Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:25734' (ECDSA) to the list of known hosts. 2022/11/01 12:13:54 fuzzer started 2022/11/01 12:13:54 dialing manager at localhost:42881 syzkaller login: [ 34.733868] cgroup: Unknown subsys name 'net' [ 34.780822] cgroup: Unknown subsys name 'rlimit' 2022/11/01 12:14:07 syscalls: 2217 2022/11/01 12:14:07 code coverage: enabled 2022/11/01 12:14:07 comparison tracing: enabled 2022/11/01 12:14:07 extra coverage: enabled 2022/11/01 12:14:07 setuid sandbox: enabled 2022/11/01 12:14:07 namespace sandbox: enabled 2022/11/01 12:14:07 Android sandbox: enabled 2022/11/01 12:14:07 fault injection: enabled 2022/11/01 12:14:07 leak checking: enabled 2022/11/01 12:14:07 net packet injection: enabled 2022/11/01 12:14:07 net device setup: enabled 2022/11/01 12:14:07 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/11/01 12:14:07 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/11/01 12:14:07 USB emulation: enabled 2022/11/01 12:14:07 hci packet injection: enabled 2022/11/01 12:14:07 wifi device emulation: enabled 2022/11/01 12:14:07 802.15.4 emulation: enabled 2022/11/01 12:14:07 fetching corpus: 0, signal 0/2000 (executing program) 2022/11/01 12:14:07 fetching corpus: 50, signal 37684/41127 (executing program) 2022/11/01 12:14:07 fetching corpus: 100, signal 50158/55013 (executing program) 2022/11/01 12:14:08 fetching corpus: 150, signal 62575/68713 (executing program) 2022/11/01 12:14:08 fetching corpus: 200, signal 67402/74933 (executing program) 2022/11/01 12:14:08 fetching corpus: 250, signal 73459/82270 (executing program) 2022/11/01 12:14:08 fetching corpus: 300, signal 78631/88696 (executing program) 2022/11/01 12:14:08 fetching corpus: 350, signal 83417/94693 (executing program) 2022/11/01 12:14:08 fetching corpus: 400, signal 87795/100182 (executing program) 2022/11/01 12:14:08 fetching corpus: 450, signal 90030/103660 (executing program) 2022/11/01 12:14:08 fetching corpus: 500, signal 96634/111064 (executing program) 2022/11/01 12:14:08 fetching corpus: 550, signal 99894/115350 (executing program) 2022/11/01 12:14:09 fetching corpus: 600, signal 101970/118502 (executing program) 2022/11/01 12:14:09 fetching corpus: 650, signal 106004/123409 (executing program) 2022/11/01 12:14:09 fetching corpus: 700, signal 110078/128288 (executing program) 2022/11/01 12:14:09 fetching corpus: 750, signal 114207/133163 (executing program) 2022/11/01 12:14:09 fetching corpus: 800, signal 116488/136330 (executing program) 2022/11/01 12:14:09 fetching corpus: 850, signal 118041/138841 (executing program) 2022/11/01 12:14:09 fetching corpus: 900, signal 121744/143124 (executing program) 2022/11/01 12:14:09 fetching corpus: 950, signal 124513/146605 (executing program) 2022/11/01 12:14:10 fetching corpus: 1000, signal 126265/149154 (executing program) 2022/11/01 12:14:10 fetching corpus: 1050, signal 127630/151377 (executing program) 2022/11/01 12:14:10 fetching corpus: 1100, signal 129854/154316 (executing program) 2022/11/01 12:14:10 fetching corpus: 1150, signal 131897/157094 (executing program) 2022/11/01 12:14:10 fetching corpus: 1200, signal 134438/160268 (executing program) 2022/11/01 12:14:10 fetching corpus: 1250, signal 136435/162957 (executing program) 2022/11/01 12:14:10 fetching corpus: 1300, signal 138893/166001 (executing program) 2022/11/01 12:14:10 fetching corpus: 1350, signal 141272/168925 (executing program) 2022/11/01 12:14:11 fetching corpus: 1400, signal 143631/171824 (executing program) 2022/11/01 12:14:11 fetching corpus: 1450, signal 146071/174710 (executing program) 2022/11/01 12:14:11 fetching corpus: 1500, signal 147152/176496 (executing program) 2022/11/01 12:14:11 fetching corpus: 1550, signal 148911/178803 (executing program) 2022/11/01 12:14:11 fetching corpus: 1600, signal 152150/182283 (executing program) 2022/11/01 12:14:11 fetching corpus: 1650, signal 153438/184208 (executing program) 2022/11/01 12:14:11 fetching corpus: 1700, signal 155409/186617 (executing program) 2022/11/01 12:14:12 fetching corpus: 1750, signal 157319/188917 (executing program) 2022/11/01 12:14:12 fetching corpus: 1800, signal 159112/191133 (executing program) 2022/11/01 12:14:12 fetching corpus: 1850, signal 160386/192920 (executing program) 2022/11/01 12:14:12 fetching corpus: 1900, signal 162193/195080 (executing program) 2022/11/01 12:14:12 fetching corpus: 1950, signal 163313/196705 (executing program) 2022/11/01 12:14:12 fetching corpus: 2000, signal 166056/199501 (executing program) 2022/11/01 12:14:12 fetching corpus: 2050, signal 167332/201212 (executing program) 2022/11/01 12:14:12 fetching corpus: 2100, signal 169147/203269 (executing program) 2022/11/01 12:14:13 fetching corpus: 2150, signal 171019/205347 (executing program) 2022/11/01 12:14:13 fetching corpus: 2200, signal 172027/206806 (executing program) 2022/11/01 12:14:13 fetching corpus: 2250, signal 173545/208590 (executing program) 2022/11/01 12:14:13 fetching corpus: 2300, signal 174606/210084 (executing program) 2022/11/01 12:14:13 fetching corpus: 2350, signal 175779/211626 (executing program) 2022/11/01 12:14:13 fetching corpus: 2400, signal 176842/213048 (executing program) 2022/11/01 12:14:13 fetching corpus: 2450, signal 177746/214317 (executing program) 2022/11/01 12:14:13 fetching corpus: 2500, signal 178923/215777 (executing program) 2022/11/01 12:14:14 fetching corpus: 2550, signal 179640/216943 (executing program) 2022/11/01 12:14:14 fetching corpus: 2600, signal 180643/218306 (executing program) 2022/11/01 12:14:14 fetching corpus: 2650, signal 181400/219510 (executing program) 2022/11/01 12:14:14 fetching corpus: 2700, signal 182371/220832 (executing program) 2022/11/01 12:14:14 fetching corpus: 2750, signal 184470/222753 (executing program) 2022/11/01 12:14:14 fetching corpus: 2800, signal 185692/224158 (executing program) 2022/11/01 12:14:14 fetching corpus: 2850, signal 186554/225325 (executing program) 2022/11/01 12:14:14 fetching corpus: 2900, signal 187693/226662 (executing program) 2022/11/01 12:14:15 fetching corpus: 2950, signal 188858/227985 (executing program) 2022/11/01 12:14:15 fetching corpus: 3000, signal 189893/229213 (executing program) 2022/11/01 12:14:15 fetching corpus: 3050, signal 191113/230473 (executing program) 2022/11/01 12:14:15 fetching corpus: 3100, signal 192294/231780 (executing program) 2022/11/01 12:14:15 fetching corpus: 3150, signal 193317/232947 (executing program) 2022/11/01 12:14:15 fetching corpus: 3200, signal 193835/233860 (executing program) 2022/11/01 12:14:15 fetching corpus: 3250, signal 194969/235065 (executing program) 2022/11/01 12:14:15 fetching corpus: 3300, signal 195996/236238 (executing program) 2022/11/01 12:14:16 fetching corpus: 3350, signal 196930/237373 (executing program) 2022/11/01 12:14:16 fetching corpus: 3400, signal 197785/238407 (executing program) 2022/11/01 12:14:16 fetching corpus: 3450, signal 198692/239450 (executing program) 2022/11/01 12:14:16 fetching corpus: 3500, signal 199524/240442 (executing program) 2022/11/01 12:14:16 fetching corpus: 3550, signal 200296/241396 (executing program) 2022/11/01 12:14:16 fetching corpus: 3600, signal 201326/242489 (executing program) 2022/11/01 12:14:16 fetching corpus: 3650, signal 202575/243625 (executing program) 2022/11/01 12:14:16 fetching corpus: 3700, signal 203608/244669 (executing program) 2022/11/01 12:14:17 fetching corpus: 3750, signal 204107/245440 (executing program) 2022/11/01 12:14:17 fetching corpus: 3800, signal 205136/246423 (executing program) 2022/11/01 12:14:17 fetching corpus: 3850, signal 205822/247290 (executing program) 2022/11/01 12:14:17 fetching corpus: 3900, signal 206857/248238 (executing program) 2022/11/01 12:14:17 fetching corpus: 3950, signal 207727/249090 (executing program) 2022/11/01 12:14:17 fetching corpus: 4000, signal 208335/249882 (executing program) 2022/11/01 12:14:17 fetching corpus: 4050, signal 209865/251050 (executing program) 2022/11/01 12:14:18 fetching corpus: 4100, signal 210805/251931 (executing program) 2022/11/01 12:14:18 fetching corpus: 4150, signal 211807/252804 (executing program) 2022/11/01 12:14:18 fetching corpus: 4200, signal 212528/253578 (executing program) 2022/11/01 12:14:18 fetching corpus: 4250, signal 213317/254401 (executing program) 2022/11/01 12:14:18 fetching corpus: 4300, signal 214107/255193 (executing program) 2022/11/01 12:14:18 fetching corpus: 4350, signal 214784/255884 (executing program) 2022/11/01 12:14:18 fetching corpus: 4400, signal 215405/256571 (executing program) 2022/11/01 12:14:18 fetching corpus: 4450, signal 216652/257519 (executing program) 2022/11/01 12:14:19 fetching corpus: 4500, signal 217616/258307 (executing program) 2022/11/01 12:14:19 fetching corpus: 4550, signal 218268/258971 (executing program) 2022/11/01 12:14:19 fetching corpus: 4600, signal 219119/259678 (executing program) 2022/11/01 12:14:19 fetching corpus: 4650, signal 219834/260357 (executing program) 2022/11/01 12:14:19 fetching corpus: 4700, signal 220593/260996 (executing program) 2022/11/01 12:14:19 fetching corpus: 4750, signal 221182/261615 (executing program) 2022/11/01 12:14:19 fetching corpus: 4800, signal 221955/262288 (executing program) 2022/11/01 12:14:19 fetching corpus: 4850, signal 222598/262969 (executing program) 2022/11/01 12:14:19 fetching corpus: 4900, signal 222985/263515 (executing program) 2022/11/01 12:14:20 fetching corpus: 4950, signal 223727/264127 (executing program) 2022/11/01 12:14:20 fetching corpus: 5000, signal 224620/264799 (executing program) 2022/11/01 12:14:20 fetching corpus: 5050, signal 225538/265428 (executing program) 2022/11/01 12:14:20 fetching corpus: 5100, signal 226178/265970 (executing program) 2022/11/01 12:14:20 fetching corpus: 5150, signal 226758/266488 (executing program) 2022/11/01 12:14:20 fetching corpus: 5200, signal 227275/267036 (executing program) 2022/11/01 12:14:20 fetching corpus: 5250, signal 227768/267517 (executing program) 2022/11/01 12:14:21 fetching corpus: 5300, signal 228597/268078 (executing program) 2022/11/01 12:14:21 fetching corpus: 5350, signal 229330/268595 (executing program) 2022/11/01 12:14:21 fetching corpus: 5400, signal 229789/269018 (executing program) 2022/11/01 12:14:21 fetching corpus: 5450, signal 230456/269514 (executing program) 2022/11/01 12:14:21 fetching corpus: 5500, signal 231033/269996 (executing program) 2022/11/01 12:14:21 fetching corpus: 5550, signal 231827/270466 (executing program) 2022/11/01 12:14:21 fetching corpus: 5600, signal 232583/270964 (executing program) 2022/11/01 12:14:21 fetching corpus: 5650, signal 233049/271419 (executing program) 2022/11/01 12:14:21 fetching corpus: 5700, signal 233567/271829 (executing program) 2022/11/01 12:14:22 fetching corpus: 5750, signal 234123/272253 (executing program) 2022/11/01 12:14:22 fetching corpus: 5800, signal 234642/272653 (executing program) 2022/11/01 12:14:22 fetching corpus: 5850, signal 235126/273077 (executing program) 2022/11/01 12:14:22 fetching corpus: 5900, signal 236124/273520 (executing program) 2022/11/01 12:14:22 fetching corpus: 5950, signal 236784/273913 (executing program) 2022/11/01 12:14:22 fetching corpus: 6000, signal 237099/274264 (executing program) 2022/11/01 12:14:22 fetching corpus: 6050, signal 237901/274677 (executing program) 2022/11/01 12:14:22 fetching corpus: 6100, signal 238272/275040 (executing program) 2022/11/01 12:14:23 fetching corpus: 6150, signal 238972/275399 (executing program) 2022/11/01 12:14:23 fetching corpus: 6200, signal 239467/275726 (executing program) 2022/11/01 12:14:23 fetching corpus: 6250, signal 240005/276085 (executing program) 2022/11/01 12:14:23 fetching corpus: 6300, signal 240533/276403 (executing program) 2022/11/01 12:14:23 fetching corpus: 6350, signal 240954/276737 (executing program) 2022/11/01 12:14:23 fetching corpus: 6400, signal 241731/277075 (executing program) 2022/11/01 12:14:23 fetching corpus: 6450, signal 242348/277404 (executing program) 2022/11/01 12:14:23 fetching corpus: 6500, signal 243284/277740 (executing program) 2022/11/01 12:14:23 fetching corpus: 6550, signal 243856/278047 (executing program) 2022/11/01 12:14:24 fetching corpus: 6600, signal 244329/278318 (executing program) 2022/11/01 12:14:24 fetching corpus: 6650, signal 244738/278589 (executing program) 2022/11/01 12:14:24 fetching corpus: 6700, signal 245312/278879 (executing program) 2022/11/01 12:14:24 fetching corpus: 6750, signal 245732/279140 (executing program) 2022/11/01 12:14:24 fetching corpus: 6800, signal 246232/279414 (executing program) 2022/11/01 12:14:24 fetching corpus: 6850, signal 246782/279667 (executing program) 2022/11/01 12:14:24 fetching corpus: 6900, signal 247343/279933 (executing program) 2022/11/01 12:14:24 fetching corpus: 6950, signal 248047/280074 (executing program) 2022/11/01 12:14:25 fetching corpus: 7000, signal 248471/280074 (executing program) 2022/11/01 12:14:25 fetching corpus: 7050, signal 249056/280076 (executing program) 2022/11/01 12:14:25 fetching corpus: 7100, signal 249456/280076 (executing program) 2022/11/01 12:14:25 fetching corpus: 7150, signal 249808/280076 (executing program) 2022/11/01 12:14:25 fetching corpus: 7200, signal 250235/280076 (executing program) 2022/11/01 12:14:25 fetching corpus: 7250, signal 250618/280077 (executing program) 2022/11/01 12:14:25 fetching corpus: 7300, signal 250931/280077 (executing program) 2022/11/01 12:14:25 fetching corpus: 7350, signal 251473/280077 (executing program) 2022/11/01 12:14:26 fetching corpus: 7400, signal 251787/280079 (executing program) 2022/11/01 12:14:26 fetching corpus: 7450, signal 252098/280079 (executing program) 2022/11/01 12:14:26 fetching corpus: 7500, signal 252512/280079 (executing program) 2022/11/01 12:14:26 fetching corpus: 7550, signal 252940/280083 (executing program) 2022/11/01 12:14:26 fetching corpus: 7600, signal 253429/280083 (executing program) 2022/11/01 12:14:26 fetching corpus: 7650, signal 254007/280083 (executing program) 2022/11/01 12:14:26 fetching corpus: 7700, signal 254528/280083 (executing program) 2022/11/01 12:14:26 fetching corpus: 7750, signal 255112/280085 (executing program) 2022/11/01 12:14:27 fetching corpus: 7800, signal 255695/280091 (executing program) 2022/11/01 12:14:27 fetching corpus: 7850, signal 256231/280118 (executing program) 2022/11/01 12:14:27 fetching corpus: 7900, signal 256696/280146 (executing program) 2022/11/01 12:14:27 fetching corpus: 7950, signal 257063/280146 (executing program) 2022/11/01 12:14:27 fetching corpus: 8000, signal 257695/280146 (executing program) 2022/11/01 12:14:27 fetching corpus: 8049, signal 258118/280152 (executing program) 2022/11/01 12:14:27 fetching corpus: 8099, signal 258686/280152 (executing program) 2022/11/01 12:14:27 fetching corpus: 8149, signal 259271/280152 (executing program) 2022/11/01 12:14:28 fetching corpus: 8199, signal 259637/280152 (executing program) 2022/11/01 12:14:28 fetching corpus: 8249, signal 260081/280152 (executing program) 2022/11/01 12:14:28 fetching corpus: 8299, signal 260606/280152 (executing program) 2022/11/01 12:14:28 fetching corpus: 8349, signal 260886/280152 (executing program) 2022/11/01 12:14:28 fetching corpus: 8399, signal 261340/280152 (executing program) 2022/11/01 12:14:28 fetching corpus: 8449, signal 261705/280152 (executing program) 2022/11/01 12:14:28 fetching corpus: 8499, signal 262074/280154 (executing program) 2022/11/01 12:14:28 fetching corpus: 8549, signal 262446/280155 (executing program) 2022/11/01 12:14:28 fetching corpus: 8599, signal 262775/280155 (executing program) 2022/11/01 12:14:29 fetching corpus: 8649, signal 263101/280155 (executing program) 2022/11/01 12:14:29 fetching corpus: 8699, signal 263655/280155 (executing program) 2022/11/01 12:14:29 fetching corpus: 8749, signal 264108/280155 (executing program) 2022/11/01 12:14:29 fetching corpus: 8799, signal 264420/280157 (executing program) 2022/11/01 12:14:29 fetching corpus: 8849, signal 264907/280158 (executing program) 2022/11/01 12:14:29 fetching corpus: 8899, signal 265291/280165 (executing program) 2022/11/01 12:14:29 fetching corpus: 8949, signal 265766/280166 (executing program) 2022/11/01 12:14:30 fetching corpus: 8999, signal 266399/280171 (executing program) 2022/11/01 12:14:30 fetching corpus: 9049, signal 266686/280171 (executing program) 2022/11/01 12:14:30 fetching corpus: 9099, signal 267049/280171 (executing program) 2022/11/01 12:14:30 fetching corpus: 9149, signal 267342/280171 (executing program) 2022/11/01 12:14:30 fetching corpus: 9199, signal 267935/280171 (executing program) 2022/11/01 12:14:30 fetching corpus: 9249, signal 268289/280173 (executing program) 2022/11/01 12:14:30 fetching corpus: 9299, signal 268681/280173 (executing program) 2022/11/01 12:14:30 fetching corpus: 9349, signal 269014/280181 (executing program) 2022/11/01 12:14:30 fetching corpus: 9399, signal 269346/280181 (executing program) 2022/11/01 12:14:30 fetching corpus: 9449, signal 269793/280181 (executing program) 2022/11/01 12:14:31 fetching corpus: 9499, signal 270267/280263 (executing program) 2022/11/01 12:14:31 fetching corpus: 9549, signal 270737/280263 (executing program) 2022/11/01 12:14:31 fetching corpus: 9599, signal 271165/280263 (executing program) 2022/11/01 12:14:31 fetching corpus: 9649, signal 271418/280263 (executing program) 2022/11/01 12:14:31 fetching corpus: 9699, signal 272082/280263 (executing program) 2022/11/01 12:14:31 fetching corpus: 9749, signal 272354/280263 (executing program) 2022/11/01 12:14:31 fetching corpus: 9799, signal 272551/280263 (executing program) 2022/11/01 12:14:31 fetching corpus: 9848, signal 272952/280298 (executing program) 2022/11/01 12:14:31 fetching corpus: 9898, signal 273129/280301 (executing program) 2022/11/01 12:14:31 fetching corpus: 9948, signal 273486/280303 (executing program) 2022/11/01 12:14:32 fetching corpus: 9998, signal 273701/280303 (executing program) 2022/11/01 12:14:32 fetching corpus: 10047, signal 274026/280303 (executing program) 2022/11/01 12:14:32 fetching corpus: 10097, signal 274377/280303 (executing program) 2022/11/01 12:14:32 fetching corpus: 10114, signal 274466/280303 (executing program) 2022/11/01 12:14:32 fetching corpus: 10114, signal 274466/280303 (executing program) 2022/11/01 12:14:35 starting 8 fuzzer processes 12:14:35 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[], 0x820) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x7fffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 12:14:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 12:14:35 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r0, 0x8) 12:14:35 executing program 2: symlinkat(&(0x7f0000000000)='./file1/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) 12:14:35 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00', 0x0, 0x0, 0x1}, 0x20) 12:14:35 executing program 4: prctl$PR_CAP_AMBIENT(0x2f, 0x1, 0x0) [ 74.963827] audit: type=1400 audit(1667304875.121:6): avc: denied { execmem } for pid=282 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:14:35 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/ip_tables_matches\x00') mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) 12:14:35 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r0, 0x3, 0x0, 0x87ffffc) [ 76.283240] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.284920] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.288211] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.289164] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.293470] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.293566] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.299626] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.303259] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.304517] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.311491] Bluetooth: hci0: HCI_REQ-0x0c1a [ 76.335360] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.347518] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.350591] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.359013] Bluetooth: hci1: HCI_REQ-0x0c1a [ 76.395837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.399489] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.400723] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.418372] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.422399] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 76.424385] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.435526] Bluetooth: hci4: HCI_REQ-0x0c1a [ 76.470566] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 76.477494] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 76.481728] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 76.482311] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 76.496245] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 76.499289] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 76.501367] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 76.514620] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 76.520333] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.526277] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 76.527637] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.533712] Bluetooth: hci6: HCI_REQ-0x0c1a [ 76.543743] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.550288] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 76.555585] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 76.557008] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 76.564581] Bluetooth: hci7: HCI_REQ-0x0c1a [ 76.640396] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.651910] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 76.654456] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 76.669318] Bluetooth: hci5: HCI_REQ-0x0c1a [ 78.366558] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 78.367477] Bluetooth: hci0: command 0x0409 tx timeout [ 78.368021] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 78.429147] Bluetooth: hci1: command 0x0409 tx timeout [ 78.493157] Bluetooth: hci4: command 0x0409 tx timeout [ 78.558150] Bluetooth: hci6: command 0x0409 tx timeout [ 78.621205] Bluetooth: hci7: command 0x0409 tx timeout [ 78.686454] Bluetooth: hci5: command 0x0409 tx timeout [ 80.414160] Bluetooth: hci0: command 0x041b tx timeout [ 80.478168] Bluetooth: hci1: command 0x041b tx timeout [ 80.542186] Bluetooth: hci4: command 0x041b tx timeout [ 80.605157] Bluetooth: hci6: command 0x041b tx timeout [ 80.670181] Bluetooth: hci7: command 0x041b tx timeout [ 80.734152] Bluetooth: hci5: command 0x041b tx timeout [ 81.137816] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.139253] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.141249] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.145581] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.146819] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 81.147517] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.150228] Bluetooth: hci2: HCI_REQ-0x0c1a [ 81.421007] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.437266] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.437959] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.439922] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.440996] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 81.442520] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.461232] Bluetooth: hci3: HCI_REQ-0x0c1a [ 82.462117] Bluetooth: hci0: command 0x040f tx timeout [ 82.525125] Bluetooth: hci1: command 0x040f tx timeout [ 82.589130] Bluetooth: hci4: command 0x040f tx timeout [ 82.653123] Bluetooth: hci6: command 0x040f tx timeout [ 82.718245] Bluetooth: hci7: command 0x040f tx timeout [ 82.782110] Bluetooth: hci5: command 0x040f tx timeout [ 83.165202] Bluetooth: hci2: command 0x0409 tx timeout [ 83.486140] Bluetooth: hci3: command 0x0409 tx timeout [ 84.510120] Bluetooth: hci0: command 0x0419 tx timeout [ 84.574163] Bluetooth: hci1: command 0x0419 tx timeout [ 84.638175] Bluetooth: hci4: command 0x0419 tx timeout [ 84.701163] Bluetooth: hci6: command 0x0419 tx timeout [ 84.765154] Bluetooth: hci7: command 0x0419 tx timeout [ 84.829117] Bluetooth: hci5: command 0x0419 tx timeout [ 85.214134] Bluetooth: hci2: command 0x041b tx timeout [ 85.534163] Bluetooth: hci3: command 0x041b tx timeout [ 87.261132] Bluetooth: hci2: command 0x040f tx timeout [ 87.582199] Bluetooth: hci3: command 0x040f tx timeout [ 89.310122] Bluetooth: hci2: command 0x0419 tx timeout [ 89.629151] Bluetooth: hci3: command 0x0419 tx timeout [ 129.267909] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.268964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.272281] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 129.451321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.451947] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.454380] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 12:15:30 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffb000/0x1000)=nil, 0x3) [ 130.602989] audit: type=1400 audit(1667304930.760:7): avc: denied { open } for pid=3739 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 130.604708] audit: type=1400 audit(1667304930.760:8): avc: denied { kernel } for pid=3739 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 12:15:30 executing program 5: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:15:30 executing program 5: r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000940), 0x82801, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DVD_READ_STRUCT(r0, 0x5309, &(0x7f0000000100)=@bca={0x3, 0xbc, "8238e3ab89ee7185fc0dd6d559ca06e4c87a42b9ee0b8fecc955c2d429a871fa892dbb74d05594ed37d30cf909238a49248d58d853c858e7b8c8dbcdac8bfd8214148aab15a8bdd7176b88a923bb886b4b6c62d94744227ad982f8c4d00be7ce0cf70304d6c961a0ccedb0cbbc4378f45950f13efa2ba77fe8c92fe431e30dcf0cce1ca6e9a99698b5829c27f326295b1b490c7bd55918b40fdcf63406e4b9bf4ee523fa832ee7f4edfb615f03e54bca64a342a97422fdb6f126c18a"}) [ 130.773986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 130.775009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.776212] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 130.901548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 130.902608] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.903880] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 130.963961] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 130.965216] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.966486] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 12:15:31 executing program 5: r0 = syz_io_uring_setup(0x2b2, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITEV={0x2, 0x0, 0x3, @fd_index, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 12:15:31 executing program 5: r0 = syz_io_uring_setup(0x2b2, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITEV={0x2, 0x0, 0x3, @fd_index, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) [ 131.178320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.178949] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.180726] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 12:15:31 executing program 5: r0 = syz_io_uring_setup(0x2b2, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITEV={0x2, 0x0, 0x3, @fd_index, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 12:15:31 executing program 5: r0 = syz_io_uring_setup(0x2b2, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITEV={0x2, 0x0, 0x3, @fd_index, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 12:15:31 executing program 5: sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8000}]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x6}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa38}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x80}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x814}, 0x40000) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r1, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200242, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) [ 131.729077] hrtimer: interrupt took 17002 ns [ 132.064120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.064695] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.066143] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 132.382335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.383139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.385378] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 132.400812] BUG: unable to handle page fault for address: ffffed100fffc000 [ 132.401360] #PF: supervisor write access in kernel mode [ 132.401682] #PF: error_code(0x0002) - not-present page [ 132.401999] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 132.402823] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 132.404260] CPU: 0 PID: 3809 Comm: syz-executor.5 Not tainted 6.1.0-rc3-next-20221101 #1 [ 132.406916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 132.407485] RIP: 0010:__memset+0x24/0x50 [ 132.407794] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 132.409049] RSP: 0018:ffff88801e17fcc0 EFLAGS: 00010212 [ 132.409420] RAX: 0000000000000000 RBX: ffff88800c03d0c0 RCX: 1ffffe21fe602ceb [ 132.409910] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 132.410403] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807a18 [ 132.410896] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 132.411389] R13: ffff88800c03d0c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 132.411886] FS: 00007fc6eb625700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 132.412464] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.412871] CR2: ffffed100fffc000 CR3: 0000000016830000 CR4: 0000000000350ef0 [ 132.413469] Call Trace: [ 132.413721] [ 132.413942] kasan_unpoison+0x23/0x60 [ 132.414316] mempool_exit+0x1c2/0x330 [ 132.414694] bioset_exit+0x2c9/0x630 [ 132.415065] disk_release+0x143/0x490 [ 132.415455] ? disk_release+0x0/0x490 [ 132.415830] ? device_release+0x0/0x250 [ 132.416226] device_release+0xa2/0x250 [ 132.416601] ? device_release+0x0/0x250 [ 132.416988] kobject_put+0x173/0x280 [ 132.417357] put_device+0x1b/0x40 [ 132.417701] put_disk+0x41/0x60 [ 132.418033] loop_control_ioctl+0x4d1/0x630 [ 132.418451] ? loop_control_ioctl+0x0/0x630 [ 132.418874] ? loop_control_ioctl+0x0/0x630 [ 132.419295] __x64_sys_ioctl+0x19a/0x220 [ 132.419696] do_syscall_64+0x3b/0xa0 [ 132.420036] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 132.420505] RIP: 0033:0x7fc6ee0afb19 [ 132.420831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 132.421987] RSP: 002b:00007fc6eb625188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 132.422444] RAX: ffffffffffffffda RBX: 00007fc6ee1c2f60 RCX: 00007fc6ee0afb19 [ 132.422877] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 132.423307] RBP: 00007fc6ee109f6d R08: 0000000000000000 R09: 0000000000000000 [ 132.423738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.424172] R13: 00007ffff496cecf R14: 00007fc6eb625300 R15: 0000000000022000 [ 132.424607] [ 132.424754] Modules linked in: [ 132.424956] CR2: ffffed100fffc000 [ 132.425174] ---[ end trace 0000000000000000 ]--- [ 132.425457] RIP: 0010:__memset+0x24/0x50 [ 132.425720] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 132.426785] RSP: 0018:ffff88801e17fcc0 EFLAGS: 00010212 [ 132.427106] RAX: 0000000000000000 RBX: ffff88800c03d0c0 RCX: 1ffffe21fe602ceb [ 132.427532] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 132.427956] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807a18 [ 132.428397] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 132.428822] R13: ffff88800c03d0c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 132.429251] FS: 00007fc6eb625700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 132.429733] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.430084] CR2: ffffed100fffc000 CR3: 0000000016830000 CR4: 0000000000350ef0 [ 132.566897] BUG: unable to handle page fault for address: ffffed100fffc000 [ 132.567518] #PF: supervisor write access in kernel mode [ 132.567954] #PF: error_code(0x0002) - not-present page [ 132.568395] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 132.568950] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI [ 132.569373] CPU: 0 PID: 3815 Comm: syz-executor.5 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 132.570158] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 132.570825] RIP: 0010:__memset+0x24/0x50 [ 132.571182] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 132.572665] RSP: 0018:ffff8880180bfcc0 EFLAGS: 00010212 [ 132.573116] RAX: 0000000000000000 RBX: ffff88800c03d240 RCX: 1ffffe21fe602cf1 [ 132.573720] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 132.574311] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807a48 [ 132.574908] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 132.575493] R13: ffff88800c03d240 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 132.576069] FS: 00007fc6eb604700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 132.576748] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.577229] CR2: ffffed100fffc000 CR3: 0000000016830000 CR4: 0000000000350ef0 [ 132.577824] Call Trace: [ 132.578048] [ 132.578244] kasan_unpoison+0x23/0x60 [ 132.578577] mempool_exit+0x1c2/0x330 [ 132.578909] bioset_exit+0x2c9/0x630 [ 132.579215] ? _raw_spin_unlock+0x24/0x50 [ 132.579562] ? blkg_destroy_all.isra.0+0x157/0x230 [ 132.579996] disk_release+0x143/0x490 [ 132.580342] ? disk_release+0x0/0x490 [ 132.580659] ? device_release+0x0/0x250 [ 132.580990] device_release+0xa2/0x250 [ 132.581322] ? device_release+0x0/0x250 [ 132.581659] kobject_put+0x173/0x280 [ 132.581906] put_device+0x1b/0x40 [ 132.582132] put_disk+0x41/0x60 [ 132.582348] loop_control_ioctl+0x4d1/0x630 [ 132.582626] ? loop_control_ioctl+0x0/0x630 [ 132.582898] ? selinux_file_ioctl+0xb1/0x270 [ 132.583187] ? loop_control_ioctl+0x0/0x630 [ 132.583460] __x64_sys_ioctl+0x19a/0x220 [ 132.583723] do_syscall_64+0x3b/0xa0 [ 132.583966] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 132.584290] RIP: 0033:0x7fc6ee0afb19 [ 132.584525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 132.585592] RSP: 002b:00007fc6eb604188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 132.586048] RAX: ffffffffffffffda RBX: 00007fc6ee1c3020 RCX: 00007fc6ee0afb19 [ 132.586481] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000005 [ 132.586908] RBP: 00007fc6ee109f6d R08: 0000000000000000 R09: 0000000000000000 [ 132.587337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.587764] R13: 00007ffff496cecf R14: 00007fc6eb604300 R15: 0000000000022000 [ 132.588209] [ 132.588368] Modules linked in: [ 132.588582] CR2: ffffed100fffc000 [ 132.588803] ---[ end trace 0000000000000000 ]--- [ 132.589102] RIP: 0010:__memset+0x24/0x50 [ 132.589376] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 132.590493] RSP: 0018:ffff88801e17fcc0 EFLAGS: 00010212 [ 132.590824] RAX: 0000000000000000 RBX: ffff88800c03d0c0 RCX: 1ffffe21fe602ceb [ 132.591270] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 132.591705] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807a18 [ 132.592135] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 132.592564] R13: ffff88800c03d0c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 132.592989] FS: 00007fc6eb604700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 132.593468] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.593817] CR2: ffffed100fffc000 CR3: 0000000016830000 CR4: 0000000000350ef0 [ 132.717900] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' [ 132.742697] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.743265] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.743975] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 132.747909] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht' [ 132.810943] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht' [ 132.824166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.824668] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.825519] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 132.880813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.881573] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.882496] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 132.896006] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' [ 132.918718] syz-executor.0 (3831) used greatest stack depth: 23800 bytes left [ 132.928023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.928552] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.929618] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 133.789581] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht' [ 133.808212] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.808681] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.809294] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 133.811857] ieee80211 phy15: Selected rate control algorithm 'minstrel_ht' [ 133.824171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.824637] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.825608] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 134.910344] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht' [ 134.919876] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.920477] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.921133] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 134.924328] ieee80211 phy17: Selected rate control algorithm 'minstrel_ht' [ 134.941312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.941824] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.942441] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 12:15:35 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[], 0x820) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x7fffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 12:15:35 executing program 5: sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8000}]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x6}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa38}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x80}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x814}, 0x40000) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r1, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200242, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 12:15:35 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r0, 0x8) 12:15:35 executing program 7: sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8000}]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x6}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa38}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x80}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x814}, 0x40000) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r1, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200242, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 12:15:35 executing program 4: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 12:15:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 12:15:35 executing program 6: sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8000}]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x6}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa38}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x80}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x814}, 0x40000) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r1, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200242, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 12:15:35 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000240), 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/locks\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000700)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000006c0)}, 0x68) write$binfmt_aout(r1, &(0x7f0000000780)={{0x10b, 0xff, 0x0, 0x60, 0x97, 0x5, 0x2c}, "cc829d2af9e8a22c5b10f8ee580ec5cfb148e34819d9c4072e5b2edc67eb0a9c818c7c21e4039e1e4953e8acada1"}, 0x4e) sendfile(0xffffffffffffffff, r0, 0x0, 0xd7) sched_getparam(0x0, &(0x7f0000000080)) r2 = open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', 0x800) perf_event_open(&(0x7f0000000600)={0x2, 0x80, 0x7, 0x8, 0x5, 0x48, 0x0, 0x9, 0x8a00, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000300), 0xa}, 0x1000, 0x9, 0x8, 0x0, 0x8, 0x5, 0x200, 0x0, 0x40}, 0x0, 0x6, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f00000001c0)={0x6, 0x80, 0x61, 0xff, 0x5, 0x20, 0x0, 0x4, 0x40000, 0x9, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x100, 0x6}, 0x1014, 0x8, 0x3a6, 0x7, 0x2, 0xb9a, 0x8, 0x0, 0x100, 0x0, 0x22}, 0x0, 0x8000004, r2, 0x9) r3 = syz_open_dev$vcsu(&(0x7f0000000000), 0x7ff, 0x4080) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r3) 12:15:35 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r0, 0x8) [ 135.514961] BUG: unable to handle page fault for address: ffffed100fffc000 [ 135.515498] #PF: supervisor write access in kernel mode [ 135.515864] #PF: error_code(0x0002) - not-present page [ 135.516231] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 135.516686] Oops: 0002 [#3] PREEMPT SMP KASAN NOPTI [ 135.517034] CPU: 1 PID: 4001 Comm: syz-executor.5 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 135.517678] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 135.518244] RIP: 0010:__memset+0x24/0x50 [ 135.518551] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 135.519752] RSP: 0018:ffff888041107cc0 EFLAGS: 00010212 [ 135.520125] RAX: 0000000000000000 RBX: ffff88800c03d540 RCX: 1ffffe21fe602cfd [ 135.520621] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 135.521119] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807aa8 [ 135.521596] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 135.522058] R13: ffff88800c03d540 R14: ffffffff815f2620 R15: 1ffff110011af81f [ 135.522528] FS: 00007fc6eb604700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 135.523060] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.523438] CR2: ffffed100fffc000 CR3: 00000000167ac000 CR4: 0000000000350ee0 [ 135.523921] Call Trace: [ 135.524096] [ 135.524262] kasan_unpoison+0x23/0x60 [ 135.524526] mempool_exit+0x1c2/0x330 [ 135.524792] bioset_exit+0x2c9/0x630 [ 135.525052] ? _raw_spin_unlock+0x24/0x50 [ 135.525363] ? blkg_destroy_all.isra.0+0x157/0x230 [ 135.525726] disk_release+0x143/0x490 [ 135.525998] ? disk_release+0x0/0x490 [ 135.526271] ? device_release+0x0/0x250 [ 135.526558] device_release+0xa2/0x250 [ 135.526834] ? device_release+0x0/0x250 [ 135.527109] kobject_put+0x173/0x280 [ 135.527376] put_device+0x1b/0x40 [ 135.527617] put_disk+0x41/0x60 [ 135.527852] loop_control_ioctl+0x4d1/0x630 [ 135.528149] ? loop_control_ioctl+0x0/0x630 [ 135.528449] ? selinux_file_ioctl+0xb1/0x270 [ 135.528757] ? loop_control_ioctl+0x0/0x630 [ 135.529054] __x64_sys_ioctl+0x19a/0x220 [ 135.529343] do_syscall_64+0x3b/0xa0 [ 135.529604] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 135.529953] RIP: 0033:0x7fc6ee0afb19 [ 135.530204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 135.531393] RSP: 002b:00007fc6eb604188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 135.531907] RAX: ffffffffffffffda RBX: 00007fc6ee1c3020 RCX: 00007fc6ee0afb19 [ 135.532407] RDX: 0000000000000003 RSI: 0000000000004c81 RDI: 0000000000000005 [ 135.532896] RBP: 00007fc6ee109f6d R08: 0000000000000000 R09: 0000000000000000 [ 135.533391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 135.533879] R13: 00007ffff496cecf R14: 00007fc6eb604300 R15: 0000000000022000 [ 135.534367] [ 135.534534] Modules linked in: [ 135.534767] CR2: ffffed100fffc000 [ 135.535016] ---[ end trace 0000000000000000 ]--- [ 135.535343] RIP: 0010:__memset+0x24/0x50 [ 135.535638] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 135.536900] RSP: 0018:ffff88801e17fcc0 EFLAGS: 00010212 [ 135.537270] RAX: 0000000000000000 RBX: ffff88800c03d0c0 RCX: 1ffffe21fe602ceb [ 135.537777] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 135.538275] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807a18 [ 135.538771] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 135.539270] R13: ffff88800c03d0c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 135.539776] FS: 00007fc6eb604700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 135.540344] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.540750] CR2: ffffed100fffc000 CR3: 00000000167ac000 CR4: 0000000000350ee0 12:15:35 executing program 4: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 12:15:35 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r0, 0x8) [ 135.622117] BUG: unable to handle page fault for address: ffffed100fffc000 [ 135.622701] #PF: supervisor write access in kernel mode [ 135.623094] #PF: error_code(0x0002) - not-present page [ 135.623484] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 135.623985] Oops: 0002 [#4] PREEMPT SMP KASAN NOPTI [ 135.624384] CPU: 1 PID: 3995 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 135.625088] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 135.625709] RIP: 0010:__memset+0x24/0x50 [ 135.626044] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 135.627364] RSP: 0018:ffff88804181fcc0 EFLAGS: 00010212 [ 135.627748] RAX: 0000000000000000 RBX: ffff88800c03d3c0 RCX: 1ffffe21fe602cf7 [ 135.628262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 135.628773] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807a78 [ 135.629281] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 135.629755] R13: ffff88800c03d3c0 R14: ffffffff815f2620 R15: 1ffff110011ad81f [ 135.630242] FS: 00007fc77de8a700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 135.630782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.631171] CR2: ffffed100fffc000 CR3: 000000004046e000 CR4: 0000000000350ee0 [ 135.631652] Call Trace: [ 135.631836] [ 135.631992] kasan_unpoison+0x23/0x60 [ 135.632283] mempool_exit+0x1c2/0x330 [ 135.632559] bioset_exit+0x2c9/0x630 [ 135.632827] disk_release+0x143/0x490 [ 135.633104] ? disk_release+0x0/0x490 [ 135.633389] ? device_release+0x0/0x250 [ 135.633679] device_release+0xa2/0x250 [ 135.633970] ? device_release+0x0/0x250 [ 135.634277] kobject_put+0x173/0x280 [ 135.634574] put_device+0x1b/0x40 [ 135.634845] put_disk+0x41/0x60 [ 135.635099] loop_control_ioctl+0x4d1/0x630 [ 135.635426] ? loop_control_ioctl+0x0/0x630 [ 135.635744] ? selinux_file_ioctl+0xb1/0x270 [ 135.636088] ? loop_control_ioctl+0x0/0x630 [ 135.636427] __x64_sys_ioctl+0x19a/0x220 [ 135.636737] do_syscall_64+0x3b/0xa0 [ 135.637026] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 135.637410] RIP: 0033:0x7fc780914b19 [ 135.637690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 135.638969] RSP: 002b:00007fc77de8a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 135.639529] RAX: ffffffffffffffda RBX: 00007fc780a27f60 RCX: 00007fc780914b19 [ 135.640037] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000005 [ 135.640560] RBP: 00007fc78096ef6d R08: 0000000000000000 R09: 0000000000000000 [ 135.641071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 135.641584] R13: 00007ffe04663fdf R14: 00007fc77de8a300 R15: 0000000000022000 [ 135.642106] [ 135.642278] Modules linked in: [ 135.642519] CR2: ffffed100fffc000 [ 135.642786] ---[ end trace 0000000000000000 ]--- [ 135.643146] RIP: 0010:__memset+0x24/0x50 [ 135.643475] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 135.644820] RSP: 0018:ffff88801e17fcc0 EFLAGS: 00010212 [ 135.645208] RAX: 0000000000000000 RBX: ffff88800c03d0c0 RCX: 1ffffe21fe602ceb [ 135.645723] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 135.646236] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807a18 [ 135.646749] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 135.647255] R13: ffff88800c03d0c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 135.647772] FS: 00007fc77de8a700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 135.648377] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.648811] CR2: ffffed100fffc000 CR3: 000000004046e000 CR4: 0000000000350ee0 12:15:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 12:15:35 executing program 6: sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8000}]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x6}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa38}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x80}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x814}, 0x40000) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r1, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200242, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 12:15:35 executing program 4: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 12:15:35 executing program 3: r0 = socket$nl_audit(0x10, 0x3, 0x9) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000002580)=0x3, 0x4) 12:15:35 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000240), 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/locks\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000700)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000006c0)}, 0x68) write$binfmt_aout(r1, &(0x7f0000000780)={{0x10b, 0xff, 0x0, 0x60, 0x97, 0x5, 0x2c}, "cc829d2af9e8a22c5b10f8ee580ec5cfb148e34819d9c4072e5b2edc67eb0a9c818c7c21e4039e1e4953e8acada1"}, 0x4e) sendfile(0xffffffffffffffff, r0, 0x0, 0xd7) sched_getparam(0x0, &(0x7f0000000080)) r2 = open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', 0x800) perf_event_open(&(0x7f0000000600)={0x2, 0x80, 0x7, 0x8, 0x5, 0x48, 0x0, 0x9, 0x8a00, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000300), 0xa}, 0x1000, 0x9, 0x8, 0x0, 0x8, 0x5, 0x200, 0x0, 0x40}, 0x0, 0x6, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f00000001c0)={0x6, 0x80, 0x61, 0xff, 0x5, 0x20, 0x0, 0x4, 0x40000, 0x9, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x100, 0x6}, 0x1014, 0x8, 0x3a6, 0x7, 0x2, 0xb9a, 0x8, 0x0, 0x100, 0x0, 0x22}, 0x0, 0x8000004, r2, 0x9) r3 = syz_open_dev$vcsu(&(0x7f0000000000), 0x7ff, 0x4080) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r3) [ 135.931857] BUG: unable to handle page fault for address: ffffed100fffc000 [ 135.932489] #PF: supervisor write access in kernel mode [ 135.932881] #PF: error_code(0x0002) - not-present page [ 135.933279] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 135.933791] Oops: 0002 [#5] PREEMPT SMP KASAN NOPTI [ 135.934170] CPU: 1 PID: 4021 Comm: syz-executor.6 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 135.934878] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 135.935488] RIP: 0010:__memset+0x24/0x50 [ 135.935816] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 135.937153] RSP: 0018:ffff888041187cc0 EFLAGS: 00010212 [ 135.937564] RAX: 0000000000000000 RBX: ffff88800c03d6c0 RCX: 1ffffe21fe602d03 [ 135.938100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 135.938637] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807ad8 [ 135.939164] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 135.939690] R13: ffff88800c03d6c0 R14: ffffffff815f2620 R15: 1ffff110011af01f [ 135.940232] FS: 00007f2299748700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 135.940832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.941266] CR2: ffffed100fffc000 CR3: 0000000013dac000 CR4: 0000000000350ee0 [ 135.941801] Call Trace: [ 135.942001] [ 135.942181] kasan_unpoison+0x23/0x60 [ 135.942473] mempool_exit+0x1c2/0x330 [ 135.942772] bioset_exit+0x2c9/0x630 [ 135.943066] disk_release+0x143/0x490 [ 135.943365] ? disk_release+0x0/0x490 [ 135.943665] ? device_release+0x0/0x250 [ 135.943970] device_release+0xa2/0x250 [ 135.944284] ? device_release+0x0/0x250 [ 135.944593] kobject_put+0x173/0x280 [ 135.944882] put_device+0x1b/0x40 [ 135.945151] put_disk+0x41/0x60 [ 135.945410] loop_control_ioctl+0x4d1/0x630 [ 135.945746] ? loop_control_ioctl+0x0/0x630 [ 135.946077] ? selinux_file_ioctl+0xb1/0x270 [ 135.946432] ? loop_control_ioctl+0x0/0x630 [ 135.946774] __x64_sys_ioctl+0x19a/0x220 [ 135.947089] do_syscall_64+0x3b/0xa0 [ 135.947391] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 135.947782] RIP: 0033:0x7f229c1d2b19 [ 135.948065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 135.949421] RSP: 002b:00007f2299748188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 135.949992] RAX: ffffffffffffffda RBX: 00007f229c2e5f60 RCX: 00007f229c1d2b19 [ 135.950524] RDX: 0000000000000004 RSI: 0000000000004c81 RDI: 0000000000000005 [ 135.951060] RBP: 00007f229c22cf6d R08: 0000000000000000 R09: 0000000000000000 [ 135.951583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 135.952126] R13: 00007ffcc274e9df R14: 00007f2299748300 R15: 0000000000022000 [ 135.952686] [ 135.952868] Modules linked in: [ 135.953121] CR2: ffffed100fffc000 [ 135.953388] ---[ end trace 0000000000000000 ]--- [ 135.953752] RIP: 0010:__memset+0x24/0x50 [ 135.954077] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 135.955422] RSP: 0018:ffff88801e17fcc0 EFLAGS: 00010212 [ 135.955817] RAX: 0000000000000000 RBX: ffff88800c03d0c0 RCX: 1ffffe21fe602ceb [ 135.956365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 135.956905] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807a18 [ 135.957438] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 135.957972] R13: ffff88800c03d0c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 135.958501] FS: 00007f2299748700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 135.959105] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.959534] CR2: ffffed100fffc000 CR3: 0000000013dac000 CR4: 0000000000350ee0 12:15:36 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[], 0x820) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x7fffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 12:15:36 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0) ppoll(&(0x7f0000000240)=[{r0}], 0x1, 0x0, 0x0, 0x0) 12:15:36 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000240), 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/locks\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000700)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000006c0)}, 0x68) write$binfmt_aout(r1, &(0x7f0000000780)={{0x10b, 0xff, 0x0, 0x60, 0x97, 0x5, 0x2c}, "cc829d2af9e8a22c5b10f8ee580ec5cfb148e34819d9c4072e5b2edc67eb0a9c818c7c21e4039e1e4953e8acada1"}, 0x4e) sendfile(0xffffffffffffffff, r0, 0x0, 0xd7) sched_getparam(0x0, &(0x7f0000000080)) r2 = open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', 0x800) perf_event_open(&(0x7f0000000600)={0x2, 0x80, 0x7, 0x8, 0x5, 0x48, 0x0, 0x9, 0x8a00, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000300), 0xa}, 0x1000, 0x9, 0x8, 0x0, 0x8, 0x5, 0x200, 0x0, 0x40}, 0x0, 0x6, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f00000001c0)={0x6, 0x80, 0x61, 0xff, 0x5, 0x20, 0x0, 0x4, 0x40000, 0x9, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x100, 0x6}, 0x1014, 0x8, 0x3a6, 0x7, 0x2, 0xb9a, 0x8, 0x0, 0x100, 0x0, 0x22}, 0x0, 0x8000004, r2, 0x9) r3 = syz_open_dev$vcsu(&(0x7f0000000000), 0x7ff, 0x4080) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r3) 12:15:36 executing program 4: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 12:15:36 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 12:15:36 executing program 5: sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8000}]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x6}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa38}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x80}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x814}, 0x40000) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r1, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200242, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 12:15:36 executing program 7: sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8000}]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x6}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa38}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x80}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x814}, 0x40000) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r1, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200242, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 12:15:36 executing program 6: sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8000}]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x6}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa38}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x80}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x814}, 0x40000) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r1, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200242, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 12:15:37 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0) ppoll(&(0x7f0000000240)=[{r0}], 0x1, 0x0, 0x0, 0x0) 12:15:37 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x40043311, 0x0) 12:15:37 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0) ppoll(&(0x7f0000000240)=[{r0}], 0x1, 0x0, 0x0, 0x0) 12:15:37 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x40043311, 0x0) 12:15:37 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0) ppoll(&(0x7f0000000240)=[{r0}], 0x1, 0x0, 0x0, 0x0) 12:15:37 executing program 5: sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8000}]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x6}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa38}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x80}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x814}, 0x40000) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r1, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200242, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 12:15:37 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x40043311, 0x0) 12:15:37 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000000240), 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/locks\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000700)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000006c0)}, 0x68) write$binfmt_aout(r1, &(0x7f0000000780)={{0x10b, 0xff, 0x0, 0x60, 0x97, 0x5, 0x2c}, "cc829d2af9e8a22c5b10f8ee580ec5cfb148e34819d9c4072e5b2edc67eb0a9c818c7c21e4039e1e4953e8acada1"}, 0x4e) sendfile(0xffffffffffffffff, r0, 0x0, 0xd7) sched_getparam(0x0, &(0x7f0000000080)) r2 = open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', 0x800) perf_event_open(&(0x7f0000000600)={0x2, 0x80, 0x7, 0x8, 0x5, 0x48, 0x0, 0x9, 0x8a00, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000300), 0xa}, 0x1000, 0x9, 0x8, 0x0, 0x8, 0x5, 0x200, 0x0, 0x40}, 0x0, 0x6, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f00000001c0)={0x6, 0x80, 0x61, 0xff, 0x5, 0x20, 0x0, 0x4, 0x40000, 0x9, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x100, 0x6}, 0x1014, 0x8, 0x3a6, 0x7, 0x2, 0xb9a, 0x8, 0x0, 0x100, 0x0, 0x22}, 0x0, 0x8000004, r2, 0x9) r3 = syz_open_dev$vcsu(&(0x7f0000000000), 0x7ff, 0x4080) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r3) 12:15:38 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[], 0x820) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x7fffffff) sendfile(r1, r0, 0x0, 0xfffffdef) 12:15:38 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="232120af024a2620"], 0xb) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) 12:15:38 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x40043311, 0x0) 12:15:38 executing program 7: sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8000}]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x6}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa38}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x80}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x814}, 0x40000) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r1, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200242, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) 12:15:38 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = dup(r0) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff}, 0x6) write$bt_hci(r1, 0x0, 0x6) 12:15:38 executing program 5: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLY\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x17\xa2\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\x92#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x06L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x84\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\xd00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xfe\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\xd6\xcf\xf6\xb5\x82\xb7\x9dA\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/L\x01\xe2\xba|\xf0\x01)PP\xcdl\x06\xfc\x15;qZ\xb1u\xc9\xd0\xd16~JEGm\xe4\x1e@\x9dG\xe4@\xdf\xba\'\x8b\x1cD\xc7\xec\xd1@}tR\xd9P\xf4N\xe3\xd8x\xa0\x91\x17\xc2}\x13\b\xca\t(Z\xa3_\xa1\x90\x15T\x93\xe7%\x98\xa7\xfb\x8bp/eq\x93\xbf\x1f =|\xf3\xb1\xfcR\xd8\nM,\xcb%@\'\x15\x88\xd8\xad\f\x91|\x95\x8fq+\x98\x81W\xba\x9f\xe0elOt\xbd\by\r\x87\x1c\xba\xbd\x8e+S>\xb8\xe29\x91h^x\xfb`\x00\xdd/\xa6\xb1\x16=\xa1bw\xc5I\xb1\x00'/549, 0x0) sendfile(r0, r0, 0x0, 0x0) 12:15:38 executing program 1: r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000940), 0x82801, 0x0) ioctl$DVD_READ_STRUCT(r0, 0x1260, &(0x7f0000000980)=@disckey={0x2, 0x0, "aafce814e79ba4c40b771fdf992daf946962261788c79cf680f7fe944dfeea464dfc868945312cefd4074a2f44fbfdfd1d46e241c3fc8bf7d537074b234356f0ba9b1dec584de8324e547b36ab66ead37e285432f5845d1ddcae2bf99ac8d164bc4a5e821609fa3b3a72ab92b7c768b17116dde5a096e9744beb2f05b1a1197426bb784af797b1a9a18f963ebd14ed1b580dc3458633e59c6b791b31575fa2b2ec6cd8b85e16afd67f60d2d43f903135ba03edad0f8990225544ad0db262f9f34bb5a1be04940232e8fc5e1cf96f2147c4ab0cd6bae874ede232cc1242fcf2d84ea04dc7f45ad392d05e18dca95badf5629de8aa2bdddef8003617ca5f4d4bfcc3010d9e408ec72eb3b5d3455c1a0fdf032d828002d8a1106d73b0cf4f7cb358e4b1c2013a369a5bc6fdd3c8fda927801bc25f9fef01f83fc4ca9118c65ef597bfb55edf337ac25c07a91d9c79b5acc9da3682734343eea66d6595925ddebee146df6ab37bcd6a5503318233251c90f691f00bf8410efaab08d3b8a0276c5ae0d3fbdcf19cfa61e114f0176cc9e8c32716146e46eb2181acfc87316cfaf9439809a6a4e9859e0c09a98e8bddb2f50e148d8edcc7b2082ddd94b7cdcce6a36a4cada51fb88e6e38346485c2702547e1fa031a49dfa9f4df80cd5f05907bc82e96d9bb5cb9adbe53301f7a33310d1b67b4bf3e7c7adfb89ed750f9ef2734efa6912b28caff37a8f79272bdc5038cf2f0553fcf542a401a53b9f7171ac7424a83c8aa73761468855076980ea45d078ade4b68be71eaa1dcbf5d9c6a3810a7a33a594ac6c0fa829eea5955b6725a5bfb4fe2cf820fa7d9c89a63cfc1b053de356d57c6c34b690ee808fa1d8d442fbf0c7228446df6f37a17c3ea4d01c5cf311063def31879512a6efecfb25203fc9b24697826b63c9fee28f236191b3b3baf1fd97ec23400c793d354d00177bddcd2e4ccc2c15ed8996de2bce8b7d48726a6845aca5eeb11f3d0ac4467503f4984944f55dc628b8ac04f78e28420948b73123ebb07b67b6440765a9d800f649dc3a469e486a39d00e2ec935bbfaa3aac8a91afcd532098f7db918f8e1d3823cd2fb86524609518d6d989c7ca4cd61fcb776686e53b0be08d58be424c3cb55633133664924773b64930fcdc7233a96421e65af9632decb5856545756e90bbb546e26c55999cf63370ebd86197eb906c81d1a7a7f712e3dc215035a1f74e18a2070c6dee15708548434e42b0f8756ece5c93ab726457da066e3129157389e820cac27858907ea152b8695223aec399436ac95b91bc292d84967019b185fae036b8b5f05ce9b4b445a7440a817ac13596091aba91c613a12c115467d738bf193908ad43377bebbb6ae45302cb574d3a09e070f0ef3028d73e7d27bbb059f6753700545cd666d21b25c24f62f7069a0740d098bde801ee2c47868581f99c044e36185f809fc35be2fd5fa9e4be6d23d405f0b4d222b1d206b5d06447c1fc2fd19890f0be4780e95654c0374d9ec31a9bbbe6afdc64fb6c02cf70f6ef500d92addc962e01c1ae226c6830641ee44dbf89abdc7ad213e6c4c5c032a893cff30aa8556f0dc397fd37e13807626a895aee6533694a56f0b7c0e3fb5dabd392269084122b631e8abecc154bf10f0de97210f321317266b2b2db45614d3b083d7c037a0b9ec6c5aa738cac3d2c6f39b41454bc908997eb5db3af7700afb62c127c974f7ac6c9272cb90a80981f8c6c2ac285c1df0839bda6156e0434bb0fc2009a0a9f3e057b955a6756de14de6b50ade77211b173af74365428071cec5523b6c70712c51ca37c89abc24c05e1f3683de154d9d55cbee4da6a2247f3f02f562925bd621e89840427ff135d917520dd29461cc35d0ca32f7a4e3765ba953692eb1fd37e387f8b18c0ea9e0902b25d894b10b7cd5a6727ddcf15cfba6343c1f4ad0185e257da94dff6747cdd9b99bc705e1bca2a73cdd593a9d309176f91c6a4b7c510449846a0afe9372b762c2c5a8746c5cff5a5f9855d81b8aa829ab136857c792ec539049dc7004fa90eb54d259c9f280c6ffbdd466ebdbd5668cd8d621030022df7c39cf68501cd38f8ba4ef1662488ea65ab0d723c8b839310efc949a1e0b4aba68ba181924e25b6c0bc9d0e3270c4344e0a08610d528494db7485f81cd5a7c8a9c966630c5eea096eae60f7d79d78fd9e1cdfd734439d4def5e5948cba1fdfa8ee1829ff65fc5258c2b46f2fbae7660c6428e7a73344fd752dab931d13720bb54c3b2687a954c6a5c270af82e988627134ed13c741aae17e69088345626505eede5b9e7c7a12af7cc1a0d288061d0d68ad20cacb791c97a31ae00e17e6c8eed63bb648b1d1492295ed8a6df6468d160cc2b472305aa5639fae7231cab95d873ac8cd3fb460ca42413b3ffcf1ad23b03daa2b4d6b0aec5146a415de1f490aad062df09a1de6cf49e8f702ff8eb6b1f6760610ef3e63dc1b133556521838db50cfc910f2bfcfb5899df02ffd63214f0a7ccd8fe083444296a180df7a54baf733e40ecd1cd0c80de30d208e3beac31296358326052c0bf0d61091d658c0a5335c77765e50603ee4d1de50eebc5738e26beda971b40460bcdca5a483a08f395b8169fccbe24d5db8b2dec304609dfb9aa316cc773269ecebe5486497d2eaff6a098ec30f24dc61fddfa1cc884f172377b2a334aa49dc132c371eabc4a6451a61e33f4145710d3b7a4270ca7cedd0ac488514a6f5e94066b4cf8e4f30f38cb833b50994bb760e3f0495f3cad44ad67bb4da5cd13b3b1ca5cdb5f885775f37c1c571e5ab43794cd242aa2b004fdcd40105bd4442fb59d4ab1750c0d2036d4afb07b64ffa701bddd1e6838de60afed67495daab1f5176dadb5a5db"}) 12:15:38 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9006}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x15}]}, 0x10) [ 138.107427] process 'syz-executor.6' launched './file1' with NULL argv: empty string added 12:15:38 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) 12:15:38 executing program 3: r0 = syz_open_dev$rtc(&(0x7f00000007c0), 0x0, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) 12:15:38 executing program 5: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLY\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x17\xa2\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\x92#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x06L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x84\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\xd00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xfe\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\xd6\xcf\xf6\xb5\x82\xb7\x9dA\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/L\x01\xe2\xba|\xf0\x01)PP\xcdl\x06\xfc\x15;qZ\xb1u\xc9\xd0\xd16~JEGm\xe4\x1e@\x9dG\xe4@\xdf\xba\'\x8b\x1cD\xc7\xec\xd1@}tR\xd9P\xf4N\xe3\xd8x\xa0\x91\x17\xc2}\x13\b\xca\t(Z\xa3_\xa1\x90\x15T\x93\xe7%\x98\xa7\xfb\x8bp/eq\x93\xbf\x1f =|\xf3\xb1\xfcR\xd8\nM,\xcb%@\'\x15\x88\xd8\xad\f\x91|\x95\x8fq+\x98\x81W\xba\x9f\xe0elOt\xbd\by\r\x87\x1c\xba\xbd\x8e+S>\xb8\xe29\x91h^x\xfb`\x00\xdd/\xa6\xb1\x16=\xa1bw\xc5I\xb1\x00'/549, 0x0) sendfile(r0, r0, 0x0, 0x0) 12:15:38 executing program 1: mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x61cfafd331c62cd8, &(0x7f0000ffd000/0x2000)=nil) 12:15:38 executing program 6: mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x0, 0x1) mount$cgroup(0x0, &(0x7f00000007c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f0000000840)={[{@xattr}, {@cpuset_v2_mode}, {@subsystem='cpuset'}]}) 12:15:38 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9006}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x15}]}, 0x10) 12:15:38 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) 12:15:38 executing program 1: mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x61cfafd331c62cd8, &(0x7f0000ffd000/0x2000)=nil) [ 138.382095] BUG: unable to handle page fault for address: ffffed100fffc000 [ 138.382678] #PF: supervisor write access in kernel mode [ 138.383095] #PF: error_code(0x0002) - not-present page [ 138.383473] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 138.383990] Oops: 0002 [#6] PREEMPT SMP KASAN NOPTI [ 138.384360] CPU: 0 PID: 4087 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 138.385050] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 138.385653] RIP: 0010:__memset+0x24/0x50 [ 138.385987] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 138.387202] RSP: 0018:ffff88804288fcc0 EFLAGS: 00010212 [ 138.387555] RAX: 0000000000000000 RBX: ffff88800c03d840 RCX: 1ffffe21fe602d09 [ 138.388047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 138.388484] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807b08 [ 138.388923] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 138.389363] R13: ffff88800c03d840 R14: ffffffff815f2620 R15: 1ffff110011ece1f [ 138.389802] FS: 00007fc77de8a700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 138.390292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.390648] CR2: ffffed100fffc000 CR3: 000000001e9a8000 CR4: 0000000000350ef0 [ 138.391084] Call Trace: [ 138.391249] [ 138.391393] kasan_unpoison+0x23/0x60 [ 138.391640] mempool_exit+0x1c2/0x330 [ 138.391889] bioset_exit+0x2c9/0x630 [ 138.392135] disk_release+0x143/0x490 [ 138.392388] ? disk_release+0x0/0x490 [ 138.392636] ? device_release+0x0/0x250 [ 138.392889] device_release+0xa2/0x250 [ 138.393136] ? device_release+0x0/0x250 [ 138.393387] kobject_put+0x173/0x280 [ 138.393626] put_device+0x1b/0x40 [ 138.393850] put_disk+0x41/0x60 [ 138.394068] loop_control_ioctl+0x4d1/0x630 [ 138.394346] ? loop_control_ioctl+0x0/0x630 [ 138.394621] ? __x64_sys_ioctl+0x140/0x220 [ 138.394890] ? loop_control_ioctl+0x0/0x630 [ 138.395164] __x64_sys_ioctl+0x19a/0x220 [ 138.395430] do_syscall_64+0x3b/0xa0 [ 138.395674] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 138.396000] RIP: 0033:0x7fc780914b19 [ 138.396247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 138.397328] RSP: 002b:00007fc77de8a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 138.397784] RAX: ffffffffffffffda RBX: 00007fc780a27f60 RCX: 00007fc780914b19 [ 138.398216] RDX: 0000000000000005 RSI: 0000000000004c81 RDI: 0000000000000005 [ 138.398646] RBP: 00007fc78096ef6d R08: 0000000000000000 R09: 0000000000000000 [ 138.399077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.399509] R13: 00007ffe04663fdf R14: 00007fc77de8a300 R15: 0000000000022000 [ 138.399945] [ 138.400096] Modules linked in: [ 138.400307] CR2: ffffed100fffc000 [ 138.400524] ---[ end trace 0000000000000000 ]--- [ 138.400813] RIP: 0010:__memset+0x24/0x50 [ 138.401077] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 138.402174] RSP: 0018:ffff88801e17fcc0 EFLAGS: 00010212 [ 138.402508] RAX: 0000000000000000 RBX: ffff88800c03d0c0 RCX: 1ffffe21fe602ceb [ 138.402939] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 138.403369] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807a18 [ 138.403802] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 138.404240] R13: ffff88800c03d0c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 138.404675] FS: 00007fc77de8a700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 138.405160] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.405515] CR2: ffffed100fffc000 CR3: 000000001e9a8000 CR4: 0000000000350ef0 12:15:39 executing program 1: mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x61cfafd331c62cd8, &(0x7f0000ffd000/0x2000)=nil) 12:15:39 executing program 3: r0 = syz_open_dev$rtc(&(0x7f00000007c0), 0x0, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) 12:15:39 executing program 7: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x0, 0x1}) 12:15:39 executing program 5: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLY\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x17\xa2\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\x92#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x06L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x84\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\xd00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xfe\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\xd6\xcf\xf6\xb5\x82\xb7\x9dA\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/L\x01\xe2\xba|\xf0\x01)PP\xcdl\x06\xfc\x15;qZ\xb1u\xc9\xd0\xd16~JEGm\xe4\x1e@\x9dG\xe4@\xdf\xba\'\x8b\x1cD\xc7\xec\xd1@}tR\xd9P\xf4N\xe3\xd8x\xa0\x91\x17\xc2}\x13\b\xca\t(Z\xa3_\xa1\x90\x15T\x93\xe7%\x98\xa7\xfb\x8bp/eq\x93\xbf\x1f =|\xf3\xb1\xfcR\xd8\nM,\xcb%@\'\x15\x88\xd8\xad\f\x91|\x95\x8fq+\x98\x81W\xba\x9f\xe0elOt\xbd\by\r\x87\x1c\xba\xbd\x8e+S>\xb8\xe29\x91h^x\xfb`\x00\xdd/\xa6\xb1\x16=\xa1bw\xc5I\xb1\x00'/549, 0x0) sendfile(r0, r0, 0x0, 0x0) 12:15:39 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9006}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x15}]}, 0x10) 12:15:39 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) 12:15:39 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9006}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x15}]}, 0x10) 12:15:39 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9006}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x15}]}, 0x10) 12:15:39 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) 12:15:40 executing program 1: mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x61cfafd331c62cd8, &(0x7f0000ffd000/0x2000)=nil) 12:15:40 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9006}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x15}]}, 0x10) 12:15:40 executing program 7: syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x0, 0x0) 12:15:40 executing program 5: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLY\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x17\xa2\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\x92#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x06L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x84\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\xd00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xfe\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\xd6\xcf\xf6\xb5\x82\xb7\x9dA\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/L\x01\xe2\xba|\xf0\x01)PP\xcdl\x06\xfc\x15;qZ\xb1u\xc9\xd0\xd16~JEGm\xe4\x1e@\x9dG\xe4@\xdf\xba\'\x8b\x1cD\xc7\xec\xd1@}tR\xd9P\xf4N\xe3\xd8x\xa0\x91\x17\xc2}\x13\b\xca\t(Z\xa3_\xa1\x90\x15T\x93\xe7%\x98\xa7\xfb\x8bp/eq\x93\xbf\x1f =|\xf3\xb1\xfcR\xd8\nM,\xcb%@\'\x15\x88\xd8\xad\f\x91|\x95\x8fq+\x98\x81W\xba\x9f\xe0elOt\xbd\by\r\x87\x1c\xba\xbd\x8e+S>\xb8\xe29\x91h^x\xfb`\x00\xdd/\xa6\xb1\x16=\xa1bw\xc5I\xb1\x00'/549, 0x0) sendfile(r0, r0, 0x0, 0x0) 12:15:40 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9006}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x15}]}, 0x10) 12:15:40 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x8927, &(0x7f00000000c0)={'sit0\x00', 0x0}) 12:15:40 executing program 3: r0 = syz_open_dev$rtc(&(0x7f00000007c0), 0x0, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) 12:15:40 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r0, 0x560c, 0x0) 12:15:40 executing program 7: r0 = epoll_create(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20002006}) close(r1) 12:15:40 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x8927, &(0x7f00000000c0)={'sit0\x00', 0x0}) [ 140.145399] audit: type=1400 audit(1667304940.302:9): avc: denied { block_suspend } for pid=4153 comm="syz-executor.7" capability=36 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 12:15:41 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fadvise64(r0, 0x0, 0x0, 0x2) 12:15:41 executing program 5: kexec_load(0x0, 0x0, 0x0, 0x30000) 12:15:41 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendfile(r1, r0, 0x0, 0x5) 12:15:41 executing program 7: r0 = epoll_create(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20002006}) close(r1) 12:15:41 executing program 1: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f0000000380)=""/9) read(r0, &(0x7f00000003c0)=""/4096, 0x1000) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:15:41 executing program 3: r0 = syz_open_dev$rtc(&(0x7f00000007c0), 0x0, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) 12:15:41 executing program 0: r0 = epoll_create(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20002006}) close(r1) 12:15:41 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x8927, &(0x7f00000000c0)={'sit0\x00', 0x0}) [ 140.984574] audit: type=1400 audit(1667304941.142:10): avc: denied { read } for pid=4158 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 12:15:41 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendfile(r1, r0, 0x0, 0x5) 12:15:41 executing program 5: r0 = epoll_create(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20002006}) close(r1) 12:15:41 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x8927, &(0x7f00000000c0)={'sit0\x00', 0x0}) 12:15:41 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fadvise64(r0, 0x0, 0x0, 0x2) 12:15:41 executing program 7: r0 = epoll_create(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20002006}) close(r1) 12:15:41 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendfile(r1, r0, 0x0, 0x5) 12:15:41 executing program 0: r0 = epoll_create(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20002006}) close(r1) 12:15:41 executing program 5: r0 = epoll_create(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20002006}) close(r1) [ 141.257098] BUG: unable to handle page fault for address: ffffed100fffc000 [ 141.258051] #PF: supervisor write access in kernel mode [ 141.258737] #PF: error_code(0x0002) - not-present page [ 141.259412] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 141.260292] Oops: 0002 [#7] PREEMPT SMP KASAN NOPTI [ 141.260943] CPU: 0 PID: 4178 Comm: syz-executor.1 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 141.262125] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 141.263155] RIP: 0010:__memset+0x24/0x50 [ 141.263729] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 141.266053] RSP: 0018:ffff888040be7cc0 EFLAGS: 00010212 [ 141.266754] RAX: 0000000000000000 RBX: ffff88800c03d9c0 RCX: 1ffffe21fe602d0f [ 141.267676] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 141.268583] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807b38 [ 141.269506] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 141.270483] R13: ffff88800c03d9c0 R14: ffffffff815f2620 R15: 1ffff1100120ee1f [ 141.271483] FS: 00007f2d4056a700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 141.272836] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.273750] CR2: ffffed100fffc000 CR3: 0000000013e9c000 CR4: 0000000000350ef0 [ 141.274777] Call Trace: [ 141.275162] [ 141.275530] kasan_unpoison+0x23/0x60 [ 141.276170] mempool_exit+0x1c2/0x330 [ 141.276839] bioset_exit+0x2c9/0x630 [ 141.277489] ? _raw_spin_unlock_irq+0x1f/0x60 [ 141.278270] disk_release+0x143/0x490 [ 141.278914] ? disk_release+0x0/0x490 [ 141.279500] ? device_release+0x0/0x250 [ 141.280009] device_release+0xa2/0x250 [ 141.280623] ? device_release+0x0/0x250 [ 141.281152] kobject_put+0x173/0x280 [ 141.281731] put_device+0x1b/0x40 [ 141.282204] put_disk+0x41/0x60 [ 141.282657] loop_control_ioctl+0x4d1/0x630 [ 141.283316] ? loop_control_ioctl+0x0/0x630 [ 141.283917] ? selinux_file_ioctl+0xb1/0x270 [ 141.284577] ? loop_control_ioctl+0x0/0x630 [ 141.285172] __x64_sys_ioctl+0x19a/0x220 [ 141.285763] do_syscall_64+0x3b/0xa0 [ 141.286293] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 141.286957] RIP: 0033:0x7f2d43015b19 [ 141.287509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 141.289825] RSP: 002b:00007f2d4056a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 141.290798] RAX: ffffffffffffffda RBX: 00007f2d43129020 RCX: 00007f2d43015b19 [ 141.291701] RDX: 0000000000000006 RSI: 0000000000004c81 RDI: 0000000000000005 [ 141.292656] RBP: 00007f2d4306ff6d R08: 0000000000000000 R09: 0000000000000000 [ 141.293599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 141.294546] R13: 00007ffd30be00ff R14: 00007f2d4056a300 R15: 0000000000022000 [ 141.295515] [ 141.295843] Modules linked in: [ 141.296299] CR2: ffffed100fffc000 [ 141.296808] ---[ end trace 0000000000000000 ]--- [ 141.297490] RIP: 0010:__memset+0x24/0x50 [ 141.298138] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 141.300469] RSP: 0018:ffff88801e17fcc0 EFLAGS: 00010212 [ 141.301209] RAX: 0000000000000000 RBX: ffff88800c03d0c0 RCX: 1ffffe21fe602ceb [ 141.302160] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 141.303106] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807a18 [ 141.304056] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 141.305024] R13: ffff88800c03d0c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 141.306041] FS: 00007f2d4056a700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 141.307219] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.308093] CR2: ffffed100fffc000 CR3: 0000000013e9c000 CR4: 0000000000350ef0 12:15:41 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendfile(r1, r0, 0x0, 0x5) [ 141.900339] BUG: unable to handle page fault for address: ffffed100fffc000 [ 141.901459] #PF: supervisor write access in kernel mode [ 141.902285] #PF: error_code(0x0002) - not-present page [ 141.903044] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 141.903839] Oops: 0002 [#8] PREEMPT SMP KASAN NOPTI [ 141.904466] CPU: 1 PID: 4165 Comm: syz-executor.1 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 141.905573] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 141.906529] RIP: 0010:__memset+0x24/0x50 [ 141.907100] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 141.909270] RSP: 0018:ffff88804213fcc0 EFLAGS: 00010212 [ 141.909898] RAX: 0000000000000000 RBX: ffff88800c03db40 RCX: 1ffffe21fe602d15 [ 141.910729] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 141.911552] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807b68 [ 141.912407] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 141.913234] R13: ffff88800c03db40 R14: ffffffff815f2620 R15: 1ffff1100120ec1f [ 141.914065] FS: 00007f2d4058b700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 141.914999] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.915682] CR2: ffffed100fffc000 CR3: 0000000013e9c000 CR4: 0000000000350ee0 [ 141.916524] Call Trace: [ 141.916837] [ 141.917113] kasan_unpoison+0x23/0x60 [ 141.917585] mempool_exit+0x1c2/0x330 [ 141.918060] bioset_exit+0x2c9/0x630 [ 141.918519] ? _raw_spin_unlock+0x24/0x50 [ 141.919030] ? blkg_destroy_all.isra.0+0x157/0x230 [ 141.919644] disk_release+0x143/0x490 [ 141.920115] ? disk_release+0x0/0x490 [ 141.920593] ? device_release+0x0/0x250 [ 141.921075] device_release+0xa2/0x250 [ 141.921549] ? device_release+0x0/0x250 [ 141.922027] kobject_put+0x173/0x280 [ 141.922487] put_device+0x1b/0x40 [ 141.922915] put_disk+0x41/0x60 [ 141.923331] loop_control_ioctl+0x4d1/0x630 [ 141.923857] ? loop_control_ioctl+0x0/0x630 [ 141.924401] ? selinux_file_ioctl+0xb1/0x270 [ 141.924949] ? loop_control_ioctl+0x0/0x630 [ 141.925472] __x64_sys_ioctl+0x19a/0x220 [ 141.925973] do_syscall_64+0x3b/0xa0 [ 141.926436] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 141.927051] RIP: 0033:0x7f2d43015b19 [ 141.927496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 141.929598] RSP: 002b:00007f2d4058b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 141.930478] RAX: ffffffffffffffda RBX: 00007f2d43128f60 RCX: 00007f2d43015b19 [ 141.931307] RDX: 0000000000000007 RSI: 0000000000004c81 RDI: 0000000000000005 [ 141.932137] RBP: 00007f2d4306ff6d R08: 0000000000000000 R09: 0000000000000000 [ 141.932967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 141.933797] R13: 00007ffd30be00ff R14: 00007f2d4058b300 R15: 0000000000022000 [ 141.934641] [ 141.934926] Modules linked in: [ 141.935314] CR2: ffffed100fffc000 [ 141.935726] ---[ end trace 0000000000000000 ]--- [ 141.936293] RIP: 0010:__memset+0x24/0x50 [ 141.936805] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 141.938900] RSP: 0018:ffff88801e17fcc0 EFLAGS: 00010212 [ 141.939522] RAX: 0000000000000000 RBX: ffff88800c03d0c0 RCX: 1ffffe21fe602ceb [ 141.940356] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 141.941184] RBP: ffff88800c056a00 R08: 0000000000000005 R09: ffffed1001807a18 [ 141.942008] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c056a00 [ 141.942833] R13: ffff88800c03d0c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 141.943654] FS: 00007f2d4058b700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 141.944623] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.945299] CR2: ffffed100fffc000 CR3: 0000000013e9c000 CR4: 0000000000350ee0 12:15:42 executing program 0: r0 = epoll_create(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20002006}) close(r1) 12:15:42 executing program 4: r0 = socket(0x11, 0x3, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0) 12:15:42 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fadvise64(r0, 0x0, 0x0, 0x2) 12:15:42 executing program 7: r0 = epoll_create(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20002006}) close(r1) 12:15:42 executing program 5: r0 = epoll_create(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x20002006}) close(r1) 12:15:42 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{}]}) 12:15:42 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000500)={0x10002000}) 12:15:42 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0xd, &(0x7f0000000000), 0x4) 12:15:42 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x240000, 0x2}, 0x1c) 12:15:42 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) 12:15:42 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fremovexattr(r0, &(0x7f0000000080)=@known='system.sockprotoname\x00') 12:15:42 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fadvise64(r0, 0x0, 0x0, 0x2) 12:15:42 executing program 1: setitimer(0x1, &(0x7f0000000700)={{}, {0x0, 0x2710}}, 0x0) 12:15:42 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x240000, 0x2}, 0x1c) 12:15:42 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x0) mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000) 12:15:42 executing program 4: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) lseek(r0, 0x0, 0x1) 12:15:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000740)={0x10, 0x0, 0x25dfdbfb, 0x1000000}, 0xc) 12:15:42 executing program 1: r0 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)={0x0, "4690deb62eb693e86e05bcd2d53eaaa588593f676f7d8dafa4f2e856c10a78b3a3bcc8d9f5380628464651a3cee1df7b45c7371a73c3ee1a2dd47a894dfd87d0"}, 0x48, 0xffffffffffffffff) keyctl$get_keyring_id(0x0, r0, 0x0) 12:15:42 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @broadcast}, 0x10) 12:15:42 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x240000, 0x2}, 0x1c) 12:15:42 executing program 5: syz_emit_ethernet(0x66, &(0x7f0000000040)={@remote, @local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @local, @loopback}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}}}}}, 0x0) 12:15:42 executing program 3: msync(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4) 12:15:42 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000001240), 0x4) 12:15:42 executing program 6: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000180)) mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0) 12:15:42 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000000640)={0x127363500, &(0x7f00000000c0)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r4, 0x301, 0x0, 0x0, {0xd}}, 0x14}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, 0x0, 0x301, 0x0, 0x0, {0xd}}, 0x14}}, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000140)=[r2, r1, r0, r3, r5, 0xffffffffffffffff, r0], 0x7) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x1, 0xd6c2}) 12:15:42 executing program 1: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x7, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6}, 0x0, 0x7, 0xffffffffffffffff, 0x2) openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) VM DIAGNOSIS: 12:15:32 Registers: info registers vcpu 0 RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82451491 RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff88801e17f508 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000032 R11=0000000000000001 R12=0000000000000032 R13=ffffffff879a19a0 R14=0000000000000010 R15=ffffffff82451480 RIP=ffffffff824514e9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc6eb625700 00000000 00000000 GS =0000 ffff88806d000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe2c04333000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe2c04331000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed100fffc000 CR3=0000000016830000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007ffbcf53f7c000007ffbcf53f7c8 XMM02=00007ffbcf53f7e000007ffbcf53f7c0 XMM03=00007ffbcf53f7c800007ffbcf53f7c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=ffff88800bea2400 RCX=ffffffff811ea5f7 RDX=1ffff11001270771 RSI=0000000000000008 RDI=ffff88800bea2400 RBP=0000000000200000 RSP=ffff88800c7b7d88 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000200000 R11=0000000000000001 R12=ffff88806d3a1ff9 R13=ffff888009383580 R14=0000000000000000 R15=0000000000000092 RIP=ffffffff817bbc34 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806d100000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe21274f1000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe21274ef000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f76c1c584a1 CR3=0000000016830000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fc6ee1967c000007fc6ee1967c8 XMM02=00007fc6ee1967e000007fc6ee1967c0 XMM03=00007fc6ee1967c800007fc6ee1967c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000