Warning: Permanently added '[localhost]:29613' (ECDSA) to the list of known hosts. 2022/11/01 12:22:49 fuzzer started 2022/11/01 12:22:50 dialing manager at localhost:42881 syzkaller login: [ 36.188327] cgroup: Unknown subsys name 'net' [ 36.289164] cgroup: Unknown subsys name 'rlimit' 2022/11/01 12:23:03 syscalls: 2217 2022/11/01 12:23:03 code coverage: enabled 2022/11/01 12:23:03 comparison tracing: enabled 2022/11/01 12:23:03 extra coverage: enabled 2022/11/01 12:23:03 setuid sandbox: enabled 2022/11/01 12:23:03 namespace sandbox: enabled 2022/11/01 12:23:03 Android sandbox: enabled 2022/11/01 12:23:03 fault injection: enabled 2022/11/01 12:23:03 leak checking: enabled 2022/11/01 12:23:03 net packet injection: enabled 2022/11/01 12:23:03 net device setup: enabled 2022/11/01 12:23:03 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/11/01 12:23:03 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/11/01 12:23:03 USB emulation: enabled 2022/11/01 12:23:03 hci packet injection: enabled 2022/11/01 12:23:03 wifi device emulation: enabled 2022/11/01 12:23:03 802.15.4 emulation: enabled 2022/11/01 12:23:03 fetching corpus: 0, signal 0/2000 (executing program) 2022/11/01 12:23:03 fetching corpus: 50, signal 30102/33671 (executing program) 2022/11/01 12:23:03 fetching corpus: 100, signal 45341/50365 (executing program) 2022/11/01 12:23:03 fetching corpus: 150, signal 57634/63966 (executing program) 2022/11/01 12:23:03 fetching corpus: 200, signal 63635/71366 (executing program) 2022/11/01 12:23:04 fetching corpus: 250, signal 70007/79012 (executing program) 2022/11/01 12:23:04 fetching corpus: 300, signal 74060/84357 (executing program) 2022/11/01 12:23:04 fetching corpus: 350, signal 80744/92184 (executing program) 2022/11/01 12:23:04 fetching corpus: 400, signal 87146/99563 (executing program) 2022/11/01 12:23:04 fetching corpus: 450, signal 92133/105531 (executing program) 2022/11/01 12:23:04 fetching corpus: 500, signal 98366/112626 (executing program) 2022/11/01 12:23:04 fetching corpus: 550, signal 102028/117308 (executing program) 2022/11/01 12:23:05 fetching corpus: 600, signal 106184/122353 (executing program) 2022/11/01 12:23:05 fetching corpus: 650, signal 109444/126546 (executing program) 2022/11/01 12:23:05 fetching corpus: 700, signal 113425/131354 (executing program) 2022/11/01 12:23:05 fetching corpus: 750, signal 115944/134780 (executing program) 2022/11/01 12:23:05 fetching corpus: 800, signal 119574/139164 (executing program) 2022/11/01 12:23:05 fetching corpus: 850, signal 122807/143186 (executing program) 2022/11/01 12:23:05 fetching corpus: 900, signal 124930/146195 (executing program) 2022/11/01 12:23:06 fetching corpus: 950, signal 128605/150519 (executing program) 2022/11/01 12:23:06 fetching corpus: 1000, signal 130577/153320 (executing program) 2022/11/01 12:23:06 fetching corpus: 1050, signal 134059/157342 (executing program) 2022/11/01 12:23:06 fetching corpus: 1100, signal 136052/160063 (executing program) 2022/11/01 12:23:06 fetching corpus: 1150, signal 137174/162061 (executing program) 2022/11/01 12:23:06 fetching corpus: 1200, signal 139567/165108 (executing program) 2022/11/01 12:23:06 fetching corpus: 1250, signal 141210/167484 (executing program) 2022/11/01 12:23:06 fetching corpus: 1300, signal 144295/170941 (executing program) 2022/11/01 12:23:07 fetching corpus: 1350, signal 146351/173574 (executing program) 2022/11/01 12:23:07 fetching corpus: 1400, signal 147650/175608 (executing program) 2022/11/01 12:23:07 fetching corpus: 1450, signal 150018/178412 (executing program) 2022/11/01 12:23:07 fetching corpus: 1500, signal 153012/181707 (executing program) 2022/11/01 12:23:07 fetching corpus: 1550, signal 155185/184333 (executing program) 2022/11/01 12:23:07 fetching corpus: 1600, signal 157580/187056 (executing program) 2022/11/01 12:23:07 fetching corpus: 1650, signal 159950/189698 (executing program) 2022/11/01 12:23:08 fetching corpus: 1700, signal 161720/191954 (executing program) 2022/11/01 12:23:08 fetching corpus: 1750, signal 162842/193716 (executing program) 2022/11/01 12:23:08 fetching corpus: 1800, signal 163993/195398 (executing program) 2022/11/01 12:23:08 fetching corpus: 1850, signal 165304/197255 (executing program) 2022/11/01 12:23:08 fetching corpus: 1900, signal 166713/199099 (executing program) 2022/11/01 12:23:08 fetching corpus: 1950, signal 167663/200623 (executing program) 2022/11/01 12:23:08 fetching corpus: 2000, signal 168787/202232 (executing program) 2022/11/01 12:23:08 fetching corpus: 2050, signal 170280/204092 (executing program) 2022/11/01 12:23:09 fetching corpus: 2100, signal 172354/206346 (executing program) 2022/11/01 12:23:09 fetching corpus: 2150, signal 173267/207760 (executing program) 2022/11/01 12:23:09 fetching corpus: 2200, signal 174699/209514 (executing program) 2022/11/01 12:23:09 fetching corpus: 2250, signal 176040/211184 (executing program) 2022/11/01 12:23:09 fetching corpus: 2300, signal 177288/212792 (executing program) 2022/11/01 12:23:09 fetching corpus: 2350, signal 178794/214584 (executing program) 2022/11/01 12:23:09 fetching corpus: 2400, signal 179786/215974 (executing program) 2022/11/01 12:23:10 fetching corpus: 2450, signal 181180/217605 (executing program) 2022/11/01 12:23:10 fetching corpus: 2500, signal 182317/219106 (executing program) 2022/11/01 12:23:10 fetching corpus: 2550, signal 183720/220700 (executing program) 2022/11/01 12:23:10 fetching corpus: 2600, signal 184978/222175 (executing program) 2022/11/01 12:23:10 fetching corpus: 2650, signal 186348/223745 (executing program) 2022/11/01 12:23:10 fetching corpus: 2700, signal 187754/225257 (executing program) 2022/11/01 12:23:10 fetching corpus: 2750, signal 188785/226588 (executing program) 2022/11/01 12:23:11 fetching corpus: 2800, signal 190407/228256 (executing program) 2022/11/01 12:23:11 fetching corpus: 2850, signal 191583/229651 (executing program) 2022/11/01 12:23:11 fetching corpus: 2900, signal 192493/230889 (executing program) 2022/11/01 12:23:11 fetching corpus: 2950, signal 193367/232093 (executing program) 2022/11/01 12:23:11 fetching corpus: 3000, signal 194157/233203 (executing program) 2022/11/01 12:23:11 fetching corpus: 3050, signal 195339/234504 (executing program) 2022/11/01 12:23:11 fetching corpus: 3100, signal 196034/235537 (executing program) 2022/11/01 12:23:11 fetching corpus: 3150, signal 197559/237091 (executing program) 2022/11/01 12:23:11 fetching corpus: 3200, signal 198322/238163 (executing program) 2022/11/01 12:23:12 fetching corpus: 3250, signal 199054/239185 (executing program) 2022/11/01 12:23:12 fetching corpus: 3300, signal 199971/240276 (executing program) 2022/11/01 12:23:12 fetching corpus: 3350, signal 200872/241355 (executing program) 2022/11/01 12:23:12 fetching corpus: 3400, signal 201901/242505 (executing program) 2022/11/01 12:23:12 fetching corpus: 3450, signal 203420/243820 (executing program) 2022/11/01 12:23:12 fetching corpus: 3500, signal 204527/244959 (executing program) 2022/11/01 12:23:12 fetching corpus: 3550, signal 205309/245932 (executing program) 2022/11/01 12:23:12 fetching corpus: 3600, signal 206091/246887 (executing program) 2022/11/01 12:23:13 fetching corpus: 3650, signal 207003/247894 (executing program) 2022/11/01 12:23:13 fetching corpus: 3700, signal 207982/248909 (executing program) 2022/11/01 12:23:13 fetching corpus: 3750, signal 208544/249722 (executing program) 2022/11/01 12:23:13 fetching corpus: 3800, signal 209390/250675 (executing program) 2022/11/01 12:23:13 fetching corpus: 3850, signal 210830/251880 (executing program) 2022/11/01 12:23:13 fetching corpus: 3900, signal 212191/253039 (executing program) 2022/11/01 12:23:13 fetching corpus: 3950, signal 212802/253823 (executing program) 2022/11/01 12:23:14 fetching corpus: 4000, signal 214098/254884 (executing program) 2022/11/01 12:23:14 fetching corpus: 4050, signal 215070/255753 (executing program) 2022/11/01 12:23:14 fetching corpus: 4100, signal 215637/256515 (executing program) 2022/11/01 12:23:14 fetching corpus: 4150, signal 216159/257226 (executing program) 2022/11/01 12:23:14 fetching corpus: 4200, signal 216783/257927 (executing program) 2022/11/01 12:23:14 fetching corpus: 4250, signal 217447/258675 (executing program) 2022/11/01 12:23:14 fetching corpus: 4300, signal 218122/259432 (executing program) 2022/11/01 12:23:14 fetching corpus: 4350, signal 218604/260088 (executing program) 2022/11/01 12:23:15 fetching corpus: 4400, signal 219217/260784 (executing program) 2022/11/01 12:23:15 fetching corpus: 4450, signal 219872/261504 (executing program) 2022/11/01 12:23:15 fetching corpus: 4500, signal 220955/262367 (executing program) 2022/11/01 12:23:15 fetching corpus: 4550, signal 221593/263068 (executing program) 2022/11/01 12:23:15 fetching corpus: 4600, signal 222417/263811 (executing program) 2022/11/01 12:23:15 fetching corpus: 4650, signal 223301/264556 (executing program) 2022/11/01 12:23:15 fetching corpus: 4700, signal 224035/265211 (executing program) 2022/11/01 12:23:15 fetching corpus: 4750, signal 224902/265947 (executing program) 2022/11/01 12:23:16 fetching corpus: 4800, signal 225627/266604 (executing program) 2022/11/01 12:23:16 fetching corpus: 4850, signal 226307/267214 (executing program) 2022/11/01 12:23:16 fetching corpus: 4900, signal 227061/267842 (executing program) 2022/11/01 12:23:16 fetching corpus: 4950, signal 227657/268429 (executing program) 2022/11/01 12:23:16 fetching corpus: 5000, signal 228370/269006 (executing program) 2022/11/01 12:23:16 fetching corpus: 5050, signal 228956/269544 (executing program) 2022/11/01 12:23:16 fetching corpus: 5100, signal 229504/270095 (executing program) 2022/11/01 12:23:16 fetching corpus: 5150, signal 230032/270646 (executing program) 2022/11/01 12:23:17 fetching corpus: 5200, signal 231097/271318 (executing program) 2022/11/01 12:23:17 fetching corpus: 5250, signal 231812/271895 (executing program) 2022/11/01 12:23:17 fetching corpus: 5300, signal 232204/272366 (executing program) 2022/11/01 12:23:17 fetching corpus: 5350, signal 232803/272899 (executing program) 2022/11/01 12:23:17 fetching corpus: 5400, signal 233612/273441 (executing program) 2022/11/01 12:23:17 fetching corpus: 5450, signal 234198/273909 (executing program) 2022/11/01 12:23:17 fetching corpus: 5500, signal 234887/274430 (executing program) 2022/11/01 12:23:18 fetching corpus: 5550, signal 235445/274911 (executing program) 2022/11/01 12:23:18 fetching corpus: 5600, signal 235832/275353 (executing program) 2022/11/01 12:23:18 fetching corpus: 5650, signal 236666/275897 (executing program) 2022/11/01 12:23:18 fetching corpus: 5700, signal 237284/276357 (executing program) 2022/11/01 12:23:18 fetching corpus: 5750, signal 237723/276765 (executing program) 2022/11/01 12:23:18 fetching corpus: 5800, signal 238441/277257 (executing program) 2022/11/01 12:23:18 fetching corpus: 5850, signal 239051/277690 (executing program) 2022/11/01 12:23:18 fetching corpus: 5900, signal 239513/278086 (executing program) 2022/11/01 12:23:18 fetching corpus: 5950, signal 239984/278507 (executing program) 2022/11/01 12:23:19 fetching corpus: 6000, signal 240414/278898 (executing program) 2022/11/01 12:23:19 fetching corpus: 6050, signal 240878/279295 (executing program) 2022/11/01 12:23:19 fetching corpus: 6100, signal 241345/279679 (executing program) 2022/11/01 12:23:19 fetching corpus: 6150, signal 242009/280084 (executing program) 2022/11/01 12:23:19 fetching corpus: 6200, signal 242641/280469 (executing program) 2022/11/01 12:23:19 fetching corpus: 6250, signal 243144/280822 (executing program) 2022/11/01 12:23:19 fetching corpus: 6300, signal 243756/281159 (executing program) 2022/11/01 12:23:20 fetching corpus: 6350, signal 244286/281493 (executing program) 2022/11/01 12:23:20 fetching corpus: 6400, signal 244786/281842 (executing program) 2022/11/01 12:23:20 fetching corpus: 6450, signal 245646/282219 (executing program) 2022/11/01 12:23:20 fetching corpus: 6500, signal 246004/282517 (executing program) 2022/11/01 12:23:20 fetching corpus: 6550, signal 246505/282849 (executing program) 2022/11/01 12:23:20 fetching corpus: 6600, signal 246881/283157 (executing program) 2022/11/01 12:23:20 fetching corpus: 6650, signal 247712/283470 (executing program) 2022/11/01 12:23:20 fetching corpus: 6700, signal 248301/283787 (executing program) 2022/11/01 12:23:20 fetching corpus: 6750, signal 248935/284065 (executing program) 2022/11/01 12:23:21 fetching corpus: 6800, signal 249388/284341 (executing program) 2022/11/01 12:23:21 fetching corpus: 6850, signal 249664/284610 (executing program) 2022/11/01 12:23:21 fetching corpus: 6900, signal 250113/284888 (executing program) 2022/11/01 12:23:21 fetching corpus: 6950, signal 250829/285130 (executing program) 2022/11/01 12:23:21 fetching corpus: 7000, signal 251268/285372 (executing program) 2022/11/01 12:23:21 fetching corpus: 7050, signal 251897/285612 (executing program) 2022/11/01 12:23:21 fetching corpus: 7100, signal 252539/285698 (executing program) 2022/11/01 12:23:21 fetching corpus: 7150, signal 252856/285698 (executing program) 2022/11/01 12:23:22 fetching corpus: 7200, signal 253195/285698 (executing program) 2022/11/01 12:23:22 fetching corpus: 7250, signal 253781/285698 (executing program) 2022/11/01 12:23:22 fetching corpus: 7300, signal 254207/285719 (executing program) 2022/11/01 12:23:22 fetching corpus: 7350, signal 255048/285720 (executing program) 2022/11/01 12:23:22 fetching corpus: 7400, signal 255377/285721 (executing program) 2022/11/01 12:23:22 fetching corpus: 7450, signal 255779/285722 (executing program) 2022/11/01 12:23:22 fetching corpus: 7500, signal 256059/285722 (executing program) 2022/11/01 12:23:22 fetching corpus: 7550, signal 256439/285722 (executing program) 2022/11/01 12:23:23 fetching corpus: 7600, signal 257003/285722 (executing program) 2022/11/01 12:23:23 fetching corpus: 7650, signal 257508/285723 (executing program) 2022/11/01 12:23:23 fetching corpus: 7700, signal 258172/285725 (executing program) 2022/11/01 12:23:23 fetching corpus: 7750, signal 258604/285725 (executing program) 2022/11/01 12:23:23 fetching corpus: 7800, signal 259098/285725 (executing program) 2022/11/01 12:23:23 fetching corpus: 7850, signal 259392/285725 (executing program) 2022/11/01 12:23:23 fetching corpus: 7900, signal 259846/285733 (executing program) 2022/11/01 12:23:23 fetching corpus: 7950, signal 260338/285733 (executing program) 2022/11/01 12:23:24 fetching corpus: 8000, signal 260787/285734 (executing program) 2022/11/01 12:23:24 fetching corpus: 8050, signal 261276/285734 (executing program) 2022/11/01 12:23:24 fetching corpus: 8100, signal 261706/285734 (executing program) 2022/11/01 12:23:24 fetching corpus: 8150, signal 262286/285734 (executing program) 2022/11/01 12:23:24 fetching corpus: 8200, signal 262707/285734 (executing program) 2022/11/01 12:23:24 fetching corpus: 8250, signal 263198/285734 (executing program) 2022/11/01 12:23:24 fetching corpus: 8300, signal 263577/285734 (executing program) 2022/11/01 12:23:24 fetching corpus: 8350, signal 264060/285734 (executing program) 2022/11/01 12:23:24 fetching corpus: 8400, signal 264511/285734 (executing program) 2022/11/01 12:23:25 fetching corpus: 8450, signal 264952/285734 (executing program) 2022/11/01 12:23:25 fetching corpus: 8500, signal 265542/285734 (executing program) 2022/11/01 12:23:25 fetching corpus: 8550, signal 266066/285736 (executing program) 2022/11/01 12:23:25 fetching corpus: 8600, signal 266418/285736 (executing program) 2022/11/01 12:23:25 fetching corpus: 8650, signal 266943/285736 (executing program) 2022/11/01 12:23:25 fetching corpus: 8700, signal 267334/285737 (executing program) 2022/11/01 12:23:25 fetching corpus: 8750, signal 267697/285745 (executing program) 2022/11/01 12:23:25 fetching corpus: 8800, signal 268170/285746 (executing program) 2022/11/01 12:23:26 fetching corpus: 8850, signal 268572/285746 (executing program) 2022/11/01 12:23:26 fetching corpus: 8900, signal 269053/285746 (executing program) 2022/11/01 12:23:26 fetching corpus: 8950, signal 269280/285748 (executing program) 2022/11/01 12:23:26 fetching corpus: 9000, signal 269821/285749 (executing program) 2022/11/01 12:23:26 fetching corpus: 9050, signal 270116/285749 (executing program) 2022/11/01 12:23:26 fetching corpus: 9100, signal 270632/285749 (executing program) 2022/11/01 12:23:26 fetching corpus: 9150, signal 271000/285749 (executing program) 2022/11/01 12:23:26 fetching corpus: 9200, signal 271478/285749 (executing program) 2022/11/01 12:23:27 fetching corpus: 9249, signal 271828/285778 (executing program) 2022/11/01 12:23:27 fetching corpus: 9299, signal 272182/285778 (executing program) 2022/11/01 12:23:27 fetching corpus: 9349, signal 272672/285778 (executing program) 2022/11/01 12:23:27 fetching corpus: 9399, signal 272894/285778 (executing program) 2022/11/01 12:23:27 fetching corpus: 9449, signal 273275/285778 (executing program) 2022/11/01 12:23:27 fetching corpus: 9499, signal 273640/285780 (executing program) 2022/11/01 12:23:27 fetching corpus: 9549, signal 273962/285781 (executing program) 2022/11/01 12:23:27 fetching corpus: 9599, signal 274425/285781 (executing program) 2022/11/01 12:23:28 fetching corpus: 9649, signal 274859/285781 (executing program) 2022/11/01 12:23:28 fetching corpus: 9699, signal 275250/285781 (executing program) 2022/11/01 12:23:28 fetching corpus: 9749, signal 275541/285781 (executing program) 2022/11/01 12:23:28 fetching corpus: 9799, signal 275846/285783 (executing program) 2022/11/01 12:23:28 fetching corpus: 9849, signal 276325/285787 (executing program) 2022/11/01 12:23:28 fetching corpus: 9899, signal 276668/285788 (executing program) 2022/11/01 12:23:28 fetching corpus: 9949, signal 277044/285788 (executing program) 2022/11/01 12:23:28 fetching corpus: 9999, signal 277276/285788 (executing program) 2022/11/01 12:23:29 fetching corpus: 10049, signal 277656/285791 (executing program) 2022/11/01 12:23:29 fetching corpus: 10099, signal 278107/285791 (executing program) 2022/11/01 12:23:29 fetching corpus: 10149, signal 278585/285797 (executing program) 2022/11/01 12:23:29 fetching corpus: 10199, signal 278850/285799 (executing program) 2022/11/01 12:23:29 fetching corpus: 10249, signal 279324/285799 (executing program) 2022/11/01 12:23:29 fetching corpus: 10291, signal 279745/285851 (executing program) 2022/11/01 12:23:29 fetching corpus: 10291, signal 279745/285851 (executing program) 2022/11/01 12:23:32 starting 8 fuzzer processes 12:23:32 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)={0x14, 0x1e, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x14}], 0x1}, 0x0) 12:23:32 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 12:23:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x7fffffe, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) r1 = add_key$fscrypt_v1(&(0x7f00000001c0), &(0x7f0000000200)={'fscrypt:', @desc2}, &(0x7f0000000240)={0x0, "67f28f824b25d08c02eddd4d3931ff2016215f14c2fd4e4a079c98befb6485e815948411dcc1c0a111043f9ab3cd82b71275b2aad4f99fce01a0951b7bf59006"}, 0x48, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='trusted\x00', 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="6ffc25721cc9dc764319d54dac5b2ada2c5f6c9df78c125ee322784fa59e8d9ddc71996c417ec62000b6c3b9988a734588bc9336bd89d9f59d68d93b9a56c910436c7877860f050764a4d278b3711e6a88e58a1b7600a5c401c48b0f1cb5d6144d8e6c3aa7102222684bfc7c14f69dee4ab83475356a51a59b9a155244bb2e1ecab721b8f8e3924b938321b5e4334a44536eacd64ef97c4582005b866e58d9269fcbd907f32a4f7d021580305ced96f841f0c9c745610aea71374ccbd1e3", 0xbe) syz_io_uring_setup(0x22d2, &(0x7f0000000580)={0x0, 0x2799, 0x0, 0x3, 0x13}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000600), &(0x7f0000000640)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, r2, 0x0) sendfile(r0, r0, 0x0, 0x5f1) openat(r0, &(0x7f0000000000)='./file1\x00', 0x426000, 0x110) 12:23:32 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') [ 77.961885] audit: type=1400 audit(1667305412.153:6): avc: denied { execmem } for pid=282 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:23:32 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000000)=0x1000200b, 0x4) 12:23:32 executing program 5: shmctl$IPC_RMID(0x0, 0xfeffffff) 12:23:32 executing program 7: futex(&(0x7f0000007c00), 0xd, 0x0, &(0x7f0000007c40)={0x0, 0x989680}, 0x0, 0x0) 12:23:32 executing program 6: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/vmstat\x00', 0x0, 0x0) r1 = fsopen(&(0x7f0000000040)='ext2\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000080)='({(\x00', 0x0, r0) [ 79.144910] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.146109] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.147297] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.149812] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.150985] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 79.152134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.158627] Bluetooth: hci0: HCI_REQ-0x0c1a [ 79.189601] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.197457] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.198784] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.201442] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.203327] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.205562] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.208365] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.210010] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 79.210817] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.214351] Bluetooth: hci2: HCI_REQ-0x0c1a [ 79.215797] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.229589] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 79.230851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.239160] Bluetooth: hci1: HCI_REQ-0x0c1a [ 79.283745] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.285061] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.286700] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 79.288898] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 79.290569] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 79.291726] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.292745] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 79.293774] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.295086] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 79.296342] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.299704] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 79.301176] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 79.303755] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.305268] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 79.306364] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.307964] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 79.309169] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 79.310710] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 79.311934] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 79.313071] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 79.315469] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.317294] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 79.323409] Bluetooth: hci6: HCI_REQ-0x0c1a [ 79.329297] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.330178] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 79.332424] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 79.333225] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.333846] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 79.336388] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 79.343551] Bluetooth: hci5: HCI_REQ-0x0c1a [ 79.343931] Bluetooth: hci3: HCI_REQ-0x0c1a [ 79.394943] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 79.396882] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 79.400490] Bluetooth: hci7: HCI_REQ-0x0c1a [ 79.424874] Bluetooth: hci4: HCI_REQ-0x0c1a [ 81.171736] Bluetooth: hci0: command 0x0409 tx timeout [ 81.234611] Bluetooth: hci2: command 0x0409 tx timeout [ 81.298338] Bluetooth: hci1: command 0x0409 tx timeout [ 81.363282] Bluetooth: hci3: command 0x0409 tx timeout [ 81.426562] Bluetooth: hci7: command 0x0409 tx timeout [ 81.427468] Bluetooth: hci5: command 0x0409 tx timeout [ 81.427918] Bluetooth: hci6: command 0x0409 tx timeout [ 81.490250] Bluetooth: hci4: command 0x0409 tx timeout [ 83.218275] Bluetooth: hci0: command 0x041b tx timeout [ 83.282292] Bluetooth: hci2: command 0x041b tx timeout [ 83.346284] Bluetooth: hci1: command 0x041b tx timeout [ 83.410262] Bluetooth: hci3: command 0x041b tx timeout [ 83.474331] Bluetooth: hci6: command 0x041b tx timeout [ 83.474747] Bluetooth: hci5: command 0x041b tx timeout [ 83.475082] Bluetooth: hci7: command 0x041b tx timeout [ 83.538288] Bluetooth: hci4: command 0x041b tx timeout [ 85.266256] Bluetooth: hci0: command 0x040f tx timeout [ 85.330329] Bluetooth: hci2: command 0x040f tx timeout [ 85.394607] Bluetooth: hci1: command 0x040f tx timeout [ 85.458345] Bluetooth: hci3: command 0x040f tx timeout [ 85.522306] Bluetooth: hci7: command 0x040f tx timeout [ 85.522744] Bluetooth: hci5: command 0x040f tx timeout [ 85.523110] Bluetooth: hci6: command 0x040f tx timeout [ 85.586242] Bluetooth: hci4: command 0x040f tx timeout [ 87.314325] Bluetooth: hci0: command 0x0419 tx timeout [ 87.378242] Bluetooth: hci2: command 0x0419 tx timeout [ 87.442234] Bluetooth: hci1: command 0x0419 tx timeout [ 87.506244] Bluetooth: hci3: command 0x0419 tx timeout [ 87.570251] Bluetooth: hci6: command 0x0419 tx timeout [ 87.570632] Bluetooth: hci5: command 0x0419 tx timeout [ 87.570971] Bluetooth: hci7: command 0x0419 tx timeout [ 87.634247] Bluetooth: hci4: command 0x0419 tx timeout [ 131.747065] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.747684] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.749895] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 131.910382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.910967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.913956] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 132.145467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.146132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.147880] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 132.333748] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.334730] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.336440] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 132.539237] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.539847] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.541764] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 132.817889] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.819007] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.821996] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 132.880527] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.881891] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.885689] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 132.956536] audit: type=1400 audit(1667305467.146:7): avc: denied { open } for pid=3880 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 132.959037] audit: type=1400 audit(1667305467.147:8): avc: denied { kernel } for pid=3880 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 133.029740] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.030699] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.032284] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 133.229610] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.230259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.232063] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 133.399577] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.400668] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.403161] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 133.480251] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.480818] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.482465] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 133.664038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.665274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.668069] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 133.703505] hrtimer: interrupt took 33402 ns [ 133.750115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.751298] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.754163] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 133.887314] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.887973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.889336] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 133.968119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.969258] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.972515] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 134.011465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.012548] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.015465] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 134.183005] syz-executor.2 (3906) used greatest stack depth: 23248 bytes left 12:24:28 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)={0x14, 0x1e, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x14}], 0x1}, 0x0) 12:24:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x7fffffe, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) r1 = add_key$fscrypt_v1(&(0x7f00000001c0), &(0x7f0000000200)={'fscrypt:', @desc2}, &(0x7f0000000240)={0x0, "67f28f824b25d08c02eddd4d3931ff2016215f14c2fd4e4a079c98befb6485e815948411dcc1c0a111043f9ab3cd82b71275b2aad4f99fce01a0951b7bf59006"}, 0x48, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='trusted\x00', 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="6ffc25721cc9dc764319d54dac5b2ada2c5f6c9df78c125ee322784fa59e8d9ddc71996c417ec62000b6c3b9988a734588bc9336bd89d9f59d68d93b9a56c910436c7877860f050764a4d278b3711e6a88e58a1b7600a5c401c48b0f1cb5d6144d8e6c3aa7102222684bfc7c14f69dee4ab83475356a51a59b9a155244bb2e1ecab721b8f8e3924b938321b5e4334a44536eacd64ef97c4582005b866e58d9269fcbd907f32a4f7d021580305ced96f841f0c9c745610aea71374ccbd1e3", 0xbe) syz_io_uring_setup(0x22d2, &(0x7f0000000580)={0x0, 0x2799, 0x0, 0x3, 0x13}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000600), &(0x7f0000000640)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, r2, 0x0) sendfile(r0, r0, 0x0, 0x5f1) openat(r0, &(0x7f0000000000)='./file1\x00', 0x426000, 0x110) 12:24:28 executing program 5: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x163008, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xae, &(0x7f0000000180)={[{@min_batch_time}]}) 12:24:28 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) 12:24:28 executing program 3: timer_delete(0x0) 12:24:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) 12:24:28 executing program 6: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/vmstat\x00', 0x0, 0x0) r1 = fsopen(&(0x7f0000000040)='ext2\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000080)='({(\x00', 0x0, r0) 12:24:28 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$EVIOCGLED(r1, 0x80404519, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGLED(r1, 0x80404519, &(0x7f0000000240)=""/79) 12:24:29 executing program 6: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/vmstat\x00', 0x0, 0x0) r1 = fsopen(&(0x7f0000000040)='ext2\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000080)='({(\x00', 0x0, r0) 12:24:29 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) 12:24:29 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$EVIOCGLED(r1, 0x80404519, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGLED(r1, 0x80404519, &(0x7f0000000240)=""/79) [ 134.969987] EXT4-fs (sda): re-mounted. Quota mode: none. [ 134.984678] EXT4-fs (sda): re-mounted. Quota mode: none. 12:24:29 executing program 1: init_module(&(0x7f0000000300)='}+\xef\x00', 0x4, &(0x7f0000000340)='\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0) r1 = inotify_init1(0x0) r2 = dup2(r1, r0) getpid() r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x7c, r3, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x11) 12:24:29 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)={0x14, 0x1e, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x14}], 0x1}, 0x0) 12:24:29 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSW(r0, 0x4b66, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x0, "78f1d0ea76bef039f35a759cf0f1acc63c28f2"}) 12:24:29 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) 12:24:29 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$EVIOCGLED(r1, 0x80404519, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGLED(r1, 0x80404519, &(0x7f0000000240)=""/79) 12:24:29 executing program 6: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/vmstat\x00', 0x0, 0x0) r1 = fsopen(&(0x7f0000000040)='ext2\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000080)='({(\x00', 0x0, r0) 12:24:29 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) 12:24:29 executing program 5: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x163008, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xae, &(0x7f0000000180)={[{@min_batch_time}]}) 12:24:29 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)={0x14, 0x1e, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x14}], 0x1}, 0x0) 12:24:29 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$EVIOCGLED(r1, 0x80404519, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGLED(r1, 0x80404519, &(0x7f0000000240)=""/79) 12:24:29 executing program 1: init_module(&(0x7f0000000300)='}+\xef\x00', 0x4, &(0x7f0000000340)='\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0) r1 = inotify_init1(0x0) r2 = dup2(r1, r0) getpid() r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x7c, r3, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x11) 12:24:29 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x49, &(0x7f0000000180)=0x8000, 0x4) setsockopt$sock_int(r0, 0x1, 0x49, &(0x7f0000000180), 0x4) 12:24:29 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x7fffffe, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) r1 = add_key$fscrypt_v1(&(0x7f00000001c0), &(0x7f0000000200)={'fscrypt:', @desc2}, &(0x7f0000000240)={0x0, "67f28f824b25d08c02eddd4d3931ff2016215f14c2fd4e4a079c98befb6485e815948411dcc1c0a111043f9ab3cd82b71275b2aad4f99fce01a0951b7bf59006"}, 0x48, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='trusted\x00', 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="6ffc25721cc9dc764319d54dac5b2ada2c5f6c9df78c125ee322784fa59e8d9ddc71996c417ec62000b6c3b9988a734588bc9336bd89d9f59d68d93b9a56c910436c7877860f050764a4d278b3711e6a88e58a1b7600a5c401c48b0f1cb5d6144d8e6c3aa7102222684bfc7c14f69dee4ab83475356a51a59b9a155244bb2e1ecab721b8f8e3924b938321b5e4334a44536eacd64ef97c4582005b866e58d9269fcbd907f32a4f7d021580305ced96f841f0c9c745610aea71374ccbd1e3", 0xbe) syz_io_uring_setup(0x22d2, &(0x7f0000000580)={0x0, 0x2799, 0x0, 0x3, 0x13}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000600), &(0x7f0000000640)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, r2, 0x0) sendfile(r0, r0, 0x0, 0x5f1) openat(r0, &(0x7f0000000000)='./file1\x00', 0x426000, 0x110) [ 135.794930] EXT4-fs (sda): re-mounted. Quota mode: none. 12:24:30 executing program 3: init_module(&(0x7f0000000300)='}+\xef\x00', 0x4, &(0x7f0000000340)='\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0) r1 = inotify_init1(0x0) r2 = dup2(r1, r0) getpid() r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x7c, r3, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x11) 12:24:30 executing program 5: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x163008, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xae, &(0x7f0000000180)={[{@min_batch_time}]}) 12:24:30 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) 12:24:30 executing program 1: init_module(&(0x7f0000000300)='}+\xef\x00', 0x4, &(0x7f0000000340)='\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0) r1 = inotify_init1(0x0) r2 = dup2(r1, r0) getpid() r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x7c, r3, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x11) 12:24:30 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) 12:24:30 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) [ 136.051493] EXT4-fs (sda): re-mounted. Quota mode: none. 12:24:30 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) 12:24:30 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) 12:24:30 executing program 3: init_module(&(0x7f0000000300)='}+\xef\x00', 0x4, &(0x7f0000000340)='\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0) r1 = inotify_init1(0x0) r2 = dup2(r1, r0) getpid() r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x7c, r3, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x11) 12:24:30 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) 12:24:30 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x7fffffe, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) r1 = add_key$fscrypt_v1(&(0x7f00000001c0), &(0x7f0000000200)={'fscrypt:', @desc2}, &(0x7f0000000240)={0x0, "67f28f824b25d08c02eddd4d3931ff2016215f14c2fd4e4a079c98befb6485e815948411dcc1c0a111043f9ab3cd82b71275b2aad4f99fce01a0951b7bf59006"}, 0x48, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='trusted\x00', 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="6ffc25721cc9dc764319d54dac5b2ada2c5f6c9df78c125ee322784fa59e8d9ddc71996c417ec62000b6c3b9988a734588bc9336bd89d9f59d68d93b9a56c910436c7877860f050764a4d278b3711e6a88e58a1b7600a5c401c48b0f1cb5d6144d8e6c3aa7102222684bfc7c14f69dee4ab83475356a51a59b9a155244bb2e1ecab721b8f8e3924b938321b5e4334a44536eacd64ef97c4582005b866e58d9269fcbd907f32a4f7d021580305ced96f841f0c9c745610aea71374ccbd1e3", 0xbe) syz_io_uring_setup(0x22d2, &(0x7f0000000580)={0x0, 0x2799, 0x0, 0x3, 0x13}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000600), &(0x7f0000000640)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, r2, 0x0) sendfile(r0, r0, 0x0, 0x5f1) openat(r0, &(0x7f0000000000)='./file1\x00', 0x426000, 0x110) 12:24:30 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r1, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) 12:24:30 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:30 executing program 5: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x163008, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xae, &(0x7f0000000180)={[{@min_batch_time}]}) 12:24:30 executing program 6: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000240)='\x00', &(0x7f0000000300)='./file2\x00', 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat$cgroup_pressure(r1, &(0x7f0000000180)='cpu.pressure\x00', 0x2, 0x0) write$binfmt_aout(r3, &(0x7f0000000340)={{0xcc, 0x5, 0x5, 0xdd, 0x24c, 0x7ca, 0x1dc}, "4153ea8be896e502f55e270ce86a0dc9bd8e0fce0dad337feb82e33b59e65a9313390bf613013544e2a79f587bef4b2c6529f274b28816b826948d55912e6e5d0b93d9e8f68804b3ad151bbfdc6ff29988d70111c487529215ae55201124c09b2c47f2022d1184c443bf3e438916fb8a26c4a8c4599e379a2a91181d3ccbf91279978975e40645ad7e748c02edee87a648308880f9b506cf", ['\x00', '\x00']}, 0x2b8) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r2, r0, 0x0, 0xfffffdef) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000040), 0x4) 12:24:30 executing program 1: init_module(&(0x7f0000000300)='}+\xef\x00', 0x4, &(0x7f0000000340)='\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0) r1 = inotify_init1(0x0) r2 = dup2(r1, r0) getpid() r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x7c, r3, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x11) [ 136.504135] loop6: detected capacity change from 0 to 40 12:24:30 executing program 7: mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x7091, 0x0) [ 136.553995] EXT4-fs (sda): re-mounted. Quota mode: none. 12:24:30 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) [ 136.998965] syz-executor.6: attempt to access beyond end of device [ 136.998965] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 137.000636] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 138.161477] BUG: unable to handle page fault for address: ffffed100fffc000 [ 138.162133] #PF: supervisor write access in kernel mode [ 138.162607] #PF: error_code(0x0002) - not-present page [ 138.163071] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 138.165625] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 138.167493] CPU: 1 PID: 4043 Comm: syz-executor.0 Not tainted 6.1.0-rc3-next-20221101 #1 [ 138.168210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 138.168940] RIP: 0010:__memset+0x24/0x50 [ 138.169340] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 138.170918] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 138.171409] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 138.172037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 138.172663] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 138.173299] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 138.173923] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 138.174559] FS: 00007fe80ac13700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 138.175272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.175788] CR2: ffffed100fffc000 CR3: 0000000015052000 CR4: 0000000000350ee0 [ 138.176414] Call Trace: [ 138.176652] [ 138.176861] kasan_unpoison+0x23/0x60 [ 138.177213] mempool_exit+0x1c2/0x330 [ 138.177573] bioset_exit+0x2c9/0x630 [ 138.177921] ? _raw_spin_unlock_irq+0x1f/0x60 [ 138.178349] disk_release+0x143/0x490 [ 138.178701] ? disk_release+0x0/0x490 [ 138.179055] ? device_release+0x0/0x250 [ 138.179438] device_release+0xa2/0x250 [ 138.179794] ? device_release+0x0/0x250 [ 138.180161] kobject_put+0x173/0x280 [ 138.180509] put_device+0x1b/0x40 [ 138.180833] put_disk+0x41/0x60 [ 138.181144] loop_control_ioctl+0x4d1/0x630 [ 138.181541] ? loop_control_ioctl+0x0/0x630 [ 138.181937] ? __x64_sys_ioctl+0xbe/0x220 [ 138.182324] ? loop_control_ioctl+0x0/0x630 [ 138.182720] __x64_sys_ioctl+0x19a/0x220 [ 138.183099] do_syscall_64+0x3b/0xa0 [ 138.183457] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 138.183920] RIP: 0033:0x7fe80d69db19 [ 138.184257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 138.185832] RSP: 002b:00007fe80ac13188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 138.186497] RAX: ffffffffffffffda RBX: 00007fe80d7b0f60 RCX: 00007fe80d69db19 [ 138.187121] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 138.187748] RBP: 00007fe80d6f7f6d R08: 0000000000000000 R09: 0000000000000000 [ 138.188373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.188999] R13: 00007ffca719b76f R14: 00007fe80ac13300 R15: 0000000000022000 [ 138.189630] [ 138.189846] Modules linked in: [ 138.190139] CR2: ffffed100fffc000 [ 138.190449] ---[ end trace 0000000000000000 ]--- [ 138.190862] RIP: 0010:__memset+0x24/0x50 [ 138.191260] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 138.192837] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 138.193312] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 138.193939] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 138.194574] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 138.195212] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 138.195839] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 138.196470] FS: 00007fe80ac13700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 138.197181] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.197699] CR2: ffffed100fffc000 CR3: 0000000015052000 CR4: 0000000000350ee0 12:24:32 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:32 executing program 6: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000240)='\x00', &(0x7f0000000300)='./file2\x00', 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat$cgroup_pressure(r1, &(0x7f0000000180)='cpu.pressure\x00', 0x2, 0x0) write$binfmt_aout(r3, &(0x7f0000000340)={{0xcc, 0x5, 0x5, 0xdd, 0x24c, 0x7ca, 0x1dc}, "4153ea8be896e502f55e270ce86a0dc9bd8e0fce0dad337feb82e33b59e65a9313390bf613013544e2a79f587bef4b2c6529f274b28816b826948d55912e6e5d0b93d9e8f68804b3ad151bbfdc6ff29988d70111c487529215ae55201124c09b2c47f2022d1184c443bf3e438916fb8a26c4a8c4599e379a2a91181d3ccbf91279978975e40645ad7e748c02edee87a648308880f9b506cf", ['\x00', '\x00']}, 0x2b8) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r2, r0, 0x0, 0xfffffdef) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000040), 0x4) 12:24:32 executing program 4: syz_emit_ethernet(0x8b, &(0x7f0000000000)={@multicast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '#\x00\b', 0x55, 0x2c, 0x0, @local, @local, {[@routing={0x88}], {0x0, 0x0, 0x7, 0x0, @opaque="bd4c908e01433afa20804a2b340fe4e5cd7642eb2d27348ad808ec06894b4ed2afe8397426f0f14f6f85c5dad0f91a6982d532fc743ee341184631719122187ed5e08cf13a"}}}}}}, 0x0) 12:24:32 executing program 5: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x4d031, 0xffffffffffffffff, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f00000000c0)=""/162, 0xa2) 12:24:32 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:32 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$security_selinux(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480), &(0x7f00000004c0)='system_u:object_r:policy_config_t:s0\x00', 0x25, 0x0) 12:24:32 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) execve(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) 12:24:32 executing program 3: init_module(&(0x7f0000000300)='}+\xef\x00', 0x4, &(0x7f0000000340)='\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0) r1 = inotify_init1(0x0) r2 = dup2(r1, r0) getpid() r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x7c, r3, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x11) [ 138.261156] loop6: detected capacity change from 0 to 40 [ 138.292256] loop1: detected capacity change from 0 to 40 [ 138.315509] process 'syz-executor.1' launched './file1' with NULL argv: empty string added 12:24:32 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:32 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) execve(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) 12:24:32 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$security_selinux(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480), &(0x7f00000004c0)='system_u:object_r:policy_config_t:s0\x00', 0x25, 0x0) 12:24:32 executing program 4: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:32 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$security_selinux(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480), &(0x7f00000004c0)='system_u:object_r:policy_config_t:s0\x00', 0x25, 0x0) 12:24:32 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:32 executing program 3: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:32 executing program 4: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:32 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0) setxattr$security_selinux(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480), &(0x7f00000004c0)='system_u:object_r:policy_config_t:s0\x00', 0x25, 0x0) [ 138.778619] BUG: unable to handle page fault for address: ffffed100fffc000 [ 138.779292] #PF: supervisor write access in kernel mode [ 138.779762] #PF: error_code(0x0002) - not-present page [ 138.780223] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 138.780827] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI [ 138.781276] CPU: 1 PID: 4101 Comm: syz-executor.5 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 138.782107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 138.782831] RIP: 0010:__memset+0x24/0x50 [ 138.783226] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 138.784808] RSP: 0018:ffff888041dd7cc0 EFLAGS: 00010212 [ 138.785282] RAX: 0000000000000000 RBX: ffff88800c037240 RCX: 1ffffe21fe602471 [ 138.785909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 138.786542] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e48 [ 138.787170] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 138.787811] R13: ffff88800c037240 R14: ffffffff815f2620 R15: 1ffff110011ac81f [ 138.788440] FS: 00007f89a790d700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 138.789148] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.789667] CR2: ffffed100fffc000 CR3: 0000000013d32000 CR4: 0000000000350ee0 [ 138.790301] Call Trace: [ 138.790538] [ 138.790748] kasan_unpoison+0x23/0x60 [ 138.791101] mempool_exit+0x1c2/0x330 [ 138.791464] bioset_exit+0x2c9/0x630 [ 138.791810] ? _raw_spin_unlock_irq+0x1f/0x60 [ 138.792237] disk_release+0x143/0x490 [ 138.792590] ? disk_release+0x0/0x490 [ 138.792941] ? device_release+0x0/0x250 [ 138.793301] device_release+0xa2/0x250 [ 138.793657] ? device_release+0x0/0x250 [ 138.794019] kobject_put+0x173/0x280 [ 138.794369] put_device+0x1b/0x40 [ 138.794691] put_disk+0x41/0x60 [ 138.795001] loop_control_ioctl+0x4d1/0x630 [ 138.795400] ? loop_control_ioctl+0x0/0x630 [ 138.795793] ? selinux_file_ioctl+0xb1/0x270 [ 138.796211] ? loop_control_ioctl+0x0/0x630 [ 138.796606] __x64_sys_ioctl+0x19a/0x220 [ 138.796984] do_syscall_64+0x3b/0xa0 [ 138.797333] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 138.797798] RIP: 0033:0x7f89aa3b8b19 [ 138.798134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 138.799717] RSP: 002b:00007f89a790d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 138.800382] RAX: ffffffffffffffda RBX: 00007f89aa4cc020 RCX: 00007f89aa3b8b19 [ 138.801003] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000005 [ 138.801627] RBP: 00007f89aa412f6d R08: 0000000000000000 R09: 0000000000000000 [ 138.802253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.802885] R13: 00007ffec7bee44f R14: 00007f89a790d300 R15: 0000000000022000 [ 138.803522] [ 138.803736] Modules linked in: [ 138.804031] CR2: ffffed100fffc000 [ 138.804343] ---[ end trace 0000000000000000 ]--- [ 138.804756] RIP: 0010:__memset+0x24/0x50 [ 138.805139] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 138.806700] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 138.807167] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 138.807794] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 138.808421] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 138.809039] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 138.809661] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 138.810279] FS: 00007f89a790d700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 138.810981] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.811508] CR2: ffffed100fffc000 CR3: 0000000013d32000 CR4: 0000000000350ee0 [ 139.071301] BUG: unable to handle page fault for address: ffffed100fffc000 [ 139.072032] #PF: supervisor write access in kernel mode [ 139.072538] #PF: error_code(0x0002) - not-present page [ 139.073042] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 139.073703] Oops: 0002 [#3] PREEMPT SMP KASAN NOPTI [ 139.074191] CPU: 1 PID: 4086 Comm: syz-executor.0 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 139.075100] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 139.075897] RIP: 0010:__memset+0x24/0x50 [ 139.076324] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 139.078047] RSP: 0018:ffff888040c47cc0 EFLAGS: 00010212 [ 139.078565] RAX: 0000000000000000 RBX: ffff88800c0373c0 RCX: 1ffffe21fe602477 [ 139.079256] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 139.079945] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e78 [ 139.080625] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 139.081309] R13: ffff88800c0373c0 R14: ffffffff815f2620 R15: 1ffff110011ae81f [ 139.081995] FS: 00007fe80ac13700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 139.082766] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.083342] CR2: ffffed100fffc000 CR3: 0000000016a46000 CR4: 0000000000350ee0 [ 139.084043] Call Trace: [ 139.084300] [ 139.084527] kasan_unpoison+0x23/0x60 [ 139.084913] mempool_exit+0x1c2/0x330 [ 139.085305] bioset_exit+0x2c9/0x630 [ 139.085687] disk_release+0x143/0x490 [ 139.086074] ? disk_release+0x0/0x490 [ 139.086456] ? device_release+0x0/0x250 [ 139.086859] device_release+0xa2/0x250 [ 139.087254] ? device_release+0x0/0x250 [ 139.087647] kobject_put+0x173/0x280 [ 139.088028] put_device+0x1b/0x40 [ 139.088372] put_disk+0x41/0x60 [ 139.088707] loop_control_ioctl+0x4d1/0x630 [ 139.089133] ? loop_control_ioctl+0x0/0x630 [ 139.089556] ? selinux_file_ioctl+0xb1/0x270 [ 139.089995] ? __fget_files+0x27b/0x460 [ 139.090393] ? loop_control_ioctl+0x0/0x630 [ 139.090814] __x64_sys_ioctl+0x19a/0x220 [ 139.091231] do_syscall_64+0x3b/0xa0 [ 139.091606] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 139.092101] RIP: 0033:0x7fe80d69db19 [ 139.092463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 139.094142] RSP: 002b:00007fe80ac13188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 139.094858] RAX: ffffffffffffffda RBX: 00007fe80d7b0f60 RCX: 00007fe80d69db19 [ 139.095528] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000005 [ 139.096203] RBP: 00007fe80d6f7f6d R08: 0000000000000000 R09: 0000000000000000 [ 139.096868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 139.097535] R13: 00007ffca719b76f R14: 00007fe80ac13300 R15: 0000000000022000 [ 139.098213] [ 139.098439] Modules linked in: [ 139.098750] CR2: ffffed100fffc000 [ 139.099082] ---[ end trace 0000000000000000 ]--- [ 139.099529] RIP: 0010:__memset+0x24/0x50 [ 139.099931] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 139.101612] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 139.102109] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 139.102771] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 139.103448] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 139.104127] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 139.104792] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 139.105463] FS: 00007fe80ac13700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 139.106223] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.106767] CR2: ffffed100fffc000 CR3: 0000000016a46000 CR4: 0000000000350ee0 [ 139.345962] BUG: unable to handle page fault for address: ffffed100fffc000 [ 139.346615] #PF: supervisor write access in kernel mode [ 139.347073] #PF: error_code(0x0002) - not-present page [ 139.347518] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 139.348090] Oops: 0002 [#4] PREEMPT SMP KASAN NOPTI [ 139.348518] CPU: 1 PID: 4107 Comm: syz-executor.3 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 139.349319] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 139.350008] RIP: 0010:__memset+0x24/0x50 [ 139.350379] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 139.351913] RSP: 0018:ffff888041e8fcc0 EFLAGS: 00010212 [ 139.352371] RAX: 0000000000000000 RBX: ffff88800c037540 RCX: 1ffffe21fe60247d [ 139.352975] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 139.353575] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806ea8 [ 139.354178] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 139.354787] R13: ffff88800c037540 R14: ffffffff815f2620 R15: 1ffff110011ae01f [ 139.355390] FS: 00007f067f144700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 139.356070] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.356569] CR2: ffffed100fffc000 CR3: 000000003ffd0000 CR4: 0000000000350ee0 [ 139.357177] Call Trace: [ 139.357407] [ 139.357609] kasan_unpoison+0x23/0x60 [ 139.357947] mempool_exit+0x1c2/0x330 [ 139.358293] bioset_exit+0x2c9/0x630 [ 139.358636] disk_release+0x143/0x490 [ 139.358976] ? disk_release+0x0/0x490 [ 139.359325] ? device_release+0x0/0x250 [ 139.359672] device_release+0xa2/0x250 [ 139.360013] ? device_release+0x0/0x250 [ 139.360369] kobject_put+0x173/0x280 [ 139.360702] put_device+0x1b/0x40 [ 139.361016] put_disk+0x41/0x60 [ 139.361315] loop_control_ioctl+0x4d1/0x630 [ 139.361699] ? loop_control_ioctl+0x0/0x630 [ 139.362079] ? selinux_file_ioctl+0xb1/0x270 [ 139.362476] ? loop_control_ioctl+0x0/0x630 [ 139.362858] __x64_sys_ioctl+0x19a/0x220 [ 139.363226] do_syscall_64+0x3b/0xa0 [ 139.363563] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 139.364008] RIP: 0033:0x7f0681bceb19 [ 139.364333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 139.365841] RSP: 002b:00007f067f144188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 139.366478] RAX: ffffffffffffffda RBX: 00007f0681ce1f60 RCX: 00007f0681bceb19 [ 139.367067] RDX: 0000000000000003 RSI: 0000000000004c81 RDI: 0000000000000005 [ 139.367671] RBP: 00007f0681c28f6d R08: 0000000000000000 R09: 0000000000000000 [ 139.368268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 139.368875] R13: 00007ffc3f4b9fef R14: 00007f067f144300 R15: 0000000000022000 [ 139.369482] [ 139.369686] Modules linked in: [ 139.369965] CR2: ffffed100fffc000 [ 139.370267] ---[ end trace 0000000000000000 ]--- [ 139.370664] RIP: 0010:__memset+0x24/0x50 [ 139.371034] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 139.372557] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 139.373010] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 139.373612] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 139.374208] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 139.374808] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 139.375409] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 139.376008] FS: 00007f067f144700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 139.376676] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.377171] CR2: ffffed100fffc000 CR3: 000000003ffd0000 CR4: 0000000000350ee0 [ 139.673820] BUG: unable to handle page fault for address: ffffed100fffc000 [ 139.674638] #PF: supervisor write access in kernel mode [ 139.675256] #PF: error_code(0x0002) - not-present page [ 139.675835] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 139.676590] Oops: 0002 [#5] PREEMPT SMP KASAN NOPTI [ 139.677143] CPU: 0 PID: 4112 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 139.678170] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 139.679081] RIP: 0010:__memset+0x24/0x50 [ 139.679572] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 139.681538] RSP: 0018:ffff88804169fcc0 EFLAGS: 00010212 [ 139.682129] RAX: 0000000000000000 RBX: ffff88800c0376c0 RCX: 1ffffe21fe602483 [ 139.682933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 139.683720] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806ed8 [ 139.684500] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 139.685286] R13: ffff88800c0376c0 R14: ffffffff815f2620 R15: 1ffff11001114e1f [ 139.686074] FS: 00007f6e4923b700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 139.686957] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.687616] CR2: ffffed100fffc000 CR3: 00000000191dc000 CR4: 0000000000350ef0 [ 139.688396] Call Trace: [ 139.688691] [ 139.688952] kasan_unpoison+0x23/0x60 [ 139.689390] mempool_exit+0x1c2/0x330 [ 139.689838] bioset_exit+0x2c9/0x630 [ 139.690268] ? _raw_spin_unlock+0x24/0x50 [ 139.690748] ? blkg_destroy_all.isra.0+0x157/0x230 [ 139.691325] disk_release+0x143/0x490 [ 139.691767] ? disk_release+0x0/0x490 [ 139.692214] ? device_release+0x0/0x250 [ 139.692666] device_release+0xa2/0x250 [ 139.693109] ? device_release+0x0/0x250 [ 139.693567] kobject_put+0x173/0x280 [ 139.694003] put_device+0x1b/0x40 [ 139.694411] put_disk+0x41/0x60 [ 139.694800] loop_control_ioctl+0x4d1/0x630 [ 139.695311] ? loop_control_ioctl+0x0/0x630 [ 139.695801] ? selinux_file_ioctl+0xb1/0x270 [ 139.696325] ? loop_control_ioctl+0x0/0x630 [ 139.696832] __x64_sys_ioctl+0x19a/0x220 [ 139.697306] do_syscall_64+0x3b/0xa0 [ 139.697751] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 139.698329] RIP: 0033:0x7f6e4bcc5b19 [ 139.698752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 139.700751] RSP: 002b:00007f6e4923b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 139.701586] RAX: ffffffffffffffda RBX: 00007f6e4bdd8f60 RCX: 00007f6e4bcc5b19 [ 139.702384] RDX: 0000000000000004 RSI: 0000000000004c81 RDI: 0000000000000005 [ 139.703164] RBP: 00007f6e4bd1ff6d R08: 0000000000000000 R09: 0000000000000000 [ 139.703966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 139.704746] R13: 00007ffff67bdaff R14: 00007f6e4923b300 R15: 0000000000022000 [ 139.705547] [ 139.705817] Modules linked in: [ 139.706189] CR2: ffffed100fffc000 [ 139.706578] ---[ end trace 0000000000000000 ]--- [ 139.707097] RIP: 0010:__memset+0x24/0x50 [ 139.707581] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 139.709575] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 139.710165] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 139.710949] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 139.711752] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 139.712545] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 139.713322] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 139.714108] FS: 00007f6e4923b700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 139.714989] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.715635] CR2: ffffed100fffc000 CR3: 00000000191dc000 CR4: 0000000000350ef0 12:24:33 executing program 3: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:33 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:33 executing program 6: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000240)='\x00', &(0x7f0000000300)='./file2\x00', 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat$cgroup_pressure(r1, &(0x7f0000000180)='cpu.pressure\x00', 0x2, 0x0) write$binfmt_aout(r3, &(0x7f0000000340)={{0xcc, 0x5, 0x5, 0xdd, 0x24c, 0x7ca, 0x1dc}, "4153ea8be896e502f55e270ce86a0dc9bd8e0fce0dad337feb82e33b59e65a9313390bf613013544e2a79f587bef4b2c6529f274b28816b826948d55912e6e5d0b93d9e8f68804b3ad151bbfdc6ff29988d70111c487529215ae55201124c09b2c47f2022d1184c443bf3e438916fb8a26c4a8c4599e379a2a91181d3ccbf91279978975e40645ad7e748c02edee87a648308880f9b506cf", ['\x00', '\x00']}, 0x2b8) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r2, r0, 0x0, 0xfffffdef) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000040), 0x4) 12:24:33 executing program 4: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:33 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:33 executing program 2: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:33 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) execve(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) 12:24:33 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) [ 139.797758] loop6: detected capacity change from 0 to 40 12:24:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) execve(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) 12:24:34 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:34 executing program 2: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) [ 140.106023] BUG: unable to handle page fault for address: ffffed100fffc000 [ 140.106752] #PF: supervisor write access in kernel mode [ 140.107282] #PF: error_code(0x0002) - not-present page [ 140.107797] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 140.108468] Oops: 0002 [#6] PREEMPT SMP KASAN NOPTI [ 140.108964] CPU: 0 PID: 4154 Comm: syz-executor.3 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 140.109893] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 140.110696] RIP: 0010:__memset+0x24/0x50 [ 140.111133] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 140.112923] RSP: 0018:ffff888042607cc0 EFLAGS: 00010212 [ 140.113452] RAX: 0000000000000000 RBX: ffff88800c037840 RCX: 1ffffe21fe602489 [ 140.114152] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 140.114850] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806f08 [ 140.115555] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 140.116249] R13: ffff88800c037840 R14: ffffffff815f2620 R15: 1ffff11001114a1f [ 140.116952] FS: 00007f067f123700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 140.117742] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.118315] CR2: ffffed100fffc000 CR3: 000000003fe76000 CR4: 0000000000350ef0 [ 140.119017] Call Trace: [ 140.119295] [ 140.119551] kasan_unpoison+0x23/0x60 [ 140.119940] mempool_exit+0x1c2/0x330 [ 140.120331] bioset_exit+0x2c9/0x630 [ 140.120715] ? _raw_spin_unlock_irq+0x1f/0x60 [ 140.121178] disk_release+0x143/0x490 [ 140.121569] ? disk_release+0x0/0x490 [ 140.121958] ? device_release+0x0/0x250 [ 140.122358] device_release+0xa2/0x250 [ 140.122751] ? device_release+0x0/0x250 [ 140.123151] kobject_put+0x173/0x280 [ 140.123550] put_device+0x1b/0x40 [ 140.123906] put_disk+0x41/0x60 [ 140.124249] loop_control_ioctl+0x4d1/0x630 [ 140.124689] ? loop_control_ioctl+0x0/0x630 [ 140.125125] ? selinux_file_ioctl+0xb1/0x270 [ 140.125582] ? loop_control_ioctl+0x0/0x630 [ 140.126019] __x64_sys_ioctl+0x19a/0x220 [ 140.126437] do_syscall_64+0x3b/0xa0 [ 140.126822] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 140.127343] RIP: 0033:0x7f0681bceb19 [ 140.127713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 140.129457] RSP: 002b:00007f067f123188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 140.130201] RAX: ffffffffffffffda RBX: 00007f0681ce2020 RCX: 00007f0681bceb19 [ 140.130897] RDX: 0000000000000005 RSI: 0000000000004c81 RDI: 0000000000000005 [ 140.131593] RBP: 00007f0681c28f6d R08: 0000000000000000 R09: 0000000000000000 [ 140.132287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 140.132978] R13: 00007ffc3f4b9fef R14: 00007f067f123300 R15: 0000000000022000 [ 140.133687] [ 140.133926] Modules linked in: [ 140.134250] CR2: ffffed100fffc000 [ 140.134596] ---[ end trace 0000000000000000 ]--- [ 140.135055] RIP: 0010:__memset+0x24/0x50 [ 140.135503] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 140.137249] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 140.137776] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 140.138471] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 140.139160] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 140.139859] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 140.140551] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 140.141252] FS: 00007f067f123700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 140.142041] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.142620] CR2: ffffed100fffc000 CR3: 000000003fe76000 CR4: 0000000000350ef0 12:24:34 executing program 1: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:34 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) [ 140.267697] syz-executor.6: attempt to access beyond end of device [ 140.267697] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 140.268866] Buffer I/O error on dev loop6, logical block 10, lost async page write 12:24:34 executing program 0: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:34 executing program 7: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000240)='\x00', &(0x7f0000000300)='./file2\x00', 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat$cgroup_pressure(r1, &(0x7f0000000180)='cpu.pressure\x00', 0x2, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r2, r0, 0x0, 0xfffffdef) 12:24:36 executing program 6: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000240)='\x00', &(0x7f0000000300)='./file2\x00', 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat$cgroup_pressure(r1, &(0x7f0000000180)='cpu.pressure\x00', 0x2, 0x0) write$binfmt_aout(r3, &(0x7f0000000340)={{0xcc, 0x5, 0x5, 0xdd, 0x24c, 0x7ca, 0x1dc}, "4153ea8be896e502f55e270ce86a0dc9bd8e0fce0dad337feb82e33b59e65a9313390bf613013544e2a79f587bef4b2c6529f274b28816b826948d55912e6e5d0b93d9e8f68804b3ad151bbfdc6ff29988d70111c487529215ae55201124c09b2c47f2022d1184c443bf3e438916fb8a26c4a8c4599e379a2a91181d3ccbf91279978975e40645ad7e748c02edee87a648308880f9b506cf", ['\x00', '\x00']}, 0x2b8) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r2, r0, 0x0, 0xfffffdef) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000040), 0x4) [ 142.701475] loop6: detected capacity change from 0 to 40 12:24:36 executing program 3: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:36 executing program 1: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) [ 142.779489] syz-executor.6: attempt to access beyond end of device [ 142.779489] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 142.780888] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 142.826148] BUG: unable to handle page fault for address: ffffed100fffc000 [ 142.827020] #PF: supervisor write access in kernel mode [ 142.827676] #PF: error_code(0x0002) - not-present page [ 142.828296] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 142.829119] Oops: 0002 [#7] PREEMPT SMP KASAN NOPTI [ 142.829734] CPU: 0 PID: 4162 Comm: syz-executor.2 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 142.830886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 142.831879] RIP: 0010:__memset+0x24/0x50 [ 142.832406] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 142.834505] RSP: 0018:ffff888042897cc0 EFLAGS: 00010212 [ 142.835146] RAX: 0000000000000000 RBX: ffff88800c037b40 RCX: 1ffffe21fe602495 [ 142.835996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 142.836833] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806f68 [ 142.837679] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 142.838526] R13: ffff88800c037b40 R14: ffffffff815f2620 R15: 1ffff110011b1a1f [ 142.839389] FS: 00007ff70fb58700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 142.840329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.841023] CR2: ffffed100fffc000 CR3: 000000001506c000 CR4: 0000000000350ef0 [ 142.841863] Call Trace: [ 142.842186] [ 142.842469] kasan_unpoison+0x23/0x60 [ 142.842945] mempool_exit+0x1c2/0x330 [ 142.843435] bioset_exit+0x2c9/0x630 [ 142.843919] ? _raw_spin_unlock_irq+0x1f/0x60 [ 142.844502] disk_release+0x143/0x490 [ 142.844983] ? disk_release+0x0/0x490 [ 142.845458] ? device_release+0x0/0x250 [ 142.845961] device_release+0xa2/0x250 [ 142.846445] ? device_release+0x0/0x250 [ 142.846929] kobject_put+0x173/0x280 [ 142.847404] put_device+0x1b/0x40 [ 142.847835] put_disk+0x41/0x60 [ 142.848258] loop_control_ioctl+0x4d1/0x630 [ 142.848797] ? loop_control_ioctl+0x0/0x630 [ 142.849337] ? selinux_file_ioctl+0xb1/0x270 [ 142.849907] ? loop_control_ioctl+0x0/0x630 [ 142.850457] __x64_sys_ioctl+0x19a/0x220 [ 142.850975] do_syscall_64+0x3b/0xa0 [ 142.851477] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 142.852134] RIP: 0033:0x7ff7125e2b19 [ 142.852616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 142.854757] RSP: 002b:00007ff70fb58188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 142.855686] RAX: ffffffffffffffda RBX: 00007ff7126f5f60 RCX: 00007ff7125e2b19 [ 142.856543] RDX: 0000000000000007 RSI: 0000000000004c81 RDI: 0000000000000005 [ 142.857401] RBP: 00007ff71263cf6d R08: 0000000000000000 R09: 0000000000000000 [ 142.858270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 142.859147] R13: 00007ffc6ed8a61f R14: 00007ff70fb58300 R15: 0000000000022000 [ 142.860019] [ 142.860315] Modules linked in: [ 142.860718] CR2: ffffed100fffc000 [ 142.861147] ---[ end trace 0000000000000000 ]--- [ 142.861741] RIP: 0010:__memset+0x24/0x50 [ 142.862271] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 142.864472] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 142.865142] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 142.866034] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 142.866928] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 142.867841] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 142.868737] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 142.869626] FS: 00007ff70fb58700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 142.870625] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.871369] CR2: ffffed100fffc000 CR3: 000000001506c000 CR4: 0000000000350ef0 [ 142.918173] BUG: unable to handle page fault for address: ffffed100fffc000 [ 142.919050] #PF: supervisor write access in kernel mode [ 142.919719] #PF: error_code(0x0002) - not-present page [ 142.920363] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 142.921194] Oops: 0002 [#8] PREEMPT SMP KASAN NOPTI [ 142.921814] CPU: 0 PID: 4176 Comm: syz-executor.0 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 142.922950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 142.923967] RIP: 0010:__memset+0x24/0x50 [ 142.924491] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 142.926654] RSP: 0018:ffff8880429d7cc0 EFLAGS: 00010212 [ 142.927338] RAX: 0000000000000000 RBX: ffff88800b738540 RCX: 1ffffe21fe5de4bd [ 142.928240] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 142.929136] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed10016e70a8 [ 142.930044] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 142.930942] R13: ffff88800b738540 R14: ffffffff815f2620 R15: 1ffff110082af81f [ 142.931846] FS: 00007fe80abf2700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 142.932857] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.933599] CR2: ffffed100fffc000 CR3: 000000001e970000 CR4: 0000000000350ef0 [ 142.934504] Call Trace: [ 142.934844] [ 142.935145] kasan_unpoison+0x23/0x60 [ 142.935668] mempool_exit+0x1c2/0x330 [ 142.936179] bioset_exit+0x2c9/0x630 [ 142.936681] ? _raw_spin_unlock_irq+0x1f/0x60 [ 142.937292] disk_release+0x143/0x490 [ 142.937798] ? disk_release+0x0/0x490 [ 142.938297] ? device_release+0x0/0x250 [ 142.938819] device_release+0xa2/0x250 [ 142.939340] ? device_release+0x0/0x250 [ 142.939866] kobject_put+0x173/0x280 [ 142.940358] put_device+0x1b/0x40 [ 142.940823] put_disk+0x41/0x60 [ 142.941269] loop_control_ioctl+0x4d1/0x630 [ 142.941841] ? loop_control_ioctl+0x0/0x630 [ 142.942399] ? selinux_file_ioctl+0xb1/0x270 [ 142.942995] ? loop_control_ioctl+0x0/0x630 [ 142.943592] __x64_sys_ioctl+0x19a/0x220 [ 142.944138] do_syscall_64+0x3b/0xa0 [ 142.944644] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 142.945323] RIP: 0033:0x7fe80d69db19 [ 142.945809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 142.948066] RSP: 002b:00007fe80abf2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 142.949275] RAX: ffffffffffffffda RBX: 00007fe80d7b1020 RCX: 00007fe80d69db19 [ 142.950400] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000005 [ 142.951552] RBP: 00007fe80d6f7f6d R08: 0000000000000000 R09: 0000000000000000 [ 142.952690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 142.953807] R13: 00007ffca719b76f R14: 00007fe80abf2300 R15: 0000000000022000 [ 142.954894] [ 142.955279] Modules linked in: [ 142.955796] CR2: ffffed100fffc000 [ 142.956331] ---[ end trace 0000000000000000 ]--- [ 142.957054] RIP: 0010:__memset+0x24/0x50 [ 142.957703] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 142.960542] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 142.961379] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 142.962500] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 142.963616] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 142.964726] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 142.965843] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 142.966958] FS: 00007fe80abf2700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 142.968224] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.969139] CR2: ffffed100fffc000 CR3: 000000001e970000 CR4: 0000000000350ef0 12:24:37 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:37 executing program 7: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000240)='\x00', &(0x7f0000000300)='./file2\x00', 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat$cgroup_pressure(r1, &(0x7f0000000180)='cpu.pressure\x00', 0x2, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r2, r0, 0x0, 0xfffffdef) 12:24:37 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:37 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) [ 143.250577] BUG: unable to handle page fault for address: ffffed100fffc000 [ 143.251380] #PF: supervisor write access in kernel mode [ 143.251927] #PF: error_code(0x0002) - not-present page [ 143.252460] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 143.253156] Oops: 0002 [#9] PREEMPT SMP KASAN NOPTI [ 143.253671] CPU: 1 PID: 4188 Comm: syz-executor.1 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 143.254635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 143.255483] RIP: 0010:__memset+0x24/0x50 [ 143.255940] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 143.257787] RSP: 0018:ffff8880160dfcc0 EFLAGS: 00010212 [ 143.258344] RAX: 0000000000000000 RBX: ffff88800b7383c0 RCX: 1ffffe21fe5de4b7 [ 143.259077] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 143.259817] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed10016e7078 [ 143.260548] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 143.261275] R13: ffff88800b7383c0 R14: ffffffff815f2620 R15: 1ffff110082af41f [ 143.262007] FS: 00007fc9e0ae8700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 143.262832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.263455] CR2: ffffed100fffc000 CR3: 0000000016896000 CR4: 0000000000350ee0 [ 143.264188] Call Trace: [ 143.264464] [ 143.264709] kasan_unpoison+0x23/0x60 [ 143.265119] mempool_exit+0x1c2/0x330 [ 143.265537] bioset_exit+0x2c9/0x630 [ 143.265951] disk_release+0x143/0x490 [ 143.266365] ? disk_release+0x0/0x490 [ 143.266771] ? device_release+0x0/0x250 [ 143.267197] device_release+0xa2/0x250 [ 143.267615] ? device_release+0x0/0x250 [ 143.268042] kobject_put+0x173/0x280 [ 143.268446] put_device+0x1b/0x40 [ 143.268831] put_disk+0x41/0x60 [ 143.269196] loop_control_ioctl+0x4d1/0x630 [ 143.269657] ? loop_control_ioctl+0x0/0x630 [ 143.270118] ? selinux_file_ioctl+0xb1/0x270 [ 143.270600] ? security_file_ioctl+0x56/0xc0 [ 143.271067] ? loop_control_ioctl+0x0/0x630 [ 143.271544] __x64_sys_ioctl+0x19a/0x220 [ 143.271987] do_syscall_64+0x3b/0xa0 [ 143.272400] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 143.272942] RIP: 0033:0x7fc9e3572b19 [ 143.273337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 143.275193] RSP: 002b:00007fc9e0ae8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 143.275978] RAX: ffffffffffffffda RBX: 00007fc9e3685f60 RCX: 00007fc9e3572b19 [ 143.276709] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 143.277436] RBP: 00007fc9e35ccf6d R08: 0000000000000000 R09: 0000000000000000 [ 143.278166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 143.278910] R13: 00007ffe2c2c101f R14: 00007fc9e0ae8300 R15: 0000000000022000 [ 143.279680] [ 143.279931] Modules linked in: [ 143.280277] CR2: ffffed100fffc000 [ 143.280640] ---[ end trace 0000000000000000 ]--- [ 143.281130] RIP: 0010:__memset+0x24/0x50 [ 143.281595] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 143.283443] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 143.283998] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 143.284739] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 143.285475] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 143.286208] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 143.286944] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 143.287695] FS: 00007fc9e0ae8700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 143.288525] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.289125] CR2: ffffed100fffc000 CR3: 0000000016896000 CR4: 0000000000350ee0 [ 145.709486] BUG: unable to handle page fault for address: ffffed100fffc000 [ 145.710203] #PF: supervisor write access in kernel mode [ 145.710698] #PF: error_code(0x0002) - not-present page [ 145.711186] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 145.711840] Oops: 0002 [#10] PREEMPT SMP KASAN NOPTI [ 145.712320] CPU: 0 PID: 4191 Comm: syz-executor.3 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 145.713197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 145.713962] RIP: 0010:__memset+0x24/0x50 [ 145.714376] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 145.716047] RSP: 0018:ffff888042c17cc0 EFLAGS: 00010212 [ 145.716545] RAX: 0000000000000000 RBX: ffff88800c0379c0 RCX: 1ffffe21fe60248f [ 145.717209] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 145.717871] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806f38 [ 145.718540] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 145.719207] R13: ffff88800c0379c0 R14: ffffffff815f2620 R15: 1ffff1100111461f [ 145.719891] FS: 00007f067f144700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 145.720638] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.721188] CR2: ffffed100fffc000 CR3: 000000003fe76000 CR4: 0000000000350ef0 [ 145.721857] Call Trace: [ 145.722108] [ 145.722334] kasan_unpoison+0x23/0x60 [ 145.722709] mempool_exit+0x1c2/0x330 [ 145.723090] bioset_exit+0x2c9/0x630 [ 145.723471] disk_release+0x143/0x490 [ 145.723849] ? disk_release+0x0/0x490 [ 145.724228] ? device_release+0x0/0x250 [ 145.724615] device_release+0xa2/0x250 [ 145.724995] ? device_release+0x0/0x250 [ 145.725382] kobject_put+0x173/0x280 [ 145.725754] put_device+0x1b/0x40 [ 145.726098] put_disk+0x41/0x60 [ 145.726430] loop_control_ioctl+0x4d1/0x630 [ 145.726853] ? loop_control_ioctl+0x0/0x630 [ 145.727280] ? selinux_file_ioctl+0xb1/0x270 [ 145.727738] ? loop_control_ioctl+0x0/0x630 [ 145.728164] __x64_sys_ioctl+0x19a/0x220 [ 145.728567] do_syscall_64+0x3b/0xa0 [ 145.728942] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 145.729441] RIP: 0033:0x7f0681bceb19 [ 145.729802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 145.731468] RSP: 002b:00007f067f144188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 145.732176] RAX: ffffffffffffffda RBX: 00007f0681ce1f60 RCX: 00007f0681bceb19 [ 145.732838] RDX: 0000000000000006 RSI: 0000000000004c81 RDI: 0000000000000005 [ 145.733504] RBP: 00007f0681c28f6d R08: 0000000000000000 R09: 0000000000000000 [ 145.734164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 145.734830] R13: 00007ffc3f4b9fef R14: 00007f067f144300 R15: 0000000000022000 [ 145.735515] [ 145.735745] Modules linked in: [ 145.736056] CR2: ffffed100fffc000 [ 145.736384] ---[ end trace 0000000000000000 ]--- [ 145.736827] RIP: 0010:__memset+0x24/0x50 [ 145.737241] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 145.738895] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 145.739413] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 145.740074] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 145.740737] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 145.741406] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 145.742070] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 145.742735] FS: 00007f067f144700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 145.743498] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.744045] CR2: ffffed100fffc000 CR3: 000000003fe76000 CR4: 0000000000350ef0 12:24:39 executing program 7: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000240)='\x00', &(0x7f0000000300)='./file2\x00', 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat$cgroup_pressure(r1, &(0x7f0000000180)='cpu.pressure\x00', 0x2, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r2, r0, 0x0, 0xfffffdef) 12:24:39 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:39 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:39 executing program 2: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:39 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:39 executing program 1: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff6000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x2}, 0x0, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd272}, 0x0, 0xe, r0, 0xc) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0xa498, 0x2, 0x9, 0x6f9b, 0x6, 0x7f}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x4010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) r4 = shmget$private(0x0, 0x14000, 0x78000000, &(0x7f0000fe7000/0x14000)=nil) shmat(r4, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r4, &(0x7f0000ff7000/0x1000)=nil, 0x3000) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 12:24:39 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:40 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) [ 146.054870] BUG: unable to handle page fault for address: ffffed100fffc000 [ 146.055616] #PF: supervisor write access in kernel mode [ 146.056154] #PF: error_code(0x0002) - not-present page [ 146.056668] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 146.057332] Oops: 0002 [#11] PREEMPT SMP KASAN NOPTI [ 146.057838] CPU: 1 PID: 4239 Comm: syz-executor.1 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 146.058747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 146.059555] RIP: 0010:__memset+0x24/0x50 [ 146.059978] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 146.061700] RSP: 0018:ffff888041537cc0 EFLAGS: 00010212 [ 146.062217] RAX: 0000000000000000 RBX: ffff88800b7386c0 RCX: 1ffffe21fe5de4c3 [ 146.062906] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 146.063588] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed10016e70d8 [ 146.064267] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 146.064959] R13: ffff88800b7386c0 R14: ffffffff815f2620 R15: 1ffff11002ed001f [ 146.065644] FS: 00007fc9e0ac7700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 146.066414] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.066971] CR2: ffffed100fffc000 CR3: 000000001949a000 CR4: 0000000000350ee0 [ 146.067666] Call Trace: [ 146.067932] [ 146.068163] kasan_unpoison+0x23/0x60 [ 146.068549] mempool_exit+0x1c2/0x330 [ 146.068945] bioset_exit+0x2c9/0x630 [ 146.069328] ? _raw_spin_unlock_irq+0x1f/0x60 [ 146.069795] disk_release+0x143/0x490 [ 146.070201] ? disk_release+0x0/0x490 [ 146.070587] ? device_release+0x0/0x250 [ 146.070983] device_release+0xa2/0x250 [ 146.071387] ? device_release+0x0/0x250 [ 146.071785] kobject_put+0x173/0x280 [ 146.072162] put_device+0x1b/0x40 [ 146.072516] put_disk+0x41/0x60 [ 146.072859] loop_control_ioctl+0x4d1/0x630 [ 146.073296] ? loop_control_ioctl+0x0/0x630 [ 146.073722] ? selinux_file_ioctl+0xb1/0x270 [ 146.074171] ? loop_control_ioctl+0x0/0x630 [ 146.074604] __x64_sys_ioctl+0x19a/0x220 [ 146.075021] do_syscall_64+0x3b/0xa0 [ 146.075410] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 146.075919] RIP: 0033:0x7fc9e3572b19 [ 146.076290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 146.078011] RSP: 002b:00007fc9e0ac7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 146.078741] RAX: ffffffffffffffda RBX: 00007fc9e3686020 RCX: 00007fc9e3572b19 [ 146.079432] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 146.080109] RBP: 00007fc9e35ccf6d R08: 0000000000000000 R09: 0000000000000000 [ 146.080786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 146.081466] R13: 00007ffe2c2c101f R14: 00007fc9e0ac7300 R15: 0000000000022000 [ 146.082156] [ 146.082389] Modules linked in: [ 146.082702] CR2: ffffed100fffc000 [ 146.083038] ---[ end trace 0000000000000000 ]--- [ 146.083502] RIP: 0010:__memset+0x24/0x50 [ 146.083914] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 146.085613] RSP: 0018:ffff888041a1fcc0 EFLAGS: 00010212 [ 146.086118] RAX: 0000000000000000 RBX: ffff88800c0370c0 RCX: 1ffffe21fe60246b [ 146.086788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 146.087476] RBP: ffff88800c03aa00 R08: 0000000000000005 R09: ffffed1001806e18 [ 146.088151] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c03aa00 [ 146.088826] R13: ffff88800c0370c0 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 146.089510] FS: 00007fc9e0ac7700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 146.090275] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.090836] CR2: ffffed100fffc000 CR3: 000000001949a000 CR4: 0000000000350ee0 12:24:40 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:40 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:40 executing program 7: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000240)='\x00', &(0x7f0000000300)='./file2\x00', 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat$cgroup_pressure(r1, &(0x7f0000000180)='cpu.pressure\x00', 0x2, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sendfile(r2, r0, 0x0, 0xfffffdef) 12:24:40 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:40 executing program 2: syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff) syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), 0xffffffffffffffff) 12:24:40 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:40 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_tables_names\x00') preadv(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)=""/207, 0xcf}], 0x1, 0x5, 0x0) 12:24:40 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:40 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:40 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_tables_names\x00') preadv(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)=""/207, 0xcf}], 0x1, 0x5, 0x0) 12:24:41 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_tables_names\x00') preadv(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)=""/207, 0xcf}], 0x1, 0x5, 0x0) 12:24:41 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x10, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x3c}}}, 0xe8) sendmmsg$inet6(r0, &(0x7f00000015c0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c, 0x0}}, {{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @dev}, 0x1c, 0x0}}], 0x2, 0x0) 12:24:41 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) mq_timedsend(r0, &(0x7f0000000040)="8b642e5d75ceb327e641a8f8925553d088d20eca4f055a4e404dc5c34bf9478d2ca744baa2e25596bd5940c523bc0dccd0309ca4050f07692e9fffb44e04c12b1a40f3d9a22f2ae0fdfdf6cab9c1e60f11a8a8a17d26ad9c0b181762fb82b95c2900780e91c95a077940fa76a690eb52b8ded199c242ac3735719156bb", 0x7d, 0x5, &(0x7f00000001c0)={r1, r2+60000000}) mq_notify(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}) mq_timedsend(r0, &(0x7f00000002c0)="2cadb913fc36f0b5d1807d8501a84e6bd1a4e666bf48e1666b7e29dfe3a09594203af0ecf361e7e40a5db0c1c7e08484b2be56f4c61c134c3b8ce9f8853766f429add36b3d38fe2dcc5c4fed57a7470139c1ee31c80cb01ac94d7ac98af68180e5c45385040ad2ec0438387dcc9dbcd4b8b9d82f4a2eadd422aca531465461da2bb8062784079d30673a108feb383c3b550f77eb5db01f5ceb1f8435b71fd301fbe8fb428e611392a1301e2392bca23b2f", 0xb1, 0x6, &(0x7f0000000140)) 12:24:41 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_tables_names\x00') preadv(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)=""/207, 0xcf}], 0x1, 0x5, 0x0) 12:24:41 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x40, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x40, &(0x7f0000000240)=0x0) r1 = eventfd2(0x8001, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818", 0x78, 0x8, 0x0, 0x2}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x8, r1, &(0x7f0000000000)="fc941bc2f0b41b09484a3380beee9554318b35dfea55b86b4e1a68113be19d058ca5e47a560096", 0x27, 0x5, 0x0, 0x4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)="67f267ea6afdb7dc800193d95b6d11031b7af415598fd24fa0607e718b6c937e85864b9e7c161f8f8397e7db26a561a1afddf527f1a22eab37901cc0c9cc2ce5f01bfefc9fef7ce3116e750331ca2dfa5fad1a042772cbb97e1d63ac7b51631fffeaae014f425bbf18d95761ebc1350a9632ca59c05d39924fe88b2c625fab80e9c17acef6e0fbf569c6b07e44e02b6b530a8c555b99a3734264527cc98559800b592f30e102f4f31fe8955e522c0dcfe0e900517066da93c13aa6b6666fbf1d2b19ab34", 0xc4, 0x2, 0x0, 0x5, r2}]) 12:24:42 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSETMODE(r0, 0x4b3a, 0x0) 12:24:42 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:24:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x301c03, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf