Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:35987' (ECDSA) to the list of known hosts. 2022/10/31 11:18:03 fuzzer started 2022/10/31 11:18:04 dialing manager at localhost:40945 syzkaller login: [ 36.610272] cgroup: Unknown subsys name 'net' [ 36.715139] cgroup: Unknown subsys name 'rlimit' 2022/10/31 11:18:18 syscalls: 2217 2022/10/31 11:18:18 code coverage: enabled 2022/10/31 11:18:18 comparison tracing: enabled 2022/10/31 11:18:18 extra coverage: enabled 2022/10/31 11:18:18 setuid sandbox: enabled 2022/10/31 11:18:18 namespace sandbox: enabled 2022/10/31 11:18:18 Android sandbox: enabled 2022/10/31 11:18:18 fault injection: enabled 2022/10/31 11:18:18 leak checking: enabled 2022/10/31 11:18:18 net packet injection: enabled 2022/10/31 11:18:18 net device setup: enabled 2022/10/31 11:18:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/31 11:18:18 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/31 11:18:18 USB emulation: enabled 2022/10/31 11:18:18 hci packet injection: enabled 2022/10/31 11:18:18 wifi device emulation: enabled 2022/10/31 11:18:18 802.15.4 emulation: enabled 2022/10/31 11:18:18 fetching corpus: 0, signal 0/2000 (executing program) 2022/10/31 11:18:18 fetching corpus: 32, signal 21639/25171 (executing program) 2022/10/31 11:18:18 fetching corpus: 68, signal 38887/43665 (executing program) 2022/10/31 11:18:18 fetching corpus: 118, signal 47980/53988 (executing program) 2022/10/31 11:18:18 fetching corpus: 168, signal 54388/61504 (executing program) 2022/10/31 11:18:18 fetching corpus: 218, signal 59855/68065 (executing program) 2022/10/31 11:18:18 fetching corpus: 268, signal 65176/74328 (executing program) 2022/10/31 11:18:18 fetching corpus: 317, signal 68289/78497 (executing program) 2022/10/31 11:18:18 fetching corpus: 367, signal 73201/84187 (executing program) 2022/10/31 11:18:19 fetching corpus: 416, signal 81227/92606 (executing program) 2022/10/31 11:18:19 fetching corpus: 465, signal 84662/96746 (executing program) 2022/10/31 11:18:19 fetching corpus: 515, signal 87512/100287 (executing program) 2022/10/31 11:18:19 fetching corpus: 565, signal 92141/105350 (executing program) 2022/10/31 11:18:19 fetching corpus: 615, signal 95591/109284 (executing program) 2022/10/31 11:18:19 fetching corpus: 664, signal 97665/112004 (executing program) 2022/10/31 11:18:20 fetching corpus: 714, signal 99668/114630 (executing program) 2022/10/31 11:18:20 fetching corpus: 764, signal 102628/118012 (executing program) 2022/10/31 11:18:20 fetching corpus: 814, signal 105955/121623 (executing program) 2022/10/31 11:18:20 fetching corpus: 864, signal 108263/124328 (executing program) 2022/10/31 11:18:20 fetching corpus: 913, signal 110764/127107 (executing program) 2022/10/31 11:18:20 fetching corpus: 962, signal 113143/129728 (executing program) 2022/10/31 11:18:20 fetching corpus: 1010, signal 114721/131698 (executing program) 2022/10/31 11:18:21 fetching corpus: 1060, signal 116025/133407 (executing program) 2022/10/31 11:18:21 fetching corpus: 1110, signal 118253/135825 (executing program) 2022/10/31 11:18:21 fetching corpus: 1160, signal 120188/137960 (executing program) 2022/10/31 11:18:21 fetching corpus: 1210, signal 122714/140459 (executing program) 2022/10/31 11:18:21 fetching corpus: 1260, signal 125430/143067 (executing program) 2022/10/31 11:18:21 fetching corpus: 1310, signal 126877/144696 (executing program) 2022/10/31 11:18:21 fetching corpus: 1360, signal 128781/146727 (executing program) 2022/10/31 11:18:21 fetching corpus: 1408, signal 130168/148294 (executing program) 2022/10/31 11:18:22 fetching corpus: 1458, signal 131948/150039 (executing program) 2022/10/31 11:18:22 fetching corpus: 1508, signal 133422/151534 (executing program) 2022/10/31 11:18:22 fetching corpus: 1558, signal 135067/153137 (executing program) 2022/10/31 11:18:22 fetching corpus: 1606, signal 136719/154727 (executing program) 2022/10/31 11:18:22 fetching corpus: 1656, signal 137503/155717 (executing program) 2022/10/31 11:18:22 fetching corpus: 1705, signal 138801/157014 (executing program) 2022/10/31 11:18:22 fetching corpus: 1755, signal 140207/158332 (executing program) 2022/10/31 11:18:23 fetching corpus: 1805, signal 141396/159572 (executing program) 2022/10/31 11:18:23 fetching corpus: 1855, signal 142970/161028 (executing program) 2022/10/31 11:18:23 fetching corpus: 1905, signal 144001/162094 (executing program) 2022/10/31 11:18:23 fetching corpus: 1955, signal 145338/163320 (executing program) 2022/10/31 11:18:23 fetching corpus: 2005, signal 146540/164463 (executing program) 2022/10/31 11:18:23 fetching corpus: 2055, signal 147784/165541 (executing program) 2022/10/31 11:18:23 fetching corpus: 2105, signal 149437/166824 (executing program) 2022/10/31 11:18:23 fetching corpus: 2155, signal 150482/167754 (executing program) 2022/10/31 11:18:23 fetching corpus: 2205, signal 151332/168612 (executing program) 2022/10/31 11:18:24 fetching corpus: 2255, signal 152193/169396 (executing program) 2022/10/31 11:18:24 fetching corpus: 2305, signal 153578/170425 (executing program) 2022/10/31 11:18:24 fetching corpus: 2355, signal 154743/171534 (executing program) 2022/10/31 11:18:24 fetching corpus: 2405, signal 155771/172365 (executing program) 2022/10/31 11:18:24 fetching corpus: 2455, signal 156849/173184 (executing program) 2022/10/31 11:18:24 fetching corpus: 2505, signal 157794/173897 (executing program) 2022/10/31 11:18:24 fetching corpus: 2555, signal 158667/174554 (executing program) 2022/10/31 11:18:25 fetching corpus: 2605, signal 159743/175331 (executing program) 2022/10/31 11:18:25 fetching corpus: 2655, signal 160595/175933 (executing program) 2022/10/31 11:18:25 fetching corpus: 2704, signal 161283/176501 (executing program) 2022/10/31 11:18:25 fetching corpus: 2754, signal 163342/177571 (executing program) 2022/10/31 11:18:25 fetching corpus: 2804, signal 164875/178405 (executing program) 2022/10/31 11:18:25 fetching corpus: 2854, signal 165570/178915 (executing program) 2022/10/31 11:18:25 fetching corpus: 2904, signal 166699/179578 (executing program) 2022/10/31 11:18:25 fetching corpus: 2953, signal 167652/180143 (executing program) 2022/10/31 11:18:26 fetching corpus: 3003, signal 168983/180822 (executing program) 2022/10/31 11:18:26 fetching corpus: 3053, signal 169782/181276 (executing program) 2022/10/31 11:18:26 fetching corpus: 3103, signal 170866/181818 (executing program) 2022/10/31 11:18:26 fetching corpus: 3153, signal 171746/182275 (executing program) 2022/10/31 11:18:26 fetching corpus: 3203, signal 172529/182673 (executing program) 2022/10/31 11:18:26 fetching corpus: 3253, signal 173182/183027 (executing program) 2022/10/31 11:18:26 fetching corpus: 3303, signal 173671/183314 (executing program) 2022/10/31 11:18:26 fetching corpus: 3353, signal 174175/183591 (executing program) 2022/10/31 11:18:27 fetching corpus: 3403, signal 175021/183932 (executing program) 2022/10/31 11:18:27 fetching corpus: 3453, signal 175810/184227 (executing program) 2022/10/31 11:18:27 fetching corpus: 3503, signal 176640/184530 (executing program) 2022/10/31 11:18:27 fetching corpus: 3553, signal 177359/184825 (executing program) 2022/10/31 11:18:27 fetching corpus: 3603, signal 178200/185119 (executing program) 2022/10/31 11:18:27 fetching corpus: 3653, signal 178591/185290 (executing program) 2022/10/31 11:18:27 fetching corpus: 3703, signal 179712/185561 (executing program) 2022/10/31 11:18:27 fetching corpus: 3753, signal 180620/185782 (executing program) 2022/10/31 11:18:28 fetching corpus: 3803, signal 181870/186118 (executing program) 2022/10/31 11:18:28 fetching corpus: 3852, signal 182865/186336 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186474 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186506 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186550 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186574 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186614 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186654 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186703 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186750 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186787 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186829 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186866 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186900 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186939 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186977 (executing program) 2022/10/31 11:18:28 fetching corpus: 3876, signal 183404/186977 (executing program) 2022/10/31 11:18:31 starting 8 fuzzer processes 11:18:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000f40)={0x2c, 0x1, 0x2, 0x801, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0xf, 0x6, 'tftp-20000\x00'}, @CTA_EXPECT_ZONE={0x6}]}, 0x2c}}, 0x0) 11:18:31 executing program 2: pwritev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x1000000000000096, 0x0) 11:18:31 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x435, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 11:18:31 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r0 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r0, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000480)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES16, @ANYBLOB="00000000000000002e2f66696c6531c92698cd002f00"]) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) 11:18:31 executing program 4: msync(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x768a1319fd634288) 11:18:31 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:18:31 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDENABIO(r0, 0x4b36) syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0) [ 63.608671] audit: type=1400 audit(1667215111.398:6): avc: denied { execmem } for pid=285 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:18:31 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/dev_mcast\x00') preadv(r0, &(0x7f0000001140)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x7, 0x0, 0x0) [ 64.968407] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.969832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 64.971938] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.973660] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.974944] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.976410] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.977771] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.978787] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 64.983036] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.984353] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.985982] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 64.988037] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.989425] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 64.995436] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.019361] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.020787] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.025917] Bluetooth: hci0: HCI_REQ-0x0c1a [ 65.026139] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 65.030338] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.031432] Bluetooth: hci2: HCI_REQ-0x0c1a [ 65.035247] Bluetooth: hci1: HCI_REQ-0x0c1a [ 65.048183] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 65.049764] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 65.051086] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 65.052482] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 65.063870] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 65.064856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 65.066050] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 65.067041] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 65.070456] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 65.079472] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 65.083442] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 65.090584] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 65.092562] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 65.095639] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 65.097010] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 65.099179] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 65.101733] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 65.104048] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 65.105372] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 65.107432] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 65.109888] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 65.116841] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 65.119396] Bluetooth: hci5: HCI_REQ-0x0c1a [ 65.120473] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 65.121961] Bluetooth: hci4: HCI_REQ-0x0c1a [ 65.129175] Bluetooth: hci6: HCI_REQ-0x0c1a [ 65.140451] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 65.157317] Bluetooth: hci7: HCI_REQ-0x0c1a [ 67.039100] Bluetooth: hci2: command 0x0409 tx timeout [ 67.039233] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 67.103142] Bluetooth: hci1: command 0x0409 tx timeout [ 67.104341] Bluetooth: hci0: command 0x0409 tx timeout [ 67.166789] Bluetooth: hci6: command 0x0409 tx timeout [ 67.168193] Bluetooth: hci4: command 0x0409 tx timeout [ 67.169227] Bluetooth: hci5: command 0x0409 tx timeout [ 67.231710] Bluetooth: hci7: command 0x0409 tx timeout [ 69.087668] Bluetooth: hci2: command 0x041b tx timeout [ 69.150666] Bluetooth: hci0: command 0x041b tx timeout [ 69.151054] Bluetooth: hci1: command 0x041b tx timeout [ 69.214773] Bluetooth: hci5: command 0x041b tx timeout [ 69.215529] Bluetooth: hci4: command 0x041b tx timeout [ 69.216439] Bluetooth: hci6: command 0x041b tx timeout [ 69.278703] Bluetooth: hci7: command 0x041b tx timeout [ 70.172144] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.178147] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.182551] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.189788] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.193994] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 70.196423] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.202317] Bluetooth: hci3: HCI_REQ-0x0c1a [ 71.134709] Bluetooth: hci2: command 0x040f tx timeout [ 71.198727] Bluetooth: hci1: command 0x040f tx timeout [ 71.199147] Bluetooth: hci0: command 0x040f tx timeout [ 71.262746] Bluetooth: hci6: command 0x040f tx timeout [ 71.263128] Bluetooth: hci4: command 0x040f tx timeout [ 71.263493] Bluetooth: hci5: command 0x040f tx timeout [ 71.326670] Bluetooth: hci7: command 0x040f tx timeout [ 72.222762] Bluetooth: hci3: command 0x0409 tx timeout [ 73.182706] Bluetooth: hci2: command 0x0419 tx timeout [ 73.246713] Bluetooth: hci0: command 0x0419 tx timeout [ 73.247108] Bluetooth: hci1: command 0x0419 tx timeout [ 73.310737] Bluetooth: hci5: command 0x0419 tx timeout [ 73.311117] Bluetooth: hci4: command 0x0419 tx timeout [ 73.311468] Bluetooth: hci6: command 0x0419 tx timeout [ 73.374665] Bluetooth: hci7: command 0x0419 tx timeout [ 74.270740] Bluetooth: hci3: command 0x041b tx timeout [ 76.318659] Bluetooth: hci3: command 0x040f tx timeout [ 78.366727] Bluetooth: hci3: command 0x0419 tx timeout [ 117.521774] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.522339] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.523502] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 117.764079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.764773] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.766472] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 117.859224] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.859810] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.861161] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 118.047710] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.049058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.054226] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:19:26 executing program 2: pwritev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x1000000000000096, 0x0) [ 119.080236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.081128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.082914] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.186077] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.186868] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.188204] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 120.346493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.347168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.348546] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 120.508496] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.509831] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.512135] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 120.622303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.623750] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.626399] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 120.675106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.675902] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.677496] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 120.714540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.715442] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.716950] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 120.743056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.743590] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.745097] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 121.316727] audit: type=1400 audit(1667215169.106:7): avc: denied { open } for pid=3894 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.318115] audit: type=1400 audit(1667215169.107:8): avc: denied { kernel } for pid=3894 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.322917] audit: type=1400 audit(1667215169.112:9): avc: denied { tracepoint } for pid=3894 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.349504] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.350370] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.389406] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 121.448894] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.449480] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.450987] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 121.547621] hrtimer: interrupt took 18945 ns [ 123.544969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.546103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.548820] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 123.609276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.609910] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.611561] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:19:32 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000f40)={0x2c, 0x1, 0x2, 0x801, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0xf, 0x6, 'tftp-20000\x00'}, @CTA_EXPECT_ZONE={0x6}]}, 0x2c}}, 0x0) 11:19:32 executing program 2: pwritev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x1000000000000096, 0x0) 11:19:32 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDENABIO(r0, 0x4b36) syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0) 11:19:32 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x435, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 11:19:32 executing program 4: msync(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x768a1319fd634288) 11:19:32 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r0 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r0, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000480)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES16, @ANYBLOB="00000000000000002e2f66696c6531c92698cd002f00"]) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) 11:19:32 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/dev_mcast\x00') preadv(r0, &(0x7f0000001140)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x7, 0x0, 0x0) 11:19:32 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:19:32 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDENABIO(r0, 0x4b36) syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0) 11:19:32 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000f40)={0x2c, 0x1, 0x2, 0x801, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0xf, 0x6, 'tftp-20000\x00'}, @CTA_EXPECT_ZONE={0x6}]}, 0x2c}}, 0x0) 11:19:32 executing program 2: pwritev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x1000000000000096, 0x0) 11:19:32 executing program 4: msync(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x768a1319fd634288) 11:19:32 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:19:32 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/dev_mcast\x00') preadv(r0, &(0x7f0000001140)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x7, 0x0, 0x0) 11:19:32 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x435, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 11:19:32 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDENABIO(r0, 0x4b36) syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0) 11:19:32 executing program 4: msync(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x768a1319fd634288) 11:19:32 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r0 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r0, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000480)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES16, @ANYBLOB="00000000000000002e2f66696c6531c92698cd002f00"]) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) 11:19:32 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000f40)={0x2c, 0x1, 0x2, 0x801, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0xf, 0x6, 'tftp-20000\x00'}, @CTA_EXPECT_ZONE={0x6}]}, 0x2c}}, 0x0) 11:19:32 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:19:32 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x435, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 11:19:32 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r0 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r0, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000480)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES16, @ANYBLOB="00000000000000002e2f66696c6531c92698cd002f00"]) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) 11:19:32 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:19:32 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/dev_mcast\x00') preadv(r0, &(0x7f0000001140)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x7, 0x0, 0x0) 11:19:32 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:19:32 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r0 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r0, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000480)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES16, @ANYBLOB="00000000000000002e2f66696c6531c92698cd002f00"]) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) 11:19:32 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:19:32 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDENABIO(r0, 0x4b36) syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0) 11:19:32 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:19:32 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDENABIO(r0, 0x4b36) syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0) 11:19:32 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:19:32 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f00000007c0), 0x8) accept$inet(r0, 0x0, 0x0) 11:19:32 executing program 1: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x8, 0x3a, 0xff, @dev, @local, {[], @ndisc_rs}}}}}, 0x0) 11:19:32 executing program 5: openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) 11:19:32 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:19:32 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r0 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r0, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000480)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES16, @ANYBLOB="00000000000000002e2f66696c6531c92698cd002f00"]) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) 11:19:32 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDENABIO(r0, 0x4b36) syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)=[{0x0}], 0x0, 0x0) 11:19:32 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETSEL(r0, 0x4b66, &(0x7f0000000000)) 11:19:32 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:32 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETSEL(r0, 0x4b66, &(0x7f0000000000)) 11:19:33 executing program 1: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x8, 0x3a, 0xff, @dev, @local, {[], @ndisc_rs}}}}}, 0x0) 11:19:33 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f00000007c0), 0x8) accept$inet(r0, 0x0, 0x0) 11:19:33 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000600)=""/148, 0x94) r0 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r0, &(0x7f0000000040)=""/169, 0x200000e9) memfd_secret(0x80000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000480)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES16, @ANYBLOB="00000000000000002e2f66696c6531c92698cd002f00"]) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000000)={0x1000, 0x0, 0x0, 0x0, 0x10, "ddab93e1adcbd470"}) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) [ 128.082361] BUG: unable to handle page fault for address: ffffed100fffc000 [ 128.083325] #PF: supervisor write access in kernel mode [ 128.084033] #PF: error_code(0x0002) - not-present page [ 128.085011] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 128.089361] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 128.090026] CPU: 0 PID: 4039 Comm: syz-executor.7 Not tainted 6.1.0-rc3-next-20221031 #1 [ 128.091077] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.092138] RIP: 0010:__memset+0x24/0x50 [ 128.092741] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 128.095078] RSP: 0018:ffff88803f857cc0 EFLAGS: 00010216 [ 128.095792] RAX: 0000000000000000 RBX: ffff88800bff9240 RCX: 1ffffe21fe601918 [ 128.096768] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 128.097712] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff248 [ 128.098655] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 128.099605] R13: ffff88800bff9240 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 128.100573] FS: 00007f7c4369d700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 128.101641] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.102430] CR2: ffffed100fffc000 CR3: 000000003d8c6000 CR4: 0000000000350ef0 [ 128.103384] Call Trace: [ 128.103746] [ 128.104059] kasan_unpoison+0x23/0x60 [ 128.104622] mempool_exit+0x1c2/0x330 [ 128.105162] bioset_exit+0x2c9/0x630 [ 128.105699] disk_release+0x143/0x490 [ 128.106258] ? disk_release+0x0/0x490 [ 128.106809] ? device_release+0x0/0x250 [ 128.107374] device_release+0xa2/0x250 [ 128.107937] ? device_release+0x0/0x250 [ 128.108527] kobject_put+0x173/0x280 [ 128.109088] put_device+0x1b/0x40 [ 128.109600] put_disk+0x41/0x60 [ 128.110089] loop_control_ioctl+0x4d1/0x630 [ 128.110718] ? loop_control_ioctl+0x0/0x630 [ 128.111341] ? selinux_file_ioctl+0xb1/0x270 [ 128.112012] ? loop_control_ioctl+0x0/0x630 [ 128.112658] __x64_sys_ioctl+0x19a/0x220 [ 128.113258] do_syscall_64+0x3b/0xa0 [ 128.113818] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 128.114558] RIP: 0033:0x7f7c46127b19 [ 128.115089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.117617] RSP: 002b:00007f7c4369d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 128.118683] RAX: ffffffffffffffda RBX: 00007f7c4623af60 RCX: 00007f7c46127b19 [ 128.119680] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000005 [ 128.120680] RBP: 00007f7c46181f6d R08: 0000000000000000 R09: 0000000000000000 [ 128.121673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.122662] R13: 00007ffe7ddafa2f R14: 00007f7c4369d300 R15: 0000000000022000 [ 128.123679] [ 128.124022] Modules linked in: [ 128.124496] CR2: ffffed100fffc000 [ 128.125000] ---[ end trace 0000000000000000 ]--- [ 128.125656] RIP: 0010:__memset+0x24/0x50 [ 128.126253] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 128.128798] RSP: 0018:ffff88803f857cc0 EFLAGS: 00010216 [ 128.129541] RAX: 0000000000000000 RBX: ffff88800bff9240 RCX: 1ffffe21fe601918 [ 128.130530] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 128.131546] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff248 [ 128.132540] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 128.133554] R13: ffff88800bff9240 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 128.134569] FS: 00007f7c4369d700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 128.135702] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.136518] CR2: ffffed100fffc000 CR3: 000000003d8c6000 CR4: 0000000000350ef0 11:19:36 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETSEL(r0, 0x4b66, &(0x7f0000000000)) 11:19:36 executing program 1: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x8, 0x3a, 0xff, @dev, @local, {[], @ndisc_rs}}}}}, 0x0) 11:19:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x45, &(0x7f0000000280), 0x4) 11:19:36 executing program 0: r0 = syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x114, &(0x7f0000000180)=0x1, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000200)={0x42}, &(0x7f0000000240)='./file1\x00', 0x18, 0x0, 0x12345}, 0x0) io_uring_enter(r0, 0x1, 0x1, 0x1, 0x0, 0x0) r3 = syz_io_uring_complete(r1) close(r3) r4 = getpid() pidfd_open(r4, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) sendfile(r6, r5, 0x0, 0xfffffdef) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x5, 0x4, 0x6, 0x4, 0x0, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, @perf_bp={&(0x7f0000000000), 0xc}, 0x6014, 0x6, 0x5, 0x6, 0x3, 0x3, 0x4, 0x0, 0x1, 0x0, 0x7}, r4, 0x2, r6, 0xb) 11:19:36 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001d000100000000000000000004"], 0x1c}], 0x1}, 0x0) 11:19:36 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f00000007c0), 0x8) accept$inet(r0, 0x0, 0x0) 11:19:36 executing program 4: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="b406005a", @ANYRES16=r0, @ANYBLOB="02002bbd7000ffdbdf250e000000340003800800030038b60000080003000101000008000200090000000800010000000000080002000010000008000300020000006c0005804c00028008000400f8ffffff08000400ff03000008004200080000000800020004000000080002000300000008000400811a0000080003000500000008000200ed000000080003002000000008000100756470"], 0xb4}, 0x1, 0x0, 0x0, 0x2004c010}, 0x4000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x0, 0x20, 0x11}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x3000000, 0x13, r2, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0xff, 0x8, 0x1, 0x7, 0x0, 0x7, 0x18, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x2, @perf_bp={&(0x7f00000001c0), 0x8}, 0x100, 0x2, 0x7, 0x1b, 0x6, 0x0, 0xfff, 0x0, 0x2, 0x0, 0x80d7e}, 0x0, 0xd, r2, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, r2, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) [ 128.239582] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 11:19:36 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:36 executing program 1: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x8, 0x3a, 0xff, @dev, @local, {[], @ndisc_rs}}}}}, 0x0) 11:19:36 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_SETSEL(r0, 0x4b66, &(0x7f0000000000)) 11:19:36 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f00000007c0), 0x8) accept$inet(r0, 0x0, 0x0) 11:19:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x45, &(0x7f0000000280), 0x4) 11:19:36 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:36 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x45, &(0x7f0000000280), 0x4) 11:19:36 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:36 executing program 6: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) fchmod(r0, 0x0) [ 128.534774] BUG: unable to handle page fault for address: ffffed100fffc000 [ 128.535315] #PF: supervisor write access in kernel mode [ 128.535667] #PF: error_code(0x0002) - not-present page [ 128.536141] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 128.536620] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI [ 128.536964] CPU: 1 PID: 4087 Comm: syz-executor.0 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 128.537586] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.538132] RIP: 0010:__memset+0x24/0x50 [ 128.538430] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 128.539547] RSP: 0018:ffff88803f937cc0 EFLAGS: 00010216 [ 128.539890] RAX: 0000000000000000 RBX: ffff88800bff93c0 RCX: 1ffffe21fe60191e [ 128.540340] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 128.540785] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff278 [ 128.541227] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 128.541674] R13: ffff88800bff93c0 R14: ffffffff815f27a0 R15: 1ffff110010e5c1f [ 128.542123] FS: 00007f3924447700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 128.542623] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.542990] CR2: ffffed100fffc000 CR3: 000000001ea72000 CR4: 0000000000350ee0 [ 128.543432] Call Trace: [ 128.543606] [ 128.543763] kasan_unpoison+0x23/0x60 [ 128.544019] mempool_exit+0x1c2/0x330 [ 128.544291] bioset_exit+0x2c9/0x630 [ 128.544548] disk_release+0x143/0x490 [ 128.544805] ? disk_release+0x0/0x490 [ 128.545060] ? device_release+0x0/0x250 [ 128.545322] device_release+0xa2/0x250 [ 128.545581] ? device_release+0x0/0x250 [ 128.545843] kobject_put+0x173/0x280 [ 128.546094] put_device+0x1b/0x40 [ 128.546328] put_disk+0x41/0x60 [ 128.546551] loop_control_ioctl+0x4d1/0x630 [ 128.546839] ? loop_control_ioctl+0x0/0x630 [ 128.547122] ? selinux_file_ioctl+0xb1/0x270 [ 128.547423] ? loop_control_ioctl+0x0/0x630 [ 128.547711] __x64_sys_ioctl+0x19a/0x220 [ 128.547985] do_syscall_64+0x3b/0xa0 [ 128.548247] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 128.548620] RIP: 0033:0x7f3926ed1b19 [ 128.548876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.549983] RSP: 002b:00007f3924447188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 128.550460] RAX: ffffffffffffffda RBX: 00007f3926fe4f60 RCX: 00007f3926ed1b19 [ 128.550904] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000005 [ 128.551351] RBP: 00007f3926f2bf6d R08: 0000000000000000 R09: 0000000000000000 [ 128.551795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.552239] R13: 00007ffe7aa5dbbf R14: 00007f3924447300 R15: 0000000000022000 [ 128.552701] [ 128.552858] Modules linked in: [ 128.553068] CR2: ffffed100fffc000 [ 128.553294] ---[ end trace 0000000000000000 ]--- [ 128.553592] RIP: 0010:__memset+0x24/0x50 [ 128.553869] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 128.554970] RSP: 0018:ffff88803f857cc0 EFLAGS: 00010216 [ 128.555307] RAX: 0000000000000000 RBX: ffff88800bff9240 RCX: 1ffffe21fe601918 [ 128.555755] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 128.556198] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff248 [ 128.556649] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 128.557096] R13: ffff88800bff9240 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 128.557543] FS: 00007f3924447700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 128.558045] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.558412] CR2: ffffed100fffc000 CR3: 000000001ea72000 CR4: 0000000000350ee0 [ 128.724807] ieee80211 phy18: Selected rate control algorithm 'minstrel_ht' [ 128.748984] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 11:19:36 executing program 6: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) fchmod(r0, 0x0) 11:19:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x45, &(0x7f0000000280), 0x4) 11:19:36 executing program 6: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) fchmod(r0, 0x0) [ 128.971706] ieee80211 phy19: Selected rate control algorithm 'minstrel_ht' 11:19:36 executing program 6: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) fchmod(r0, 0x0) 11:19:36 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 129.138365] BUG: unable to handle page fault for address: ffffed100fffc000 [ 129.139058] #PF: supervisor write access in kernel mode [ 129.139548] #PF: error_code(0x0002) - not-present page [ 129.140029] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 129.140684] Oops: 0002 [#3] PREEMPT SMP KASAN NOPTI [ 129.141150] CPU: 0 PID: 4077 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 129.142020] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.142768] RIP: 0010:__memset+0x24/0x50 [ 129.143174] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 129.144833] RSP: 0018:ffff88803f83fcc0 EFLAGS: 00010216 [ 129.145324] RAX: 0000000000000000 RBX: ffff88800bff90c0 RCX: 1ffffe21fe601912 [ 129.145973] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 129.146625] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff218 [ 129.147278] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 129.147926] R13: ffff88800bff90c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f [ 129.148597] FS: 00007f7c4369d700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 129.149335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.149878] CR2: ffffed100fffc000 CR3: 000000003d3a6000 CR4: 0000000000350ef0 [ 129.150538] Call Trace: [ 129.150785] [ 129.151005] kasan_unpoison+0x23/0x60 [ 129.151378] mempool_exit+0x1c2/0x330 [ 129.151756] bioset_exit+0x2c9/0x630 [ 129.152122] disk_release+0x143/0x490 [ 129.152506] ? disk_release+0x0/0x490 [ 129.152873] ? device_release+0x0/0x250 [ 129.153256] device_release+0xa2/0x250 [ 129.153631] ? device_release+0x0/0x250 [ 129.154010] kobject_put+0x173/0x280 [ 129.154369] put_device+0x1b/0x40 [ 129.154707] put_disk+0x41/0x60 [ 129.155033] loop_control_ioctl+0x4d1/0x630 [ 129.155444] ? loop_control_ioctl+0x0/0x630 [ 129.155855] ? selinux_file_ioctl+0xb1/0x270 [ 129.156295] ? loop_control_ioctl+0x0/0x630 [ 129.156708] __x64_sys_ioctl+0x19a/0x220 [ 129.157101] do_syscall_64+0x3b/0xa0 [ 129.157473] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 129.157966] RIP: 0033:0x7f7c46127b19 [ 129.158317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.159969] RSP: 002b:00007f7c4369d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 129.160700] RAX: ffffffffffffffda RBX: 00007f7c4623af60 RCX: 00007f7c46127b19 [ 129.161359] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 129.162013] RBP: 00007f7c46181f6d R08: 0000000000000000 R09: 0000000000000000 [ 129.162674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.163340] R13: 00007ffe7ddafa2f R14: 00007f7c4369d300 R15: 0000000000022000 [ 129.164013] [ 129.164237] Modules linked in: [ 129.164557] CR2: ffffed100fffc000 [ 129.164883] ---[ end trace 0000000000000000 ]--- [ 129.165313] RIP: 0010:__memset+0x24/0x50 [ 129.165712] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 129.167392] RSP: 0018:ffff88803f857cc0 EFLAGS: 00010216 [ 129.167886] RAX: 0000000000000000 RBX: ffff88800bff9240 RCX: 1ffffe21fe601918 [ 129.168558] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 129.169202] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff248 [ 129.169860] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 129.170511] R13: ffff88800bff9240 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 129.171174] FS: 00007f7c4369d700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 129.171911] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.172454] CR2: ffffed100fffc000 CR3: 000000003d3a6000 CR4: 0000000000350ef0 [ 129.244901] BUG: unable to handle page fault for address: ffffed100fffc000 [ 129.245402] #PF: supervisor write access in kernel mode [ 129.245725] #PF: error_code(0x0002) - not-present page [ 129.246037] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 129.246447] Oops: 0002 [#4] PREEMPT SMP KASAN NOPTI [ 129.246754] CPU: 1 PID: 4097 Comm: syz-executor.3 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 129.247318] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.247809] RIP: 0010:__memset+0x24/0x50 [ 129.248078] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 129.249150] RSP: 0018:ffff888017727cc0 EFLAGS: 00010216 [ 129.249475] RAX: 0000000000000000 RBX: ffff88800bff9540 RCX: 1ffffe21fe601924 [ 129.249901] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 129.250325] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff2a8 [ 129.250750] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 129.251173] R13: ffff88800bff9540 R14: ffffffff815f27a0 R15: 1ffff1100111341f [ 129.251604] FS: 00007f72d2354700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 129.252085] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.252454] CR2: ffffed100fffc000 CR3: 0000000008f8c000 CR4: 0000000000350ee0 [ 129.252882] Call Trace: [ 129.253046] [ 129.253191] kasan_unpoison+0x23/0x60 [ 129.253435] mempool_exit+0x1c2/0x330 [ 129.253686] bioset_exit+0x2c9/0x630 [ 129.253929] disk_release+0x143/0x490 [ 129.254171] ? disk_release+0x0/0x490 [ 129.254411] ? device_release+0x0/0x250 [ 129.254662] device_release+0xa2/0x250 [ 129.254919] ? device_release+0x0/0x250 [ 129.255172] kobject_put+0x173/0x280 [ 129.255415] put_device+0x1b/0x40 [ 129.255641] put_disk+0x41/0x60 [ 129.255858] loop_control_ioctl+0x4d1/0x630 [ 129.256133] ? loop_control_ioctl+0x0/0x630 [ 129.256413] ? selinux_file_ioctl+0xb1/0x270 [ 129.256703] ? loop_control_ioctl+0x0/0x630 [ 129.256978] __x64_sys_ioctl+0x19a/0x220 [ 129.257240] do_syscall_64+0x3b/0xa0 [ 129.257486] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 129.257810] RIP: 0033:0x7f72d4ddeb19 [ 129.258046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.259126] RSP: 002b:00007f72d2354188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 129.259586] RAX: ffffffffffffffda RBX: 00007f72d4ef1f60 RCX: 00007f72d4ddeb19 [ 129.260015] RDX: 0000000000000003 RSI: 0000000000004c81 RDI: 0000000000000005 [ 129.260453] RBP: 00007f72d4e38f6d R08: 0000000000000000 R09: 0000000000000000 [ 129.260882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.261307] R13: 00007ffe7d2f293f R14: 00007f72d2354300 R15: 0000000000022000 [ 129.261746] [ 129.261896] Modules linked in: [ 129.262105] CR2: ffffed100fffc000 [ 129.262323] ---[ end trace 0000000000000000 ]--- [ 129.262608] RIP: 0010:__memset+0x24/0x50 [ 129.262870] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 129.263932] RSP: 0018:ffff88803f857cc0 EFLAGS: 00010216 [ 129.264253] RAX: 0000000000000000 RBX: ffff88800bff9240 RCX: 1ffffe21fe601918 [ 129.264682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 129.265107] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff248 [ 129.265531] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 129.265961] R13: ffff88800bff9240 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 129.266392] FS: 00007f72d2354700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 129.266877] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.267233] CR2: ffffed100fffc000 CR3: 0000000008f8c000 CR4: 0000000000350ee0 [ 129.370282] BUG: unable to handle page fault for address: ffffed100fffc000 [ 129.370777] #PF: supervisor write access in kernel mode [ 129.371105] #PF: error_code(0x0002) - not-present page [ 129.371429] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 129.371843] Oops: 0002 [#5] PREEMPT SMP KASAN NOPTI [ 129.372154] CPU: 1 PID: 4113 Comm: syz-executor.1 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 129.372740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.373231] RIP: 0010:__memset+0x24/0x50 [ 129.373508] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 129.374580] RSP: 0018:ffff8880405d7cc0 EFLAGS: 00010216 [ 129.374907] RAX: 0000000000000000 RBX: ffff88800bff96c0 RCX: 1ffffe21fe60192a [ 129.375341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 129.375775] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff2d8 [ 129.376213] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 129.376655] R13: ffff88800bff96c0 R14: ffffffff815f27a0 R15: 1ffff1100111541f [ 129.377093] FS: 00007fce47a36700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 129.377582] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.377944] CR2: ffffed100fffc000 CR3: 0000000016b4a000 CR4: 0000000000350ee0 [ 129.378386] Call Trace: [ 129.378554] [ 129.378704] kasan_unpoison+0x23/0x60 [ 129.378955] mempool_exit+0x1c2/0x330 [ 129.379279] bioset_exit+0x2c9/0x630 [ 129.379609] disk_release+0x143/0x490 [ 129.379947] ? disk_release+0x0/0x490 [ 129.380291] ? device_release+0x0/0x250 [ 129.380630] device_release+0xa2/0x250 [ 129.380968] ? device_release+0x0/0x250 [ 129.381315] kobject_put+0x173/0x280 [ 129.381648] put_device+0x1b/0x40 [ 129.381958] put_disk+0x41/0x60 [ 129.382249] loop_control_ioctl+0x4d1/0x630 [ 129.382615] ? loop_control_ioctl+0x0/0x630 [ 129.382984] ? selinux_file_ioctl+0xb1/0x270 [ 129.383380] ? loop_control_ioctl+0x0/0x630 [ 129.383757] __x64_sys_ioctl+0x19a/0x220 [ 129.384125] do_syscall_64+0x3b/0xa0 [ 129.384483] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 129.384923] RIP: 0033:0x7fce4a4c0b19 [ 129.385244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.386749] RSP: 002b:00007fce47a36188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 129.387387] RAX: ffffffffffffffda RBX: 00007fce4a5d3f60 RCX: 00007fce4a4c0b19 [ 129.387986] RDX: 0000000000000004 RSI: 0000000000004c81 RDI: 0000000000000005 [ 129.388591] RBP: 00007fce4a51af6d R08: 0000000000000000 R09: 0000000000000000 [ 129.389186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.389784] R13: 00007ffe2f87307f R14: 00007fce47a36300 R15: 0000000000022000 [ 129.390395] [ 129.390598] Modules linked in: [ 129.390877] CR2: ffffed100fffc000 [ 129.391175] ---[ end trace 0000000000000000 ]--- [ 129.391574] RIP: 0010:__memset+0x24/0x50 [ 129.391929] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 129.393451] RSP: 0018:ffff88803f857cc0 EFLAGS: 00010216 [ 129.393896] RAX: 0000000000000000 RBX: ffff88800bff9240 RCX: 1ffffe21fe601918 [ 129.394500] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 129.395091] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff248 [ 129.395679] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 129.396268] R13: ffff88800bff9240 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 129.396873] FS: 00007fce47a36700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 129.397522] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.398007] CR2: ffffed100fffc000 CR3: 0000000016b4a000 CR4: 0000000000350ee0 11:19:37 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:37 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:37 executing program 4: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="b406005a", @ANYRES16=r0, @ANYBLOB="02002bbd7000ffdbdf250e000000340003800800030038b60000080003000101000008000200090000000800010000000000080002000010000008000300020000006c0005804c00028008000400f8ffffff08000400ff03000008004200080000000800020004000000080002000300000008000400811a0000080003000500000008000200ed000000080003002000000008000100756470"], 0xb4}, 0x1, 0x0, 0x0, 0x2004c010}, 0x4000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x0, 0x20, 0x11}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x3000000, 0x13, r2, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0xff, 0x8, 0x1, 0x7, 0x0, 0x7, 0x18, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x2, @perf_bp={&(0x7f00000001c0), 0x8}, 0x100, 0x2, 0x7, 0x1b, 0x6, 0x0, 0xfff, 0x0, 0x2, 0x0, 0x80d7e}, 0x0, 0xd, r2, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, r2, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 11:19:37 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001d000100000000000000000004"], 0x1c}], 0x1}, 0x0) 11:19:37 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:37 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:37 executing program 5: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) fchmod(r0, 0x0) 11:19:37 executing program 6: socketpair(0x1, 0x80000, 0x0, &(0x7f0000000000)) gettid() lstat(&(0x7f0000002a00)='./file0\x00', 0x0) syz_mount_image$nfs(&(0x7f0000003d80), &(0x7f0000003dc0)='./file0\x00', 0x0, 0x3, &(0x7f0000004280)=[{&(0x7f0000003e00)="18", 0x1}, {&(0x7f0000003f00)="c0", 0x1}, {&(0x7f0000003fc0)='}', 0x1, 0x7fffffff}], 0x0, &(0x7f0000004300)={[], [{@dont_measure}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000004340), 0x40200, 0x0) syz_open_dev$hidraw(0x0, 0x1d5, 0x0) memfd_create(&(0x7f00000048c0)='%\x00', 0x0) syz_open_dev$hidraw(&(0x7f0000004900), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$nfs(&(0x7f0000004980), &(0x7f00000049c0)='.\x00', 0x0, 0x1, &(0x7f0000004d00)=[{&(0x7f0000004a00)="61c3fbc3b4b7b0dfe6b13750a213572b8fc347c5a93af2a9a40b", 0x1a, 0x9}], 0x848030, &(0x7f0000004d80)={[{'#p#&'}], [{@subj_role={'subj_role', 0x3d, '%@&'}}, {@appraise_type}, {@smackfshat={'smackfshat', 0x3d, '+-,'}}, {@obj_user={'obj_user', 0x3d, '*'}}, {@fowner_gt}, {@seclabel}, {@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}) [ 130.036158] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 130.038484] loop6: detected capacity change from 0 to 264192 [ 130.059518] ieee80211 phy20: Selected rate control algorithm 'minstrel_ht' [ 130.061212] nfs: Unknown parameter 'dont_measure' [ 130.108785] loop6: detected capacity change from 0 to 264192 11:19:37 executing program 5: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) fchmod(r0, 0x0) [ 130.122237] nfs: Unknown parameter 'dont_measure' [ 130.930291] BUG: unable to handle page fault for address: ffffed100fffc000 [ 130.931186] #PF: supervisor write access in kernel mode [ 130.931819] #PF: error_code(0x0002) - not-present page [ 130.932465] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 130.933281] Oops: 0002 [#6] PREEMPT SMP KASAN NOPTI [ 130.933896] CPU: 0 PID: 4135 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 130.935028] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 130.936005] RIP: 0010:__memset+0x24/0x50 [ 130.936563] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 130.938708] RSP: 0018:ffff888040e4fcc0 EFLAGS: 00010216 [ 130.939353] RAX: 0000000000000000 RBX: ffff88800bff9840 RCX: 1ffffe21fe601930 [ 130.940203] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 130.941074] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff308 [ 130.941929] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 130.942790] R13: ffff88800bff9840 R14: ffffffff815f27a0 R15: 1ffff110011d161f [ 130.943648] FS: 00007f7c4369d700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 130.944618] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.945345] CR2: ffffed100fffc000 CR3: 0000000039578000 CR4: 0000000000350ef0 [ 130.946221] Call Trace: [ 130.946542] [ 130.946827] kasan_unpoison+0x23/0x60 [ 130.947307] mempool_exit+0x1c2/0x330 [ 130.947797] bioset_exit+0x2c9/0x630 [ 130.948275] ? _raw_spin_unlock+0x24/0x50 [ 130.948823] ? blkg_destroy_all.isra.0+0x157/0x230 [ 130.949449] disk_release+0x143/0x490 [ 130.949931] ? disk_release+0x0/0x490 [ 130.950410] ? device_release+0x0/0x250 [ 130.950902] device_release+0xa2/0x250 [ 130.951390] ? device_release+0x0/0x250 [ 130.951879] kobject_put+0x173/0x280 [ 130.952357] put_device+0x1b/0x40 [ 130.952794] put_disk+0x41/0x60 [ 130.953215] loop_control_ioctl+0x4d1/0x630 [ 130.953755] ? loop_control_ioctl+0x0/0x630 [ 130.954303] ? selinux_file_ioctl+0xb1/0x270 [ 130.954876] ? loop_control_ioctl+0x0/0x630 [ 130.955417] __x64_sys_ioctl+0x19a/0x220 [ 130.955935] do_syscall_64+0x3b/0xa0 [ 130.956415] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 130.957049] RIP: 0033:0x7f7c46127b19 [ 130.957515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 130.959664] RSP: 002b:00007f7c4369d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 130.960594] RAX: ffffffffffffffda RBX: 00007f7c4623af60 RCX: 00007f7c46127b19 [ 130.961457] RDX: 0000000000000005 RSI: 0000000000004c81 RDI: 0000000000000005 [ 130.962316] RBP: 00007f7c46181f6d R08: 0000000000000000 R09: 0000000000000000 [ 130.963167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.964019] R13: 00007ffe7ddafa2f R14: 00007f7c4369d300 R15: 0000000000022000 [ 130.964885] [ 130.965188] Modules linked in: [ 130.965589] CR2: ffffed100fffc000 [ 130.966017] ---[ end trace 0000000000000000 ]--- [ 130.966584] RIP: 0010:__memset+0x24/0x50 [ 130.967108] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 130.969289] RSP: 0018:ffff88803f857cc0 EFLAGS: 00010216 [ 130.969935] RAX: 0000000000000000 RBX: ffff88800bff9240 RCX: 1ffffe21fe601918 [ 130.970793] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 130.971644] RBP: ffff88800c04b3c0 R08: 0000000000000005 R09: ffffed10017ff248 [ 130.972511] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c04b3c0 [ 130.973366] R13: ffff88800bff9240 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 130.974225] FS: 00007f7c4369d700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 130.975185] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.975889] CR2: ffffed100fffc000 CR3: 0000000039578000 CR4: 0000000000350ef0 11:19:40 executing program 4: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="b406005a", @ANYRES16=r0, @ANYBLOB="02002bbd7000ffdbdf250e000000340003800800030038b60000080003000101000008000200090000000800010000000000080002000010000008000300020000006c0005804c00028008000400f8ffffff08000400ff03000008004200080000000800020004000000080002000300000008000400811a0000080003000500000008000200ed000000080003002000000008000100756470"], 0xb4}, 0x1, 0x0, 0x0, 0x2004c010}, 0x4000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x0, 0x20, 0x11}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x3000000, 0x13, r2, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0xff, 0x8, 0x1, 0x7, 0x0, 0x7, 0x18, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x2, @perf_bp={&(0x7f00000001c0), 0x8}, 0x100, 0x2, 0x7, 0x1b, 0x6, 0x0, 0xfff, 0x0, 0x2, 0x0, 0x80d7e}, 0x0, 0xd, r2, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, r2, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 11:19:40 executing program 5: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) fchmod(r0, 0x0) 11:19:40 executing program 1: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="b406005a", @ANYRES16=r0, @ANYBLOB="02002bbd7000ffdbdf250e000000340003800800030038b60000080003000101000008000200090000000800010000000000080002000010000008000300020000006c0005804c00028008000400f8ffffff08000400ff03000008004200080000000800020004000000080002000300000008000400811a0000080003000500000008000200ed000000080003002000000008000100756470"], 0xb4}, 0x1, 0x0, 0x0, 0x2004c010}, 0x4000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x0, 0x20, 0x11}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x3000000, 0x13, r2, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0xff, 0x8, 0x1, 0x7, 0x0, 0x7, 0x18, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x2, @perf_bp={&(0x7f00000001c0), 0x8}, 0x100, 0x2, 0x7, 0x1b, 0x6, 0x0, 0xfff, 0x0, 0x2, 0x0, 0x80d7e}, 0x0, 0xd, r2, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, r2, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 11:19:40 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:40 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:40 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 11:19:40 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001d000100000000000000000004"], 0x1c}], 0x1}, 0x0) 11:19:40 executing program 6: socketpair(0x1, 0x80000, 0x0, &(0x7f0000000000)) gettid() lstat(&(0x7f0000002a00)='./file0\x00', 0x0) syz_mount_image$nfs(&(0x7f0000003d80), &(0x7f0000003dc0)='./file0\x00', 0x0, 0x3, &(0x7f0000004280)=[{&(0x7f0000003e00)="18", 0x1}, {&(0x7f0000003f00)="c0", 0x1}, {&(0x7f0000003fc0)='}', 0x1, 0x7fffffff}], 0x0, &(0x7f0000004300)={[], [{@dont_measure}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000004340), 0x40200, 0x0) syz_open_dev$hidraw(0x0, 0x1d5, 0x0) memfd_create(&(0x7f00000048c0)='%\x00', 0x0) syz_open_dev$hidraw(&(0x7f0000004900), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$nfs(&(0x7f0000004980), &(0x7f00000049c0)='.\x00', 0x0, 0x1, &(0x7f0000004d00)=[{&(0x7f0000004a00)="61c3fbc3b4b7b0dfe6b13750a213572b8fc347c5a93af2a9a40b", 0x1a, 0x9}], 0x848030, &(0x7f0000004d80)={[{'#p#&'}], [{@subj_role={'subj_role', 0x3d, '%@&'}}, {@appraise_type}, {@smackfshat={'smackfshat', 0x3d, '+-,'}}, {@obj_user={'obj_user', 0x3d, '*'}}, {@fowner_gt}, {@seclabel}, {@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}) [ 132.584948] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 132.585534] loop6: detected capacity change from 0 to 264192 [ 132.591782] ieee80211 phy21: Selected rate control algorithm 'minstrel_ht' [ 132.606970] nfs: Unknown parameter 'dont_measure' 11:19:40 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00') mount$9p_tcp(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), 0x5, &(0x7f0000000300)={'trans=tcp,', {}, 0x2c, {[{@version_u}, {@cache_fscache}, {@access_user}, {@mmap}, {@version_u}, {@msize={'msize', 0x3d, 0x7}}]}}) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400), 0x4}, 0x17182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000004c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) [ 132.704454] audit: type=1400 audit(1667215180.494:10): avc: denied { write } for pid=4169 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:19:40 executing program 6: socketpair(0x1, 0x80000, 0x0, &(0x7f0000000000)) gettid() lstat(&(0x7f0000002a00)='./file0\x00', 0x0) syz_mount_image$nfs(&(0x7f0000003d80), &(0x7f0000003dc0)='./file0\x00', 0x0, 0x3, &(0x7f0000004280)=[{&(0x7f0000003e00)="18", 0x1}, {&(0x7f0000003f00)="c0", 0x1}, {&(0x7f0000003fc0)='}', 0x1, 0x7fffffff}], 0x0, &(0x7f0000004300)={[], [{@dont_measure}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000004340), 0x40200, 0x0) syz_open_dev$hidraw(0x0, 0x1d5, 0x0) memfd_create(&(0x7f00000048c0)='%\x00', 0x0) syz_open_dev$hidraw(&(0x7f0000004900), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$nfs(&(0x7f0000004980), &(0x7f00000049c0)='.\x00', 0x0, 0x1, &(0x7f0000004d00)=[{&(0x7f0000004a00)="61c3fbc3b4b7b0dfe6b13750a213572b8fc347c5a93af2a9a40b", 0x1a, 0x9}], 0x848030, &(0x7f0000004d80)={[{'#p#&'}], [{@subj_role={'subj_role', 0x3d, '%@&'}}, {@appraise_type}, {@smackfshat={'smackfshat', 0x3d, '+-,'}}, {@obj_user={'obj_user', 0x3d, '*'}}, {@fowner_gt}, {@seclabel}, {@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}) 11:19:40 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001d000100000000000000000004"], 0x1c}], 0x1}, 0x0) 11:19:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCOUTQNSD(r0, 0x8923, &(0x7f00000003c0)) [ 132.835529] loop6: detected capacity change from 0 to 264192 [ 132.847402] nfs: Unknown parameter 'dont_measure' [ 132.884044] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 11:19:40 executing program 6: socketpair(0x1, 0x80000, 0x0, &(0x7f0000000000)) gettid() lstat(&(0x7f0000002a00)='./file0\x00', 0x0) syz_mount_image$nfs(&(0x7f0000003d80), &(0x7f0000003dc0)='./file0\x00', 0x0, 0x3, &(0x7f0000004280)=[{&(0x7f0000003e00)="18", 0x1}, {&(0x7f0000003f00)="c0", 0x1}, {&(0x7f0000003fc0)='}', 0x1, 0x7fffffff}], 0x0, &(0x7f0000004300)={[], [{@dont_measure}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000004340), 0x40200, 0x0) syz_open_dev$hidraw(0x0, 0x1d5, 0x0) memfd_create(&(0x7f00000048c0)='%\x00', 0x0) syz_open_dev$hidraw(&(0x7f0000004900), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$nfs(&(0x7f0000004980), &(0x7f00000049c0)='.\x00', 0x0, 0x1, &(0x7f0000004d00)=[{&(0x7f0000004a00)="61c3fbc3b4b7b0dfe6b13750a213572b8fc347c5a93af2a9a40b", 0x1a, 0x9}], 0x848030, &(0x7f0000004d80)={[{'#p#&'}], [{@subj_role={'subj_role', 0x3d, '%@&'}}, {@appraise_type}, {@smackfshat={'smackfshat', 0x3d, '+-,'}}, {@obj_user={'obj_user', 0x3d, '*'}}, {@fowner_gt}, {@seclabel}, {@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}) 11:19:41 executing program 7: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'}) syncfs(r0) 11:19:41 executing program 3: add_key$fscrypt_v1(0x0, &(0x7f0000000100)={'fscrypt:', @desc3}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000340)=0x2) 11:19:41 executing program 6: clock_gettime(0x6f2314faecb30f47, 0x0) [ 133.475877] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 133.529568] ieee80211 phy22: Selected rate control algorithm 'minstrel_ht' 11:19:41 executing program 4: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="b406005a", @ANYRES16=r0, @ANYBLOB="02002bbd7000ffdbdf250e000000340003800800030038b60000080003000101000008000200090000000800010000000000080002000010000008000300020000006c0005804c00028008000400f8ffffff08000400ff03000008004200080000000800020004000000080002000300000008000400811a0000080003000500000008000200ed000000080003002000000008000100756470"], 0xb4}, 0x1, 0x0, 0x0, 0x2004c010}, 0x4000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x0, 0x20, 0x11}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x3000000, 0x13, r2, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0xff, 0x8, 0x1, 0x7, 0x0, 0x7, 0x18, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x2, @perf_bp={&(0x7f00000001c0), 0x8}, 0x100, 0x2, 0x7, 0x1b, 0x6, 0x0, 0xfff, 0x0, 0x2, 0x0, 0x80d7e}, 0x0, 0xd, r2, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, r2, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 11:19:41 executing program 1: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="b406005a", @ANYRES16=r0, @ANYBLOB="02002bbd7000ffdbdf250e000000340003800800030038b60000080003000101000008000200090000000800010000000000080002000010000008000300020000006c0005804c00028008000400f8ffffff08000400ff03000008004200080000000800020004000000080002000300000008000400811a0000080003000500000008000200ed000000080003002000000008000100756470"], 0xb4}, 0x1, 0x0, 0x0, 0x2004c010}, 0x4000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x0, 0x20, 0x11}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x3000000, 0x13, r2, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0xff, 0x8, 0x1, 0x7, 0x0, 0x7, 0x18, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x2, @perf_bp={&(0x7f00000001c0), 0x8}, 0x100, 0x2, 0x7, 0x1b, 0x6, 0x0, 0xfff, 0x0, 0x2, 0x0, 0x80d7e}, 0x0, 0xd, r2, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, r2, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 11:19:41 executing program 6: clock_gettime(0x6f2314faecb30f47, 0x0) [ 133.985557] syz-executor.5 (4170) used greatest stack depth: 24504 bytes left 11:19:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCOUTQNSD(r0, 0x8923, &(0x7f00000003c0)) 11:19:41 executing program 3: add_key$fscrypt_v1(0x0, &(0x7f0000000100)={'fscrypt:', @desc3}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000340)=0x2) 11:19:41 executing program 6: clock_gettime(0x6f2314faecb30f47, 0x0) 11:19:41 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00') mount$9p_tcp(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), 0x5, &(0x7f0000000300)={'trans=tcp,', {}, 0x2c, {[{@version_u}, {@cache_fscache}, {@access_user}, {@mmap}, {@version_u}, {@msize={'msize', 0x3d, 0x7}}]}}) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400), 0x4}, 0x17182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000004c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:19:42 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00') mount$9p_tcp(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), 0x5, &(0x7f0000000300)={'trans=tcp,', {}, 0x2c, {[{@version_u}, {@cache_fscache}, {@access_user}, {@mmap}, {@version_u}, {@msize={'msize', 0x3d, 0x7}}]}}) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400), 0x4}, 0x17182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000004c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:19:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCOUTQNSD(r0, 0x8923, &(0x7f00000003c0)) 11:19:42 executing program 1: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, 0x0, 0x0) r0 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="b406005a", @ANYRES16=r0, @ANYBLOB="02002bbd7000ffdbdf250e000000340003800800030038b60000080003000101000008000200090000000800010000000000080002000010000008000300020000006c0005804c00028008000400f8ffffff08000400ff03000008004200080000000800020004000000080002000300000008000400811a0000080003000500000008000200ed000000080003002000000008000100756470"], 0xb4}, 0x1, 0x0, 0x0, 0x2004c010}, 0x4000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat2(0xffffffffffffffff, &(0x7f00000009c0)='./file1\x00', &(0x7f0000000a00)={0x0, 0x20, 0x11}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x3000000, 0x13, r2, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0xff, 0x8, 0x1, 0x7, 0x0, 0x7, 0x18, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x2, @perf_bp={&(0x7f00000001c0), 0x8}, 0x100, 0x2, 0x7, 0x1b, 0x6, 0x0, 0xfff, 0x0, 0x2, 0x0, 0x80d7e}, 0x0, 0xd, r2, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x40210}, 0x0, 0xffffffffffffffff, r2, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x0, 0x39a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 11:19:42 executing program 3: add_key$fscrypt_v1(0x0, &(0x7f0000000100)={'fscrypt:', @desc3}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000340)=0x2) [ 134.123293] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow 11:19:43 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00') mount$9p_tcp(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), 0x5, &(0x7f0000000300)={'trans=tcp,', {}, 0x2c, {[{@version_u}, {@cache_fscache}, {@access_user}, {@mmap}, {@version_u}, {@msize={'msize', 0x3d, 0x7}}]}}) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400), 0x4}, 0x17182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000004c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:19:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCOUTQNSD(r0, 0x8923, &(0x7f00000003c0)) 11:19:43 executing program 3: add_key$fscrypt_v1(0x0, &(0x7f0000000100)={'fscrypt:', @desc3}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000340)=0x2) 11:19:43 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00') mount$9p_tcp(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), 0x5, &(0x7f0000000300)={'trans=tcp,', {}, 0x2c, {[{@version_u}, {@cache_fscache}, {@access_user}, {@mmap}, {@version_u}, {@msize={'msize', 0x3d, 0x7}}]}}) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400), 0x4}, 0x17182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000004c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:19:43 executing program 6: clock_gettime(0x6f2314faecb30f47, 0x0) 11:19:43 executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x47f, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x29}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) 11:19:43 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000001800), 0x4) 11:19:43 executing program 7: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'}) syncfs(r0) [ 134.839738] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 136.031815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.047694] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 136.059184] misc raw-gadget: fail, usb_gadget_register_driver returned -16 11:19:43 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000000040)=ANY=[]) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000001b00)={0x14, r1, 0x1}, 0x14}}, 0x0) 11:19:43 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000001800), 0x4) 11:19:44 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) 11:19:44 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000001800), 0x4) [ 136.417084] loop6: detected capacity change from 0 to 256 [ 136.983242] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.984236] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.013906] syz-executor.5 (4240) used greatest stack depth: 23960 bytes left [ 137.084239] syz-executor.2 (4236) used greatest stack depth: 23872 bytes left [ 137.159936] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 11:19:45 executing program 7: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'}) syncfs(r0) 11:19:45 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) 11:19:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00') mount$9p_tcp(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), 0x5, &(0x7f0000000300)={'trans=tcp,', {}, 0x2c, {[{@version_u}, {@cache_fscache}, {@access_user}, {@mmap}, {@version_u}, {@msize={'msize', 0x3d, 0x7}}]}}) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400), 0x4}, 0x17182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000004c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:19:45 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00') mount$9p_tcp(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), 0x5, &(0x7f0000000300)={'trans=tcp,', {}, 0x2c, {[{@version_u}, {@cache_fscache}, {@access_user}, {@mmap}, {@version_u}, {@msize={'msize', 0x3d, 0x7}}]}}) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400), 0x4}, 0x17182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000004c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 11:19:45 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x75, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) 11:19:45 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000000040)=ANY=[]) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000001b00)={0x14, r1, 0x1}, 0x14}}, 0x0) 11:19:45 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000001800), 0x4) 11:19:45 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000000040)=ANY=[]) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000001b00)={0x14, r1, 0x1}, 0x14}}, 0x0) 11:19:45 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) [ 137.355238] loop6: detected capacity change from 0 to 256 [ 137.664886] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) VM DIAGNOSIS: 11:19:36 Registers: info registers vcpu 0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82451091 RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff88803f8574e0 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000038 R11=0000000000000001 R12=0000000000000038 R13=ffffffff879a19a0 R14=0000000000000010 R15=ffffffff82451080 RIP=ffffffff824510e9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7c4369d700 00000000 00000000 GS =0000 ffff88806d000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe414f1d3000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe414f1d1000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed100fffc000 CR3=000000003d8c6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffffff8438e5a0 RBX=ffff88800855d040 RCX=ffffffff8436f172 RDX=ffffed100da26799 RSI=0000000000000001 RDI=ffffffff8438ea93 RBP=0000000000000001 RSP=ffff888008597e58 R8 =0000000000000000 R9 =ffff88806d133cc3 R10=ffffed100da26798 R11=0000000000000001 R12=ffffed10010aba08 R13=ffffffff8590bb10 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff8438e5ab RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806d100000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe4ac3e8b000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe4ac3e89000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffbbaa02330 CR3=00000000175f8000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000