Warning: Permanently added '[localhost]:42225' (ECDSA) to the list of known hosts.
2022/10/31 11:03:07 fuzzer started
2022/10/31 11:03:08 dialing manager at localhost:40945
syzkaller login: [   40.475341] cgroup: Unknown subsys name 'net'
[   40.588311] cgroup: Unknown subsys name 'rlimit'
2022/10/31 11:03:23 syscalls: 2217
2022/10/31 11:03:23 code coverage: enabled
2022/10/31 11:03:23 comparison tracing: enabled
2022/10/31 11:03:23 extra coverage: enabled
2022/10/31 11:03:23 setuid sandbox: enabled
2022/10/31 11:03:23 namespace sandbox: enabled
2022/10/31 11:03:23 Android sandbox: enabled
2022/10/31 11:03:23 fault injection: enabled
2022/10/31 11:03:23 leak checking: enabled
2022/10/31 11:03:23 net packet injection: enabled
2022/10/31 11:03:23 net device setup: enabled
2022/10/31 11:03:23 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/10/31 11:03:23 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/10/31 11:03:23 USB emulation: enabled
2022/10/31 11:03:23 hci packet injection: enabled
2022/10/31 11:03:23 wifi device emulation: enabled
2022/10/31 11:03:23 802.15.4 emulation: enabled
2022/10/31 11:03:23 fetching corpus: 0, signal 0/2000 (executing program)
2022/10/31 11:03:23 fetching corpus: 29, signal 21510/24829 (executing program)
2022/10/31 11:03:23 fetching corpus: 71, signal 32072/36553 (executing program)
2022/10/31 11:03:24 fetching corpus: 121, signal 45802/50907 (executing program)
2022/10/31 11:03:24 fetching corpus: 170, signal 54324/60050 (executing program)
2022/10/31 11:03:24 fetching corpus: 220, signal 62334/68432 (executing program)
2022/10/31 11:03:24 fetching corpus: 268, signal 67307/73847 (executing program)
2022/10/31 11:03:24 fetching corpus: 318, signal 72405/79292 (executing program)
2022/10/31 11:03:24 fetching corpus: 368, signal 75829/83151 (executing program)
2022/10/31 11:03:25 fetching corpus: 418, signal 78807/86463 (executing program)
2022/10/31 11:03:25 fetching corpus: 468, signal 82577/90343 (executing program)
2022/10/31 11:03:25 fetching corpus: 518, signal 85487/93431 (executing program)
2022/10/31 11:03:25 fetching corpus: 566, signal 88692/96629 (executing program)
2022/10/31 11:03:25 fetching corpus: 616, signal 91168/99177 (executing program)
2022/10/31 11:03:25 fetching corpus: 666, signal 94804/102560 (executing program)
2022/10/31 11:03:26 fetching corpus: 716, signal 98321/105738 (executing program)
2022/10/31 11:03:26 fetching corpus: 766, signal 100641/107902 (executing program)
2022/10/31 11:03:26 fetching corpus: 815, signal 102752/109878 (executing program)
2022/10/31 11:03:26 fetching corpus: 864, signal 106223/112670 (executing program)
2022/10/31 11:03:26 fetching corpus: 914, signal 109271/115076 (executing program)
2022/10/31 11:03:27 fetching corpus: 964, signal 111551/116919 (executing program)
2022/10/31 11:03:27 fetching corpus: 1013, signal 114900/119594 (executing program)
2022/10/31 11:03:27 fetching corpus: 1063, signal 117040/121348 (executing program)
2022/10/31 11:03:28 fetching corpus: 1113, signal 119476/123127 (executing program)
2022/10/31 11:03:28 fetching corpus: 1159, signal 122627/125242 (executing program)
2022/10/31 11:03:28 fetching corpus: 1209, signal 124109/126210 (executing program)
2022/10/31 11:03:29 fetching corpus: 1259, signal 126225/127538 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/127742 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/127790 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/127823 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/127868 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/127914 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/127962 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/127999 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128046 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128104 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128147 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128191 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128227 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128279 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128317 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128352 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128408 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128445 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128494 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128540 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128583 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128626 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128670 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128705 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128746 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128789 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128840 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128891 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128929 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/128972 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/129027 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/129064 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/129110 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/129146 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/129189 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/129246 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/129281 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/129321 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/129328 (executing program)
2022/10/31 11:03:29 fetching corpus: 1268, signal 126512/129328 (executing program)
2022/10/31 11:03:32 starting 8 fuzzer processes
11:03:32 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000100), 0x0)

11:03:32 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x541b, 0x0)

11:03:32 executing program 2:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x20082000)
keyctl$read(0xb, r0, 0x0, 0x0)

11:03:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
write$binfmt_script(r0, &(0x7f0000000240)=ANY=[@ANYBLOB='3!\t'], 0xb)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0)

[   64.115371] audit: type=1400 audit(1667214212.417:6): avc:  denied  { execmem } for  pid=284 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
11:03:32 executing program 4:
r0 = eventfd2(0x0, 0x0)
fremovexattr(r0, &(0x7f0000000100)=@random={'user.', '/proc/timer_list\x00'})

11:03:32 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f00000003c0)={0x4, 0x80, 0xc8, 0x96, 0x8, 0x3, 0x0, 0x8, 0x8000, 0xa, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000140), 0x2}, 0x1, 0x5, 0x101, 0x3, 0x4, 0x401, 0x2, 0x0, 0x5, 0x0, 0x8001}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4)
close(r1)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x1f, 0xa3, 0x1f, 0xf3, 0x0, 0x5, 0x1004, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x8, 0x1ff}, 0x41220, 0x3f, 0x2, 0x4, 0x4, 0x10001, 0x8001, 0x0, 0x5, 0x0, 0x8}, 0xffffffffffffffff, 0x7, r0, 0x0)

11:03:32 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBTYPE(r0, 0x4b4b, &(0x7f0000000080))

11:03:32 executing program 7:
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000001d80)='net/psched\x00')
r0 = socket$unix(0x1, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$unix(r0, &(0x7f0000002440)=[{{&(0x7f0000001dc0)=@abs, 0x6e, &(0x7f0000001fc0)=[{0x0}, {0x0}], 0x2, &(0x7f0000002040)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}], 0x1, 0x0)

[   65.444051] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   65.447940] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   65.450086] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   65.454220] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   65.458307] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   65.460207] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   65.468270] Bluetooth: hci0: HCI_REQ-0x0c1a
[   65.567642] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   65.602338] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   65.605342] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   65.607255] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   65.608818] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   65.610163] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   65.611692] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   65.612388] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   65.614362] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   65.616118] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   65.616198] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   65.619312] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   65.621240] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   65.623427] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   65.624754] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   65.625743] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   65.628741] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   65.628926] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   65.630241] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   65.631938] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   65.633529] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   65.634860] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   65.637993] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   65.640152] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   65.642250] Bluetooth: hci2: HCI_REQ-0x0c1a
[   65.643326] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   65.650757] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   65.653561] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   65.655986] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   65.657247] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   65.658957] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   65.660092] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   65.661137] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   65.662559] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   65.662988] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   65.668564] Bluetooth: hci7: HCI_REQ-0x0c1a
[   65.672646] Bluetooth: hci5: HCI_REQ-0x0c1a
[   65.688128] Bluetooth: hci6: HCI_REQ-0x0c1a
[   65.691847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   65.693258] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   65.696333] Bluetooth: hci1: HCI_REQ-0x0c1a
[   65.720008] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   65.722203] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   65.725105] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   65.728219] Bluetooth: hci3: HCI_REQ-0x0c1a
[   65.744901] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   65.746945] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   65.748831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   65.754994] Bluetooth: hci4: HCI_REQ-0x0c1a
[   67.523924] Bluetooth: hci0: command 0x0409 tx timeout
[   67.651749] Bluetooth: hci2: command 0x0409 tx timeout
[   67.716125] Bluetooth: hci1: command 0x0409 tx timeout
[   67.716214] Bluetooth: hci6: command 0x0409 tx timeout
[   67.716713] Bluetooth: hci5: command 0x0409 tx timeout
[   67.717435] Bluetooth: hci7: command 0x0409 tx timeout
[   67.779751] Bluetooth: hci4: command 0x0409 tx timeout
[   67.780272] Bluetooth: hci3: command 0x0409 tx timeout
[   69.571723] Bluetooth: hci0: command 0x041b tx timeout
[   69.699728] Bluetooth: hci2: command 0x041b tx timeout
[   69.763717] Bluetooth: hci5: command 0x041b tx timeout
[   69.764128] Bluetooth: hci6: command 0x041b tx timeout
[   69.764492] Bluetooth: hci1: command 0x041b tx timeout
[   69.765370] Bluetooth: hci7: command 0x041b tx timeout
[   69.828676] Bluetooth: hci3: command 0x041b tx timeout
[   69.829096] Bluetooth: hci4: command 0x041b tx timeout
[   71.620710] Bluetooth: hci0: command 0x040f tx timeout
[   71.747699] Bluetooth: hci2: command 0x040f tx timeout
[   71.811690] Bluetooth: hci7: command 0x040f tx timeout
[   71.812117] Bluetooth: hci1: command 0x040f tx timeout
[   71.812468] Bluetooth: hci6: command 0x040f tx timeout
[   71.812882] Bluetooth: hci5: command 0x040f tx timeout
[   71.876766] Bluetooth: hci4: command 0x040f tx timeout
[   71.877163] Bluetooth: hci3: command 0x040f tx timeout
[   73.668703] Bluetooth: hci0: command 0x0419 tx timeout
[   73.796675] Bluetooth: hci2: command 0x0419 tx timeout
[   73.860700] Bluetooth: hci5: command 0x0419 tx timeout
[   73.861142] Bluetooth: hci6: command 0x0419 tx timeout
[   73.861503] Bluetooth: hci1: command 0x0419 tx timeout
[   73.862130] Bluetooth: hci7: command 0x0419 tx timeout
[   73.923720] Bluetooth: hci3: command 0x0419 tx timeout
[   73.924152] Bluetooth: hci4: command 0x0419 tx timeout
[  123.334359] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.335731] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.339277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  123.537229] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.538638] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.541037] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  127.261592] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  127.263335] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  127.265136] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  127.267694] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  127.269238] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  127.270677] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  127.276726] Bluetooth: hci0: HCI_REQ-0x0c1a
[  127.309365] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  127.333829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  127.335734] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  127.339044] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  127.343036] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  127.350459] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  127.354123] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  127.357992] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  127.360385] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  127.361464] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  127.373274] Bluetooth: hci1: HCI_REQ-0x0c1a
[  127.413912] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  127.415476] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  127.425680] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  127.427048] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  127.433591] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  127.434891] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  127.436271] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  127.437497] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  127.442138] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  127.443248] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  127.444279] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  127.445586] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  127.449293] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  127.450459] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  127.452963] Bluetooth: hci3: HCI_REQ-0x0c1a
[  127.455929] Bluetooth: hci2: HCI_REQ-0x0c1a
[  127.514149] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  127.521201] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  127.522685] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  127.523507] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  127.526911] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  127.527947] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  127.532161] Bluetooth: hci4: HCI_REQ-0x0c1a
[  127.535725] Bluetooth: hci5: HCI_REQ-0x0c1a
[  127.559379] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  127.561533] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  127.570777] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  127.573965] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  127.575699] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  127.577115] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  127.582332] Bluetooth: hci7: HCI_REQ-0x0c1a
[  129.348674] Bluetooth: hci0: command 0x0409 tx timeout
[  129.411657] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  129.411670] Bluetooth: hci1: command 0x0409 tx timeout
[  129.475693] Bluetooth: hci3: command 0x0409 tx timeout
[  129.475878] Bluetooth: hci2: command 0x0409 tx timeout
[  129.604423] Bluetooth: hci7: command 0x0409 tx timeout
[  129.605064] Bluetooth: hci4: command 0x0409 tx timeout
[  129.605528] Bluetooth: hci5: command 0x0409 tx timeout
[  131.396703] Bluetooth: hci0: command 0x041b tx timeout
[  131.460768] Bluetooth: hci1: command 0x041b tx timeout
[  131.523747] Bluetooth: hci2: command 0x041b tx timeout
[  131.525362] Bluetooth: hci3: command 0x041b tx timeout
[  131.651746] Bluetooth: hci5: command 0x041b tx timeout
[  131.652537] Bluetooth: hci4: command 0x041b tx timeout
[  131.653251] Bluetooth: hci7: command 0x041b tx timeout
[  131.848134] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  131.849912] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  131.851340] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  131.856564] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  131.858963] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  131.862355] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  131.871642] Bluetooth: hci6: HCI_REQ-0x0c1a
[  133.443714] Bluetooth: hci0: command 0x040f tx timeout
[  133.507709] Bluetooth: hci1: command 0x040f tx timeout
[  133.571672] Bluetooth: hci3: command 0x040f tx timeout
[  133.572187] Bluetooth: hci2: command 0x040f tx timeout
[  133.700250] Bluetooth: hci7: command 0x040f tx timeout
[  133.700776] Bluetooth: hci4: command 0x040f tx timeout
[  133.701113] Bluetooth: hci5: command 0x040f tx timeout
[  133.892293] Bluetooth: hci6: command 0x0409 tx timeout
[  135.491749] Bluetooth: hci0: command 0x0419 tx timeout
[  135.555689] Bluetooth: hci1: command 0x0419 tx timeout
[  135.619736] Bluetooth: hci2: command 0x0419 tx timeout
[  135.620157] Bluetooth: hci3: command 0x0419 tx timeout
[  135.747706] Bluetooth: hci5: command 0x0419 tx timeout
[  135.748141] Bluetooth: hci4: command 0x0419 tx timeout
[  135.748513] Bluetooth: hci7: command 0x0419 tx timeout
[  135.939682] Bluetooth: hci6: command 0x041b tx timeout
[  137.987897] Bluetooth: hci6: command 0x040f tx timeout
[  140.035777] Bluetooth: hci6: command 0x0419 tx timeout
[  185.198117] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.199257] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.201439] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  185.508104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.509419] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.511548] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  185.702245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.703554] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.705912] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  185.827994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.828771] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.830387] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  188.884175] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  188.887686] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  188.890176] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  188.901841] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  188.905319] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  188.906714] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  188.911486] Bluetooth: hci0: HCI_REQ-0x0c1a
[  189.147293] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  189.150007] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  189.152575] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  189.156563] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  189.165501] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  189.168400] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  189.174781] Bluetooth: hci1: HCI_REQ-0x0c1a
[  189.230449] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  189.233882] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  189.235114] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  189.246894] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  189.249299] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  189.251257] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  189.268938] Bluetooth: hci2: HCI_REQ-0x0c1a
[  189.308931] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  189.310730] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  189.318895] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  189.323181] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  189.326295] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  189.327472] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  189.333725] Bluetooth: hci3: HCI_REQ-0x0c1a
[  189.566857] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  189.583294] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  189.593780] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  189.614064] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  189.615504] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  189.618721] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  189.671108] Bluetooth: hci5: HCI_REQ-0x0c1a
[  189.712435] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  189.715407] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  189.717933] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  189.721551] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  189.723985] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  189.738655] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  189.766255] Bluetooth: hci7: HCI_REQ-0x0c1a
[  190.915899] Bluetooth: hci0: command 0x0409 tx timeout
[  191.236764] Bluetooth: hci1: command 0x0409 tx timeout
[  191.299704] Bluetooth: hci2: command 0x0409 tx timeout
[  191.364723] Bluetooth: hci3: command 0x0409 tx timeout
[  191.492667] Bluetooth: hci4: Opcode 0x c03 failed: -110
[  191.683698] Bluetooth: hci5: command 0x0409 tx timeout
[  191.811718] Bluetooth: hci7: command 0x0409 tx timeout
[  192.963665] Bluetooth: hci0: command 0x041b tx timeout
[  193.284674] Bluetooth: hci1: command 0x041b tx timeout
[  193.348650] Bluetooth: hci2: command 0x041b tx timeout
[  193.413674] Bluetooth: hci3: command 0x041b tx timeout
[  193.437657] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  193.438924] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  193.439673] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  193.449025] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  193.456855] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  193.460020] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  193.465070] Bluetooth: hci4: HCI_REQ-0x0c1a
[  193.732674] Bluetooth: hci5: command 0x041b tx timeout
[  193.859674] Bluetooth: hci7: command 0x041b tx timeout
[  193.992106] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  193.993283] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  193.994937] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  193.997258] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  193.999351] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  194.000523] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  194.004395] Bluetooth: hci6: HCI_REQ-0x0c1a
[  195.011707] Bluetooth: hci0: command 0x040f tx timeout
[  195.331802] Bluetooth: hci1: command 0x040f tx timeout
[  195.395775] Bluetooth: hci2: command 0x040f tx timeout
[  195.459986] Bluetooth: hci3: command 0x040f tx timeout
[  195.523804] Bluetooth: hci4: command 0x0409 tx timeout
[  195.779742] Bluetooth: hci5: command 0x040f tx timeout
[  195.907672] Bluetooth: hci7: command 0x040f tx timeout
[  196.035844] Bluetooth: hci6: command 0x0409 tx timeout
[  197.059700] Bluetooth: hci0: command 0x0419 tx timeout
[  197.379768] Bluetooth: hci1: command 0x0419 tx timeout
[  197.444693] Bluetooth: hci2: command 0x0419 tx timeout
[  197.508100] Bluetooth: hci3: command 0x0419 tx timeout
[  197.571658] Bluetooth: hci4: command 0x041b tx timeout
[  197.828699] Bluetooth: hci5: command 0x0419 tx timeout
[  197.955673] Bluetooth: hci7: command 0x0419 tx timeout
[  198.084652] Bluetooth: hci6: command 0x041b tx timeout
[  199.620677] Bluetooth: hci4: command 0x040f tx timeout
[  200.132739] Bluetooth: hci6: command 0x040f tx timeout
[  201.667704] Bluetooth: hci4: command 0x0419 tx timeout
[  202.179829] Bluetooth: hci6: command 0x0419 tx timeout
[  238.694940] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  238.695562] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.697486] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  238.871396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  238.872500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.876579] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
11:06:28 executing program 7:
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000001d80)='net/psched\x00')
r0 = socket$unix(0x1, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$unix(r0, &(0x7f0000002440)=[{{&(0x7f0000001dc0)=@abs, 0x6e, &(0x7f0000001fc0)=[{0x0}, {0x0}], 0x2, &(0x7f0000002040)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}], 0x1, 0x0)

11:06:28 executing program 7:
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000001d80)='net/psched\x00')
r0 = socket$unix(0x1, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$unix(r0, &(0x7f0000002440)=[{{&(0x7f0000001dc0)=@abs, 0x6e, &(0x7f0000001fc0)=[{0x0}, {0x0}], 0x2, &(0x7f0000002040)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}], 0x1, 0x0)

11:06:28 executing program 7:
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000001d80)='net/psched\x00')
r0 = socket$unix(0x1, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$unix(r0, &(0x7f0000002440)=[{{&(0x7f0000001dc0)=@abs, 0x6e, &(0x7f0000001fc0)=[{0x0}, {0x0}], 0x2, &(0x7f0000002040)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}], 0x1, 0x0)

11:06:28 executing program 7:
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000001d80)='net/psched\x00')
r0 = socket$unix(0x1, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$unix(r0, &(0x7f0000002440)=[{{&(0x7f0000001dc0)=@abs, 0x6e, &(0x7f0000001fc0)=[{0x0}, {0x0}], 0x2, &(0x7f0000002040)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}], 0x1, 0x0)

[  240.294399] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  240.295384] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  240.297136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
11:06:28 executing program 7:
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000001d80)='net/psched\x00')
r0 = socket$unix(0x1, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$unix(r0, &(0x7f0000002440)=[{{&(0x7f0000001dc0)=@abs, 0x6e, &(0x7f0000001fc0)=[{0x0}, {0x0}], 0x2, &(0x7f0000002040)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}], 0x1, 0x0)

11:06:28 executing program 7:
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000001d80)='net/psched\x00')
r0 = socket$unix(0x1, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$unix(r0, &(0x7f0000002440)=[{{&(0x7f0000001dc0)=@abs, 0x6e, &(0x7f0000001fc0)=[{0x0}, {0x0}], 0x2, &(0x7f0000002040)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}], 0x1, 0x0)

[  240.527614] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  240.528235] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  240.530320] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  240.651791] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  240.652397] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  240.653991] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
11:06:29 executing program 7:
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000180)={{0x1, 0x1, 0x18}, './file0/file0\x00'})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000180))

11:06:29 executing program 7:
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000180)={{0x1, 0x1, 0x18}, './file0/file0\x00'})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000180))

[  240.888333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  240.888999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  240.891436] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  241.495704] audit: type=1400 audit(1667214389.797:7): avc:  denied  { open } for  pid=10726 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  241.497118] audit: type=1400 audit(1667214389.798:8): avc:  denied  { kernel } for  pid=10726 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  241.531049] hrtimer: interrupt took 27722 ns
[  242.006452] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.007289] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.012338] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  242.042327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.042973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.044529] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  242.152281] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.153234] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.154749] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  242.179266] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.179852] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.181231] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  242.359545] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.360414] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.362023] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  242.431907] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.432520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.434342] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  243.575068] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  243.575632] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.577059] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  243.604485] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  243.605056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.606705] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  243.747091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  243.747769] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.749113] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  243.776571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  243.777147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.779070] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  243.912930] process 'syz-executor.3' launched './file1' with NULL argv: empty string added
11:06:32 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000100), 0x0)

11:06:32 executing program 4:
r0 = eventfd2(0x0, 0x0)
fremovexattr(r0, &(0x7f0000000100)=@random={'user.', '/proc/timer_list\x00'})

11:06:32 executing program 2:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x20082000)
keyctl$read(0xb, r0, 0x0, 0x0)

11:06:32 executing program 7:
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000180)={{0x1, 0x1, 0x18}, './file0/file0\x00'})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000180))

11:06:32 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x541b, 0x0)

11:06:32 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f00000003c0)={0x4, 0x80, 0xc8, 0x96, 0x8, 0x3, 0x0, 0x8, 0x8000, 0xa, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000140), 0x2}, 0x1, 0x5, 0x101, 0x3, 0x4, 0x401, 0x2, 0x0, 0x5, 0x0, 0x8001}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4)
close(r1)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x1f, 0xa3, 0x1f, 0xf3, 0x0, 0x5, 0x1004, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x8, 0x1ff}, 0x41220, 0x3f, 0x2, 0x4, 0x4, 0x10001, 0x8001, 0x0, 0x5, 0x0, 0x8}, 0xffffffffffffffff, 0x7, r0, 0x0)

11:06:32 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBTYPE(r0, 0x4b4b, &(0x7f0000000080))

11:06:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
write$binfmt_script(r0, &(0x7f0000000240)=ANY=[@ANYBLOB='3!\t'], 0xb)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0)

11:06:32 executing program 4:
r0 = eventfd2(0x0, 0x0)
fremovexattr(r0, &(0x7f0000000100)=@random={'user.', '/proc/timer_list\x00'})

11:06:32 executing program 2:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x20082000)
keyctl$read(0xb, r0, 0x0, 0x0)

11:06:32 executing program 7:
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000180)={{0x1, 0x1, 0x18}, './file0/file0\x00'})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000180))

11:06:32 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000100), 0x0)

11:06:32 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x541b, 0x0)

11:06:32 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBTYPE(r0, 0x4b4b, &(0x7f0000000080))

11:06:32 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f00000003c0)={0x4, 0x80, 0xc8, 0x96, 0x8, 0x3, 0x0, 0x8, 0x8000, 0xa, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000140), 0x2}, 0x1, 0x5, 0x101, 0x3, 0x4, 0x401, 0x2, 0x0, 0x5, 0x0, 0x8001}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4)
close(r1)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x1f, 0xa3, 0x1f, 0xf3, 0x0, 0x5, 0x1004, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x8, 0x1ff}, 0x41220, 0x3f, 0x2, 0x4, 0x4, 0x10001, 0x8001, 0x0, 0x5, 0x0, 0x8}, 0xffffffffffffffff, 0x7, r0, 0x0)

11:06:32 executing program 2:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x20082000)
keyctl$read(0xb, r0, 0x0, 0x0)

11:06:32 executing program 4:
r0 = eventfd2(0x0, 0x0)
fremovexattr(r0, &(0x7f0000000100)=@random={'user.', '/proc/timer_list\x00'})

11:06:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
write$binfmt_script(r0, &(0x7f0000000240)=ANY=[@ANYBLOB='3!\t'], 0xb)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0)

11:06:32 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBTYPE(r0, 0x4b4b, &(0x7f0000000080))

11:06:32 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x541b, 0x0)

11:06:32 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBTYPE(r0, 0x4b4b, &(0x7f0000000080))

11:06:32 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000100), 0x0)

11:06:32 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f00000003c0)={0x4, 0x80, 0xc8, 0x96, 0x8, 0x3, 0x0, 0x8, 0x8000, 0xa, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000140), 0x2}, 0x1, 0x5, 0x101, 0x3, 0x4, 0x401, 0x2, 0x0, 0x5, 0x0, 0x8001}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4)
close(r1)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x1f, 0xa3, 0x1f, 0xf3, 0x0, 0x5, 0x1004, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x8, 0x1ff}, 0x41220, 0x3f, 0x2, 0x4, 0x4, 0x10001, 0x8001, 0x0, 0x5, 0x0, 0x8}, 0xffffffffffffffff, 0x7, r0, 0x0)

11:06:32 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBTYPE(r0, 0x4b4b, &(0x7f0000000080))

11:06:32 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBTYPE(r0, 0x4b4b, &(0x7f0000000080))

11:06:32 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f00000003c0)={0x4, 0x80, 0xc8, 0x96, 0x8, 0x3, 0x0, 0x8, 0x8000, 0xa, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000140), 0x2}, 0x1, 0x5, 0x101, 0x3, 0x4, 0x401, 0x2, 0x0, 0x5, 0x0, 0x8001}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4)
close(r1)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x1f, 0xa3, 0x1f, 0xf3, 0x0, 0x5, 0x1004, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x8, 0x1ff}, 0x41220, 0x3f, 0x2, 0x4, 0x4, 0x10001, 0x8001, 0x0, 0x5, 0x0, 0x8}, 0xffffffffffffffff, 0x7, r0, 0x0)

11:06:32 executing program 6:
r0 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x541b, 0x0)

11:06:32 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000180)=[0x0])

11:06:32 executing program 5:
ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=<r1=>0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f00000004c0))
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x50000004})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, &(0x7f0000000140)={r3, 0xffffffffffffffff, 0x3d})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = pidfd_open(r1, 0x0)
dup(r5)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0139000100000507445c79c8180080"], 0x25)

11:06:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])

11:06:32 executing program 4:
r0 = eventfd2(0x0, 0x0)
fremovexattr(r0, &(0x7f0000000100)=@random={'user.', '/proc/timer_list\x00'})

11:06:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
write$binfmt_script(r0, &(0x7f0000000240)=ANY=[@ANYBLOB='3!\t'], 0xb)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0)

[  244.605850] loop2: detected capacity change from 0 to 40
[  244.625510] FAT-fs (loop2): bogus number of FAT sectors
[  244.626051] FAT-fs (loop2): Can't find a valid FAT filesystem
11:06:32 executing program 6:
r0 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x541b, 0x0)

11:06:32 executing program 4:
r0 = eventfd2(0x0, 0x0)
fremovexattr(r0, &(0x7f0000000100)=@random={'user.', '/proc/timer_list\x00'})

[  244.660481] loop2: detected capacity change from 0 to 40
[  244.672001] FAT-fs (loop2): bogus number of FAT sectors
[  244.672404] FAT-fs (loop2): Can't find a valid FAT filesystem
11:06:32 executing program 0:
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$CDROM_TIMED_MEDIA_CHANGE(0xffffffffffffffff, 0x5396, &(0x7f0000000040))
ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f0000000280)={"9fd07987bcbd947de5829868", 0x0, 0x0, 0x63a7, 0x0, 0x0, 0x1ff, 0x40, 0x0})

11:06:33 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f00000003c0)={0x4, 0x80, 0xc8, 0x96, 0x8, 0x3, 0x0, 0x8, 0x8000, 0xa, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000140), 0x2}, 0x1, 0x5, 0x101, 0x3, 0x4, 0x401, 0x2, 0x0, 0x5, 0x0, 0x8001}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4)
close(r1)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x1f, 0xa3, 0x1f, 0xf3, 0x0, 0x5, 0x1004, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x8, 0x1ff}, 0x41220, 0x3f, 0x2, 0x4, 0x4, 0x10001, 0x8001, 0x0, 0x5, 0x0, 0x8}, 0xffffffffffffffff, 0x7, r0, 0x0)

11:06:33 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])

[  244.755433] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  244.756082] sr 1:0:0:0: [sr0] tag#0 CDB: Service action out(16), sa=0x10 9f d0 79 87 bc bd 94 7d e5 82 98 68
[  244.787800] loop2: detected capacity change from 0 to 40
[  244.793783] FAT-fs (loop2): bogus number of FAT sectors
[  244.794184] FAT-fs (loop2): Can't find a valid FAT filesystem
[  244.796890] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  244.797573] sr 1:0:0:0: [sr0] tag#0 CDB: Service action out(16), sa=0x10 9f d0 79 87 bc bd 94 7d e5 82 98 68
[  245.511054] Bluetooth: hci0: Opcode 0x c03 failed: -4
[  245.516408] Bluetooth: hci0: Opcode 0x c03 failed: -4
11:06:33 executing program 6:
r0 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x541b, 0x0)

11:06:33 executing program 4:
r0 = eventfd2(0x0, 0x0)
fremovexattr(r0, &(0x7f0000000100)=@random={'user.', '/proc/timer_list\x00'})

11:06:33 executing program 7:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f0000000140)={0x0, 0x0, 0x40000}, 0x20)

[  245.599031] loop2: detected capacity change from 0 to 40
[  245.605296] FAT-fs (loop2): bogus number of FAT sectors
[  245.605816] FAT-fs (loop2): Can't find a valid FAT filesystem
11:06:33 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])

11:06:33 executing program 5:
ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=<r1=>0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f00000004c0))
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x50000004})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, &(0x7f0000000140)={r3, 0xffffffffffffffff, 0x3d})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = pidfd_open(r1, 0x0)
dup(r5)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0139000100000507445c79c8180080"], 0x25)

11:06:33 executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000004280)={0x0, 0x0, "b03a0a89d4875ccf15016bb94a793223af2896d9e99868e90b1cdea9443d257bfc73241298fbc891d4ce70d26e70438fc92ae91351195b1fda70a2061ebedd83708f97007d4afda6d1439d9400421716e0bc9d9259eac610075c7b5169a4af48d4b8c5aa5e352938679e2391914c3d6be1b22d0decce5db1773a09b8b88c538d6ba4ba25f93367fdb9e1810552599a5520a5bcca9bfbb3e50547a60472ff6c827c016e459b598daa6697ef08446dd33d6b1e3cb50dfd4b2357fcefa8eba4abc2062e8d894ffdc3850b3a5cfb30e1570ccf69196c5ecc225065a3728d03bdc0a516a57680f48d334e981b3c7ed76b3b822486e7ab619964fe22fa4de52e33eae5", "66e27c686346d463a5c12d237acff4192845608625de3e00c853ba6db99bdca8ce66b5d2986a3601702f62b704cdf1e3e8815d60724498fe310408bbef0fa4ee3ab93e2eee10adaf7fe25c3cd174494fbb8a8475418e3fd56d207055d4494ed2a34025e9ca172f7ae5388fa786c085f18ce46a27afa2957e87d3e2b1f1a9686e690a558e6d89141d831349af2a8102e281678f33db2f14ff8aea9281aa22c5bfc275faab2882f156fd38cc76835e391932300a5685e3c0ba9187f12117683de169cb3105f334435db81135dd318868c59a2fb19cd813914557f472377ad23a9b4dff26a50cde18a3a6d50b6abb2aec25324123cc37fac8238d63cd0c78d67c9eff7c8a1523b44f3cd514bffa001e05d3180fa830c0f090c6c7cebd2ffaa9546c5be56c3861313c7614c3298fca09c4a8e931e04b6ef44c5000923637dea858cabb882cd5df1252ba30a4b6e02f151375e481b0456ff7c7f97e846951ec0c7fd223df82548aeaf9d920e7539304fde028bb3ba90ef4e6f5d9be225e0ba4fae5988a87adfcfc7e1368edf8170955966e7cbf83657568dd2b1a3c42f0cc20b9190260cc6536051ecca8ffcc02a86267bf5718ad3c0ab285fd41bfa1e7154b3c24e377685a43be2406514cddc45d02ca954ace3729e27c2d3efc154465c248d6438ebecd96af55b9959797b08fc7571f8e053648b30baa53851d16a5418de7bc9831c08bcecd33cfead167fb360b77961331abfcc8ae6c20a4f7277ac081012eac8e2318d32d3bfb4c8bf6a844d467d52d02bf7807bd9704a3ca7ad184cea56f7f459c76652fe48930ca276bceb95b648f042b54ec2af8da5f38e8648e9ca2aacf7a5760e9148b445b6dbbaca8e420e026a7188466a832c8ebc22dda550c2fe1a6ae8f700d41792be7660821d962d995ddcd19e7e72040947c446df6b40618f985a935feb15485168caafc997ec2416908d48de441a6c444f33ac96f22d7f2b13963983e960622e2ffe27a4f496ed5d02eb0c8e28f09e554a38e252e8eb5066b38ff5524c5966c904bc20f5ff48f444ab9c4f54e0171de6ab92082293139ea1cde517b30f4dc8d9ba98256e31cc5ec20d6ca62cbe254b0f3897b58581c4e73b5777cfddd02bbe3b07d5d085d57f20a69f446bdd4b4ab41cd40a38069e0bea6a2717b02e51d139cb0a84a9f863b3ff89195b186bf439c2aacacbe2ef5784690d7028f80b66a10df4716354da85e8fbba87ee78aff91a9041b0a233b79dba28d754d818c84bdc8d96f3fff86566a1f15f4898fe070bc7b35c57ce8f93f58b80a3160985646bdc732934fade924d6e31c2c6e6a2ae643214c4c100b2f66ea6acec03b2cb40f39cb91be1e13211c0327d4d2daf59e414d8bed18bbbe05d85aee69ba68b83875df8b87f8bc90863c38e34c74e8f882bb992e7397ab8704002c14485d4d19915b840690ab13b9ed84d294a0aa74f7feb73ba7618bdd69243ef8670110044e32bd0ea079b745d6591cb61f18090045b426c07ee922ad93a16e209fc94ef8b21454830a65d764d8530f3137dd35a8a7c3b6f1c86721cebeefe01322fc91c3553d558d766b147d14ba6400f0dca309ae8c4865d730c33f3eaf0e2a60be6736a1ff5d2dcca550a700cc7f4d4378bb780dfa934254cd7d39b9d00a250f8f9539260645a0a0056690a454c7f9b31c9a358bed4271b5a192cc371178c0798eeba7c6cb14face65a8bacbb7d74b0b4bf56853b01bb86c937c814bee762933087a816966ac82c6b7d57ec3dfdf3a33834688829f20952020043d29863a4251ddd21e1ef6340f1e450042a82082c36e7e5032dafdd201494b84e5dd290f5bc545d90d0c3695bd5d89616e58b86dadce382fc1cc30c2c7f3f41c456a05e8d2bc8b500855697abd2c0e34e4bdf296fd65ea8213ee0115c661741ef7e60185491b54bc8623d8b8927f6411a324a20ca50043d35c26211faa3e6af590d56cd7b274a55420078b8e034888aee0489b070035c9b3aef475b4086e9ae5f4286aac3df3e5e9367af217a7de0575c7d9400c4a1ea12447c0e549e2ca4db225be99cc0e898b1f29b642575350fdb7c719e070077b210cd231c55cbeffea70cbf5449279d8809977f4d86de391dcd27b08a258963e27910a62da2228b88c33be770337974565e4dfdec85de7c8b46fb1264e5d1e5e7e4c3c490439555c6b550b710e0bed922fb97de7ea379d9308699707f92c3630981fcfac4d8321ab76441f7330135c1689a1e8f941104e4fecb1adcba63dcc1f3173488b1003a930c3b9bce9bd1eab45c3379ba449851c560c88d8e46bd419eac6c8b485db145ff40a417ac8639a74a71147218ee32fc023f5afcce9f223f6ca7da699d52e4b0cec6b354182b6bca7c983c265c348f8be6e45febd48389be41b288d91fa30e3e00fffd334b7b9542e47af657a841673c04ddecbc6df239abcea2d94cdb6fea72f84d43cf677270bd0c6e358add28ff32963509271987591d5f294f8a671881bc2b00f158c4c13c76825d361b810a77ac32d1f1dd7123ffcebb3df9b70cc213912885a80a7c29e0ed6ac492512075dff08bb042521c2495a163987970d2d02a2a4310f8ab5867d23603eab1a893558d04a0080f408ff536b47df5c12238819d7306e532ada3406e98fa9f14f913ec02022ee310662dd6c818d2996f51299764bcf67daf26501f4c79a5fc4d3d5ea1b9972e856789933361069acd6d2145251ab22b4403b1ad1d1c5df811b86fc0350eb771b214ff23419b321914b97b067d90e5a338c3de5bfcd81b638d8afb06ab2c3634420a3f8d6c45f54721b0b8b9ba4c0b12b436ee14cb6d50e623e4d9c594402f0b732b584917e28409a79924c23879762c34944badb44b385bbdcca73998830f9c826d7efcd585ee509491a219e5a8a4510df44db71df4d8576d30951b224748a0f4021998832a68af8b91c57d8631cfff32bd01b6555c33396d2fe8ce69be63480048b9257de136187d0b57c64578089d70b3e6c0b36eab0acc43bf0ebe5019fe4de0551299224480df52e989678157c8e443c7870e85913bce314ddfcd014ded8d172f95f2e2af7327e9380236e3c44e82c76ecca479227f34dbecc55629ffa0f65ee07c10f9de410f563120d07f91c3bd5dd39b053c5f9e4c8e63bf9edf56567bb64225093e76b7d018c348c7e11b86d859b6c5c71380665b93c9a6fca64e4a7da0f589355aca08c09d823caa551ee5cec74383a4d26f2c45cdf55941b4506a7c1068cf27628ceae486dc4a47d6940f99c5a8fa82187a6946fc39f37111ad723dca523ff0b9c38b30ba0bf505a53f85f4c3699c193036d6e5066efe6cb8c7f4f859c6890f72bb5c78f796f15015e97449691d7a61e473935e889c524df1bada8f4e351ac07229e904834081225f78af96585c7f03869d191330835f69581d181b365ffc1cbfe939a53f142e09f7546ee6286f877828e69a24c08c8d8f3b915c4dd34753f358e7283057047e52d930d4e3a40230daa9e47d66086a2d22d29e84d4237bba531e0ee90dadb80b245bc5c4059216616172e462f51d6775025f0f90ee51fcfa26ddbe4dd38cd8feb1bed1925e2f5e02958352ebb1305dc73b51d6c10acdea852ee6eb73e5b0c462fa3767992e5a6c65a742d60a75df9d77767e0ad609c9431530875f9c1a0fb5f43f8c3451a927cd8dad51aff7600a7fa04524b0a2b14d0c818ead49de6019d8a767e2d50c9934077ad437de691910213f846fb27bd1b855e3004035183500a271fae242c8dedd05530f98d9871999ae72c86b007ca1bfe0dfa96c2618aae8be099139574fc51cfcb5584fe956598e0d8ddc6d4f54b79f5ddd78be4153a58c96c20587c9021024940ac29e63b36bff65c2ce7cd78ec538b69b531f2ac3d04f91d1be8aab72c8abaa8a3e5449cd2a4b7d850c623952db3538094410f60c5c2d1f9e68c69d92684d1ea163494ce329c0423f18b15fd7e14e9b6f0c73d46231f2512e36dd15941eee58ffb17e75380259706332409dd35f707f75a42e0aa623492855688204e33fc09f1a28b0fdbb3fd3a6b29a8dd6a202aea102e8675a6084f23719f5641a7f69f4d0b163edc98f9c55731a5bc84d512cf2033eed5122b2fff56a6906186f4c318aa2e7fb7aa98c046ef42383a8647083211cf61cd3140a41259eb417f7f0f5301b4c0a1fe0331b2f19d71ac2692e4fa99ba5fc2803bc524df07f5da3c5d188bdc519bfb1ec419fec31ded4b3b0625840553f548cec8762a090000822371c7dd721b7ba21e0284df453af0b29cb92b6b928a7c73a291dff0c4e69777c50d11f7b4acca0322abb2adce8ba9ed9fa12db65bfa1120a5a618d4a3e3ea5185996337bf37f7618e0e13a6aac2f8400c551f9b79a98ac0dc06782d5ba5494bf0814a37565d1e0f88890ffb38abe2aa47822f3452cbab5e7e70ed13818c268616c1024d150a146963b531ba0e2b9727bdc25253d5489ff985f51bf4060c86d51c3517bbb9957ba81b36b98928d7ce0e710ee7915849fd36f5b16b38bba6333afc80a0da850aeba47bcca8414c0d5e3d8d89ab2424caccab759bea324f7b14f0d9765b773b1167a34067cc5727f3003bd5631b34103b819fff70476908ea3d9b6f679313555a84efd6673a101e51f48f322b3ce2dc80151264808d326a25d4034811b67d3a5ddf007137f777d09dc45e4cbb588bed918356e738e60a763bab026a30c330009ba63b06e0ddd8ca000fd11efe85b6c229ec28533b4b18a0c7dde0eac482a955214d890578d81ce433f6106f85affd8ad7f2601ee84fd2cc32926f1420a8b3063de2e0f24ca28917a57eb19b13401637ccfadca6a9d951df200e04f9160440386544b6e1d875408c0d40aadff96a0fc2b0efbd88c698ee1cae2d562ebf41e39a49ec8946d064697227cfdc1767a0cac59539721a22d5f765bdadb47f34804b7130e00b880e95b0898121d075af882b986fff3db66c96cbaece8461c2ca2734df3fbb394997308e594a237721b76fc52524bb5221170b4c6a0993740f427f3d979d21141696327ed0dcd2fa962c0c50389a20603b365cd77fc57701bc654734dc888da21a0036a9286487e6088fb5c884f6e374037d6447a0d2823342e5dcf7d13dcb0b2bd81a9153907a7a9a162f1433d194ef1be5689d027babbc1d817d63a955da150bd1961d5d761f311142d703ae175d87860b20466c01f6044aff4bff4e2e2d89ebba508413d8611b5a18b17de9c32620bd5905d1e6d559302c2930c16de1bf774697c1d199fe5975d95df394af45a76af933e3e6f699ade69d1ab4b6d5dafe9d284bdce322fce56a77d1885693112a6500a3039bbc0f573d068d6a42c113171b7370f5bfa27cdcf56fa95b7f7edd75b0eab5cfec348d841f"})
write$sndseq(r0, &(0x7f0000000140)=[{0x0, 0x23, 0x0, 0x0, @tick, {}, {}, @control}], 0xfffffdcd)

11:06:33 executing program 0:
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$CDROM_TIMED_MEDIA_CHANGE(0xffffffffffffffff, 0x5396, &(0x7f0000000040))
ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f0000000280)={"9fd07987bcbd947de5829868", 0x0, 0x0, 0x63a7, 0x0, 0x0, 0x1ff, 0x40, 0x0})

11:06:33 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f00000003c0)={0x4, 0x80, 0xc8, 0x96, 0x8, 0x3, 0x0, 0x8, 0x8000, 0xa, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000140), 0x2}, 0x1, 0x5, 0x101, 0x3, 0x4, 0x401, 0x2, 0x0, 0x5, 0x0, 0x8001}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "f2d9f528b3710ff65d6647ff8507ffd7c713301d1b235210d82f9fb111b3f358554f4e80c6fb989cabdadb962f69fece9c56fd2b0a21d29aaeb1cbd983af95ebf751f73960426d35d639a489e0f22845"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4)
close(r1)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x1f, 0xa3, 0x1f, 0xf3, 0x0, 0x5, 0x1004, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x8, 0x1ff}, 0x41220, 0x3f, 0x2, 0x4, 0x4, 0x10001, 0x8001, 0x0, 0x5, 0x0, 0x8}, 0xffffffffffffffff, 0x7, r0, 0x0)

[  245.616778] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  245.617624] sr 1:0:0:0: [sr0] tag#0 CDB: Service action out(16), sa=0x10 9f d0 79 87 bc bd 94 7d e5 82 98 68
11:06:33 executing program 0:
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$CDROM_TIMED_MEDIA_CHANGE(0xffffffffffffffff, 0x5396, &(0x7f0000000040))
ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f0000000280)={"9fd07987bcbd947de5829868", 0x0, 0x0, 0x63a7, 0x0, 0x0, 0x1ff, 0x40, 0x0})

11:06:33 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])

[  245.717886] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  245.718578] sr 1:0:0:0: [sr0] tag#0 CDB: Service action out(16), sa=0x10 9f d0 79 87 bc bd 94 7d e5 82 98 68
[  245.728928] loop2: detected capacity change from 0 to 40
[  245.749035] FAT-fs (loop2): bogus number of FAT sectors
[  245.749895] FAT-fs (loop2): Can't find a valid FAT filesystem
11:06:34 executing program 7:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f0000000140)={0x0, 0x0, 0x40000}, 0x20)

11:06:34 executing program 0:
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$CDROM_TIMED_MEDIA_CHANGE(0xffffffffffffffff, 0x5396, &(0x7f0000000040))
ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f0000000280)={"9fd07987bcbd947de5829868", 0x0, 0x0, 0x63a7, 0x0, 0x0, 0x1ff, 0x40, 0x0})

11:06:34 executing program 6:
ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=<r1=>0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f00000004c0))
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x50000004})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, &(0x7f0000000140)={r3, 0xffffffffffffffff, 0x3d})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = pidfd_open(r1, 0x0)
dup(r5)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0139000100000507445c79c8180080"], 0x25)

11:06:34 executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000004280)={0x0, 0x0, "b03a0a89d4875ccf15016bb94a793223af2896d9e99868e90b1cdea9443d257bfc73241298fbc891d4ce70d26e70438fc92ae91351195b1fda70a2061ebedd83708f97007d4afda6d1439d9400421716e0bc9d9259eac610075c7b5169a4af48d4b8c5aa5e352938679e2391914c3d6be1b22d0decce5db1773a09b8b88c538d6ba4ba25f93367fdb9e1810552599a5520a5bcca9bfbb3e50547a60472ff6c827c016e459b598daa6697ef08446dd33d6b1e3cb50dfd4b2357fcefa8eba4abc2062e8d894ffdc3850b3a5cfb30e1570ccf69196c5ecc225065a3728d03bdc0a516a57680f48d334e981b3c7ed76b3b822486e7ab619964fe22fa4de52e33eae5", "66e27c686346d463a5c12d237acff4192845608625de3e00c853ba6db99bdca8ce66b5d2986a3601702f62b704cdf1e3e8815d60724498fe310408bbef0fa4ee3ab93e2eee10adaf7fe25c3cd174494fbb8a8475418e3fd56d207055d4494ed2a34025e9ca172f7ae5388fa786c085f18ce46a27afa2957e87d3e2b1f1a9686e690a558e6d89141d831349af2a8102e281678f33db2f14ff8aea9281aa22c5bfc275faab2882f156fd38cc76835e391932300a5685e3c0ba9187f12117683de169cb3105f334435db81135dd318868c59a2fb19cd813914557f472377ad23a9b4dff26a50cde18a3a6d50b6abb2aec25324123cc37fac8238d63cd0c78d67c9eff7c8a1523b44f3cd514bffa001e05d3180fa830c0f090c6c7cebd2ffaa9546c5be56c3861313c7614c3298fca09c4a8e931e04b6ef44c5000923637dea858cabb882cd5df1252ba30a4b6e02f151375e481b0456ff7c7f97e846951ec0c7fd223df82548aeaf9d920e7539304fde028bb3ba90ef4e6f5d9be225e0ba4fae5988a87adfcfc7e1368edf8170955966e7cbf83657568dd2b1a3c42f0cc20b9190260cc6536051ecca8ffcc02a86267bf5718ad3c0ab285fd41bfa1e7154b3c24e377685a43be2406514cddc45d02ca954ace3729e27c2d3efc154465c248d6438ebecd96af55b9959797b08fc7571f8e053648b30baa53851d16a5418de7bc9831c08bcecd33cfead167fb360b77961331abfcc8ae6c20a4f7277ac081012eac8e2318d32d3bfb4c8bf6a844d467d52d02bf7807bd9704a3ca7ad184cea56f7f459c76652fe48930ca276bceb95b648f042b54ec2af8da5f38e8648e9ca2aacf7a5760e9148b445b6dbbaca8e420e026a7188466a832c8ebc22dda550c2fe1a6ae8f700d41792be7660821d962d995ddcd19e7e72040947c446df6b40618f985a935feb15485168caafc997ec2416908d48de441a6c444f33ac96f22d7f2b13963983e960622e2ffe27a4f496ed5d02eb0c8e28f09e554a38e252e8eb5066b38ff5524c5966c904bc20f5ff48f444ab9c4f54e0171de6ab92082293139ea1cde517b30f4dc8d9ba98256e31cc5ec20d6ca62cbe254b0f3897b58581c4e73b5777cfddd02bbe3b07d5d085d57f20a69f446bdd4b4ab41cd40a38069e0bea6a2717b02e51d139cb0a84a9f863b3ff89195b186bf439c2aacacbe2ef5784690d7028f80b66a10df4716354da85e8fbba87ee78aff91a9041b0a233b79dba28d754d818c84bdc8d96f3fff86566a1f15f4898fe070bc7b35c57ce8f93f58b80a3160985646bdc732934fade924d6e31c2c6e6a2ae643214c4c100b2f66ea6acec03b2cb40f39cb91be1e13211c0327d4d2daf59e414d8bed18bbbe05d85aee69ba68b83875df8b87f8bc90863c38e34c74e8f882bb992e7397ab8704002c14485d4d19915b840690ab13b9ed84d294a0aa74f7feb73ba7618bdd69243ef8670110044e32bd0ea079b745d6591cb61f18090045b426c07ee922ad93a16e209fc94ef8b21454830a65d764d8530f3137dd35a8a7c3b6f1c86721cebeefe01322fc91c3553d558d766b147d14ba6400f0dca309ae8c4865d730c33f3eaf0e2a60be6736a1ff5d2dcca550a700cc7f4d4378bb780dfa934254cd7d39b9d00a250f8f9539260645a0a0056690a454c7f9b31c9a358bed4271b5a192cc371178c0798eeba7c6cb14face65a8bacbb7d74b0b4bf56853b01bb86c937c814bee762933087a816966ac82c6b7d57ec3dfdf3a33834688829f20952020043d29863a4251ddd21e1ef6340f1e450042a82082c36e7e5032dafdd201494b84e5dd290f5bc545d90d0c3695bd5d89616e58b86dadce382fc1cc30c2c7f3f41c456a05e8d2bc8b500855697abd2c0e34e4bdf296fd65ea8213ee0115c661741ef7e60185491b54bc8623d8b8927f6411a324a20ca50043d35c26211faa3e6af590d56cd7b274a55420078b8e034888aee0489b070035c9b3aef475b4086e9ae5f4286aac3df3e5e9367af217a7de0575c7d9400c4a1ea12447c0e549e2ca4db225be99cc0e898b1f29b642575350fdb7c719e070077b210cd231c55cbeffea70cbf5449279d8809977f4d86de391dcd27b08a258963e27910a62da2228b88c33be770337974565e4dfdec85de7c8b46fb1264e5d1e5e7e4c3c490439555c6b550b710e0bed922fb97de7ea379d9308699707f92c3630981fcfac4d8321ab76441f7330135c1689a1e8f941104e4fecb1adcba63dcc1f3173488b1003a930c3b9bce9bd1eab45c3379ba449851c560c88d8e46bd419eac6c8b485db145ff40a417ac8639a74a71147218ee32fc023f5afcce9f223f6ca7da699d52e4b0cec6b354182b6bca7c983c265c348f8be6e45febd48389be41b288d91fa30e3e00fffd334b7b9542e47af657a841673c04ddecbc6df239abcea2d94cdb6fea72f84d43cf677270bd0c6e358add28ff32963509271987591d5f294f8a671881bc2b00f158c4c13c76825d361b810a77ac32d1f1dd7123ffcebb3df9b70cc213912885a80a7c29e0ed6ac492512075dff08bb042521c2495a163987970d2d02a2a4310f8ab5867d23603eab1a893558d04a0080f408ff536b47df5c12238819d7306e532ada3406e98fa9f14f913ec02022ee310662dd6c818d2996f51299764bcf67daf26501f4c79a5fc4d3d5ea1b9972e856789933361069acd6d2145251ab22b4403b1ad1d1c5df811b86fc0350eb771b214ff23419b321914b97b067d90e5a338c3de5bfcd81b638d8afb06ab2c3634420a3f8d6c45f54721b0b8b9ba4c0b12b436ee14cb6d50e623e4d9c594402f0b732b584917e28409a79924c23879762c34944badb44b385bbdcca73998830f9c826d7efcd585ee509491a219e5a8a4510df44db71df4d8576d30951b224748a0f4021998832a68af8b91c57d8631cfff32bd01b6555c33396d2fe8ce69be63480048b9257de136187d0b57c64578089d70b3e6c0b36eab0acc43bf0ebe5019fe4de0551299224480df52e989678157c8e443c7870e85913bce314ddfcd014ded8d172f95f2e2af7327e9380236e3c44e82c76ecca479227f34dbecc55629ffa0f65ee07c10f9de410f563120d07f91c3bd5dd39b053c5f9e4c8e63bf9edf56567bb64225093e76b7d018c348c7e11b86d859b6c5c71380665b93c9a6fca64e4a7da0f589355aca08c09d823caa551ee5cec74383a4d26f2c45cdf55941b4506a7c1068cf27628ceae486dc4a47d6940f99c5a8fa82187a6946fc39f37111ad723dca523ff0b9c38b30ba0bf505a53f85f4c3699c193036d6e5066efe6cb8c7f4f859c6890f72bb5c78f796f15015e97449691d7a61e473935e889c524df1bada8f4e351ac07229e904834081225f78af96585c7f03869d191330835f69581d181b365ffc1cbfe939a53f142e09f7546ee6286f877828e69a24c08c8d8f3b915c4dd34753f358e7283057047e52d930d4e3a40230daa9e47d66086a2d22d29e84d4237bba531e0ee90dadb80b245bc5c4059216616172e462f51d6775025f0f90ee51fcfa26ddbe4dd38cd8feb1bed1925e2f5e02958352ebb1305dc73b51d6c10acdea852ee6eb73e5b0c462fa3767992e5a6c65a742d60a75df9d77767e0ad609c9431530875f9c1a0fb5f43f8c3451a927cd8dad51aff7600a7fa04524b0a2b14d0c818ead49de6019d8a767e2d50c9934077ad437de691910213f846fb27bd1b855e3004035183500a271fae242c8dedd05530f98d9871999ae72c86b007ca1bfe0dfa96c2618aae8be099139574fc51cfcb5584fe956598e0d8ddc6d4f54b79f5ddd78be4153a58c96c20587c9021024940ac29e63b36bff65c2ce7cd78ec538b69b531f2ac3d04f91d1be8aab72c8abaa8a3e5449cd2a4b7d850c623952db3538094410f60c5c2d1f9e68c69d92684d1ea163494ce329c0423f18b15fd7e14e9b6f0c73d46231f2512e36dd15941eee58ffb17e75380259706332409dd35f707f75a42e0aa623492855688204e33fc09f1a28b0fdbb3fd3a6b29a8dd6a202aea102e8675a6084f23719f5641a7f69f4d0b163edc98f9c55731a5bc84d512cf2033eed5122b2fff56a6906186f4c318aa2e7fb7aa98c046ef42383a8647083211cf61cd3140a41259eb417f7f0f5301b4c0a1fe0331b2f19d71ac2692e4fa99ba5fc2803bc524df07f5da3c5d188bdc519bfb1ec419fec31ded4b3b0625840553f548cec8762a090000822371c7dd721b7ba21e0284df453af0b29cb92b6b928a7c73a291dff0c4e69777c50d11f7b4acca0322abb2adce8ba9ed9fa12db65bfa1120a5a618d4a3e3ea5185996337bf37f7618e0e13a6aac2f8400c551f9b79a98ac0dc06782d5ba5494bf0814a37565d1e0f88890ffb38abe2aa47822f3452cbab5e7e70ed13818c268616c1024d150a146963b531ba0e2b9727bdc25253d5489ff985f51bf4060c86d51c3517bbb9957ba81b36b98928d7ce0e710ee7915849fd36f5b16b38bba6333afc80a0da850aeba47bcca8414c0d5e3d8d89ab2424caccab759bea324f7b14f0d9765b773b1167a34067cc5727f3003bd5631b34103b819fff70476908ea3d9b6f679313555a84efd6673a101e51f48f322b3ce2dc80151264808d326a25d4034811b67d3a5ddf007137f777d09dc45e4cbb588bed918356e738e60a763bab026a30c330009ba63b06e0ddd8ca000fd11efe85b6c229ec28533b4b18a0c7dde0eac482a955214d890578d81ce433f6106f85affd8ad7f2601ee84fd2cc32926f1420a8b3063de2e0f24ca28917a57eb19b13401637ccfadca6a9d951df200e04f9160440386544b6e1d875408c0d40aadff96a0fc2b0efbd88c698ee1cae2d562ebf41e39a49ec8946d064697227cfdc1767a0cac59539721a22d5f765bdadb47f34804b7130e00b880e95b0898121d075af882b986fff3db66c96cbaece8461c2ca2734df3fbb394997308e594a237721b76fc52524bb5221170b4c6a0993740f427f3d979d21141696327ed0dcd2fa962c0c50389a20603b365cd77fc57701bc654734dc888da21a0036a9286487e6088fb5c884f6e374037d6447a0d2823342e5dcf7d13dcb0b2bd81a9153907a7a9a162f1433d194ef1be5689d027babbc1d817d63a955da150bd1961d5d761f311142d703ae175d87860b20466c01f6044aff4bff4e2e2d89ebba508413d8611b5a18b17de9c32620bd5905d1e6d559302c2930c16de1bf774697c1d199fe5975d95df394af45a76af933e3e6f699ade69d1ab4b6d5dafe9d284bdce322fce56a77d1885693112a6500a3039bbc0f573d068d6a42c113171b7370f5bfa27cdcf56fa95b7f7edd75b0eab5cfec348d841f"})
write$sndseq(r0, &(0x7f0000000140)=[{0x0, 0x23, 0x0, 0x0, @tick, {}, {}, @control}], 0xfffffdcd)

[  245.828677] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  245.829338] sr 1:0:0:0: [sr0] tag#0 CDB: Service action out(16), sa=0x10 9f d0 79 87 bc bd 94 7d e5 82 98 68
11:06:34 executing program 4:
ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=<r1=>0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f00000004c0))
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x50000004})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, &(0x7f0000000140)={r3, 0xffffffffffffffff, 0x3d})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = pidfd_open(r1, 0x0)
dup(r5)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0139000100000507445c79c8180080"], 0x25)

11:06:34 executing program 1:
syz_emit_ethernet(0x46, &(0x7f0000000080)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "da172d", 0x10, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, {[@hopopts={0x0, 0x1, '\x00', [@jumbo={0xc2, 0x2}, @generic]}]}}}}}, 0x0)

[  246.470219] Bluetooth: hci0: Opcode 0x c03 failed: -4
[  248.639639] Bluetooth: hci0: Opcode 0x c03 failed: -4
[  248.680014] Bluetooth: hci0: Opcode 0x c03 failed: -4
11:06:37 executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000004280)={0x0, 0x0, "b03a0a89d4875ccf15016bb94a793223af2896d9e99868e90b1cdea9443d257bfc73241298fbc891d4ce70d26e70438fc92ae91351195b1fda70a2061ebedd83708f97007d4afda6d1439d9400421716e0bc9d9259eac610075c7b5169a4af48d4b8c5aa5e352938679e2391914c3d6be1b22d0decce5db1773a09b8b88c538d6ba4ba25f93367fdb9e1810552599a5520a5bcca9bfbb3e50547a60472ff6c827c016e459b598daa6697ef08446dd33d6b1e3cb50dfd4b2357fcefa8eba4abc2062e8d894ffdc3850b3a5cfb30e1570ccf69196c5ecc225065a3728d03bdc0a516a57680f48d334e981b3c7ed76b3b822486e7ab619964fe22fa4de52e33eae5", "66e27c686346d463a5c12d237acff4192845608625de3e00c853ba6db99bdca8ce66b5d2986a3601702f62b704cdf1e3e8815d60724498fe310408bbef0fa4ee3ab93e2eee10adaf7fe25c3cd174494fbb8a8475418e3fd56d207055d4494ed2a34025e9ca172f7ae5388fa786c085f18ce46a27afa2957e87d3e2b1f1a9686e690a558e6d89141d831349af2a8102e281678f33db2f14ff8aea9281aa22c5bfc275faab2882f156fd38cc76835e391932300a5685e3c0ba9187f12117683de169cb3105f334435db81135dd318868c59a2fb19cd813914557f472377ad23a9b4dff26a50cde18a3a6d50b6abb2aec25324123cc37fac8238d63cd0c78d67c9eff7c8a1523b44f3cd514bffa001e05d3180fa830c0f090c6c7cebd2ffaa9546c5be56c3861313c7614c3298fca09c4a8e931e04b6ef44c5000923637dea858cabb882cd5df1252ba30a4b6e02f151375e481b0456ff7c7f97e846951ec0c7fd223df82548aeaf9d920e7539304fde028bb3ba90ef4e6f5d9be225e0ba4fae5988a87adfcfc7e1368edf8170955966e7cbf83657568dd2b1a3c42f0cc20b9190260cc6536051ecca8ffcc02a86267bf5718ad3c0ab285fd41bfa1e7154b3c24e377685a43be2406514cddc45d02ca954ace3729e27c2d3efc154465c248d6438ebecd96af55b9959797b08fc7571f8e053648b30baa53851d16a5418de7bc9831c08bcecd33cfead167fb360b77961331abfcc8ae6c20a4f7277ac081012eac8e2318d32d3bfb4c8bf6a844d467d52d02bf7807bd9704a3ca7ad184cea56f7f459c76652fe48930ca276bceb95b648f042b54ec2af8da5f38e8648e9ca2aacf7a5760e9148b445b6dbbaca8e420e026a7188466a832c8ebc22dda550c2fe1a6ae8f700d41792be7660821d962d995ddcd19e7e72040947c446df6b40618f985a935feb15485168caafc997ec2416908d48de441a6c444f33ac96f22d7f2b13963983e960622e2ffe27a4f496ed5d02eb0c8e28f09e554a38e252e8eb5066b38ff5524c5966c904bc20f5ff48f444ab9c4f54e0171de6ab92082293139ea1cde517b30f4dc8d9ba98256e31cc5ec20d6ca62cbe254b0f3897b58581c4e73b5777cfddd02bbe3b07d5d085d57f20a69f446bdd4b4ab41cd40a38069e0bea6a2717b02e51d139cb0a84a9f863b3ff89195b186bf439c2aacacbe2ef5784690d7028f80b66a10df4716354da85e8fbba87ee78aff91a9041b0a233b79dba28d754d818c84bdc8d96f3fff86566a1f15f4898fe070bc7b35c57ce8f93f58b80a3160985646bdc732934fade924d6e31c2c6e6a2ae643214c4c100b2f66ea6acec03b2cb40f39cb91be1e13211c0327d4d2daf59e414d8bed18bbbe05d85aee69ba68b83875df8b87f8bc90863c38e34c74e8f882bb992e7397ab8704002c14485d4d19915b840690ab13b9ed84d294a0aa74f7feb73ba7618bdd69243ef8670110044e32bd0ea079b745d6591cb61f18090045b426c07ee922ad93a16e209fc94ef8b21454830a65d764d8530f3137dd35a8a7c3b6f1c86721cebeefe01322fc91c3553d558d766b147d14ba6400f0dca309ae8c4865d730c33f3eaf0e2a60be6736a1ff5d2dcca550a700cc7f4d4378bb780dfa934254cd7d39b9d00a250f8f9539260645a0a0056690a454c7f9b31c9a358bed4271b5a192cc371178c0798eeba7c6cb14face65a8bacbb7d74b0b4bf56853b01bb86c937c814bee762933087a816966ac82c6b7d57ec3dfdf3a33834688829f20952020043d29863a4251ddd21e1ef6340f1e450042a82082c36e7e5032dafdd201494b84e5dd290f5bc545d90d0c3695bd5d89616e58b86dadce382fc1cc30c2c7f3f41c456a05e8d2bc8b500855697abd2c0e34e4bdf296fd65ea8213ee0115c661741ef7e60185491b54bc8623d8b8927f6411a324a20ca50043d35c26211faa3e6af590d56cd7b274a55420078b8e034888aee0489b070035c9b3aef475b4086e9ae5f4286aac3df3e5e9367af217a7de0575c7d9400c4a1ea12447c0e549e2ca4db225be99cc0e898b1f29b642575350fdb7c719e070077b210cd231c55cbeffea70cbf5449279d8809977f4d86de391dcd27b08a258963e27910a62da2228b88c33be770337974565e4dfdec85de7c8b46fb1264e5d1e5e7e4c3c490439555c6b550b710e0bed922fb97de7ea379d9308699707f92c3630981fcfac4d8321ab76441f7330135c1689a1e8f941104e4fecb1adcba63dcc1f3173488b1003a930c3b9bce9bd1eab45c3379ba449851c560c88d8e46bd419eac6c8b485db145ff40a417ac8639a74a71147218ee32fc023f5afcce9f223f6ca7da699d52e4b0cec6b354182b6bca7c983c265c348f8be6e45febd48389be41b288d91fa30e3e00fffd334b7b9542e47af657a841673c04ddecbc6df239abcea2d94cdb6fea72f84d43cf677270bd0c6e358add28ff32963509271987591d5f294f8a671881bc2b00f158c4c13c76825d361b810a77ac32d1f1dd7123ffcebb3df9b70cc213912885a80a7c29e0ed6ac492512075dff08bb042521c2495a163987970d2d02a2a4310f8ab5867d23603eab1a893558d04a0080f408ff536b47df5c12238819d7306e532ada3406e98fa9f14f913ec02022ee310662dd6c818d2996f51299764bcf67daf26501f4c79a5fc4d3d5ea1b9972e856789933361069acd6d2145251ab22b4403b1ad1d1c5df811b86fc0350eb771b214ff23419b321914b97b067d90e5a338c3de5bfcd81b638d8afb06ab2c3634420a3f8d6c45f54721b0b8b9ba4c0b12b436ee14cb6d50e623e4d9c594402f0b732b584917e28409a79924c23879762c34944badb44b385bbdcca73998830f9c826d7efcd585ee509491a219e5a8a4510df44db71df4d8576d30951b224748a0f4021998832a68af8b91c57d8631cfff32bd01b6555c33396d2fe8ce69be63480048b9257de136187d0b57c64578089d70b3e6c0b36eab0acc43bf0ebe5019fe4de0551299224480df52e989678157c8e443c7870e85913bce314ddfcd014ded8d172f95f2e2af7327e9380236e3c44e82c76ecca479227f34dbecc55629ffa0f65ee07c10f9de410f563120d07f91c3bd5dd39b053c5f9e4c8e63bf9edf56567bb64225093e76b7d018c348c7e11b86d859b6c5c71380665b93c9a6fca64e4a7da0f589355aca08c09d823caa551ee5cec74383a4d26f2c45cdf55941b4506a7c1068cf27628ceae486dc4a47d6940f99c5a8fa82187a6946fc39f37111ad723dca523ff0b9c38b30ba0bf505a53f85f4c3699c193036d6e5066efe6cb8c7f4f859c6890f72bb5c78f796f15015e97449691d7a61e473935e889c524df1bada8f4e351ac07229e904834081225f78af96585c7f03869d191330835f69581d181b365ffc1cbfe939a53f142e09f7546ee6286f877828e69a24c08c8d8f3b915c4dd34753f358e7283057047e52d930d4e3a40230daa9e47d66086a2d22d29e84d4237bba531e0ee90dadb80b245bc5c4059216616172e462f51d6775025f0f90ee51fcfa26ddbe4dd38cd8feb1bed1925e2f5e02958352ebb1305dc73b51d6c10acdea852ee6eb73e5b0c462fa3767992e5a6c65a742d60a75df9d77767e0ad609c9431530875f9c1a0fb5f43f8c3451a927cd8dad51aff7600a7fa04524b0a2b14d0c818ead49de6019d8a767e2d50c9934077ad437de691910213f846fb27bd1b855e3004035183500a271fae242c8dedd05530f98d9871999ae72c86b007ca1bfe0dfa96c2618aae8be099139574fc51cfcb5584fe956598e0d8ddc6d4f54b79f5ddd78be4153a58c96c20587c9021024940ac29e63b36bff65c2ce7cd78ec538b69b531f2ac3d04f91d1be8aab72c8abaa8a3e5449cd2a4b7d850c623952db3538094410f60c5c2d1f9e68c69d92684d1ea163494ce329c0423f18b15fd7e14e9b6f0c73d46231f2512e36dd15941eee58ffb17e75380259706332409dd35f707f75a42e0aa623492855688204e33fc09f1a28b0fdbb3fd3a6b29a8dd6a202aea102e8675a6084f23719f5641a7f69f4d0b163edc98f9c55731a5bc84d512cf2033eed5122b2fff56a6906186f4c318aa2e7fb7aa98c046ef42383a8647083211cf61cd3140a41259eb417f7f0f5301b4c0a1fe0331b2f19d71ac2692e4fa99ba5fc2803bc524df07f5da3c5d188bdc519bfb1ec419fec31ded4b3b0625840553f548cec8762a090000822371c7dd721b7ba21e0284df453af0b29cb92b6b928a7c73a291dff0c4e69777c50d11f7b4acca0322abb2adce8ba9ed9fa12db65bfa1120a5a618d4a3e3ea5185996337bf37f7618e0e13a6aac2f8400c551f9b79a98ac0dc06782d5ba5494bf0814a37565d1e0f88890ffb38abe2aa47822f3452cbab5e7e70ed13818c268616c1024d150a146963b531ba0e2b9727bdc25253d5489ff985f51bf4060c86d51c3517bbb9957ba81b36b98928d7ce0e710ee7915849fd36f5b16b38bba6333afc80a0da850aeba47bcca8414c0d5e3d8d89ab2424caccab759bea324f7b14f0d9765b773b1167a34067cc5727f3003bd5631b34103b819fff70476908ea3d9b6f679313555a84efd6673a101e51f48f322b3ce2dc80151264808d326a25d4034811b67d3a5ddf007137f777d09dc45e4cbb588bed918356e738e60a763bab026a30c330009ba63b06e0ddd8ca000fd11efe85b6c229ec28533b4b18a0c7dde0eac482a955214d890578d81ce433f6106f85affd8ad7f2601ee84fd2cc32926f1420a8b3063de2e0f24ca28917a57eb19b13401637ccfadca6a9d951df200e04f9160440386544b6e1d875408c0d40aadff96a0fc2b0efbd88c698ee1cae2d562ebf41e39a49ec8946d064697227cfdc1767a0cac59539721a22d5f765bdadb47f34804b7130e00b880e95b0898121d075af882b986fff3db66c96cbaece8461c2ca2734df3fbb394997308e594a237721b76fc52524bb5221170b4c6a0993740f427f3d979d21141696327ed0dcd2fa962c0c50389a20603b365cd77fc57701bc654734dc888da21a0036a9286487e6088fb5c884f6e374037d6447a0d2823342e5dcf7d13dcb0b2bd81a9153907a7a9a162f1433d194ef1be5689d027babbc1d817d63a955da150bd1961d5d761f311142d703ae175d87860b20466c01f6044aff4bff4e2e2d89ebba508413d8611b5a18b17de9c32620bd5905d1e6d559302c2930c16de1bf774697c1d199fe5975d95df394af45a76af933e3e6f699ade69d1ab4b6d5dafe9d284bdce322fce56a77d1885693112a6500a3039bbc0f573d068d6a42c113171b7370f5bfa27cdcf56fa95b7f7edd75b0eab5cfec348d841f"})
write$sndseq(r0, &(0x7f0000000140)=[{0x0, 0x23, 0x0, 0x0, @tick, {}, {}, @control}], 0xfffffdcd)

11:06:37 executing program 7:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f0000000140)={0x0, 0x0, 0x40000}, 0x20)

11:06:37 executing program 1:
syz_emit_ethernet(0x46, &(0x7f0000000080)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "da172d", 0x10, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, {[@hopopts={0x0, 0x1, '\x00', [@jumbo={0xc2, 0x2}, @generic]}]}}}}}, 0x0)

11:06:37 executing program 6:
ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=<r1=>0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f00000004c0))
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x50000004})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, &(0x7f0000000140)={r3, 0xffffffffffffffff, 0x3d})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = pidfd_open(r1, 0x0)
dup(r5)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0139000100000507445c79c8180080"], 0x25)

11:06:37 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
capget(&(0x7f0000000380)={0x20080522, r0}, &(0x7f00000003c0))

11:06:37 executing program 5:
ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=<r1=>0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f00000004c0))
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x50000004})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, &(0x7f0000000140)={r3, 0xffffffffffffffff, 0x3d})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = pidfd_open(r1, 0x0)
dup(r5)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0139000100000507445c79c8180080"], 0x25)

11:06:37 executing program 4:
ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=<r1=>0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f00000004c0))
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x50000004})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, &(0x7f0000000140)={r3, 0xffffffffffffffff, 0x3d})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = pidfd_open(r1, 0x0)
dup(r5)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0139000100000507445c79c8180080"], 0x25)

11:06:37 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, &(0x7f00000000c0)=0x3)

11:06:37 executing program 1:
syz_emit_ethernet(0x46, &(0x7f0000000080)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "da172d", 0x10, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, {[@hopopts={0x0, 0x1, '\x00', [@jumbo={0xc2, 0x2}, @generic]}]}}}}}, 0x0)

11:06:37 executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000004280)={0x0, 0x0, "b03a0a89d4875ccf15016bb94a793223af2896d9e99868e90b1cdea9443d257bfc73241298fbc891d4ce70d26e70438fc92ae91351195b1fda70a2061ebedd83708f97007d4afda6d1439d9400421716e0bc9d9259eac610075c7b5169a4af48d4b8c5aa5e352938679e2391914c3d6be1b22d0decce5db1773a09b8b88c538d6ba4ba25f93367fdb9e1810552599a5520a5bcca9bfbb3e50547a60472ff6c827c016e459b598daa6697ef08446dd33d6b1e3cb50dfd4b2357fcefa8eba4abc2062e8d894ffdc3850b3a5cfb30e1570ccf69196c5ecc225065a3728d03bdc0a516a57680f48d334e981b3c7ed76b3b822486e7ab619964fe22fa4de52e33eae5", "66e27c686346d463a5c12d237acff4192845608625de3e00c853ba6db99bdca8ce66b5d2986a3601702f62b704cdf1e3e8815d60724498fe310408bbef0fa4ee3ab93e2eee10adaf7fe25c3cd174494fbb8a8475418e3fd56d207055d4494ed2a34025e9ca172f7ae5388fa786c085f18ce46a27afa2957e87d3e2b1f1a9686e690a558e6d89141d831349af2a8102e281678f33db2f14ff8aea9281aa22c5bfc275faab2882f156fd38cc76835e391932300a5685e3c0ba9187f12117683de169cb3105f334435db81135dd318868c59a2fb19cd813914557f472377ad23a9b4dff26a50cde18a3a6d50b6abb2aec25324123cc37fac8238d63cd0c78d67c9eff7c8a1523b44f3cd514bffa001e05d3180fa830c0f090c6c7cebd2ffaa9546c5be56c3861313c7614c3298fca09c4a8e931e04b6ef44c5000923637dea858cabb882cd5df1252ba30a4b6e02f151375e481b0456ff7c7f97e846951ec0c7fd223df82548aeaf9d920e7539304fde028bb3ba90ef4e6f5d9be225e0ba4fae5988a87adfcfc7e1368edf8170955966e7cbf83657568dd2b1a3c42f0cc20b9190260cc6536051ecca8ffcc02a86267bf5718ad3c0ab285fd41bfa1e7154b3c24e377685a43be2406514cddc45d02ca954ace3729e27c2d3efc154465c248d6438ebecd96af55b9959797b08fc7571f8e053648b30baa53851d16a5418de7bc9831c08bcecd33cfead167fb360b77961331abfcc8ae6c20a4f7277ac081012eac8e2318d32d3bfb4c8bf6a844d467d52d02bf7807bd9704a3ca7ad184cea56f7f459c76652fe48930ca276bceb95b648f042b54ec2af8da5f38e8648e9ca2aacf7a5760e9148b445b6dbbaca8e420e026a7188466a832c8ebc22dda550c2fe1a6ae8f700d41792be7660821d962d995ddcd19e7e72040947c446df6b40618f985a935feb15485168caafc997ec2416908d48de441a6c444f33ac96f22d7f2b13963983e960622e2ffe27a4f496ed5d02eb0c8e28f09e554a38e252e8eb5066b38ff5524c5966c904bc20f5ff48f444ab9c4f54e0171de6ab92082293139ea1cde517b30f4dc8d9ba98256e31cc5ec20d6ca62cbe254b0f3897b58581c4e73b5777cfddd02bbe3b07d5d085d57f20a69f446bdd4b4ab41cd40a38069e0bea6a2717b02e51d139cb0a84a9f863b3ff89195b186bf439c2aacacbe2ef5784690d7028f80b66a10df4716354da85e8fbba87ee78aff91a9041b0a233b79dba28d754d818c84bdc8d96f3fff86566a1f15f4898fe070bc7b35c57ce8f93f58b80a3160985646bdc732934fade924d6e31c2c6e6a2ae643214c4c100b2f66ea6acec03b2cb40f39cb91be1e13211c0327d4d2daf59e414d8bed18bbbe05d85aee69ba68b83875df8b87f8bc90863c38e34c74e8f882bb992e7397ab8704002c14485d4d19915b840690ab13b9ed84d294a0aa74f7feb73ba7618bdd69243ef8670110044e32bd0ea079b745d6591cb61f18090045b426c07ee922ad93a16e209fc94ef8b21454830a65d764d8530f3137dd35a8a7c3b6f1c86721cebeefe01322fc91c3553d558d766b147d14ba6400f0dca309ae8c4865d730c33f3eaf0e2a60be6736a1ff5d2dcca550a700cc7f4d4378bb780dfa934254cd7d39b9d00a250f8f9539260645a0a0056690a454c7f9b31c9a358bed4271b5a192cc371178c0798eeba7c6cb14face65a8bacbb7d74b0b4bf56853b01bb86c937c814bee762933087a816966ac82c6b7d57ec3dfdf3a33834688829f20952020043d29863a4251ddd21e1ef6340f1e450042a82082c36e7e5032dafdd201494b84e5dd290f5bc545d90d0c3695bd5d89616e58b86dadce382fc1cc30c2c7f3f41c456a05e8d2bc8b500855697abd2c0e34e4bdf296fd65ea8213ee0115c661741ef7e60185491b54bc8623d8b8927f6411a324a20ca50043d35c26211faa3e6af590d56cd7b274a55420078b8e034888aee0489b070035c9b3aef475b4086e9ae5f4286aac3df3e5e9367af217a7de0575c7d9400c4a1ea12447c0e549e2ca4db225be99cc0e898b1f29b642575350fdb7c719e070077b210cd231c55cbeffea70cbf5449279d8809977f4d86de391dcd27b08a258963e27910a62da2228b88c33be770337974565e4dfdec85de7c8b46fb1264e5d1e5e7e4c3c490439555c6b550b710e0bed922fb97de7ea379d9308699707f92c3630981fcfac4d8321ab76441f7330135c1689a1e8f941104e4fecb1adcba63dcc1f3173488b1003a930c3b9bce9bd1eab45c3379ba449851c560c88d8e46bd419eac6c8b485db145ff40a417ac8639a74a71147218ee32fc023f5afcce9f223f6ca7da699d52e4b0cec6b354182b6bca7c983c265c348f8be6e45febd48389be41b288d91fa30e3e00fffd334b7b9542e47af657a841673c04ddecbc6df239abcea2d94cdb6fea72f84d43cf677270bd0c6e358add28ff32963509271987591d5f294f8a671881bc2b00f158c4c13c76825d361b810a77ac32d1f1dd7123ffcebb3df9b70cc213912885a80a7c29e0ed6ac492512075dff08bb042521c2495a163987970d2d02a2a4310f8ab5867d23603eab1a893558d04a0080f408ff536b47df5c12238819d7306e532ada3406e98fa9f14f913ec02022ee310662dd6c818d2996f51299764bcf67daf26501f4c79a5fc4d3d5ea1b9972e856789933361069acd6d2145251ab22b4403b1ad1d1c5df811b86fc0350eb771b214ff23419b321914b97b067d90e5a338c3de5bfcd81b638d8afb06ab2c3634420a3f8d6c45f54721b0b8b9ba4c0b12b436ee14cb6d50e623e4d9c594402f0b732b584917e28409a79924c23879762c34944badb44b385bbdcca73998830f9c826d7efcd585ee509491a219e5a8a4510df44db71df4d8576d30951b224748a0f4021998832a68af8b91c57d8631cfff32bd01b6555c33396d2fe8ce69be63480048b9257de136187d0b57c64578089d70b3e6c0b36eab0acc43bf0ebe5019fe4de0551299224480df52e989678157c8e443c7870e85913bce314ddfcd014ded8d172f95f2e2af7327e9380236e3c44e82c76ecca479227f34dbecc55629ffa0f65ee07c10f9de410f563120d07f91c3bd5dd39b053c5f9e4c8e63bf9edf56567bb64225093e76b7d018c348c7e11b86d859b6c5c71380665b93c9a6fca64e4a7da0f589355aca08c09d823caa551ee5cec74383a4d26f2c45cdf55941b4506a7c1068cf27628ceae486dc4a47d6940f99c5a8fa82187a6946fc39f37111ad723dca523ff0b9c38b30ba0bf505a53f85f4c3699c193036d6e5066efe6cb8c7f4f859c6890f72bb5c78f796f15015e97449691d7a61e473935e889c524df1bada8f4e351ac07229e904834081225f78af96585c7f03869d191330835f69581d181b365ffc1cbfe939a53f142e09f7546ee6286f877828e69a24c08c8d8f3b915c4dd34753f358e7283057047e52d930d4e3a40230daa9e47d66086a2d22d29e84d4237bba531e0ee90dadb80b245bc5c4059216616172e462f51d6775025f0f90ee51fcfa26ddbe4dd38cd8feb1bed1925e2f5e02958352ebb1305dc73b51d6c10acdea852ee6eb73e5b0c462fa3767992e5a6c65a742d60a75df9d77767e0ad609c9431530875f9c1a0fb5f43f8c3451a927cd8dad51aff7600a7fa04524b0a2b14d0c818ead49de6019d8a767e2d50c9934077ad437de691910213f846fb27bd1b855e3004035183500a271fae242c8dedd05530f98d9871999ae72c86b007ca1bfe0dfa96c2618aae8be099139574fc51cfcb5584fe956598e0d8ddc6d4f54b79f5ddd78be4153a58c96c20587c9021024940ac29e63b36bff65c2ce7cd78ec538b69b531f2ac3d04f91d1be8aab72c8abaa8a3e5449cd2a4b7d850c623952db3538094410f60c5c2d1f9e68c69d92684d1ea163494ce329c0423f18b15fd7e14e9b6f0c73d46231f2512e36dd15941eee58ffb17e75380259706332409dd35f707f75a42e0aa623492855688204e33fc09f1a28b0fdbb3fd3a6b29a8dd6a202aea102e8675a6084f23719f5641a7f69f4d0b163edc98f9c55731a5bc84d512cf2033eed5122b2fff56a6906186f4c318aa2e7fb7aa98c046ef42383a8647083211cf61cd3140a41259eb417f7f0f5301b4c0a1fe0331b2f19d71ac2692e4fa99ba5fc2803bc524df07f5da3c5d188bdc519bfb1ec419fec31ded4b3b0625840553f548cec8762a090000822371c7dd721b7ba21e0284df453af0b29cb92b6b928a7c73a291dff0c4e69777c50d11f7b4acca0322abb2adce8ba9ed9fa12db65bfa1120a5a618d4a3e3ea5185996337bf37f7618e0e13a6aac2f8400c551f9b79a98ac0dc06782d5ba5494bf0814a37565d1e0f88890ffb38abe2aa47822f3452cbab5e7e70ed13818c268616c1024d150a146963b531ba0e2b9727bdc25253d5489ff985f51bf4060c86d51c3517bbb9957ba81b36b98928d7ce0e710ee7915849fd36f5b16b38bba6333afc80a0da850aeba47bcca8414c0d5e3d8d89ab2424caccab759bea324f7b14f0d9765b773b1167a34067cc5727f3003bd5631b34103b819fff70476908ea3d9b6f679313555a84efd6673a101e51f48f322b3ce2dc80151264808d326a25d4034811b67d3a5ddf007137f777d09dc45e4cbb588bed918356e738e60a763bab026a30c330009ba63b06e0ddd8ca000fd11efe85b6c229ec28533b4b18a0c7dde0eac482a955214d890578d81ce433f6106f85affd8ad7f2601ee84fd2cc32926f1420a8b3063de2e0f24ca28917a57eb19b13401637ccfadca6a9d951df200e04f9160440386544b6e1d875408c0d40aadff96a0fc2b0efbd88c698ee1cae2d562ebf41e39a49ec8946d064697227cfdc1767a0cac59539721a22d5f765bdadb47f34804b7130e00b880e95b0898121d075af882b986fff3db66c96cbaece8461c2ca2734df3fbb394997308e594a237721b76fc52524bb5221170b4c6a0993740f427f3d979d21141696327ed0dcd2fa962c0c50389a20603b365cd77fc57701bc654734dc888da21a0036a9286487e6088fb5c884f6e374037d6447a0d2823342e5dcf7d13dcb0b2bd81a9153907a7a9a162f1433d194ef1be5689d027babbc1d817d63a955da150bd1961d5d761f311142d703ae175d87860b20466c01f6044aff4bff4e2e2d89ebba508413d8611b5a18b17de9c32620bd5905d1e6d559302c2930c16de1bf774697c1d199fe5975d95df394af45a76af933e3e6f699ade69d1ab4b6d5dafe9d284bdce322fce56a77d1885693112a6500a3039bbc0f573d068d6a42c113171b7370f5bfa27cdcf56fa95b7f7edd75b0eab5cfec348d841f"})
write$sndseq(r0, &(0x7f0000000140)=[{0x0, 0x23, 0x0, 0x0, @tick, {}, {}, @control}], 0xfffffdcd)

11:06:37 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
capget(&(0x7f0000000380)={0x20080522, r0}, &(0x7f00000003c0))

11:06:37 executing program 7:
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f0000000140)={0x0, 0x0, 0x40000}, 0x20)

11:06:37 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, &(0x7f00000000c0)=0x3)

11:06:37 executing program 1:
syz_emit_ethernet(0x46, &(0x7f0000000080)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "da172d", 0x10, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, {[@hopopts={0x0, 0x1, '\x00', [@jumbo={0xc2, 0x2}, @generic]}]}}}}}, 0x0)

[  249.878524] Bluetooth: hci0: Opcode 0x c03 failed: -4
[  249.918065] Bluetooth: hci0: Opcode 0x c03 failed: -4
[  249.933917] Bluetooth: hci0: Opcode 0x c03 failed: -4
11:06:44 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, &(0x7f00000000c0)=0x3)

11:06:44 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
capget(&(0x7f0000000380)={0x20080522, r0}, &(0x7f00000003c0))

11:06:44 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, &(0x7f00000000c0)=0x3)

11:06:44 executing program 7:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:44 executing program 3:
r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLK\xa4g?K)\xa0\xf0\x9b8Y\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x05\x00\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\xff#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x80L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x04\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\x01\x00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xee\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\x01\x01\x00\x00\x00\x00\x00\x00\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/\\\x01\xe2\xba\x0e\xe3\xf95\x1d\x10\xa7\x97\xbf\x8e\xac\x81\xc9\x13\x8e\xb3\xf3\xb5d\xa1\xcf\x1d\x92\x9b\x9b\xa7\x12F\xa0\xe0\xff\x1a\x8e\xe2ae^=\n\xe1\xa6\xb8\xe9v\x8f2\xf4\xac\xe5\xdf\xffi`Mo\x1e\x1cMN<\x1b\xd8\xfe\xd6P\xcdQ\x83\xfa\xe7\x1d\xd5\x01n\xa7~\x8b\x90/62\xff;.S\xf7\x0flwa\x16\xf0\xf2(\x96V,\xd7s\xaaOE\xd3H\xfd`}\xd8\xbc\x9a\xca\xe3\n\xd7fCe\xd8\xbb\xdao\xb0\x85\xcc\xedv\x94\xb5\xc4\xb6[>\xb9,\xfch_-s\x94,F\x15\xd8m5>\x94\x84\xf5\x00\xc3\xf6m\xc7B\t{\xe0d\xc65(\x18\x9c\xad\x13b6\xca\x16\x95\xcb^zF\xd0\x1a\x8dP\x94\x19\xa4\xbfr=\xb6\xae', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xe456})
ftruncate(r0, 0x0)

11:06:44 executing program 5:
ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=<r1=>0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f00000004c0))
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x50000004})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, &(0x7f0000000140)={r3, 0xffffffffffffffff, 0x3d})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = pidfd_open(r1, 0x0)
dup(r5)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0139000100000507445c79c8180080"], 0x25)

11:06:44 executing program 4:
ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=<r1=>0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f00000004c0))
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x50000004})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, &(0x7f0000000140)={r3, 0xffffffffffffffff, 0x3d})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = pidfd_open(r1, 0x0)
dup(r5)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0139000100000507445c79c8180080"], 0x25)

11:06:44 executing program 6:
ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=<r1=>0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f00000004c0))
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x50000004})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, &(0x7f0000000140)={r3, 0xffffffffffffffff, 0x3d})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = pidfd_open(r1, 0x0)
dup(r5)
clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0139000100000507445c79c8180080"], 0x25)

11:06:45 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, &(0x7f00000000c0)=0x3)

11:06:45 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, &(0x7f00000000c0)=0x3)

11:06:45 executing program 3:
r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLK\xa4g?K)\xa0\xf0\x9b8Y\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x05\x00\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\xff#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x80L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x04\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\x01\x00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xee\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\x01\x01\x00\x00\x00\x00\x00\x00\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/\\\x01\xe2\xba\x0e\xe3\xf95\x1d\x10\xa7\x97\xbf\x8e\xac\x81\xc9\x13\x8e\xb3\xf3\xb5d\xa1\xcf\x1d\x92\x9b\x9b\xa7\x12F\xa0\xe0\xff\x1a\x8e\xe2ae^=\n\xe1\xa6\xb8\xe9v\x8f2\xf4\xac\xe5\xdf\xffi`Mo\x1e\x1cMN<\x1b\xd8\xfe\xd6P\xcdQ\x83\xfa\xe7\x1d\xd5\x01n\xa7~\x8b\x90/62\xff;.S\xf7\x0flwa\x16\xf0\xf2(\x96V,\xd7s\xaaOE\xd3H\xfd`}\xd8\xbc\x9a\xca\xe3\n\xd7fCe\xd8\xbb\xdao\xb0\x85\xcc\xedv\x94\xb5\xc4\xb6[>\xb9,\xfch_-s\x94,F\x15\xd8m5>\x94\x84\xf5\x00\xc3\xf6m\xc7B\t{\xe0d\xc65(\x18\x9c\xad\x13b6\xca\x16\x95\xcb^zF\xd0\x1a\x8dP\x94\x19\xa4\xbfr=\xb6\xae', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xe456})
ftruncate(r0, 0x0)

11:06:45 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
capget(&(0x7f0000000380)={0x20080522, r0}, &(0x7f00000003c0))

[  256.843753] BUG: unable to handle page fault for address: ffffed100fffc000
[  256.844685] #PF: supervisor write access in kernel mode
[  256.845365] #PF: error_code(0x0002) - not-present page
[  256.846032] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0
[  256.849535] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI
[  256.850814] CPU: 1 PID: 11062 Comm: syz-executor.7 Not tainted 6.1.0-rc3-next-20221031 #1
[  256.851832] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  256.852855] RIP: 0010:__memset+0x24/0x50
[  256.853404] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  256.855636] RSP: 0018:ffff88803c3dfcc0 EFLAGS: 00010212
[  256.856303] RAX: 0000000000000000 RBX: ffff88800c09c0c0 RCX: 1ffffe21fe605dab
[  256.857199] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  256.858080] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813818
[  256.858971] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  256.859882] R13: ffff88800c09c0c0 R14: ffffffff815f27a0 R15: 1ffff110010da81f
[  256.860770] FS:  00007f5f66770700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[  256.861778] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  256.862507] CR2: ffffed100fffc000 CR3: 000000000d2e0000 CR4: 0000000000350ee0
[  256.863415] Call Trace:
[  256.863750]  <TASK>
[  256.864045]  kasan_unpoison+0x23/0x60
[  256.864549]  mempool_exit+0x1c2/0x330
[  256.865064]  bioset_exit+0x2c9/0x630
[  256.865558]  ? _raw_spin_unlock_irq+0x1f/0x60
[  256.866155]  disk_release+0x143/0x490
[  256.866654]  ? disk_release+0x0/0x490
[  256.867168]  ? device_release+0x0/0x250
[  256.867679]  device_release+0xa2/0x250
[  256.868185]  ? device_release+0x0/0x250
[  256.868694]  kobject_put+0x173/0x280
[  256.869187]  put_device+0x1b/0x40
[  256.869647]  put_disk+0x41/0x60
[  256.870088]  loop_control_ioctl+0x4d1/0x630
[  256.870657]  ? loop_control_ioctl+0x0/0x630
[  256.871218]  ? selinux_file_ioctl+0xb1/0x270
[  256.871810]  ? loop_control_ioctl+0x0/0x630
[  256.872375]  __x64_sys_ioctl+0x19a/0x220
[  256.872914]  do_syscall_64+0x3b/0xa0
[  256.873411]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  256.874078] RIP: 0033:0x7f5f6921bb19
[  256.874551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  256.876784] RSP: 002b:00007f5f66770188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  256.877733] RAX: ffffffffffffffda RBX: 00007f5f6932f020 RCX: 00007f5f6921bb19
[  256.878625] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006
[  256.879527] RBP: 00007f5f69275f6d R08: 0000000000000000 R09: 0000000000000000
[  256.880412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  256.881301] R13: 00007fff728e40bf R14: 00007f5f66770300 R15: 0000000000022000
[  256.882200]  </TASK>
[  256.882504] Modules linked in:
[  256.882923] CR2: ffffed100fffc000
[  256.883386] ---[ end trace 0000000000000000 ]---
[  256.883984] RIP: 0010:__memset+0x24/0x50
[  256.884546] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  256.886800] RSP: 0018:ffff88803c3dfcc0 EFLAGS: 00010212
[  256.887496] RAX: 0000000000000000 RBX: ffff88800c09c0c0 RCX: 1ffffe21fe605dab
[  256.888402] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  256.889302] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813818
[  256.890209] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  256.891128] R13: ffff88800c09c0c0 R14: ffffffff815f27a0 R15: 1ffff110010da81f
[  256.892031] FS:  00007f5f66770700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[  256.893043] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  256.893793] CR2: ffffed100fffc000 CR3: 000000000d2e0000 CR4: 0000000000350ee0
11:06:45 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, &(0x7f00000000c0)=0x3)

11:06:45 executing program 3:
r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLK\xa4g?K)\xa0\xf0\x9b8Y\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x05\x00\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\xff#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x80L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x04\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\x01\x00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xee\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\x01\x01\x00\x00\x00\x00\x00\x00\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/\\\x01\xe2\xba\x0e\xe3\xf95\x1d\x10\xa7\x97\xbf\x8e\xac\x81\xc9\x13\x8e\xb3\xf3\xb5d\xa1\xcf\x1d\x92\x9b\x9b\xa7\x12F\xa0\xe0\xff\x1a\x8e\xe2ae^=\n\xe1\xa6\xb8\xe9v\x8f2\xf4\xac\xe5\xdf\xffi`Mo\x1e\x1cMN<\x1b\xd8\xfe\xd6P\xcdQ\x83\xfa\xe7\x1d\xd5\x01n\xa7~\x8b\x90/62\xff;.S\xf7\x0flwa\x16\xf0\xf2(\x96V,\xd7s\xaaOE\xd3H\xfd`}\xd8\xbc\x9a\xca\xe3\n\xd7fCe\xd8\xbb\xdao\xb0\x85\xcc\xedv\x94\xb5\xc4\xb6[>\xb9,\xfch_-s\x94,F\x15\xd8m5>\x94\x84\xf5\x00\xc3\xf6m\xc7B\t{\xe0d\xc65(\x18\x9c\xad\x13b6\xca\x16\x95\xcb^zF\xd0\x1a\x8dP\x94\x19\xa4\xbfr=\xb6\xae', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xe456})
ftruncate(r0, 0x0)

11:06:45 executing program 0:
r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLK\xa4g?K)\xa0\xf0\x9b8Y\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x05\x00\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\xff#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x80L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x04\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\x01\x00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xee\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\x01\x01\x00\x00\x00\x00\x00\x00\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/\\\x01\xe2\xba\x0e\xe3\xf95\x1d\x10\xa7\x97\xbf\x8e\xac\x81\xc9\x13\x8e\xb3\xf3\xb5d\xa1\xcf\x1d\x92\x9b\x9b\xa7\x12F\xa0\xe0\xff\x1a\x8e\xe2ae^=\n\xe1\xa6\xb8\xe9v\x8f2\xf4\xac\xe5\xdf\xffi`Mo\x1e\x1cMN<\x1b\xd8\xfe\xd6P\xcdQ\x83\xfa\xe7\x1d\xd5\x01n\xa7~\x8b\x90/62\xff;.S\xf7\x0flwa\x16\xf0\xf2(\x96V,\xd7s\xaaOE\xd3H\xfd`}\xd8\xbc\x9a\xca\xe3\n\xd7fCe\xd8\xbb\xdao\xb0\x85\xcc\xedv\x94\xb5\xc4\xb6[>\xb9,\xfch_-s\x94,F\x15\xd8m5>\x94\x84\xf5\x00\xc3\xf6m\xc7B\t{\xe0d\xc65(\x18\x9c\xad\x13b6\xca\x16\x95\xcb^zF\xd0\x1a\x8dP\x94\x19\xa4\xbfr=\xb6\xae', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xe456})
ftruncate(r0, 0x0)

[  257.490364] Bluetooth: hci0: Opcode 0x c03 failed: -4
[  257.505290] Bluetooth: hci0: Opcode 0x c03 failed: -4
[  257.562065] BUG: unable to handle page fault for address: ffffed100fffc000
[  257.562805] #PF: supervisor write access in kernel mode
[  257.563318] #PF: error_code(0x0002) - not-present page
[  257.563817] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0
[  257.564464] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI
[  257.564947] CPU: 1 PID: 11086 Comm: syz-executor.7 Tainted: G      D            6.1.0-rc3-next-20221031 #1
[  257.565850] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  257.566628] RIP: 0010:__memset+0x24/0x50
[  257.567047] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  257.568765] RSP: 0018:ffff88803d16fcc0 EFLAGS: 00010212
[  257.569279] RAX: 0000000000000000 RBX: ffff88800c09c240 RCX: 1ffffe21fe605db1
[  257.569956] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  257.570635] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813848
[  257.571308] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  257.571970] R13: ffff88800c09c240 R14: ffffffff815f27a0 R15: 1ffff11001123c1f
[  257.572640] FS:  00007f5f6674f700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[  257.573391] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  257.573936] CR2: ffffed100fffc000 CR3: 000000000d2e0000 CR4: 0000000000350ee0
[  257.574605] Call Trace:
[  257.574857]  <TASK>
[  257.575080]  kasan_unpoison+0x23/0x60
[  257.575458]  mempool_exit+0x1c2/0x330
[  257.575837]  bioset_exit+0x2c9/0x630
[  257.576203]  ? _raw_spin_unlock+0x24/0x50
[  257.576613]  ? blkg_destroy_all.isra.0+0x157/0x230
[  257.577104]  disk_release+0x143/0x490
[  257.577484]  ? disk_release+0x0/0x490
[  257.577868]  ? device_release+0x0/0x250
[  257.578255]  device_release+0xa2/0x250
[  257.578636]  ? device_release+0x0/0x250
[  257.579022]  kobject_put+0x173/0x280
[  257.579407]  put_device+0x1b/0x40
[  257.579754]  put_disk+0x41/0x60
[  257.580088]  loop_control_ioctl+0x4d1/0x630
[  257.580517]  ? loop_control_ioctl+0x0/0x630
[  257.580942]  ? selinux_file_ioctl+0xb1/0x270
[  257.581383]  ? loop_control_ioctl+0x0/0x630
[  257.581620] Bluetooth: hci0: Opcode 0x c03 failed: -4
[  257.581798]  __x64_sys_ioctl+0x19a/0x220
[  257.582657]  do_syscall_64+0x3b/0xa0
[  257.583031]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  257.583535] RIP: 0033:0x7f5f6921bb19
[  257.583897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  257.585577] RSP: 002b:00007f5f6674f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  257.586288] RAX: ffffffffffffffda RBX: 00007f5f6932f0e0 RCX: 00007f5f6921bb19
[  257.586957] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000006
[  257.587635] RBP: 00007f5f69275f6d R08: 0000000000000000 R09: 0000000000000000
[  257.588297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  257.588964] R13: 00007fff728e40bf R14: 00007f5f6674f300 R15: 0000000000022000
[  257.589642]  </TASK>
[  257.589872] Modules linked in:
[  257.590184] CR2: ffffed100fffc000
[  257.590516] ---[ end trace 0000000000000000 ]---
[  257.590961] RIP: 0010:__memset+0x24/0x50
[  257.591372] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  257.593035] RSP: 0018:ffff88803c3dfcc0 EFLAGS: 00010212
[  257.593524] RAX: 0000000000000000 RBX: ffff88800c09c0c0 RCX: 1ffffe21fe605dab
[  257.594175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  257.594851] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813818
[  257.595554] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  257.596244] R13: ffff88800c09c0c0 R14: ffffffff815f27a0 R15: 1ffff110010da81f
[  257.596938] FS:  00007f5f6674f700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[  257.597723] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  257.598285] CR2: ffffed100fffc000 CR3: 000000000d2e0000 CR4: 0000000000350ee0
11:06:46 executing program 3:
r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLK\xa4g?K)\xa0\xf0\x9b8Y\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x05\x00\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\xff#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x80L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x04\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\x01\x00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xee\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\x01\x01\x00\x00\x00\x00\x00\x00\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/\\\x01\xe2\xba\x0e\xe3\xf95\x1d\x10\xa7\x97\xbf\x8e\xac\x81\xc9\x13\x8e\xb3\xf3\xb5d\xa1\xcf\x1d\x92\x9b\x9b\xa7\x12F\xa0\xe0\xff\x1a\x8e\xe2ae^=\n\xe1\xa6\xb8\xe9v\x8f2\xf4\xac\xe5\xdf\xffi`Mo\x1e\x1cMN<\x1b\xd8\xfe\xd6P\xcdQ\x83\xfa\xe7\x1d\xd5\x01n\xa7~\x8b\x90/62\xff;.S\xf7\x0flwa\x16\xf0\xf2(\x96V,\xd7s\xaaOE\xd3H\xfd`}\xd8\xbc\x9a\xca\xe3\n\xd7fCe\xd8\xbb\xdao\xb0\x85\xcc\xedv\x94\xb5\xc4\xb6[>\xb9,\xfch_-s\x94,F\x15\xd8m5>\x94\x84\xf5\x00\xc3\xf6m\xc7B\t{\xe0d\xc65(\x18\x9c\xad\x13b6\xca\x16\x95\xcb^zF\xd0\x1a\x8dP\x94\x19\xa4\xbfr=\xb6\xae', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xe456})
ftruncate(r0, 0x0)

11:06:46 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000040)={'icmp6\x00'}, &(0x7f0000000100)=0x1e)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)

[  257.897566] audit: type=1400 audit(1667214406.199:9): avc:  denied  { tracepoint } for  pid=11092 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
11:06:46 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:46 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
close(r0)

11:06:46 executing program 0:
r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLK\xa4g?K)\xa0\xf0\x9b8Y\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x05\x00\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\xff#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x80L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x04\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\x01\x00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xee\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\x01\x01\x00\x00\x00\x00\x00\x00\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/\\\x01\xe2\xba\x0e\xe3\xf95\x1d\x10\xa7\x97\xbf\x8e\xac\x81\xc9\x13\x8e\xb3\xf3\xb5d\xa1\xcf\x1d\x92\x9b\x9b\xa7\x12F\xa0\xe0\xff\x1a\x8e\xe2ae^=\n\xe1\xa6\xb8\xe9v\x8f2\xf4\xac\xe5\xdf\xffi`Mo\x1e\x1cMN<\x1b\xd8\xfe\xd6P\xcdQ\x83\xfa\xe7\x1d\xd5\x01n\xa7~\x8b\x90/62\xff;.S\xf7\x0flwa\x16\xf0\xf2(\x96V,\xd7s\xaaOE\xd3H\xfd`}\xd8\xbc\x9a\xca\xe3\n\xd7fCe\xd8\xbb\xdao\xb0\x85\xcc\xedv\x94\xb5\xc4\xb6[>\xb9,\xfch_-s\x94,F\x15\xd8m5>\x94\x84\xf5\x00\xc3\xf6m\xc7B\t{\xe0d\xc65(\x18\x9c\xad\x13b6\xca\x16\x95\xcb^zF\xd0\x1a\x8dP\x94\x19\xa4\xbfr=\xb6\xae', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xe456})
ftruncate(r0, 0x0)

11:06:46 executing program 7:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:46 executing program 4:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:46 executing program 3:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:46 executing program 6:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:46 executing program 0:
r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLK\xa4g?K)\xa0\xf0\x9b8Y\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x05\x00\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\xff#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x80L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x04\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\x01\x00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xee\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\x01\x01\x00\x00\x00\x00\x00\x00\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/\\\x01\xe2\xba\x0e\xe3\xf95\x1d\x10\xa7\x97\xbf\x8e\xac\x81\xc9\x13\x8e\xb3\xf3\xb5d\xa1\xcf\x1d\x92\x9b\x9b\xa7\x12F\xa0\xe0\xff\x1a\x8e\xe2ae^=\n\xe1\xa6\xb8\xe9v\x8f2\xf4\xac\xe5\xdf\xffi`Mo\x1e\x1cMN<\x1b\xd8\xfe\xd6P\xcdQ\x83\xfa\xe7\x1d\xd5\x01n\xa7~\x8b\x90/62\xff;.S\xf7\x0flwa\x16\xf0\xf2(\x96V,\xd7s\xaaOE\xd3H\xfd`}\xd8\xbc\x9a\xca\xe3\n\xd7fCe\xd8\xbb\xdao\xb0\x85\xcc\xedv\x94\xb5\xc4\xb6[>\xb9,\xfch_-s\x94,F\x15\xd8m5>\x94\x84\xf5\x00\xc3\xf6m\xc7B\t{\xe0d\xc65(\x18\x9c\xad\x13b6\xca\x16\x95\xcb^zF\xd0\x1a\x8dP\x94\x19\xa4\xbfr=\xb6\xae', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xe456})
ftruncate(r0, 0x0)

11:06:46 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
close(r0)

[  258.165420] BUG: unable to handle page fault for address: ffffed100fffc000
[  258.166113] #PF: supervisor write access in kernel mode
[  258.166626] #PF: error_code(0x0002) - not-present page
[  258.167102] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0
[  258.167755] Oops: 0002 [#3] PREEMPT SMP KASAN NOPTI
[  258.168219] CPU: 1 PID: 11115 Comm: syz-executor.4 Tainted: G      D            6.1.0-rc3-next-20221031 #1
[  258.169084] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  258.169846] RIP: 0010:__memset+0x24/0x50
[  258.170258] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  258.171908] RSP: 0018:ffff88803ddefcc0 EFLAGS: 00010212
[  258.172416] RAX: 0000000000000000 RBX: ffff88800c09c3c0 RCX: 1ffffe21fe605db7
[  258.173090] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  258.173766] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813878
[  258.174437] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  258.175109] R13: ffff88800c09c3c0 R14: ffffffff815f27a0 R15: 1ffff1100112381f
[  258.175801] FS:  00007ff48ed74700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[  258.176561] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  258.177112] CR2: ffffed100fffc000 CR3: 0000000016a18000 CR4: 0000000000350ee0
[  258.177801] Call Trace:
[  258.178056]  <TASK>
[  258.178281]  kasan_unpoison+0x23/0x60
[  258.178659]  mempool_exit+0x1c2/0x330
[  258.179044]  bioset_exit+0x2c9/0x630
[  258.179437]  disk_release+0x143/0x490
[  258.179820]  ? disk_release+0x0/0x490
[  258.180199]  ? device_release+0x0/0x250
[  258.180592]  device_release+0xa2/0x250
[  258.180975]  ? device_release+0x0/0x250
[  258.181363]  kobject_put+0x173/0x280
[  258.181737]  put_device+0x1b/0x40
[  258.182080]  put_disk+0x41/0x60
[  258.182413]  loop_control_ioctl+0x4d1/0x630
[  258.182840]  ? loop_control_ioctl+0x0/0x630
[  258.183268]  ? selinux_file_ioctl+0xb1/0x270
[  258.183713]  ? loop_control_ioctl+0x0/0x630
[  258.184140]  __x64_sys_ioctl+0x19a/0x220
[  258.184550]  do_syscall_64+0x3b/0xa0
[  258.184928]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  258.185425] RIP: 0033:0x7ff49181fb19
[  258.185787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  258.187491] RSP: 002b:00007ff48ed74188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  258.188212] RAX: ffffffffffffffda RBX: 00007ff491933020 RCX: 00007ff49181fb19
[  258.188896] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000006
[  258.189566] RBP: 00007ff491879f6d R08: 0000000000000000 R09: 0000000000000000
[  258.190243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  258.190922] R13: 00007ffe943017df R14: 00007ff48ed74300 R15: 0000000000022000
[  258.191623]  </TASK>
[  258.191851] Modules linked in:
[  258.192163] CR2: ffffed100fffc000
[  258.192497] ---[ end trace 0000000000000000 ]---
[  258.192500] BUG: unable to handle page fault for address: ffffed100fffc000
[  258.192943] RIP: 0010:__memset+0x24/0x50
[  258.193755] #PF: supervisor write access in kernel mode
[  258.194125] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  258.194720] #PF: error_code(0x0002) - not-present page
[  258.196394] RSP: 0018:ffff88803c3dfcc0 EFLAGS: 00010212
[  258.196987] PGD 7ffd3067 P4D 7ffd3067 
[  258.197475] 
[  258.197480] RAX: 0000000000000000 RBX: ffff88800c09c0c0 RCX: 1ffffe21fe605dab
[  258.197928] PUD 7ffd2067 
[  258.198088] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  258.198682] PMD 7ffd1067 
[  258.198939] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813818
[  258.199531] PTE 0
[  258.199788] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  258.200374] 
[  258.200571] R13: ffff88800c09c0c0 R14: ffffffff815f27a0 R15: 1ffff110010da81f
[  258.201159] Oops: 0002 [#4] PREEMPT SMP KASAN NOPTI
[  258.201321] FS:  00007ff48ed74700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[  258.201904] CPU: 0 PID: 11111 Comm: syz-executor.6 Tainted: G      D            6.1.0-rc3-next-20221031 #1
[  258.202359] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  258.203012] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  258.203878] CR2: ffffed100fffc000 CR3: 0000000016a18000 CR4: 0000000000350ee0
[  258.204354] RIP: 0010:__memset+0x24/0x50
[  258.206132] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  258.207665] RSP: 0018:ffff88803dfafcc0 EFLAGS: 00010212
[  258.208126] RAX: 0000000000000000 RBX: ffff88800c09c540 RCX: 1ffffe21fe605dbd
[  258.208730] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  258.209329] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed10018138a8
[  258.209939] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  258.210539] R13: ffff88800c09c540 R14: ffffffff815f27a0 R15: 1ffff1100112341f
[  258.211150] FS:  00007fef893d6700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[  258.211841] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  258.212341] CR2: ffffed100fffc000 CR3: 000000002af5c000 CR4: 0000000000350ef0
[  258.212948] Call Trace:
[  258.213182]  <TASK>
[  258.213387]  kasan_unpoison+0x23/0x60
[  258.213730]  mempool_exit+0x1c2/0x330
[  258.214083]  bioset_exit+0x2c9/0x630
[  258.214420]  ? _raw_spin_unlock+0x24/0x50
[  258.214796]  ? blkg_destroy_all.isra.0+0x157/0x230
[  258.215254]  disk_release+0x143/0x490
[  258.215601]  ? disk_release+0x0/0x490
[  258.215946]  ? device_release+0x0/0x250
[  258.216299]  device_release+0xa2/0x250
[  258.216647]  ? device_release+0x0/0x250
[  258.217003]  kobject_put+0x173/0x280
[  258.217340]  put_device+0x1b/0x40
[  258.217657]  put_disk+0x41/0x60
[  258.217963]  loop_control_ioctl+0x4d1/0x630
[  258.218351]  ? loop_control_ioctl+0x0/0x630
[  258.218741]  ? selinux_file_ioctl+0xb1/0x270
[  258.219165]  ? loop_control_ioctl+0x0/0x630
[  258.219552]  __x64_sys_ioctl+0x19a/0x220
[  258.219919]  do_syscall_64+0x3b/0xa0
[  258.220262]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  258.220712] RIP: 0033:0x7fef8be60b19
[  258.221042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  258.222551] RSP: 002b:00007fef893d6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  258.223207] RAX: ffffffffffffffda RBX: 00007fef8bf73f60 RCX: 00007fef8be60b19
[  258.223814] RDX: 0000000000000003 RSI: 0000000000004c81 RDI: 0000000000000006
[  258.224415] RBP: 00007fef8bebaf6d R08: 0000000000000000 R09: 0000000000000000
[  258.225016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  258.225618] R13: 00007ffd50bf804f R14: 00007fef893d6300 R15: 0000000000022000
[  258.226236]  </TASK>
[  258.226451] Modules linked in:
[  258.226741] CR2: ffffed100fffc000
[  258.227042] ---[ end trace 0000000000000000 ]---
[  258.227459] RIP: 0010:__memset+0x24/0x50
[  258.227839] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  258.229339] RSP: 0018:ffff88803c3dfcc0 EFLAGS: 00010212
[  258.229814] RAX: 0000000000000000 RBX: ffff88800c09c0c0 RCX: 1ffffe21fe605dab
[  258.230437] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  258.231043] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813818
[  258.231656] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  258.232277] R13: ffff88800c09c0c0 R14: ffffffff815f27a0 R15: 1ffff110010da81f
[  258.232905] FS:  00007fef893d6700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[  258.233595] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  258.234087] CR2: ffffed100fffc000 CR3: 000000002af5c000 CR4: 0000000000350ef0
11:06:46 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
close(r0)

11:06:46 executing program 7:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:46 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000040)={'icmp6\x00'}, &(0x7f0000000100)=0x1e)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)

11:06:46 executing program 3:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:46 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
close(r0)

11:06:46 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
creat(&(0x7f0000000000)='./file0\x00', 0x0)
stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140))

11:06:46 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

[  258.506262] BUG: unable to handle page fault for address: ffffed100fffc000
[  258.507517] #PF: supervisor write access in kernel mode
[  258.508435] #PF: error_code(0x0002) - not-present page
[  258.509357] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0
[  258.510542] Oops: 0002 [#5] PREEMPT SMP KASAN NOPTI
[  258.511403] CPU: 0 PID: 11145 Comm: syz-executor.7 Tainted: G      D            6.1.0-rc3-next-20221031 #1
[  258.512983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  258.514039] RIP: 0010:__memset+0x24/0x50
[  258.514764] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  258.517069] RSP: 0018:ffff88803e107cc0 EFLAGS: 00010212
[  258.517772] RAX: 0000000000000000 RBX: ffff88800c09c6c0 RCX: 1ffffe21fe605dc3
[  258.518663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  258.519607] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed10018138d8
[  258.520690] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  258.521599] R13: ffff88800c09c6c0 R14: ffffffff815f27a0 R15: 1ffff1100112301f
[  258.522509] FS:  00007f5f66770700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[  258.523573] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  258.524540] CR2: ffffed100fffc000 CR3: 000000003ae7e000 CR4: 0000000000350ef0
[  258.525691] Call Trace:
[  258.526144]  <TASK>
[  258.526545]  kasan_unpoison+0x23/0x60
[  258.527241]  mempool_exit+0x1c2/0x330
[  258.527927]  bioset_exit+0x2c9/0x630
[  258.528570]  ? _raw_spin_unlock+0x24/0x50
[  258.529305]  ? blkg_destroy_all.isra.0+0x157/0x230
[  258.530191]  disk_release+0x143/0x490
[  258.530865]  ? disk_release+0x0/0x490
[  258.531545]  ? device_release+0x0/0x250
[  258.532223]  device_release+0xa2/0x250
[  258.532890]  ? device_release+0x0/0x250
[  258.533580]  kobject_put+0x173/0x280
[  258.534252]  put_device+0x1b/0x40
[  258.534894]  put_disk+0x41/0x60
[  258.535425]  loop_control_ioctl+0x4d1/0x630
[  258.535941]  ? loop_control_ioctl+0x0/0x630
[  258.536445]  ? selinux_file_ioctl+0xb1/0x270
[  258.536977]  ? loop_control_ioctl+0x0/0x630
[  258.537486]  __x64_sys_ioctl+0x19a/0x220
[  258.537973]  do_syscall_64+0x3b/0xa0
[  258.538421]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  258.539015] RIP: 0033:0x7f5f6921bb19
[  258.539474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  258.541851] RSP: 002b:00007f5f66770188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  258.542851] RAX: ffffffffffffffda RBX: 00007f5f6932f020 RCX: 00007f5f6921bb19
[  258.543791] RDX: 0000000000000004 RSI: 0000000000004c81 RDI: 0000000000000006
[  258.544721] RBP: 00007f5f69275f6d R08: 0000000000000000 R09: 0000000000000000
[  258.545647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  258.546571] R13: 00007fff728e40bf R14: 00007f5f66770300 R15: 0000000000022000
[  258.547549]  </TASK>
[  258.547874] Modules linked in:
[  258.548310] CR2: ffffed100fffc000
[  258.548781] ---[ end trace 0000000000000000 ]---
[  258.549397] RIP: 0010:__memset+0x24/0x50
[  258.549968] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  258.552217] RSP: 0018:ffff88803c3dfcc0 EFLAGS: 00010212
[  258.552862] RAX: 0000000000000000 RBX: ffff88800c09c0c0 RCX: 1ffffe21fe605dab
[  258.553711] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  258.554558] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813818
[  258.555420] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  258.556262] R13: ffff88800c09c0c0 R14: ffffffff815f27a0 R15: 1ffff110010da81f
[  258.557110] FS:  00007f5f66770700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[  258.558066] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  258.558757] CR2: ffffed100fffc000 CR3: 000000003ae7e000 CR4: 0000000000350ef0
11:06:47 executing program 3:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:47 executing program 7:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:47 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
creat(&(0x7f0000000000)='./file0\x00', 0x0)
stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140))

11:06:47 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000040)={'icmp6\x00'}, &(0x7f0000000100)=0x1e)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)

11:06:47 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:47 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:47 executing program 4:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:47 executing program 6:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:47 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
creat(&(0x7f0000000000)='./file0\x00', 0x0)
stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140))

11:06:47 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000040)={'icmp6\x00'}, &(0x7f0000000100)=0x1e)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)

11:06:47 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
creat(&(0x7f0000000000)='./file0\x00', 0x0)
stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140))

[  259.617543] BUG: unable to handle page fault for address: ffffed100fffc000
[  259.618617] #PF: supervisor write access in kernel mode
[  259.619427] #PF: error_code(0x0002) - not-present page
[  259.620160] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0
[  259.621016] Oops: 0002 [#6] PREEMPT SMP KASAN NOPTI
[  259.621614] CPU: 0 PID: 11170 Comm: syz-executor.7 Tainted: G      D            6.1.0-rc3-next-20221031 #1
[  259.622725] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  259.623711] RIP: 0010:__memset+0x24/0x50
[  259.624229] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  259.626335] RSP: 0018:ffff88803ce2fcc0 EFLAGS: 00010212
[  259.626976] RAX: 0000000000000000 RBX: ffff88800c09c840 RCX: 1ffffe21fe605dc9
[  259.627840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  259.628681] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813908
[  259.629531] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  259.630381] R13: ffff88800c09c840 R14: ffffffff815f27a0 R15: 1ffff11001122e1f
[  259.631244] FS:  00007f5f66791700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[  259.632195] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  259.632897] CR2: ffffed100fffc000 CR3: 00000000156cc000 CR4: 0000000000350ef0
[  259.633722] Call Trace:
[  259.634025]  <TASK>
[  259.634293]  kasan_unpoison+0x23/0x60
[  259.634749]  mempool_exit+0x1c2/0x330
[  259.635212]  bioset_exit+0x2c9/0x630
[  259.635659]  ? _raw_spin_unlock+0x24/0x50
[  259.636214]  ? blkg_destroy_all.isra.0+0x157/0x230
[  259.636869]  disk_release+0x143/0x490
[  259.637321]  ? disk_release+0x0/0x490
[  259.637782]  ? device_release+0x0/0x250
[  259.638243]  device_release+0xa2/0x250
[  259.638704]  ? device_release+0x0/0x250
[  259.639174]  kobject_put+0x173/0x280
[  259.639618]  put_device+0x1b/0x40
[  259.640031]  put_disk+0x41/0x60
[  259.640430]  loop_control_ioctl+0x4d1/0x630
[  259.640942]  ? loop_control_ioctl+0x0/0x630
[  259.641446]  ? selinux_file_ioctl+0xb1/0x270
[  259.641981]  ? loop_control_ioctl+0x0/0x630
[  259.642486]  __x64_sys_ioctl+0x19a/0x220
[  259.642976]  do_syscall_64+0x3b/0xa0
[  259.643437]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  259.644032] RIP: 0033:0x7f5f6921bb19
[  259.644467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  259.646463] RSP: 002b:00007f5f66791188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  259.647330] RAX: ffffffffffffffda RBX: 00007f5f6932ef60 RCX: 00007f5f6921bb19
[  259.648133] RDX: 0000000000000005 RSI: 0000000000004c81 RDI: 0000000000000006
[  259.648929] RBP: 00007f5f69275f6d R08: 0000000000000000 R09: 0000000000000000
[  259.649727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  259.650593] R13: 00007fff728e40bf R14: 00007f5f66791300 R15: 0000000000022000
[  259.651471]  </TASK>
[  259.651764] Modules linked in:
[  259.652164] CR2: ffffed100fffc000
[  259.652592] ---[ end trace 0000000000000000 ]---
[  259.653156] RIP: 0010:__memset+0x24/0x50
[  259.653672] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  259.655817] RSP: 0018:ffff88803c3dfcc0 EFLAGS: 00010212
[  259.656460] RAX: 0000000000000000 RBX: ffff88800c09c0c0 RCX: 1ffffe21fe605dab
[  259.657328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  259.658195] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813818
[  259.659076] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  259.659959] R13: ffff88800c09c0c0 R14: ffffffff815f27a0 R15: 1ffff110010da81f
[  259.660834] FS:  00007f5f66791700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[  259.661816] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  259.662532] CR2: ffffed100fffc000 CR3: 00000000156cc000 CR4: 0000000000350ef0
11:06:47 executing program 4:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:47 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:48 executing program 6:
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil)
shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x8a, 0x30, 0xa9, 0x0, 0x5, 0x8, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x1, @perf_bp={&(0x7f0000000340), 0x2}, 0x3a00, 0x5, 0x80000000, 0x4, 0x0, 0x6, 0x3c3c, 0x0, 0x6, 0x0, 0x3}, 0x0, 0x7, 0xffffffffffffffff, 0x2)
openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x3f, 0x5, 0x3, 0x0, 0x89d9, 0x1000, 0xc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x573}, 0x8040, 0x1, 0x400, 0x6, 0xa2, 0x0, 0x7, 0x0, 0x4, 0x0, 0x239b}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

11:06:48 executing program 2:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:48 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

[  260.737738] BUG: unable to handle page fault for address: ffffed100fffc000
[  260.738542] #PF: supervisor write access in kernel mode
[  260.739120] #PF: error_code(0x0002) - not-present page
[  260.739698] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0
[  260.740436] Oops: 0002 [#7] PREEMPT SMP KASAN NOPTI
[  260.740992] CPU: 1 PID: 11161 Comm: syz-executor.3 Tainted: G      D            6.1.0-rc3-next-20221031 #1
[  260.742033] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  260.742919] RIP: 0010:__memset+0x24/0x50
[  260.743414] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  260.745354] RSP: 0018:ffff88803c327cc0 EFLAGS: 00010212
[  260.745946] RAX: 0000000000000000 RBX: ffff88800c09c9c0 RCX: 1ffffe21fe605dcf
[  260.746729] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  260.747510] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813938
[  260.748283] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  260.749157] R13: ffff88800c09c9c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f
[  260.749935] FS:  00007f381fbbc700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[  260.750803] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  260.751454] CR2: ffffed100fffc000 CR3: 000000003ae7e000 CR4: 0000000000350ee0
[  260.752228] Call Trace:
[  260.752521]  <TASK>
[  260.752779]  kasan_unpoison+0x23/0x60
[  260.753211]  mempool_exit+0x1c2/0x330
[  260.753653]  bioset_exit+0x2c9/0x630
[  260.754078]  ? _raw_spin_unlock+0x24/0x50
[  260.754554]  ? blkg_destroy_all.isra.0+0x157/0x230
[  260.755119]  disk_release+0x143/0x490
[  260.755559]  ? disk_release+0x0/0x490
[  260.755996]  ? device_release+0x0/0x250
[  260.756442]  device_release+0xa2/0x250
[  260.756882]  ? device_release+0x0/0x250
[  260.757326]  kobject_put+0x173/0x280
[  260.757752]  put_device+0x1b/0x40
[  260.758147]  put_disk+0x41/0x60
[  260.758531]  loop_control_ioctl+0x4d1/0x630
[  260.759021]  ? loop_control_ioctl+0x0/0x630
[  260.759517]  ? selinux_file_ioctl+0xb1/0x270
[  260.760031]  ? loop_control_ioctl+0x0/0x630
[  260.760519]  __x64_sys_ioctl+0x19a/0x220
[  260.760991]  do_syscall_64+0x3b/0xa0
[  260.761423]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  260.761996] RIP: 0033:0x7f3822646b19
[  260.762411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  260.764388] RSP: 002b:00007f381fbbc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  260.765220] RAX: ffffffffffffffda RBX: 00007f3822759f60 RCX: 00007f3822646b19
[  260.766011] RDX: 0000000000000006 RSI: 0000000000004c81 RDI: 0000000000000006
[  260.766790] RBP: 00007f38226a0f6d R08: 0000000000000000 R09: 0000000000000000
[  260.767572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  260.768337] R13: 00007fffa9141adf R14: 00007f381fbbc300 R15: 0000000000022000
[  260.769122]  </TASK>
[  260.769391] Modules linked in:
[  260.769759] CR2: ffffed100fffc000
[  260.770148] ---[ end trace 0000000000000000 ]---
[  260.770667] RIP: 0010:__memset+0x24/0x50
[  260.771145] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  260.773129] RSP: 0018:ffff88803c3dfcc0 EFLAGS: 00010212
[  260.773712] RAX: 0000000000000000 RBX: ffff88800c09c0c0 RCX: 1ffffe21fe605dab
[  260.774491] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  260.775277] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813818
[  260.776062] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  260.776847] R13: ffff88800c09c0c0 R14: ffffffff815f27a0 R15: 1ffff110010da81f
[  260.777630] FS:  00007f381fbbc700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[  260.778503] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  260.779145] CR2: ffffed100fffc000 CR3: 000000003ae7e000 CR4: 0000000000350ee0
[  260.880422] BUG: unable to handle page fault for address: ffffed100fffc000
[  260.881215] #PF: supervisor write access in kernel mode
[  260.881963] #PF: error_code(0x0002) - not-present page
[  260.882693] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0
[  260.883644] Oops: 0002 [#8] PREEMPT SMP KASAN NOPTI
[  260.884356] CPU: 0 PID: 11191 Comm: syz-executor.4 Tainted: G      D            6.1.0-rc3-next-20221031 #1
[  260.885695] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  260.886834] RIP: 0010:__memset+0x24/0x50
[  260.887437] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  260.889938] RSP: 0018:ffff88803217fcc0 EFLAGS: 00010212
[  260.890690] RAX: 0000000000000000 RBX: ffff88800c09cb40 RCX: 1ffffe21fe605dd5
[  260.891674] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  260.892489] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813968
[  260.893223] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  260.893949] R13: ffff88800c09cb40 R14: ffffffff815f27a0 R15: 1ffff1100112261f
[  260.894686] FS:  00007ff48ed95700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[  260.895524] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  260.896125] CR2: ffffed100fffc000 CR3: 00000000168fa000 CR4: 0000000000350ef0
[  260.896853] Call Trace:
[  260.897132]  <TASK>
[  260.897379]  kasan_unpoison+0x23/0x60
[  260.897793]  mempool_exit+0x1c2/0x330
[  260.898213]  bioset_exit+0x2c9/0x630
[  260.898621]  ? _raw_spin_unlock+0x24/0x50
[  260.899084]  ? blkg_destroy_all.isra.0+0x157/0x230
[  260.899647]  disk_release+0x143/0x490
[  260.900069]  ? disk_release+0x0/0x490
[  260.900489]  ? device_release+0x0/0x250
[  260.900924]  device_release+0xa2/0x250
[  260.901351]  ? device_release+0x0/0x250
[  260.901780]  kobject_put+0x173/0x280
[  260.902196]  put_device+0x1b/0x40
[  260.902582]  put_disk+0x41/0x60
[  260.902953]  loop_control_ioctl+0x4d1/0x630
[  260.903435]  ? loop_control_ioctl+0x0/0x630
[  260.903901]  ? selinux_file_ioctl+0xb1/0x270
[  260.904387]  ? loop_control_ioctl+0x0/0x630
[  260.904851]  __x64_sys_ioctl+0x19a/0x220
[  260.905295]  do_syscall_64+0x3b/0xa0
[  260.905721]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  260.906265] RIP: 0033:0x7ff49181fb19
[  260.906772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  260.909335] RSP: 002b:00007ff48ed95188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  260.910378] RAX: ffffffffffffffda RBX: 00007ff491932f60 RCX: 00007ff49181fb19
[  260.911404] RDX: 0000000000000007 RSI: 0000000000004c81 RDI: 0000000000000006
[  260.912353] RBP: 00007ff491879f6d R08: 0000000000000000 R09: 0000000000000000
[  260.913300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  260.914242] R13: 00007ffe943017df R14: 00007ff48ed95300 R15: 0000000000022000
[  260.915204]  </TASK>
[  260.915538] Modules linked in:
[  260.915981] CR2: ffffed100fffc000
[  260.916451] ---[ end trace 0000000000000000 ]---
[  260.917085] RIP: 0010:__memset+0x24/0x50
[  260.917665] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00
[  260.920076] RSP: 0018:ffff88803c3dfcc0 EFLAGS: 00010212
[  260.920798] RAX: 0000000000000000 RBX: ffff88800c09c0c0 RCX: 1ffffe21fe605dab
[  260.921761] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000
[  260.922725] RBP: ffff88800c0baa00 R08: 0000000000000005 R09: ffffed1001813818
[  260.923718] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0baa00
[  260.924731] R13: ffff88800c09c0c0 R14: ffffffff815f27a0 R15: 1ffff110010da81f
[  260.925693] FS:  00007ff48ed95700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[  260.926768] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  260.927566] CR2: ffffed100fffc000 CR3: 00000000168fa000 CR4: 0000000000350ef0
11:06:49 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:49 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:49 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:49 executing program 4:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0)
ioctl$CDROMREADMODE1(r0, 0x40081271, &(0x7f0000000080)={0x0, 0x4})

11:06:49 executing program 6:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:49 executing program 3:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x20a01, 0x0)
write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io'}, 0x8)

11:06:49 executing program 2:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:49 executing program 1:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:49 executing program 3:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x20a01, 0x0)
write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io'}, 0x8)

11:06:49 executing program 4:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0)
ioctl$CDROMREADMODE1(r0, 0x40081271, &(0x7f0000000080)={0x0, 0x4})

11:06:49 executing program 3:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x20a01, 0x0)
write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io'}, 0x8)

11:06:49 executing program 3:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x20a01, 0x0)
write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io'}, 0x8)

11:06:49 executing program 6:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:49 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:49 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:49 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:49 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:50 executing program 2:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:50 executing program 3:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x20a01, 0x0)
write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io'}, 0x8)

11:06:50 executing program 3:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x20a01, 0x0)
write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io'}, 0x8)

11:06:50 executing program 3:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x20a01, 0x0)
write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io'}, 0x8)

11:06:50 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write(r0, &(0x7f0000000080)="01", 0x41030)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendfile(r1, r0, &(0x7f0000000040)=0x8, 0x80000000)

11:06:50 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x4d031, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab', 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

11:06:51 executing program 6:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0xfffc, 0x3, 0x0, 0x7fff}]})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x80448, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000340))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
ioperm(0x0, 0x800, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, 0x0, 0x0, 0xffffffffffffffff)
timerfd_gettime(r2, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = fcntl$getown(r0, 0x9)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x8, 0x9, 0x1f, 0xfc, 0x0, 0x8, 0x800, 0xa, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x802, 0x800, 0x9, 0x2, 0xfffffffffffffffa, 0x2, 0x2, 0x0, 0x4, 0x0, 0x7fffffff}, r3, 0x2, r1, 0x3)

11:06:51 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x4d031, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab', 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

11:06:51 executing program 3:
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = syz_io_uring_setup(0x1a8a, &(0x7f0000000100)={0x0, 0x9a11}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r0)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r2, r3], 0x2)

11:06:51 executing program 1:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:51 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x4d031, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab', 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

11:06:51 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write(r0, &(0x7f0000000080)="01", 0x41030)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendfile(r1, r0, &(0x7f0000000040)=0x8, 0x80000000)

11:06:51 executing program 0:
futex(0x0, 0x1, 0x0, 0x0, 0x0, 0x0)

11:06:51 executing program 4:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0)
ioctl$CDROMREADMODE1(r0, 0x40081271, &(0x7f0000000080)={0x0, 0x4})

11:06:51 executing program 4:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0)
ioctl$CDROMREADMODE1(r0, 0x40081271, &(0x7f0000000080)={0x0, 0x4})

11:06:51 executing program 0:
futex(0x0, 0x1, 0x0, 0x0, 0x0, 0x0)

11:06:52 executing program 0:
futex(0x0, 0x1, 0x0, 0x0, 0x0, 0x0)

11:06:52 executing program 3:
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = syz_io_uring_setup(0x1a8a, &(0x7f0000000100)={0x0, 0x9a11}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r0)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r2, r3], 0x2)

11:06:52 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x4d031, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab', 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

11:06:52 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x4d031, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab', 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

11:06:52 executing program 0:
futex(0x0, 0x1, 0x0, 0x0, 0x0, 0x0)

11:06:52 executing program 3:
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = syz_io_uring_setup(0x1a8a, &(0x7f0000000100)={0x0, 0x9a11}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r0)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r2, r3], 0x2)

11:06:52 executing program 4:
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = syz_io_uring_setup(0x1a8a, &(0x7f0000000100)={0x0, 0x9a11}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r0)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r2, r3], 0x2)

11:06:52 executing program 1:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:52 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write(r0, &(0x7f0000000080)="01", 0x41030)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendfile(r1, r0, &(0x7f0000000040)=0x8, 0x80000000)

11:06:52 executing program 6:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:52 executing program 0:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:52 executing program 4:
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = syz_io_uring_setup(0x1a8a, &(0x7f0000000100)={0x0, 0x9a11}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r0)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r2, r3], 0x2)

11:06:52 executing program 3:
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = syz_io_uring_setup(0x1a8a, &(0x7f0000000100)={0x0, 0x9a11}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r0)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r2, r3], 0x2)

11:06:52 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write(r0, &(0x7f0000000080)="01", 0x41030)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendfile(r1, r0, &(0x7f0000000040)=0x8, 0x80000000)

11:06:53 executing program 1:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:54 executing program 4:
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = syz_io_uring_setup(0x1a8a, &(0x7f0000000100)={0x0, 0x9a11}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r0)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r2, r3], 0x2)

11:06:54 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x4d031, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab', 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

11:06:54 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x4d031, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab', 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

11:06:54 executing program 3:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:54 executing program 7:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:54 executing program 6:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:54 executing program 0:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:54 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write(r0, &(0x7f0000000080)="01", 0x41030)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendfile(r1, r0, &(0x7f0000000040)=0x8, 0x80000000)

11:06:54 executing program 4:
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
sigaltstack(&(0x7f000096c000/0x4000)=nil, 0x0)

11:06:54 executing program 0:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:54 executing program 4:
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
sigaltstack(&(0x7f000096c000/0x4000)=nil, 0x0)

11:06:54 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write(r0, &(0x7f0000000080)="01", 0x41030)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendfile(r1, r0, &(0x7f0000000040)=0x8, 0x80000000)

11:06:54 executing program 4:
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
sigaltstack(&(0x7f000096c000/0x4000)=nil, 0x0)

11:06:54 executing program 5:
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
sigaltstack(&(0x7f000096c000/0x4000)=nil, 0x0)

11:06:54 executing program 4:
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
sigaltstack(&(0x7f000096c000/0x4000)=nil, 0x0)

11:06:54 executing program 5:
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
sigaltstack(&(0x7f000096c000/0x4000)=nil, 0x0)

11:06:54 executing program 2:
getresuid(&(0x7f0000000dc0), 0x0, 0x0)

11:06:54 executing program 7:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:54 executing program 3:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:54 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write(r0, &(0x7f0000000080)="01", 0x41030)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendfile(r1, r0, &(0x7f0000000040)=0x8, 0x80000000)

11:06:54 executing program 6:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:54 executing program 5:
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
sigaltstack(&(0x7f000096c000/0x4000)=nil, 0x0)

11:06:54 executing program 0:
waitid(0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)

11:06:54 executing program 2:
getresuid(&(0x7f0000000dc0), 0x0, 0x0)

11:06:54 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCGETA(r0, 0x5405, &(0x7f0000000100))

11:06:54 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x428, 0x1, 0x0, 0x0, 0x6, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001a00010212c91e1bbeb3f02a250800ff085e762ac65f7d91053f295d4ffc20d65892ef07d227fdbe18dbfb1af3e0dd6a380e71c4fcaceb3843a0a27d26af18e26c51db155af69e0000000000000000000000000000df63a36fd407eb99643bb3409a86448396cd1499fc9043822e14cf2dbe93dedf4e77766175ac5c31d7d34cf901e24917654cb8d3c73e60c6c12f77588b76a9611ccb029fc621b6cee142ab97f6cfd7af9248f2266539"], 0x28}}, 0x0)
recvmmsg(r0, &(0x7f0000003980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
r1 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e24, 0x7, @remote, 0x8}, 0x1c)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000040)=0x4, 0x4)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/softnet_stat\x00')
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

11:06:54 executing program 2:
getresuid(&(0x7f0000000dc0), 0x0, 0x0)

11:06:54 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCGETA(r0, 0x5405, &(0x7f0000000100))

11:06:54 executing program 7:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)

11:06:54 executing program 1:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCGETA(r0, 0x5405, &(0x7f0000000100))

11:06:55 executing program 2:
getresuid(&(0x7f0000000dc0), 0x0, 0x0)

11:06:55 executing program 3:
r0 = pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_free(r0)
pkey_alloc(0x0, 0x1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x1000c2c0, 0x2, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000000))
io_setup(0x3ff, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000001340)=[&(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x200000}])
r3 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x7, 0x1, 0x5a, 0x0, 0x0, 0x0, 0x200, 0xd, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x407fffffff}, 0x802c, 0x5d4, 0xfffffff7, 0x4, 0xfffffffffffffffc, 0xa166, 0x1f49, 0x0, 0x101, 0x0, 0x2}, r3, 0xe, r2, 0x2)
pidfd_open(r3, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r4}}, 0x1ff)


VM DIAGNOSIS:
11:06:45  Registers:
info registers vcpu 0
RAX=1ffff11001adb85f RBX=ffff88800d6dc2c8 RCX=ffffffff812c0211 RDX=0000000000000000
RSI=0000000000000000 RDI=ffff88800d6dc2f8 RBP=ffff88800db9d080 RSP=ffff88803d17f9c0
R8 =0000000000000001 R9 =ffff88803d17f963 R10=ffffed1007a2ff2c R11=0000000000000001
R12=dffffc0000000000 R13=ffff88800d859a00 R14=0000000000000000 R15=ffff88800d859a00
RIP=ffffffff817f00e2 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555556f32400 00000000 00000000
GS =0000 ffff88806d000000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe1680580000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe168057e000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4b47025f64 CR3=000000000e114000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=0000ff000000ff0000000000000000ff
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00000000000000000000000000000000
XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff82450ffc RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff88803c3df550
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=0000000000000037 R13=ffffffff879a19a0 R14=ffffffff879a19f0 R15=ffffffff879a1c50
RIP=ffffffff82451051 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f5f66770700 00000000 00000000
GS =0000 ffff88806d100000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe72fe64a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe72fe648000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=ffffed100fffc000 CR3=000000000d2e0000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000