651910ffd4de6dc2181bed7e0e4471fc3380d8892c52942d9e3cdf3077b96b212da01217e09576972eec8f08b058fed992d8121d766f04daf5f198670020da3d6a8c799c5ac6a44d963eaa3eabc428e51ce4cf9d2cc9e96ba4cf9ba5574ba1afe43512b6bae9668510c46250a79c905ce97d53d4904de972c5b61359d18e14932545fec017097b0f938fd3f", 0xff, 0x7fffffff}, {&(0x7f00000040c0)="1a2fd03462629f18ad4cd3da8d94d1004085d7005f8bc0b1855c38fe22e142b8b5d3cc56eee23f8d254dbd18daf1c17512d7d5eab7dc7c6e85d2e9a3ef86283ed0389919531b7ad766a3a13a013670619936cc2569d3b4935357d2ebd9704c431bea56f26b1d606f14088add949028e9506e014dbf32c6d290bab2d732df2907111e67bf4691c3451e8a9b9eb7f42dbc51bc524eff80d0ec30d8", 0x9a, 0x1f}, {&(0x7f0000004180)="ead4b76dc63d2bf3709e2f47cb31255424c8c76d85e5b5c10facc15882536d73f5b789f13113cb065e9b1e72b7832cf35314bc3f72f9b5991c2f05691d29559eb40ca4b682dd6e841e1871cb52ff27e310fa74391909f63667a3c3511ac14c673fdbc120e58ac626d94493065e5ce186b149e056efaca14953d0ad24f61358bac94486a375562be71c55c67aeb0ab4180be1305431a2ded0a1b996e032a96011b59211ab5a474ee78965a52cbe9728c16e70191bf81d5416781909ed9c8bcb4c786fae5c4c47adbd30ea5213a322f448c20ee3165b8c6d4c3a8263b27b2a00b8a8c76973", 0xe4, 0x100}], 0x0, &(0x7f0000004300)={[], [{@dont_measure}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000004340), 0x40200, 0x0) memfd_create(&(0x7f00000048c0)='%\x00', 0x3) syz_open_dev$hidraw(&(0x7f0000004900), 0x2, 0x800) socket$nl_generic(0x10, 0x3, 0x10) 11:12:49 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) r1 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) open_by_handle_at(r1, &(0x7f0000000240)=@FILEID_INO32_GEN={0x8, 0x1, {0x8}}, 0x0) 11:12:49 executing program 6: openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') lseek(r0, 0x0, 0x0) 11:12:49 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x0) 11:12:49 executing program 5: geteuid() geteuid() socketpair(0x0, 0x80000, 0x10000, &(0x7f0000000000)) gettid() lstat(&(0x7f0000002a00)='./file0\x00', &(0x7f0000002a40)) syz_mount_image$nfs(&(0x7f0000003d80), &(0x7f0000003dc0)='./file0\x00', 0x6, 0x5, &(0x7f0000004280)=[{&(0x7f0000003e00)="18a6d67f6a860a47d1354b1f715438d655e0e261145f290cf1e6a46b34452d1622ab5ca6ef3479d17a4b4581267cabfd1d97d857e2310a1b54a8e4739977ddda8c4853adcf8dec19bef2f78959adce48df756cfcc583a5bc834240137ced7d907623152c53a1be96411da6f183953a6d3503c4441210575e4c7bf19dccdaf11a171d127ea70b5e5db5e9c0290e7c76d4b739949f661b2a6f5798bceaba120b30aebb6ec0579b14406c1361808a89538fd23ca45abf77b36b8d98f814d181e2250f056e3da5547ef4bc2034bff6290b269c02f8285cf1a97371824746838c8062c9a4d6b22563820502c6a95abe64d7196754fe74b3", 0xf5, 0x4}, {&(0x7f0000003f00)="c008b0de26078e280fc4cf4a4f25beb06054bc596f46b8a441df0230c117f1bea6084bbb976f5dd3f5ba194adaf615b6220579ce19d8e46bdd551d706ff22dc0dbd08fe28923a657a066cf716211f3c1c656e0147ef44f93f4fc80f6208f24131835f1442717b5a5a58ae457a499a951fe453e8a4172f214b983e4a1bcef70334d3adfa859cfded8c815a0c1b6", 0x8d, 0xa3}, {&(0x7f0000003fc0)="7d45ed73d6df08b62c293216ac4a448897b459665eff78a256ded85e6c1b78f8fa1c5943afa4cf215340af4aa679a940c0d84b9139ac4c336cbe2839045dc5e8fb96dba38186a06f2750ae941b7bfeb4f1b6c16919b487312f44e63b6fa50153b1eec954241488d0e478fa305f8a2d36fb3b23c651910ffd4de6dc2181bed7e0e4471fc3380d8892c52942d9e3cdf3077b96b212da01217e09576972eec8f08b058fed992d8121d766f04daf5f198670020da3d6a8c799c5ac6a44d963eaa3eabc428e51ce4cf9d2cc9e96ba4cf9ba5574ba1afe43512b6bae9668510c46250a79c905ce97d53d4904de972c5b61359d18e14932545fec017097b0f938fd3f", 0xff, 0x7fffffff}, {&(0x7f00000040c0)="1a2fd03462629f18ad4cd3da8d94d1004085d7005f8bc0b1855c38fe22e142b8b5d3cc56eee23f8d254dbd18daf1c17512d7d5eab7dc7c6e85d2e9a3ef86283ed0389919531b7ad766a3a13a013670619936cc2569d3b4935357d2ebd9704c431bea56f26b1d606f14088add949028e9506e014dbf32c6d290bab2d732df2907111e67bf4691c3451e8a9b9eb7f42dbc51bc524eff80d0ec30d8", 0x9a, 0x1f}, {&(0x7f0000004180)="ead4b76dc63d2bf3709e2f47cb31255424c8c76d85e5b5c10facc15882536d73f5b789f13113cb065e9b1e72b7832cf35314bc3f72f9b5991c2f05691d29559eb40ca4b682dd6e841e1871cb52ff27e310fa74391909f63667a3c3511ac14c673fdbc120e58ac626d94493065e5ce186b149e056efaca14953d0ad24f61358bac94486a375562be71c55c67aeb0ab4180be1305431a2ded0a1b996e032a96011b59211ab5a474ee78965a52cbe9728c16e70191bf81d5416781909ed9c8bcb4c786fae5c4c47adbd30ea5213a322f448c20ee3165b8c6d4c3a8263b27b2a00b8a8c76973", 0xe4, 0x100}], 0x0, &(0x7f0000004300)={[], [{@dont_measure}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000004340), 0x40200, 0x0) memfd_create(&(0x7f00000048c0)='%\x00', 0x3) syz_open_dev$hidraw(&(0x7f0000004900), 0x2, 0x800) socket$nl_generic(0x10, 0x3, 0x10) 11:12:49 executing program 4: openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') lseek(r0, 0x0, 0x0) [ 123.100035] loop2: detected capacity change from 0 to 40 11:12:49 executing program 4: inotify_add_watch(0xffffffffffffffff, 0x0, 0x420) [ 123.165611] loop0: detected capacity change from 0 to 264192 [ 123.167465] nfs: Unknown parameter 'dont_measure' 11:12:49 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x6, 0x0, 0x18) [ 123.197143] loop5: detected capacity change from 0 to 264192 [ 123.198880] nfs: Unknown parameter 'dont_measure' 11:12:49 executing program 6: openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') lseek(r0, 0x0, 0x0) 11:12:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x1, &(0x7f0000001000)=[&(0x7f0000ffd000/0x2000)=nil], 0x0, &(0x7f0000001080), 0x0) 11:12:49 executing program 7: syz_io_uring_setup(0x2, &(0x7f0000000180), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000240)) 11:12:49 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:49 executing program 0: geteuid() geteuid() socketpair(0x0, 0x80000, 0x10000, &(0x7f0000000000)) gettid() lstat(&(0x7f0000002a00)='./file0\x00', &(0x7f0000002a40)) syz_mount_image$nfs(&(0x7f0000003d80), &(0x7f0000003dc0)='./file0\x00', 0x6, 0x5, &(0x7f0000004280)=[{&(0x7f0000003e00)="18a6d67f6a860a47d1354b1f715438d655e0e261145f290cf1e6a46b34452d1622ab5ca6ef3479d17a4b4581267cabfd1d97d857e2310a1b54a8e4739977ddda8c4853adcf8dec19bef2f78959adce48df756cfcc583a5bc834240137ced7d907623152c53a1be96411da6f183953a6d3503c4441210575e4c7bf19dccdaf11a171d127ea70b5e5db5e9c0290e7c76d4b739949f661b2a6f5798bceaba120b30aebb6ec0579b14406c1361808a89538fd23ca45abf77b36b8d98f814d181e2250f056e3da5547ef4bc2034bff6290b269c02f8285cf1a97371824746838c8062c9a4d6b22563820502c6a95abe64d7196754fe74b3", 0xf5, 0x4}, {&(0x7f0000003f00)="c008b0de26078e280fc4cf4a4f25beb06054bc596f46b8a441df0230c117f1bea6084bbb976f5dd3f5ba194adaf615b6220579ce19d8e46bdd551d706ff22dc0dbd08fe28923a657a066cf716211f3c1c656e0147ef44f93f4fc80f6208f24131835f1442717b5a5a58ae457a499a951fe453e8a4172f214b983e4a1bcef70334d3adfa859cfded8c815a0c1b6", 0x8d, 0xa3}, {&(0x7f0000003fc0)="7d45ed73d6df08b62c293216ac4a448897b459665eff78a256ded85e6c1b78f8fa1c5943afa4cf215340af4aa679a940c0d84b9139ac4c336cbe2839045dc5e8fb96dba38186a06f2750ae941b7bfeb4f1b6c16919b487312f44e63b6fa50153b1eec954241488d0e478fa305f8a2d36fb3b23c651910ffd4de6dc2181bed7e0e4471fc3380d8892c52942d9e3cdf3077b96b212da01217e09576972eec8f08b058fed992d8121d766f04daf5f198670020da3d6a8c799c5ac6a44d963eaa3eabc428e51ce4cf9d2cc9e96ba4cf9ba5574ba1afe43512b6bae9668510c46250a79c905ce97d53d4904de972c5b61359d18e14932545fec017097b0f938fd3f", 0xff, 0x7fffffff}, {&(0x7f00000040c0)="1a2fd03462629f18ad4cd3da8d94d1004085d7005f8bc0b1855c38fe22e142b8b5d3cc56eee23f8d254dbd18daf1c17512d7d5eab7dc7c6e85d2e9a3ef86283ed0389919531b7ad766a3a13a013670619936cc2569d3b4935357d2ebd9704c431bea56f26b1d606f14088add949028e9506e014dbf32c6d290bab2d732df2907111e67bf4691c3451e8a9b9eb7f42dbc51bc524eff80d0ec30d8", 0x9a, 0x1f}, {&(0x7f0000004180)="ead4b76dc63d2bf3709e2f47cb31255424c8c76d85e5b5c10facc15882536d73f5b789f13113cb065e9b1e72b7832cf35314bc3f72f9b5991c2f05691d29559eb40ca4b682dd6e841e1871cb52ff27e310fa74391909f63667a3c3511ac14c673fdbc120e58ac626d94493065e5ce186b149e056efaca14953d0ad24f61358bac94486a375562be71c55c67aeb0ab4180be1305431a2ded0a1b996e032a96011b59211ab5a474ee78965a52cbe9728c16e70191bf81d5416781909ed9c8bcb4c786fae5c4c47adbd30ea5213a322f448c20ee3165b8c6d4c3a8263b27b2a00b8a8c76973", 0xe4, 0x100}], 0x0, &(0x7f0000004300)={[], [{@dont_measure}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000004340), 0x40200, 0x0) memfd_create(&(0x7f00000048c0)='%\x00', 0x3) syz_open_dev$hidraw(&(0x7f0000004900), 0x2, 0x800) socket$nl_generic(0x10, 0x3, 0x10) 11:12:49 executing program 4: inotify_add_watch(0xffffffffffffffff, 0x0, 0x420) [ 123.328859] hrtimer: interrupt took 19957 ns 11:12:49 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x6, 0x0, 0x18) [ 123.424354] loop0: detected capacity change from 0 to 264192 [ 123.425465] nfs: Unknown parameter 'dont_measure' 11:12:49 executing program 7: syz_io_uring_setup(0x2, &(0x7f0000000180), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000240)) 11:12:49 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:49 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x6, 0x0, 0x18) 11:12:49 executing program 4: inotify_add_watch(0xffffffffffffffff, 0x0, 0x420) 11:12:49 executing program 6: openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) lchown(0x0, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000280)={0x20, 0x5a, 0x1, 0x0, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x1, [@typed={0x9, 0x1, 0x0, 0x0, @binary="5fc27faa76"}]}]}, 0x20}], 0x1}, 0x0) 11:12:49 executing program 5: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:49 executing program 0: geteuid() geteuid() socketpair(0x0, 0x80000, 0x10000, &(0x7f0000000000)) gettid() lstat(&(0x7f0000002a00)='./file0\x00', &(0x7f0000002a40)) syz_mount_image$nfs(&(0x7f0000003d80), &(0x7f0000003dc0)='./file0\x00', 0x6, 0x5, &(0x7f0000004280)=[{&(0x7f0000003e00)="18a6d67f6a860a47d1354b1f715438d655e0e261145f290cf1e6a46b34452d1622ab5ca6ef3479d17a4b4581267cabfd1d97d857e2310a1b54a8e4739977ddda8c4853adcf8dec19bef2f78959adce48df756cfcc583a5bc834240137ced7d907623152c53a1be96411da6f183953a6d3503c4441210575e4c7bf19dccdaf11a171d127ea70b5e5db5e9c0290e7c76d4b739949f661b2a6f5798bceaba120b30aebb6ec0579b14406c1361808a89538fd23ca45abf77b36b8d98f814d181e2250f056e3da5547ef4bc2034bff6290b269c02f8285cf1a97371824746838c8062c9a4d6b22563820502c6a95abe64d7196754fe74b3", 0xf5, 0x4}, {&(0x7f0000003f00)="c008b0de26078e280fc4cf4a4f25beb06054bc596f46b8a441df0230c117f1bea6084bbb976f5dd3f5ba194adaf615b6220579ce19d8e46bdd551d706ff22dc0dbd08fe28923a657a066cf716211f3c1c656e0147ef44f93f4fc80f6208f24131835f1442717b5a5a58ae457a499a951fe453e8a4172f214b983e4a1bcef70334d3adfa859cfded8c815a0c1b6", 0x8d, 0xa3}, {&(0x7f0000003fc0)="7d45ed73d6df08b62c293216ac4a448897b459665eff78a256ded85e6c1b78f8fa1c5943afa4cf215340af4aa679a940c0d84b9139ac4c336cbe2839045dc5e8fb96dba38186a06f2750ae941b7bfeb4f1b6c16919b487312f44e63b6fa50153b1eec954241488d0e478fa305f8a2d36fb3b23c651910ffd4de6dc2181bed7e0e4471fc3380d8892c52942d9e3cdf3077b96b212da01217e09576972eec8f08b058fed992d8121d766f04daf5f198670020da3d6a8c799c5ac6a44d963eaa3eabc428e51ce4cf9d2cc9e96ba4cf9ba5574ba1afe43512b6bae9668510c46250a79c905ce97d53d4904de972c5b61359d18e14932545fec017097b0f938fd3f", 0xff, 0x7fffffff}, {&(0x7f00000040c0)="1a2fd03462629f18ad4cd3da8d94d1004085d7005f8bc0b1855c38fe22e142b8b5d3cc56eee23f8d254dbd18daf1c17512d7d5eab7dc7c6e85d2e9a3ef86283ed0389919531b7ad766a3a13a013670619936cc2569d3b4935357d2ebd9704c431bea56f26b1d606f14088add949028e9506e014dbf32c6d290bab2d732df2907111e67bf4691c3451e8a9b9eb7f42dbc51bc524eff80d0ec30d8", 0x9a, 0x1f}, {&(0x7f0000004180)="ead4b76dc63d2bf3709e2f47cb31255424c8c76d85e5b5c10facc15882536d73f5b789f13113cb065e9b1e72b7832cf35314bc3f72f9b5991c2f05691d29559eb40ca4b682dd6e841e1871cb52ff27e310fa74391909f63667a3c3511ac14c673fdbc120e58ac626d94493065e5ce186b149e056efaca14953d0ad24f61358bac94486a375562be71c55c67aeb0ab4180be1305431a2ded0a1b996e032a96011b59211ab5a474ee78965a52cbe9728c16e70191bf81d5416781909ed9c8bcb4c786fae5c4c47adbd30ea5213a322f448c20ee3165b8c6d4c3a8263b27b2a00b8a8c76973", 0xe4, 0x100}], 0x0, &(0x7f0000004300)={[], [{@dont_measure}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000004340), 0x40200, 0x0) memfd_create(&(0x7f00000048c0)='%\x00', 0x3) syz_open_dev$hidraw(&(0x7f0000004900), 0x2, 0x800) socket$nl_generic(0x10, 0x3, 0x10) 11:12:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) [ 123.588497] netlink: 'syz-executor.6': attribute type 1 has an invalid length. 11:12:49 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x6, 0x0, 0x18) 11:12:49 executing program 4: inotify_add_watch(0xffffffffffffffff, 0x0, 0x420) 11:12:49 executing program 7: syz_io_uring_setup(0x2, &(0x7f0000000180), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000240)) 11:12:49 executing program 6: openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) lchown(0x0, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000280)={0x20, 0x5a, 0x1, 0x0, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x1, [@typed={0x9, 0x1, 0x0, 0x0, @binary="5fc27faa76"}]}]}, 0x20}], 0x1}, 0x0) 11:12:49 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:49 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) [ 123.794487] netlink: 'syz-executor.6': attribute type 1 has an invalid length. [ 124.137971] BUG: unable to handle page fault for address: ffffed100fffc000 [ 124.138671] #PF: supervisor write access in kernel mode [ 124.139109] #PF: error_code(0x0002) - not-present page [ 124.139524] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 124.141754] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 124.143123] CPU: 1 PID: 4141 Comm: syz-executor.5 Not tainted 6.1.0-rc3-next-20221031 #1 [ 124.144446] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.145799] RIP: 0010:__memset+0x24/0x50 [ 124.146541] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 124.149492] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 124.150385] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 124.151427] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 124.152166] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 124.152925] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 124.153667] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 124.154409] FS: 00007f843a1a5700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 124.155264] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.155885] CR2: ffffed100fffc000 CR3: 000000001eb8a000 CR4: 0000000000350ee0 [ 124.156629] Call Trace: [ 124.156918] [ 124.157162] kasan_unpoison+0x23/0x60 [ 124.157584] mempool_exit+0x1c2/0x330 [ 124.158011] bioset_exit+0x2c9/0x630 [ 124.158443] disk_release+0x143/0x490 [ 124.158865] ? disk_release+0x0/0x490 [ 124.159285] ? device_release+0x0/0x250 [ 124.159715] device_release+0xa2/0x250 [ 124.160131] ? device_release+0x0/0x250 [ 124.160561] kobject_put+0x173/0x280 [ 124.160976] put_device+0x1b/0x40 [ 124.161359] put_disk+0x41/0x60 [ 124.161743] loop_control_ioctl+0x4d1/0x630 [ 124.162221] ? loop_control_ioctl+0x0/0x630 [ 124.162706] ? selinux_file_ioctl+0xb1/0x270 [ 124.163192] ? loop_control_ioctl+0x0/0x630 [ 124.163663] __x64_sys_ioctl+0x19a/0x220 [ 124.164117] do_syscall_64+0x3b/0xa0 [ 124.164546] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 124.165131] RIP: 0033:0x7f843cc2fb19 [ 124.165513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.167356] RSP: 002b:00007f843a1a5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 124.168084] RAX: ffffffffffffffda RBX: 00007f843cd42f60 RCX: 00007f843cc2fb19 [ 124.168766] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 124.169469] RBP: 00007f843cc89f6d R08: 0000000000000000 R09: 0000000000000000 [ 124.170175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.170892] R13: 00007ffdcb5f891f R14: 00007f843a1a5300 R15: 0000000000022000 [ 124.171606] [ 124.171846] Modules linked in: [ 124.172176] CR2: ffffed100fffc000 [ 124.172521] ---[ end trace 0000000000000000 ]--- [ 124.172986] RIP: 0010:__memset+0x24/0x50 [ 124.173413] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 124.175193] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 124.175211] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 124.175226] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 124.175239] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 124.175252] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 124.175265] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 124.175280] FS: 00007f843a1a5700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 124.175299] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.175313] CR2: ffffed100fffc000 CR3: 000000001eb8a000 CR4: 0000000000350ee0 [ 124.436262] netlink: 'syz-executor.6': attribute type 1 has an invalid length. 11:12:50 executing program 7: syz_io_uring_setup(0x2, &(0x7f0000000180), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000240)) 11:12:50 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:50 executing program 6: openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) lchown(0x0, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000280)={0x20, 0x5a, 0x1, 0x0, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x1, [@typed={0x9, 0x1, 0x0, 0x0, @binary="5fc27faa76"}]}]}, 0x20}], 0x1}, 0x0) 11:12:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:50 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:50 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:50 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:50 executing program 5: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:50 executing program 6: openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) lchown(0x0, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000280)={0x20, 0x5a, 0x1, 0x0, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x1, [@typed={0x9, 0x1, 0x0, 0x0, @binary="5fc27faa76"}]}]}, 0x20}], 0x1}, 0x0) [ 124.518889] netlink: 'syz-executor.6': attribute type 1 has an invalid length. 11:12:50 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:50 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:50 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:50 executing program 7: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:50 executing program 6: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:50 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) [ 124.790636] BUG: unable to handle page fault for address: ffffed100fffc000 [ 124.791140] #PF: supervisor write access in kernel mode [ 124.791484] #PF: error_code(0x0002) - not-present page [ 124.791832] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 124.792280] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI [ 124.792609] CPU: 0 PID: 4217 Comm: syz-executor.6 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 124.793224] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.793749] RIP: 0010:__memset+0x24/0x50 [ 124.794039] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 124.795263] RSP: 0018:ffff88803f867cc0 EFLAGS: 00010212 [ 124.795646] RAX: 0000000000000000 RBX: ffff88800c0ce3c0 RCX: 1ffffe21fe601bf7 [ 124.796151] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 124.796661] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c78 [ 124.797161] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 124.797664] R13: ffff88800c0ce3c0 R14: ffffffff815f27a0 R15: 1ffff110010e5c1f [ 124.798174] FS: 00007fa24998f700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 124.798778] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.799208] CR2: ffffed100fffc000 CR3: 000000003eeac000 CR4: 0000000000350ef0 [ 124.799676] Call Trace: [ 124.799853] [ 124.800008] kasan_unpoison+0x23/0x60 [ 124.800270] mempool_exit+0x1c2/0x330 [ 124.800552] bioset_exit+0x2c9/0x630 [ 124.800836] disk_release+0x143/0x490 [ 124.801118] ? disk_release+0x0/0x490 [ 124.801402] ? device_release+0x0/0x250 [ 124.801701] device_release+0xa2/0x250 [ 124.801977] ? device_release+0x0/0x250 [ 124.802244] kobject_put+0x173/0x280 [ 124.802512] put_device+0x1b/0x40 [ 124.802770] put_disk+0x41/0x60 [ 124.803012] loop_control_ioctl+0x4d1/0x630 [ 124.803347] ? loop_control_ioctl+0x0/0x630 [ 124.803681] ? selinux_file_ioctl+0xb1/0x270 [ 124.804020] ? loop_control_ioctl+0x0/0x630 [ 124.804345] __x64_sys_ioctl+0x19a/0x220 [ 124.804666] do_syscall_64+0x3b/0xa0 [ 124.804958] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 124.805349] RIP: 0033:0x7fa24c419b19 [ 124.805633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.806901] RSP: 002b:00007fa24998f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 124.807455] RAX: ffffffffffffffda RBX: 00007fa24c52cf60 RCX: 00007fa24c419b19 [ 124.807979] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000005 [ 124.808502] RBP: 00007fa24c473f6d R08: 0000000000000000 R09: 0000000000000000 [ 124.809036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.809535] R13: 00007ffc5bee5a1f R14: 00007fa24998f300 R15: 0000000000022000 [ 124.810044] [ 124.810214] Modules linked in: [ 124.810458] CR2: ffffed100fffc000 [ 124.810720] ---[ end trace 0000000000000000 ]--- [ 124.811063] RIP: 0010:__memset+0x24/0x50 [ 124.811386] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 124.812720] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 124.813107] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 124.813634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 124.814179] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 124.814677] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 124.815159] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 124.815678] FS: 00007fa24998f700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 124.816276] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.816717] CR2: ffffed100fffc000 CR3: 000000003eeac000 CR4: 0000000000350ef0 11:12:51 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:51 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) [ 125.130593] BUG: unable to handle page fault for address: ffffed100fffc000 [ 125.131354] #PF: supervisor write access in kernel mode [ 125.131903] #PF: error_code(0x0002) - not-present page [ 125.132439] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 125.133143] Oops: 0002 [#3] PREEMPT SMP KASAN NOPTI [ 125.133659] CPU: 1 PID: 4205 Comm: syz-executor.5 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 125.134636] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.135487] RIP: 0010:__memset+0x24/0x50 [ 125.135947] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 125.137756] RSP: 0018:ffff88803f03fcc0 EFLAGS: 00010212 [ 125.138313] RAX: 0000000000000000 RBX: ffff88800c0ce240 RCX: 1ffffe21fe601bf1 [ 125.139081] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 125.139809] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c48 [ 125.140532] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 125.141264] R13: ffff88800c0ce240 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 125.142014] FS: 00007f843a1a5700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 125.142869] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.143462] CR2: ffffed100fffc000 CR3: 0000000015818000 CR4: 0000000000350ee0 [ 125.144164] Call Trace: [ 125.144407] [ 125.144624] kasan_unpoison+0x23/0x60 [ 125.144983] mempool_exit+0x1c2/0x330 [ 125.145351] bioset_exit+0x2c9/0x630 [ 125.145713] disk_release+0x143/0x490 [ 125.146083] ? disk_release+0x0/0x490 [ 125.146451] ? device_release+0x0/0x250 [ 125.146829] device_release+0xa2/0x250 [ 125.147188] ? device_release+0x0/0x250 [ 125.147556] kobject_put+0x173/0x280 [ 125.147905] put_device+0x1b/0x40 [ 125.148239] put_disk+0x41/0x60 [ 125.148560] loop_control_ioctl+0x4d1/0x630 [ 125.148970] ? loop_control_ioctl+0x0/0x630 [ 125.149380] ? selinux_file_ioctl+0xb1/0x270 [ 125.149804] ? loop_control_ioctl+0x0/0x630 [ 125.150208] __x64_sys_ioctl+0x19a/0x220 [ 125.150611] do_syscall_64+0x3b/0xa0 [ 125.150966] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 125.151447] RIP: 0033:0x7f843cc2fb19 [ 125.151785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.153369] RSP: 002b:00007f843a1a5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 125.154045] RAX: ffffffffffffffda RBX: 00007f843cd42f60 RCX: 00007f843cc2fb19 [ 125.154689] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000005 [ 125.155308] RBP: 00007f843cc89f6d R08: 0000000000000000 R09: 0000000000000000 [ 125.155932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.156561] R13: 00007ffdcb5f891f R14: 00007f843a1a5300 R15: 0000000000022000 [ 125.157203] [ 125.157422] Modules linked in: [ 125.157719] CR2: ffffed100fffc000 [ 125.158037] ---[ end trace 0000000000000000 ]--- [ 125.158544] RIP: 0010:__memset+0x24/0x50 [ 125.158966] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 125.160571] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 125.161051] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 125.161678] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 125.162381] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 125.163075] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 125.163717] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 125.164418] FS: 00007f843a1a5700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 125.165204] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.165768] CR2: ffffed100fffc000 CR3: 0000000015818000 CR4: 0000000000350ee0 [ 125.369917] BUG: unable to handle page fault for address: ffffed100fffc000 [ 125.370543] #PF: supervisor write access in kernel mode [ 125.370936] #PF: error_code(0x0002) - not-present page [ 125.371316] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 125.371819] Oops: 0002 [#4] PREEMPT SMP KASAN NOPTI [ 125.372223] CPU: 1 PID: 4228 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 125.372930] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.373560] RIP: 0010:__memset+0x24/0x50 [ 125.373868] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 125.375149] RSP: 0018:ffff88803fa3fcc0 EFLAGS: 00010212 [ 125.375595] RAX: 0000000000000000 RBX: ffff88800c0ce6c0 RCX: 1ffffe21fe601c03 [ 125.376132] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 125.376670] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819cd8 [ 125.377231] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 125.377799] R13: ffff88800c0ce6c0 R14: ffffffff815f27a0 R15: 1ffff110011ad41f [ 125.378331] FS: 00007f82581ea700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 125.378943] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.379336] CR2: ffffed100fffc000 CR3: 000000000c508000 CR4: 0000000000350ee0 [ 125.379915] Call Trace: [ 125.380116] [ 125.380294] kasan_unpoison+0x23/0x60 [ 125.380594] mempool_exit+0x1c2/0x330 [ 125.380935] bioset_exit+0x2c9/0x630 [ 125.381265] disk_release+0x143/0x490 [ 125.381558] ? disk_release+0x0/0x490 [ 125.381873] ? device_release+0x0/0x250 [ 125.382202] device_release+0xa2/0x250 [ 125.382496] ? device_release+0x0/0x250 [ 125.382776] kobject_put+0x173/0x280 [ 125.383090] put_device+0x1b/0x40 [ 125.383374] put_disk+0x41/0x60 [ 125.383631] loop_control_ioctl+0x4d1/0x630 [ 125.383947] ? loop_control_ioctl+0x0/0x630 [ 125.384286] ? selinux_file_ioctl+0xb1/0x270 [ 125.384635] ? loop_control_ioctl+0x0/0x630 [ 125.384975] __x64_sys_ioctl+0x19a/0x220 [ 125.385278] do_syscall_64+0x3b/0xa0 [ 125.385580] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 125.386005] RIP: 0033:0x7f825ac74b19 [ 125.386288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.387663] RSP: 002b:00007f82581ea188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 125.388205] RAX: ffffffffffffffda RBX: 00007f825ad87f60 RCX: 00007f825ac74b19 [ 125.388714] RDX: 0000000000000004 RSI: 0000000000004c81 RDI: 0000000000000005 [ 125.389229] RBP: 00007f825accef6d R08: 0000000000000000 R09: 0000000000000000 [ 125.389747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.390251] R13: 00007ffec702488f R14: 00007f82581ea300 R15: 0000000000022000 [ 125.390790] [ 125.390964] Modules linked in: [ 125.391214] CR2: ffffed100fffc000 [ 125.391476] ---[ end trace 0000000000000000 ]--- [ 125.391843] RIP: 0010:__memset+0x24/0x50 [ 125.392158] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 125.393444] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 125.393833] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 125.394388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 125.394943] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 125.395496] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 125.396010] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 125.396540] FS: 00007f82581ea700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 125.397132] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.397555] CR2: ffffed100fffc000 CR3: 000000000c508000 CR4: 0000000000350ee0 [ 125.521925] BUG: unable to handle page fault for address: ffffed100fffc000 [ 125.522669] #PF: supervisor write access in kernel mode [ 125.523186] #PF: error_code(0x0002) - not-present page [ 125.523682] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 125.524347] Oops: 0002 [#5] PREEMPT SMP KASAN NOPTI [ 125.524842] CPU: 1 PID: 4215 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 125.525768] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.526568] RIP: 0010:__memset+0x24/0x50 [ 125.526990] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 125.528717] RSP: 0018:ffff88803ee4fcc0 EFLAGS: 00010212 [ 125.529242] RAX: 0000000000000000 RBX: ffff88800c0ce540 RCX: 1ffffe21fe601bfd [ 125.529936] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 125.530639] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819ca8 [ 125.531490] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 125.532214] R13: ffff88800c0ce540 R14: ffffffff815f27a0 R15: 1ffff1100119901f [ 125.532942] FS: 00007fabe00dc700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 125.533758] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.534338] CR2: ffffed100fffc000 CR3: 000000001976c000 CR4: 0000000000350ee0 [ 125.535100] Call Trace: [ 125.535377] [ 125.535611] kasan_unpoison+0x23/0x60 [ 125.536008] mempool_exit+0x1c2/0x330 [ 125.536418] bioset_exit+0x2c9/0x630 [ 125.536825] disk_release+0x143/0x490 [ 125.537230] ? disk_release+0x0/0x490 [ 125.537632] ? device_release+0x0/0x250 [ 125.538042] device_release+0xa2/0x250 [ 125.538449] ? device_release+0x0/0x250 [ 125.538857] kobject_put+0x173/0x280 [ 125.539255] put_device+0x1b/0x40 [ 125.539622] put_disk+0x41/0x60 [ 125.539977] loop_control_ioctl+0x4d1/0x630 [ 125.540426] ? loop_control_ioctl+0x0/0x630 [ 125.540876] ? selinux_file_ioctl+0xb1/0x270 [ 125.541343] ? loop_control_ioctl+0x0/0x630 [ 125.541803] __x64_sys_ioctl+0x19a/0x220 [ 125.542242] do_syscall_64+0x3b/0xa0 [ 125.542665] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 125.543195] RIP: 0033:0x7fabe2b66b19 [ 125.543579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.545381] RSP: 002b:00007fabe00dc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 125.546137] RAX: ffffffffffffffda RBX: 00007fabe2c79f60 RCX: 00007fabe2b66b19 [ 125.546862] RDX: 0000000000000003 RSI: 0000000000004c81 RDI: 0000000000000005 [ 125.547577] RBP: 00007fabe2bc0f6d R08: 0000000000000000 R09: 0000000000000000 [ 125.548286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.548998] R13: 00007ffda0d54b3f R14: 00007fabe00dc300 R15: 0000000000022000 [ 125.549726] [ 125.549969] Modules linked in: [ 125.550303] CR2: ffffed100fffc000 [ 125.550666] ---[ end trace 0000000000000000 ]--- [ 125.551128] RIP: 0010:__memset+0x24/0x50 [ 125.551568] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 125.553371] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 125.553909] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 125.554638] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 125.555344] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 125.556063] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 125.556787] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 125.557511] FS: 00007fabe00dc700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 125.558327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.558920] CR2: ffffed100fffc000 CR3: 000000001976c000 CR4: 0000000000350ee0 11:12:51 executing program 7: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:52 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:52 executing program 2: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:52 executing program 5: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:52 executing program 6: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:52 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:52 executing program 0: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:52 executing program 7: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:52 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:52 executing program 5: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:52 executing program 0: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:52 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) [ 126.729051] BUG: unable to handle page fault for address: ffffed100fffc000 [ 126.729728] #PF: supervisor write access in kernel mode [ 126.730203] #PF: error_code(0x0002) - not-present page [ 126.730686] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 126.731295] Oops: 0002 [#6] PREEMPT SMP KASAN NOPTI [ 126.731750] CPU: 1 PID: 4258 Comm: syz-executor.6 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 126.732579] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.733287] RIP: 0010:__memset+0x24/0x50 [ 126.733674] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 126.735239] RSP: 0018:ffff88803ed6fcc0 EFLAGS: 00010212 [ 126.735713] RAX: 0000000000000000 RBX: ffff88800c0ce840 RCX: 1ffffe21fe601c09 [ 126.736334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 126.736951] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819d08 [ 126.737578] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 126.738197] R13: ffff88800c0ce840 R14: ffffffff815f27a0 R15: 1ffff110011dfe1f [ 126.738826] FS: 00007fa24998f700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 126.739538] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.740053] CR2: ffffed100fffc000 CR3: 000000001e82e000 CR4: 0000000000350ee0 [ 126.740688] Call Trace: [ 126.740926] [ 126.741136] kasan_unpoison+0x23/0x60 [ 126.741480] mempool_exit+0x1c2/0x330 [ 126.741831] bioset_exit+0x2c9/0x630 [ 126.742170] ? _raw_spin_unlock+0x24/0x50 [ 126.742565] ? blkg_destroy_all.isra.0+0x157/0x230 [ 126.743017] disk_release+0x143/0x490 [ 126.743371] ? disk_release+0x0/0x490 [ 126.743723] ? device_release+0x0/0x250 [ 126.744087] device_release+0xa2/0x250 [ 126.744444] ? device_release+0x0/0x250 [ 126.744811] kobject_put+0x173/0x280 [ 126.745158] put_device+0x1b/0x40 [ 126.745480] put_disk+0x41/0x60 [ 126.745790] loop_control_ioctl+0x4d1/0x630 [ 126.746184] ? loop_control_ioctl+0x0/0x630 [ 126.746597] ? do_vfs_ioctl+0x132/0x1620 [ 126.746969] ? loop_control_ioctl+0x0/0x630 [ 126.747364] __x64_sys_ioctl+0x19a/0x220 [ 126.747743] do_syscall_64+0x3b/0xa0 [ 126.748093] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 126.748564] RIP: 0033:0x7fa24c419b19 [ 126.748908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.750537] RSP: 002b:00007fa24998f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 126.751216] RAX: ffffffffffffffda RBX: 00007fa24c52cf60 RCX: 00007fa24c419b19 [ 126.751859] RDX: 0000000000000005 RSI: 0000000000004c81 RDI: 0000000000000005 [ 126.752491] RBP: 00007fa24c473f6d R08: 0000000000000000 R09: 0000000000000000 [ 126.753119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.753759] R13: 00007ffc5bee5a1f R14: 00007fa24998f300 R15: 0000000000022000 [ 126.754406] [ 126.754679] Modules linked in: [ 126.754977] CR2: ffffed100fffc000 [ 126.755289] ---[ end trace 0000000000000000 ]--- [ 126.755710] RIP: 0010:__memset+0x24/0x50 [ 126.756094] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 126.757684] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 126.757699] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 126.757710] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 126.757722] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 126.757733] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 126.757745] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 126.757758] FS: 00007fa24998f700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 126.757776] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 11:12:53 executing program 6: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) [ 126.757788] CR2: ffffed100fffc000 CR3: 000000001e82e000 CR4: 0000000000350ee0 [ 126.882801] BUG: unable to handle page fault for address: ffffed100fffc000 [ 126.883494] #PF: supervisor write access in kernel mode [ 126.883977] #PF: error_code(0x0002) - not-present page [ 126.884456] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 126.885077] Oops: 0002 [#7] PREEMPT SMP KASAN NOPTI [ 126.885537] CPU: 1 PID: 4274 Comm: syz-executor.5 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 126.886383] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.887125] RIP: 0010:__memset+0x24/0x50 [ 126.887523] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 126.889149] RSP: 0018:ffff888040207cc0 EFLAGS: 00010212 [ 126.889641] RAX: 0000000000000000 RBX: ffff88800c0ceb40 RCX: 1ffffe21fe601c15 [ 126.890290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 126.890957] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819d68 [ 126.891598] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 126.892255] R13: ffff88800c0ceb40 R14: ffffffff815f27a0 R15: 1ffff110011df61f [ 126.892903] FS: 00007f843a1a5700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 126.893630] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.894165] CR2: ffffed100fffc000 CR3: 00000000161b0000 CR4: 0000000000350ee0 [ 126.894818] Call Trace: [ 126.895057] [ 126.895271] kasan_unpoison+0x23/0x60 [ 126.895638] mempool_exit+0x1c2/0x330 [ 126.896007] bioset_exit+0x2c9/0x630 [ 126.896363] ? _raw_spin_unlock+0x24/0x50 [ 126.896763] ? blkg_destroy_all.isra.0+0x157/0x230 [ 126.897237] disk_release+0x143/0x490 [ 126.897620] ? disk_release+0x0/0x490 [ 126.897981] ? device_release+0x0/0x250 [ 126.898357] device_release+0xa2/0x250 [ 126.898735] ? device_release+0x0/0x250 [ 126.899105] kobject_put+0x173/0x280 [ 126.899466] put_device+0x1b/0x40 [ 126.899796] put_disk+0x41/0x60 [ 126.900116] loop_control_ioctl+0x4d1/0x630 [ 126.900525] ? loop_control_ioctl+0x0/0x630 [ 126.900935] ? selinux_file_ioctl+0xb1/0x270 [ 126.901360] ? selinux_file_ioctl+0x2/0x270 [ 126.901776] ? loop_control_ioctl+0x0/0x630 [ 126.902183] __x64_sys_ioctl+0x19a/0x220 [ 126.902585] do_syscall_64+0x3b/0xa0 [ 126.902946] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 126.903422] RIP: 0033:0x7f843cc2fb19 [ 126.903771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.905385] RSP: 002b:00007f843a1a5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 126.906070] RAX: ffffffffffffffda RBX: 00007f843cd42f60 RCX: 00007f843cc2fb19 [ 126.906724] RDX: 0000000000000007 RSI: 0000000000004c81 RDI: 0000000000000005 [ 126.907366] RBP: 00007f843cc89f6d R08: 0000000000000000 R09: 0000000000000000 [ 126.908016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.908656] R13: 00007ffdcb5f891f R14: 00007f843a1a5300 R15: 0000000000022000 [ 126.909321] [ 126.909544] Modules linked in: [ 126.909854] CR2: ffffed100fffc000 [ 126.910175] ---[ end trace 0000000000000000 ]--- [ 126.910617] RIP: 0010:__memset+0x24/0x50 [ 126.911011] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 126.912650] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 126.913138] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 126.913784] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 126.914433] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 126.915087] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 126.915740] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 126.916394] FS: 00007f843a1a5700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 126.917128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.917660] CR2: ffffed100fffc000 CR3: 00000000161b0000 CR4: 0000000000350ee0 11:12:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) [ 127.280831] BUG: unable to handle page fault for address: ffffed100fffc000 [ 127.281400] #PF: supervisor write access in kernel mode [ 127.281814] #PF: error_code(0x0002) - not-present page [ 127.282207] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 127.282741] Oops: 0002 [#8] PREEMPT SMP KASAN NOPTI [ 127.283117] CPU: 1 PID: 4255 Comm: syz-executor.2 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 127.283826] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.284452] RIP: 0010:__memset+0x24/0x50 [ 127.284780] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 127.286111] RSP: 0018:ffff88803ec0fcc0 EFLAGS: 00010212 [ 127.286541] RAX: 0000000000000000 RBX: ffff88800c0ce9c0 RCX: 1ffffe21fe601c0f [ 127.287070] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 127.287622] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819d38 [ 127.288310] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 127.289014] R13: ffff88800c0ce9c0 R14: ffffffff815f27a0 R15: 1ffff110011dfa1f [ 127.289697] FS: 00007f36b52fa700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 127.290366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.290821] CR2: ffffed100fffc000 CR3: 0000000019a54000 CR4: 0000000000350ee0 [ 127.291359] Call Trace: [ 127.291560] [ 127.291734] kasan_unpoison+0x23/0x60 [ 127.292029] mempool_exit+0x1c2/0x330 [ 127.292345] bioset_exit+0x2c9/0x630 [ 127.292636] ? _raw_spin_unlock+0x24/0x50 [ 127.292958] ? blkg_destroy_all.isra.0+0x157/0x230 [ 127.293361] disk_release+0x143/0x490 [ 127.293657] ? disk_release+0x0/0x490 [ 127.293952] ? device_release+0x0/0x250 [ 127.294265] device_release+0xa2/0x250 [ 127.294568] ? device_release+0x0/0x250 [ 127.294870] kobject_put+0x173/0x280 [ 127.295165] put_device+0x1b/0x40 [ 127.295501] put_disk+0x41/0x60 [ 127.295762] loop_control_ioctl+0x4d1/0x630 [ 127.296095] ? loop_control_ioctl+0x0/0x630 [ 127.296434] ? selinux_file_ioctl+0xb1/0x270 [ 127.296779] ? loop_control_ioctl+0x0/0x630 [ 127.297107] __x64_sys_ioctl+0x19a/0x220 [ 127.297438] do_syscall_64+0x3b/0xa0 [ 127.297728] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 127.298115] RIP: 0033:0x7f36b7d84b19 [ 127.298403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.299734] RSP: 002b:00007f36b52fa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 127.300290] RAX: ffffffffffffffda RBX: 00007f36b7e97f60 RCX: 00007f36b7d84b19 [ 127.300795] RDX: 0000000000000006 RSI: 0000000000004c81 RDI: 0000000000000005 [ 127.301320] RBP: 00007f36b7ddef6d R08: 0000000000000000 R09: 0000000000000000 [ 127.301826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.302342] R13: 00007fff9dbaefff R14: 00007f36b52fa300 R15: 0000000000022000 [ 127.302861] [ 127.303034] Modules linked in: [ 127.303280] CR2: ffffed100fffc000 [ 127.303530] ---[ end trace 0000000000000000 ]--- [ 127.303866] RIP: 0010:__memset+0x24/0x50 [ 127.304186] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 127.305471] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 127.305854] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 127.306396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 127.306941] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 127.307487] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 127.308022] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 127.308571] FS: 00007f36b52fa700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 127.309166] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.309609] CR2: ffffed100fffc000 CR3: 0000000019a54000 CR4: 0000000000350ee0 [ 127.339055] BUG: unable to handle page fault for address: ffffed100fffc000 [ 127.339971] #PF: supervisor write access in kernel mode [ 127.340639] #PF: error_code(0x0002) - not-present page [ 127.341295] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 127.342156] Oops: 0002 [#9] PREEMPT SMP KASAN NOPTI [ 127.342792] CPU: 0 PID: 4301 Comm: syz-executor.6 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 127.343966] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.344977] RIP: 0010:__memset+0x24/0x50 [ 127.345518] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 127.347755] RSP: 0018:ffff88803f9ffcc0 EFLAGS: 00010212 [ 127.348424] RAX: 0000000000000000 RBX: ffff88800c0ced80 RCX: 1ffffe21fe601c1e [ 127.349305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 127.350179] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819db0 [ 127.351066] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 127.351951] R13: ffff88800c0ced80 R14: ffffffff815f27a0 R15: 1ffff1100335021f [ 127.352841] FS: 00007fa24996e700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 127.353843] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.354585] CR2: ffffed100fffc000 CR3: 000000001590c000 CR4: 0000000000350ef0 [ 127.355470] Call Trace: [ 127.355794] [ 127.356066] kasan_unpoison+0x23/0x60 [ 127.356539] mempool_exit+0x1c2/0x330 [ 127.357030] bioset_exit+0x2c9/0x630 [ 127.357500] ? _raw_spin_unlock+0x24/0x50 [ 127.358032] ? blkg_destroy_all.isra.0+0x157/0x230 [ 127.358671] disk_release+0x143/0x490 [ 127.359155] ? disk_release+0x0/0x490 [ 127.359641] ? device_release+0x0/0x250 [ 127.360138] device_release+0xa2/0x250 [ 127.360624] ? device_release+0x0/0x250 [ 127.361121] kobject_put+0x173/0x280 [ 127.361599] put_device+0x1b/0x40 [ 127.362032] put_disk+0x41/0x60 [ 127.362456] loop_control_ioctl+0x4d1/0x630 [ 127.363023] ? loop_control_ioctl+0x0/0x630 [ 127.363564] ? selinux_file_ioctl+0xb1/0x270 [ 127.364129] ? loop_control_ioctl+0x0/0x630 [ 127.364671] __x64_sys_ioctl+0x19a/0x220 [ 127.365188] do_syscall_64+0x3b/0xa0 [ 127.365669] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 127.366301] RIP: 0033:0x7fa24c419b19 [ 127.366920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.369165] RSP: 002b:00007fa24996e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 127.370124] RAX: ffffffffffffffda RBX: 00007fa24c52d020 RCX: 00007fa24c419b19 [ 127.371023] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 127.371925] RBP: 00007fa24c473f6d R08: 0000000000000000 R09: 0000000000000000 [ 127.372830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.373718] R13: 00007ffc5bee5a1f R14: 00007fa24996e300 R15: 0000000000022000 [ 127.374639] [ 127.374942] Modules linked in: [ 127.375360] CR2: ffffed100fffc000 [ 127.375801] ---[ end trace 0000000000000000 ]--- [ 127.376379] RIP: 0010:__memset+0x24/0x50 [ 127.376922] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 127.379183] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 127.379857] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 127.380717] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 127.381569] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 127.382434] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 127.383304] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 127.384193] FS: 00007fa24996e700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 127.385205] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.385946] CR2: ffffed100fffc000 CR3: 000000001590c000 CR4: 0000000000350ef0 11:12:53 executing program 2: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:53 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x100) fallocate(r0, 0x0, 0x0, 0x87ffffc) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000001340)="e4eb8e5355feefc9b3c48a57cf1602a197c4b0087f7e5812368dc3bab70e0418263fc620b190aa02558bcfb0e65cb7786074964845b33e3618af6ae487cb258242e1e8731eec366954e0c20a64f07e48", 0x50}], 0x1, 0x8d, 0x7bf6) syz_open_dev$tty20(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000340), 0x8, 0x0) r4 = signalfd4(r3, &(0x7f00000007c0)={[0xa62]}, 0x8, 0x80000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0x1}}, './file1\x00'}) r5 = accept4$packet(r4, 0x0, &(0x7f00000003c0), 0x800) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000400)={0x0, r2, 0x4, 0x1ff, 0x4, 0x1823}) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40200, 0x0) dup3(r6, r7, 0x80000) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_sset_info={0x10}}) 11:12:53 executing program 0: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:53 executing program 7: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 11:12:53 executing program 4: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x36, 0x0, 0x0) 11:12:53 executing program 6: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_setup(0x7, &(0x7f0000000000)) r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r1, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000004c0)=ANY=[@ANYRES32, @ANYBLOB="5f7145ca3a3e33ad535ff9f2e86718378a10f0dec3f44533e5880468c9f0409c0c4d735dace8252773f2470840fa03a3e06ef6137ee0f98aece9a18d5a1ed16982788fd3340b00"/81]) io_cancel(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0x4cb6, r0, &(0x7f0000000380)="18057c9f0fe11ae6d3fd9d6b962d3c1c526e5b9eda3c77b6d218b317236450137a674319aa2f9cc143cee70004ef676c9c41f99379fcf2fc4c026b6d1c2afe93a87e34863c1be15acf296db7ed091bb7ea02dd5ea35ead35c1c87e3246b0cef58df7db6c072be3234077fb1fc9a67f1488fd28c07564f27144d0c558716819ca5ccb508be90f3efc87c981feded376510a4e68a54398740fdbf4c2c06e6835e3b7a141973986cc0ce0fccc4df07be6580efb3d8301e6e541aecd115dac3c38d393af2bd3b92d37c833a978309ef666e91886d630aece1944893a686acbe8cca65e428ec64a43bc62e89f27696b71ccafe0", 0xf1, 0x9}, &(0x7f0000000240)) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(r2, 0x5608) 11:12:53 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@afid}]}}) 11:12:54 executing program 7: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 11:12:54 executing program 3: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 11:12:54 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@afid}]}}) 11:12:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x36, 0x0, 0x0) 11:12:54 executing program 7: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 11:12:54 executing program 2: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 11:12:54 executing program 7: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 11:12:54 executing program 3: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 11:12:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x36, 0x0, 0x0) 11:12:54 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@afid}]}}) 11:12:54 executing program 6: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_setup(0x7, &(0x7f0000000000)) r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r1, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000004c0)=ANY=[@ANYRES32, @ANYBLOB="5f7145ca3a3e33ad535ff9f2e86718378a10f0dec3f44533e5880468c9f0409c0c4d735dace8252773f2470840fa03a3e06ef6137ee0f98aece9a18d5a1ed16982788fd3340b00"/81]) io_cancel(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0x4cb6, r0, &(0x7f0000000380)="18057c9f0fe11ae6d3fd9d6b962d3c1c526e5b9eda3c77b6d218b317236450137a674319aa2f9cc143cee70004ef676c9c41f99379fcf2fc4c026b6d1c2afe93a87e34863c1be15acf296db7ed091bb7ea02dd5ea35ead35c1c87e3246b0cef58df7db6c072be3234077fb1fc9a67f1488fd28c07564f27144d0c558716819ca5ccb508be90f3efc87c981feded376510a4e68a54398740fdbf4c2c06e6835e3b7a141973986cc0ce0fccc4df07be6580efb3d8301e6e541aecd115dac3c38d393af2bd3b92d37c833a978309ef666e91886d630aece1944893a686acbe8cca65e428ec64a43bc62e89f27696b71ccafe0", 0xf1, 0x9}, &(0x7f0000000240)) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(r2, 0x5608) 11:12:54 executing program 4: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:54 executing program 0: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:54 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x36, 0x0, 0x0) 11:12:54 executing program 3: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 11:12:54 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_setup(0x7, &(0x7f0000000000)) r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r1, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000004c0)=ANY=[@ANYRES32, @ANYBLOB="5f7145ca3a3e33ad535ff9f2e86718378a10f0dec3f44533e5880468c9f0409c0c4d735dace8252773f2470840fa03a3e06ef6137ee0f98aece9a18d5a1ed16982788fd3340b00"/81]) io_cancel(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0x4cb6, r0, &(0x7f0000000380)="18057c9f0fe11ae6d3fd9d6b962d3c1c526e5b9eda3c77b6d218b317236450137a674319aa2f9cc143cee70004ef676c9c41f99379fcf2fc4c026b6d1c2afe93a87e34863c1be15acf296db7ed091bb7ea02dd5ea35ead35c1c87e3246b0cef58df7db6c072be3234077fb1fc9a67f1488fd28c07564f27144d0c558716819ca5ccb508be90f3efc87c981feded376510a4e68a54398740fdbf4c2c06e6835e3b7a141973986cc0ce0fccc4df07be6580efb3d8301e6e541aecd115dac3c38d393af2bd3b92d37c833a978309ef666e91886d630aece1944893a686acbe8cca65e428ec64a43bc62e89f27696b71ccafe0", 0xf1, 0x9}, &(0x7f0000000240)) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(r2, 0x5608) 11:12:54 executing program 2: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:54 executing program 1: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:55 executing program 0: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:55 executing program 1: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:55 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@afid}]}}) 11:12:55 executing program 3: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:55 executing program 2: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:55 executing program 3: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:55 executing program 2: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:56 executing program 0: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:56 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_setup(0x7, &(0x7f0000000000)) r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r1, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000004c0)=ANY=[@ANYRES32, @ANYBLOB="5f7145ca3a3e33ad535ff9f2e86718378a10f0dec3f44533e5880468c9f0409c0c4d735dace8252773f2470840fa03a3e06ef6137ee0f98aece9a18d5a1ed16982788fd3340b00"/81]) io_cancel(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0x4cb6, r0, &(0x7f0000000380)="18057c9f0fe11ae6d3fd9d6b962d3c1c526e5b9eda3c77b6d218b317236450137a674319aa2f9cc143cee70004ef676c9c41f99379fcf2fc4c026b6d1c2afe93a87e34863c1be15acf296db7ed091bb7ea02dd5ea35ead35c1c87e3246b0cef58df7db6c072be3234077fb1fc9a67f1488fd28c07564f27144d0c558716819ca5ccb508be90f3efc87c981feded376510a4e68a54398740fdbf4c2c06e6835e3b7a141973986cc0ce0fccc4df07be6580efb3d8301e6e541aecd115dac3c38d393af2bd3b92d37c833a978309ef666e91886d630aece1944893a686acbe8cca65e428ec64a43bc62e89f27696b71ccafe0", 0xf1, 0x9}, &(0x7f0000000240)) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(r2, 0x5608) 11:12:56 executing program 3: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:56 executing program 6: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_setup(0x7, &(0x7f0000000000)) r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r1, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000004c0)=ANY=[@ANYRES32, @ANYBLOB="5f7145ca3a3e33ad535ff9f2e86718378a10f0dec3f44533e5880468c9f0409c0c4d735dace8252773f2470840fa03a3e06ef6137ee0f98aece9a18d5a1ed16982788fd3340b00"/81]) io_cancel(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0x4cb6, r0, &(0x7f0000000380)="18057c9f0fe11ae6d3fd9d6b962d3c1c526e5b9eda3c77b6d218b317236450137a674319aa2f9cc143cee70004ef676c9c41f99379fcf2fc4c026b6d1c2afe93a87e34863c1be15acf296db7ed091bb7ea02dd5ea35ead35c1c87e3246b0cef58df7db6c072be3234077fb1fc9a67f1488fd28c07564f27144d0c558716819ca5ccb508be90f3efc87c981feded376510a4e68a54398740fdbf4c2c06e6835e3b7a141973986cc0ce0fccc4df07be6580efb3d8301e6e541aecd115dac3c38d393af2bd3b92d37c833a978309ef666e91886d630aece1944893a686acbe8cca65e428ec64a43bc62e89f27696b71ccafe0", 0xf1, 0x9}, &(0x7f0000000240)) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(r2, 0x5608) 11:12:56 executing program 4: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:56 executing program 1: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:56 executing program 5: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:56 executing program 2: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:56 executing program 1: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:56 executing program 5: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:56 executing program 2: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:57 executing program 4: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:57 executing program 6: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_setup(0x7, &(0x7f0000000000)) r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r1, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000004c0)=ANY=[@ANYRES32, @ANYBLOB="5f7145ca3a3e33ad535ff9f2e86718378a10f0dec3f44533e5880468c9f0409c0c4d735dace8252773f2470840fa03a3e06ef6137ee0f98aece9a18d5a1ed16982788fd3340b00"/81]) io_cancel(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0x4cb6, r0, &(0x7f0000000380)="18057c9f0fe11ae6d3fd9d6b962d3c1c526e5b9eda3c77b6d218b317236450137a674319aa2f9cc143cee70004ef676c9c41f99379fcf2fc4c026b6d1c2afe93a87e34863c1be15acf296db7ed091bb7ea02dd5ea35ead35c1c87e3246b0cef58df7db6c072be3234077fb1fc9a67f1488fd28c07564f27144d0c558716819ca5ccb508be90f3efc87c981feded376510a4e68a54398740fdbf4c2c06e6835e3b7a141973986cc0ce0fccc4df07be6580efb3d8301e6e541aecd115dac3c38d393af2bd3b92d37c833a978309ef666e91886d630aece1944893a686acbe8cca65e428ec64a43bc62e89f27696b71ccafe0", 0xf1, 0x9}, &(0x7f0000000240)) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(r2, 0x5608) 11:12:57 executing program 3: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 11:12:57 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_setup(0x7, &(0x7f0000000000)) r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r1 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r1, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000004c0)=ANY=[@ANYRES32, @ANYBLOB="5f7145ca3a3e33ad535ff9f2e86718378a10f0dec3f44533e5880468c9f0409c0c4d735dace8252773f2470840fa03a3e06ef6137ee0f98aece9a18d5a1ed16982788fd3340b00"/81]) io_cancel(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0x4cb6, r0, &(0x7f0000000380)="18057c9f0fe11ae6d3fd9d6b962d3c1c526e5b9eda3c77b6d218b317236450137a674319aa2f9cc143cee70004ef676c9c41f99379fcf2fc4c026b6d1c2afe93a87e34863c1be15acf296db7ed091bb7ea02dd5ea35ead35c1c87e3246b0cef58df7db6c072be3234077fb1fc9a67f1488fd28c07564f27144d0c558716819ca5ccb508be90f3efc87c981feded376510a4e68a54398740fdbf4c2c06e6835e3b7a141973986cc0ce0fccc4df07be6580efb3d8301e6e541aecd115dac3c38d393af2bd3b92d37c833a978309ef666e91886d630aece1944893a686acbe8cca65e428ec64a43bc62e89f27696b71ccafe0", 0xf1, 0x9}, &(0x7f0000000240)) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(r2, 0x5608) 11:12:57 executing program 1: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:57 executing program 5: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:57 executing program 3: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 11:12:57 executing program 2: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:57 executing program 7: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r0, &(0x7f0000000080)='=~', 0x2, 0x881, 0x0, 0x0) recvfrom(r1, &(0x7f0000000040)=""/50, 0x32, 0x0, 0x0, 0x0) 11:12:57 executing program 1: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x80900, 0x20}, 0x18) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x0, 0x0) syncfs(0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') syz_io_uring_setup(0x6c69, &(0x7f0000000340)={0x0, 0x92c5, 0x0, 0x3, 0x26, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000003c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000c, 0x810, r1, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000300), 0xd}, 0x8fa6, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x400}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x3c, 0x0, "704f5992d666aa2888e479ca552ee155f638582a91ca97213cf4774a2e4c350cdc3f9f62a4c21970bd149a52fa311b916bf00bb7dd8fd0dfa22b4100"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) socket$unix(0x1, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) accept4$unix(r0, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) 11:12:57 executing program 4: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f0000000380)=""/9) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11:12:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000010c0)={{0x14, 0x2c}, [], {0x14}}, 0x28}}, 0x0) 11:12:57 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) 11:12:57 executing program 3: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 11:12:57 executing program 7: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r0, &(0x7f0000000080)='=~', 0x2, 0x881, 0x0, 0x0) recvfrom(r1, &(0x7f0000000040)=""/50, 0x32, 0x0, 0x0, 0x0) 11:12:57 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) 11:12:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000010c0)={{0x14, 0x2c}, [], {0x14}}, 0x28}}, 0x0) 11:12:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2}, 0x10}}, 0x0) 11:12:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000010c0)={{0x14, 0x2c}, [], {0x14}}, 0x28}}, 0x0) 11:12:57 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() r0 = socket$packet(0x11, 0x3, 0x300) dup(r0) ioperm(0x0, 0x800, 0x4) 11:12:57 executing program 4: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f0000000380)=""/9) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11:12:57 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) [ 132.055373] BUG: unable to handle page fault for address: ffffed100fffc000 [ 132.056077] #PF: supervisor write access in kernel mode [ 132.056560] #PF: error_code(0x0002) - not-present page [ 132.057035] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 132.057665] Oops: 0002 [#10] PREEMPT SMP KASAN NOPTI [ 132.058143] CPU: 1 PID: 4484 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 132.059017] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 132.059763] RIP: 0010:__memset+0x24/0x50 [ 132.060166] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 132.061809] RSP: 0018:ffff88800d41fcc0 EFLAGS: 00010212 [ 132.062306] RAX: 0000000000000000 RBX: ffff888018bf4000 RCX: 1ffffe21fe92e568 [ 132.062975] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 132.063626] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed100317e800 [ 132.064276] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 132.064918] R13: ffff888018bf4000 R14: ffffffff815f27a0 R15: 1ffff1100335001f [ 132.065602] FS: 00007f82581ea700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 132.066364] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.066935] CR2: ffffed100fffc000 CR3: 0000000016222000 CR4: 0000000000350ee0 [ 132.067622] Call Trace: [ 132.067877] [ 132.068098] kasan_unpoison+0x23/0x60 [ 132.068476] mempool_exit+0x1c2/0x330 [ 132.068861] bioset_exit+0x2c9/0x630 [ 132.069240] disk_release+0x143/0x490 [ 132.069617] ? disk_release+0x0/0x490 [ 132.069994] ? device_release+0x0/0x250 [ 132.070392] device_release+0xa2/0x250 [ 132.070790] ? device_release+0x0/0x250 [ 132.071175] kobject_put+0x173/0x280 [ 132.071544] put_device+0x1b/0x40 [ 132.071888] put_disk+0x41/0x60 [ 132.072227] loop_control_ioctl+0x4d1/0x630 [ 132.072650] ? loop_control_ioctl+0x0/0x630 [ 132.073072] ? selinux_file_ioctl+0xb1/0x270 [ 132.073518] ? loop_control_ioctl+0x0/0x630 [ 132.073929] __x64_sys_ioctl+0x19a/0x220 [ 132.074320] do_syscall_64+0x3b/0xa0 [ 132.074696] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 132.075189] RIP: 0033:0x7f825ac74b19 [ 132.075541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 132.077171] RSP: 002b:00007f82581ea188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 132.077864] RAX: ffffffffffffffda RBX: 00007f825ad87f60 RCX: 00007f825ac74b19 [ 132.078510] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000005 [ 132.079177] RBP: 00007f825accef6d R08: 0000000000000000 R09: 0000000000000000 [ 132.079823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.080468] R13: 00007ffec702488f R14: 00007f82581ea300 R15: 0000000000022000 [ 132.081114] [ 132.081333] Modules linked in: [ 132.081643] CR2: ffffed100fffc000 [ 132.081963] ---[ end trace 0000000000000000 ]--- [ 132.082415] RIP: 0010:__memset+0x24/0x50 [ 132.082834] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 132.084390] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 132.084897] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 132.085577] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 132.086266] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 132.086949] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 132.087626] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 132.088307] FS: 00007f82581ea700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 132.089059] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.089623] CR2: ffffed100fffc000 CR3: 0000000016222000 CR4: 0000000000350ee0 11:12:58 executing program 7: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r0, &(0x7f0000000080)='=~', 0x2, 0x881, 0x0, 0x0) recvfrom(r1, &(0x7f0000000040)=""/50, 0x32, 0x0, 0x0, 0x0) 11:12:58 executing program 2: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f0000000380)=""/9) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11:12:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2}, 0x10}}, 0x0) 11:12:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000010c0)={{0x14, 0x2c}, [], {0x14}}, 0x28}}, 0x0) 11:12:58 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) 11:12:58 executing program 1: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f0000000380)=""/9) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11:12:58 executing program 4: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f0000000380)=""/9) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11:12:58 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() r0 = socket$packet(0x11, 0x3, 0x300) dup(r0) ioperm(0x0, 0x800, 0x4) 11:12:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2}, 0x10}}, 0x0) 11:12:58 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() r0 = socket$packet(0x11, 0x3, 0x300) dup(r0) ioperm(0x0, 0x800, 0x4) 11:12:58 executing program 7: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r0, &(0x7f0000000080)='=~', 0x2, 0x881, 0x0, 0x0) recvfrom(r1, &(0x7f0000000040)=""/50, 0x32, 0x0, 0x0, 0x0) 11:12:58 executing program 4: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f0000000380)=""/9) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11:12:58 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() r0 = socket$packet(0x11, 0x3, 0x300) dup(r0) ioperm(0x0, 0x800, 0x4) [ 133.274884] BUG: unable to handle page fault for address: ffffed100fffc000 [ 133.275655] #PF: supervisor write access in kernel mode [ 133.276192] #PF: error_code(0x0002) - not-present page [ 133.276722] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 133.277393] Oops: 0002 [#11] PREEMPT SMP KASAN NOPTI [ 133.277903] CPU: 1 PID: 4501 Comm: syz-executor.1 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 133.278849] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 133.279662] RIP: 0010:__memset+0x24/0x50 [ 133.280100] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 133.281871] RSP: 0018:ffff8880404afcc0 EFLAGS: 00010212 [ 133.282400] RAX: 0000000000000000 RBX: ffff888018bf4180 RCX: 1ffffe21fe92e56e [ 133.283106] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 133.283813] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed100317e830 [ 133.284524] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 133.285234] R13: ffff888018bf4180 R14: ffffffff815f27a0 R15: 1ffff11003350e1f [ 133.285948] FS: 00007fd8a741a700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 133.286793] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.287378] CR2: ffffed100fffc000 CR3: 000000001ed7c000 CR4: 0000000000350ee0 [ 133.288095] Call Trace: [ 133.288366] [ 133.288605] kasan_unpoison+0x23/0x60 [ 133.289007] mempool_exit+0x1c2/0x330 [ 133.289420] bioset_exit+0x2c9/0x630 [ 133.289823] disk_release+0x143/0x490 [ 133.290225] ? disk_release+0x0/0x490 [ 133.290637] ? device_release+0x0/0x250 [ 133.291056] device_release+0xa2/0x250 [ 133.291461] ? device_release+0x0/0x250 [ 133.291872] kobject_put+0x173/0x280 [ 133.292296] put_device+0x1b/0x40 [ 133.292680] put_disk+0x41/0x60 [ 133.293053] loop_control_ioctl+0x4d1/0x630 [ 133.293524] ? loop_control_ioctl+0x0/0x630 [ 133.293983] ? __x64_sys_ioctl+0x11c/0x220 [ 133.294423] ? loop_control_ioctl+0x0/0x630 [ 133.294895] __x64_sys_ioctl+0x19a/0x220 [ 133.295322] do_syscall_64+0x3b/0xa0 [ 133.295712] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 133.296232] RIP: 0033:0x7fd8a9ea4b19 [ 133.296613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 133.298396] RSP: 002b:00007fd8a741a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 133.299147] RAX: ffffffffffffffda RBX: 00007fd8a9fb7f60 RCX: 00007fd8a9ea4b19 [ 133.299857] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000005 [ 133.300565] RBP: 00007fd8a9efef6d R08: 0000000000000000 R09: 0000000000000000 [ 133.301315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.302049] R13: 00007fffa01bdc2f R14: 00007fd8a741a300 R15: 0000000000022000 [ 133.302806] [ 133.303067] Modules linked in: [ 133.303412] CR2: ffffed100fffc000 [ 133.303766] ---[ end trace 0000000000000000 ]--- [ 133.304236] RIP: 0010:__memset+0x24/0x50 [ 133.304667] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 133.306464] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 133.307014] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 133.307715] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 133.308419] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 133.309136] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 133.309841] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 133.310554] FS: 00007fd8a741a700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 133.311364] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.311942] CR2: ffffed100fffc000 CR3: 000000001ed7c000 CR4: 0000000000350ee0 11:12:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2}, 0x10}}, 0x0) 11:12:59 executing program 7: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f0000000380)=""/9) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11:12:59 executing program 4: syz_emit_ethernet(0xbe, &(0x7f0000001180)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x88, 0x0, @private=0xa010102, @local}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "9cc34027cad83ed73be4f93e7326b9e1da67ee3561924fa66bfa0cb75cff5171", "117ad553083cf29887cf5f29c7a6c95c7558a7482e05b26986482338c4a4807a788dafc8181760316d293733eea7f8d3", "a75e81563131a3cfe7a7f5a39f877d4c3d74923d6412b791b7128fae", {"45ce2e1db012ba00", "e313e602785b0268a2ed03bd928ccf20"}}}}}}}, 0x0) 11:12:59 executing program 1: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f0000000380)=""/9) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11:12:59 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() r0 = socket$packet(0x11, 0x3, 0x300) dup(r0) ioperm(0x0, 0x800, 0x4) 11:12:59 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() r0 = socket$packet(0x11, 0x3, 0x300) dup(r0) ioperm(0x0, 0x800, 0x4) 11:12:59 executing program 2: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f0000000380)=""/9) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11:12:59 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync() r0 = socket$packet(0x11, 0x3, 0x300) dup(r0) ioperm(0x0, 0x800, 0x4) 11:12:59 executing program 4: syz_emit_ethernet(0xbe, &(0x7f0000001180)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x88, 0x0, @private=0xa010102, @local}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "9cc34027cad83ed73be4f93e7326b9e1da67ee3561924fa66bfa0cb75cff5171", "117ad553083cf29887cf5f29c7a6c95c7558a7482e05b26986482338c4a4807a788dafc8181760316d293733eea7f8d3", "a75e81563131a3cfe7a7f5a39f877d4c3d74923d6412b791b7128fae", {"45ce2e1db012ba00", "e313e602785b0268a2ed03bd928ccf20"}}}}}}}, 0x0) 11:12:59 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x21, 0x0, &(0x7f00000001c0)) 11:12:59 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x21, 0x0, &(0x7f00000001c0)) 11:12:59 executing program 7: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f0000000380)=""/9) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 11:13:00 executing program 4: syz_emit_ethernet(0xbe, &(0x7f0000001180)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x88, 0x0, @private=0xa010102, @local}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "9cc34027cad83ed73be4f93e7326b9e1da67ee3561924fa66bfa0cb75cff5171", "117ad553083cf29887cf5f29c7a6c95c7558a7482e05b26986482338c4a4807a788dafc8181760316d293733eea7f8d3", "a75e81563131a3cfe7a7f5a39f877d4c3d74923d6412b791b7128fae", {"45ce2e1db012ba00", "e313e602785b0268a2ed03bd928ccf20"}}}}}}}, 0x0) 11:13:00 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x21, 0x0, &(0x7f00000001c0)) 11:13:00 executing program 4: syz_emit_ethernet(0xbe, &(0x7f0000001180)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x88, 0x0, @private=0xa010102, @local}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "9cc34027cad83ed73be4f93e7326b9e1da67ee3561924fa66bfa0cb75cff5171", "117ad553083cf29887cf5f29c7a6c95c7558a7482e05b26986482338c4a4807a788dafc8181760316d293733eea7f8d3", "a75e81563131a3cfe7a7f5a39f877d4c3d74923d6412b791b7128fae", {"45ce2e1db012ba00", "e313e602785b0268a2ed03bd928ccf20"}}}}}}}, 0x0) 11:13:00 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x1c, r1, 0x1, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 11:13:00 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x21, 0x0, &(0x7f00000001c0)) [ 134.091351] BUG: unable to handle page fault for address: ffffed100fffc000 [ 134.091987] #PF: supervisor write access in kernel mode [ 134.092436] #PF: error_code(0x0002) - not-present page [ 134.092869] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 134.093436] Oops: 0002 [#12] PREEMPT SMP KASAN NOPTI [ 134.093830] CPU: 0 PID: 4536 Comm: syz-executor.1 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 134.094610] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 134.095296] RIP: 0010:__memset+0x24/0x50 [ 134.095655] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 134.097160] RSP: 0018:ffff88803f98fcc0 EFLAGS: 00010212 [ 134.097616] RAX: 0000000000000000 RBX: ffff888018bf4300 RCX: 1ffffe21fe92e574 [ 134.098206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 134.098808] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed100317e860 [ 134.099404] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 134.099995] R13: ffff888018bf4300 R14: ffffffff815f27a0 R15: 1ffff11002d3981f [ 134.100586] FS: 00007fd8a741a700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 134.101255] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 134.101749] CR2: ffffed100fffc000 CR3: 000000001e290000 CR4: 0000000000350ef0 [ 134.102340] Call Trace: [ 134.102581] [ 134.102777] kasan_unpoison+0x23/0x60 [ 134.103112] mempool_exit+0x1c2/0x330 [ 134.103451] bioset_exit+0x2c9/0x630 [ 134.103789] disk_release+0x143/0x490 [ 134.104122] ? disk_release+0x0/0x490 [ 134.104455] ? device_release+0x0/0x250 [ 134.104793] device_release+0xa2/0x250 [ 134.105128] ? device_release+0x0/0x250 [ 134.105470] kobject_put+0x173/0x280 [ 134.105799] put_device+0x1b/0x40 [ 134.106096] put_disk+0x41/0x60 [ 134.106386] loop_control_ioctl+0x4d1/0x630 [ 134.106774] ? loop_control_ioctl+0x0/0x630 [ 134.107149] ? selinux_file_ioctl+0xb1/0x270 [ 134.107539] ? loop_control_ioctl+0x0/0x630 [ 134.107916] __x64_sys_ioctl+0x19a/0x220 [ 134.108275] do_syscall_64+0x3b/0xa0 [ 134.108612] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 134.109054] RIP: 0033:0x7fd8a9ea4b19 [ 134.109374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 134.110901] RSP: 002b:00007fd8a741a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 134.111538] RAX: ffffffffffffffda RBX: 00007fd8a9fb7f60 RCX: 00007fd8a9ea4b19 [ 134.112132] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 134.112721] RBP: 00007fd8a9efef6d R08: 0000000000000000 R09: 0000000000000000 [ 134.113319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.113903] R13: 00007fffa01bdc2f R14: 00007fd8a741a300 R15: 0000000000022000 [ 134.114501] [ 134.114708] Modules linked in: [ 134.114983] CR2: ffffed100fffc000 [ 134.115277] ---[ end trace 0000000000000000 ]--- [ 134.115670] RIP: 0010:__memset+0x24/0x50 [ 134.116031] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 134.117520] RSP: 0018:ffff88803e747cc0 EFLAGS: 00010212 [ 134.117964] RAX: 0000000000000000 RBX: ffff88800c0ce0c0 RCX: 1ffffe21fe601beb [ 134.118565] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 134.119161] RBP: ffff88800bf81a00 R08: 0000000000000005 R09: ffffed1001819c18 [ 134.119749] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bf81a00 [ 134.120340] R13: ffff88800c0ce0c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 134.120940] FS: 00007fd8a741a700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 134.121606] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 134.122096] CR2: ffffed100fffc000 CR3: 000000001e290000 CR4: 0000000000350ef0 [ 134.130333] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 134.133416] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 134.134503] syz-executor.4 (4567) used greatest stack depth: 23616 bytes left VM DIAGNOSIS: 11:12:50 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff888008283ab0 RCX=0000000000000000 RDX=ffff88800f7dd040 RSI=ffffffff8187f331 RDI=ffff888008283ac8 RBP=dffffc0000000000 RSP=ffff8880163679e8 R8 =0000000000000007 R9 =0000000000000000 R10=ffff888008283ab0 R11=0000000000000001 R12=0000000000ac8138 R13=ffff8880082838f8 R14=ffff8880082838f8 R15=ffff888016367c40 RIP=ffffffff8187f340 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f74fbb658c0 00000000 00000000 GS =0000 ffff88806d000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe12d39c7000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe12d39c5000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2dd2d000 CR3=000000000e414000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=0000000000000000000055007665642f XMM04=00000000000000000000000000000000 XMM05=00005598f830ed7000005598f82dd770 XMM06=00005598f82dd7e00000000000000003 XMM07=00000000000000000000000000000000 XMM08=6e753c007325732575253a5d73255b00 XMM09=00000000000000000000000000000000 XMM10=00000000000020000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82451091 RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff88803e747548 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000030 R11=0000000000000001 R12=0000000000000030 R13=ffffffff879a19a0 R14=0000000000000010 R15=ffffffff82451080 RIP=ffffffff824510e9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f843a1a5700 00000000 00000000 GS =0000 ffff88806d100000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe01e19bb000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe01e19b9000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed100fffc000 CR3=000000001eb8a000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000