Warning: Permanently added '[localhost]:59155' (ECDSA) to the list of known hosts. 2022/10/31 12:33:19 fuzzer started 2022/10/31 12:33:19 dialing manager at localhost:40945 syzkaller login: [ 36.011553] cgroup: Unknown subsys name 'net' [ 36.082737] cgroup: Unknown subsys name 'rlimit' 2022/10/31 12:33:32 syscalls: 2217 2022/10/31 12:33:32 code coverage: enabled 2022/10/31 12:33:32 comparison tracing: enabled 2022/10/31 12:33:32 extra coverage: enabled 2022/10/31 12:33:32 setuid sandbox: enabled 2022/10/31 12:33:32 namespace sandbox: enabled 2022/10/31 12:33:32 Android sandbox: enabled 2022/10/31 12:33:32 fault injection: enabled 2022/10/31 12:33:32 leak checking: enabled 2022/10/31 12:33:32 net packet injection: enabled 2022/10/31 12:33:32 net device setup: enabled 2022/10/31 12:33:32 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/31 12:33:32 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/31 12:33:32 USB emulation: enabled 2022/10/31 12:33:32 hci packet injection: enabled 2022/10/31 12:33:32 wifi device emulation: enabled 2022/10/31 12:33:32 802.15.4 emulation: enabled 2022/10/31 12:33:32 fetching corpus: 0, signal 0/2000 (executing program) 2022/10/31 12:33:32 fetching corpus: 47, signal 25680/29333 (executing program) 2022/10/31 12:33:32 fetching corpus: 97, signal 41828/46944 (executing program) 2022/10/31 12:33:33 fetching corpus: 147, signal 55513/61943 (executing program) 2022/10/31 12:33:33 fetching corpus: 197, signal 62335/70109 (executing program) 2022/10/31 12:33:33 fetching corpus: 247, signal 67084/76226 (executing program) 2022/10/31 12:33:33 fetching corpus: 297, signal 73465/83778 (executing program) 2022/10/31 12:33:33 fetching corpus: 347, signal 77585/89087 (executing program) 2022/10/31 12:33:33 fetching corpus: 396, signal 81960/94588 (executing program) 2022/10/31 12:33:33 fetching corpus: 446, signal 86149/99852 (executing program) 2022/10/31 12:33:33 fetching corpus: 496, signal 90785/105511 (executing program) 2022/10/31 12:33:33 fetching corpus: 546, signal 93598/109439 (executing program) 2022/10/31 12:33:34 fetching corpus: 596, signal 96328/113200 (executing program) 2022/10/31 12:33:34 fetching corpus: 646, signal 101485/119101 (executing program) 2022/10/31 12:33:34 fetching corpus: 696, signal 104067/122675 (executing program) 2022/10/31 12:33:34 fetching corpus: 746, signal 107601/127067 (executing program) 2022/10/31 12:33:34 fetching corpus: 796, signal 109988/130391 (executing program) 2022/10/31 12:33:34 fetching corpus: 846, signal 112912/134163 (executing program) 2022/10/31 12:33:34 fetching corpus: 896, signal 116178/138214 (executing program) 2022/10/31 12:33:34 fetching corpus: 946, signal 117636/140596 (executing program) 2022/10/31 12:33:35 fetching corpus: 996, signal 119776/143524 (executing program) 2022/10/31 12:33:35 fetching corpus: 1046, signal 121922/146490 (executing program) 2022/10/31 12:33:35 fetching corpus: 1096, signal 123846/149251 (executing program) 2022/10/31 12:33:35 fetching corpus: 1146, signal 125322/151573 (executing program) 2022/10/31 12:33:35 fetching corpus: 1196, signal 127433/154390 (executing program) 2022/10/31 12:33:35 fetching corpus: 1246, signal 129829/157382 (executing program) 2022/10/31 12:33:35 fetching corpus: 1296, signal 132685/160718 (executing program) 2022/10/31 12:33:35 fetching corpus: 1346, signal 134392/163112 (executing program) 2022/10/31 12:33:36 fetching corpus: 1396, signal 137241/166417 (executing program) 2022/10/31 12:33:36 fetching corpus: 1446, signal 138940/168706 (executing program) 2022/10/31 12:33:36 fetching corpus: 1496, signal 140289/170775 (executing program) 2022/10/31 12:33:36 fetching corpus: 1546, signal 141737/172817 (executing program) 2022/10/31 12:33:36 fetching corpus: 1596, signal 143468/175080 (executing program) 2022/10/31 12:33:36 fetching corpus: 1646, signal 145287/177384 (executing program) 2022/10/31 12:33:36 fetching corpus: 1696, signal 147458/179968 (executing program) 2022/10/31 12:33:36 fetching corpus: 1746, signal 148687/181776 (executing program) 2022/10/31 12:33:37 fetching corpus: 1796, signal 149781/183502 (executing program) 2022/10/31 12:33:37 fetching corpus: 1846, signal 151075/185399 (executing program) 2022/10/31 12:33:37 fetching corpus: 1896, signal 152160/187118 (executing program) 2022/10/31 12:33:37 fetching corpus: 1946, signal 154201/189466 (executing program) 2022/10/31 12:33:37 fetching corpus: 1996, signal 155320/191100 (executing program) 2022/10/31 12:33:37 fetching corpus: 2045, signal 156926/193088 (executing program) 2022/10/31 12:33:37 fetching corpus: 2095, signal 158251/194849 (executing program) 2022/10/31 12:33:37 fetching corpus: 2145, signal 159361/196460 (executing program) 2022/10/31 12:33:38 fetching corpus: 2195, signal 160790/198277 (executing program) 2022/10/31 12:33:38 fetching corpus: 2245, signal 161818/199785 (executing program) 2022/10/31 12:33:38 fetching corpus: 2295, signal 163445/201676 (executing program) 2022/10/31 12:33:38 fetching corpus: 2345, signal 165149/203617 (executing program) 2022/10/31 12:33:38 fetching corpus: 2395, signal 166450/205277 (executing program) 2022/10/31 12:33:38 fetching corpus: 2445, signal 167890/206970 (executing program) 2022/10/31 12:33:38 fetching corpus: 2495, signal 169498/208775 (executing program) 2022/10/31 12:33:38 fetching corpus: 2545, signal 170601/210207 (executing program) 2022/10/31 12:33:38 fetching corpus: 2595, signal 172284/211944 (executing program) 2022/10/31 12:33:39 fetching corpus: 2645, signal 173195/213228 (executing program) 2022/10/31 12:33:39 fetching corpus: 2695, signal 174846/214943 (executing program) 2022/10/31 12:33:39 fetching corpus: 2745, signal 176102/216430 (executing program) 2022/10/31 12:33:39 fetching corpus: 2795, signal 177222/217758 (executing program) 2022/10/31 12:33:39 fetching corpus: 2845, signal 178745/219353 (executing program) 2022/10/31 12:33:39 fetching corpus: 2895, signal 179460/220456 (executing program) 2022/10/31 12:33:39 fetching corpus: 2945, signal 180708/221844 (executing program) 2022/10/31 12:33:39 fetching corpus: 2995, signal 181491/222954 (executing program) 2022/10/31 12:33:40 fetching corpus: 3045, signal 182394/224139 (executing program) 2022/10/31 12:33:40 fetching corpus: 3095, signal 183618/225488 (executing program) 2022/10/31 12:33:40 fetching corpus: 3145, signal 184789/226801 (executing program) 2022/10/31 12:33:40 fetching corpus: 3195, signal 185650/227901 (executing program) 2022/10/31 12:33:40 fetching corpus: 3245, signal 186255/228855 (executing program) 2022/10/31 12:33:40 fetching corpus: 3295, signal 187419/230126 (executing program) 2022/10/31 12:33:40 fetching corpus: 3345, signal 188441/231227 (executing program) 2022/10/31 12:33:40 fetching corpus: 3395, signal 189186/232234 (executing program) 2022/10/31 12:33:40 fetching corpus: 3445, signal 189734/233177 (executing program) 2022/10/31 12:33:41 fetching corpus: 3495, signal 190624/234216 (executing program) 2022/10/31 12:33:41 fetching corpus: 3545, signal 191316/235153 (executing program) 2022/10/31 12:33:41 fetching corpus: 3594, signal 192611/236404 (executing program) 2022/10/31 12:33:41 fetching corpus: 3644, signal 193520/237392 (executing program) 2022/10/31 12:33:41 fetching corpus: 3694, signal 194551/238418 (executing program) 2022/10/31 12:33:41 fetching corpus: 3744, signal 195900/239567 (executing program) 2022/10/31 12:33:41 fetching corpus: 3794, signal 196459/240411 (executing program) 2022/10/31 12:33:41 fetching corpus: 3844, signal 197102/241253 (executing program) 2022/10/31 12:33:41 fetching corpus: 3894, signal 198178/242257 (executing program) 2022/10/31 12:33:42 fetching corpus: 3943, signal 198864/243091 (executing program) 2022/10/31 12:33:42 fetching corpus: 3993, signal 199593/243978 (executing program) 2022/10/31 12:33:42 fetching corpus: 4043, signal 200422/244886 (executing program) 2022/10/31 12:33:42 fetching corpus: 4093, signal 201020/245650 (executing program) 2022/10/31 12:33:42 fetching corpus: 4143, signal 201762/246503 (executing program) 2022/10/31 12:33:42 fetching corpus: 4192, signal 202556/247344 (executing program) 2022/10/31 12:33:42 fetching corpus: 4242, signal 203410/248206 (executing program) 2022/10/31 12:33:42 fetching corpus: 4292, signal 204095/248973 (executing program) 2022/10/31 12:33:43 fetching corpus: 4342, signal 205163/249871 (executing program) 2022/10/31 12:33:43 fetching corpus: 4392, signal 205847/250733 (executing program) 2022/10/31 12:33:43 fetching corpus: 4442, signal 206509/251525 (executing program) 2022/10/31 12:33:43 fetching corpus: 4492, signal 207169/252243 (executing program) 2022/10/31 12:33:43 fetching corpus: 4542, signal 208017/253008 (executing program) 2022/10/31 12:33:43 fetching corpus: 4592, signal 208788/253741 (executing program) 2022/10/31 12:33:43 fetching corpus: 4642, signal 209477/254436 (executing program) 2022/10/31 12:33:43 fetching corpus: 4692, signal 210100/255068 (executing program) 2022/10/31 12:33:44 fetching corpus: 4742, signal 211085/255827 (executing program) 2022/10/31 12:33:44 fetching corpus: 4792, signal 211549/256409 (executing program) 2022/10/31 12:33:44 fetching corpus: 4842, signal 212099/257014 (executing program) 2022/10/31 12:33:44 fetching corpus: 4892, signal 212484/257622 (executing program) 2022/10/31 12:33:44 fetching corpus: 4942, signal 213169/258280 (executing program) 2022/10/31 12:33:44 fetching corpus: 4992, signal 213856/258879 (executing program) 2022/10/31 12:33:44 fetching corpus: 5042, signal 214695/259639 (executing program) 2022/10/31 12:33:45 fetching corpus: 5092, signal 215728/260374 (executing program) 2022/10/31 12:33:45 fetching corpus: 5142, signal 216379/260977 (executing program) 2022/10/31 12:33:45 fetching corpus: 5192, signal 216959/261503 (executing program) 2022/10/31 12:33:45 fetching corpus: 5242, signal 217522/262056 (executing program) 2022/10/31 12:33:45 fetching corpus: 5292, signal 219071/262811 (executing program) 2022/10/31 12:33:45 fetching corpus: 5342, signal 219682/263339 (executing program) 2022/10/31 12:33:45 fetching corpus: 5392, signal 220310/263878 (executing program) 2022/10/31 12:33:46 fetching corpus: 5442, signal 221304/264472 (executing program) 2022/10/31 12:33:46 fetching corpus: 5492, signal 221857/264970 (executing program) 2022/10/31 12:33:46 fetching corpus: 5542, signal 222342/265433 (executing program) 2022/10/31 12:33:46 fetching corpus: 5592, signal 222979/265931 (executing program) 2022/10/31 12:33:46 fetching corpus: 5642, signal 223603/266429 (executing program) 2022/10/31 12:33:46 fetching corpus: 5692, signal 224394/266904 (executing program) 2022/10/31 12:33:46 fetching corpus: 5742, signal 224855/267359 (executing program) 2022/10/31 12:33:46 fetching corpus: 5792, signal 225279/267802 (executing program) 2022/10/31 12:33:47 fetching corpus: 5842, signal 226213/268234 (executing program) 2022/10/31 12:33:47 fetching corpus: 5892, signal 227192/268702 (executing program) 2022/10/31 12:33:47 fetching corpus: 5942, signal 227648/269085 (executing program) 2022/10/31 12:33:47 fetching corpus: 5992, signal 228372/269512 (executing program) 2022/10/31 12:33:47 fetching corpus: 6042, signal 229019/269920 (executing program) 2022/10/31 12:33:47 fetching corpus: 6092, signal 229548/270315 (executing program) 2022/10/31 12:33:47 fetching corpus: 6141, signal 229971/270691 (executing program) 2022/10/31 12:33:47 fetching corpus: 6191, signal 230629/271043 (executing program) 2022/10/31 12:33:48 fetching corpus: 6241, signal 231208/271435 (executing program) 2022/10/31 12:33:48 fetching corpus: 6291, signal 231807/271789 (executing program) 2022/10/31 12:33:48 fetching corpus: 6341, signal 232177/272140 (executing program) 2022/10/31 12:33:48 fetching corpus: 6391, signal 232602/272497 (executing program) 2022/10/31 12:33:48 fetching corpus: 6441, signal 233087/272857 (executing program) 2022/10/31 12:33:48 fetching corpus: 6490, signal 233730/273191 (executing program) 2022/10/31 12:33:48 fetching corpus: 6540, signal 234457/273522 (executing program) 2022/10/31 12:33:48 fetching corpus: 6589, signal 235050/273853 (executing program) 2022/10/31 12:33:49 fetching corpus: 6639, signal 236401/274148 (executing program) 2022/10/31 12:33:49 fetching corpus: 6689, signal 236950/274503 (executing program) 2022/10/31 12:33:49 fetching corpus: 6739, signal 237765/274795 (executing program) 2022/10/31 12:33:49 fetching corpus: 6789, signal 238588/274921 (executing program) 2022/10/31 12:33:49 fetching corpus: 6839, signal 238985/274921 (executing program) 2022/10/31 12:33:49 fetching corpus: 6889, signal 239852/275022 (executing program) 2022/10/31 12:33:49 fetching corpus: 6939, signal 240183/275022 (executing program) 2022/10/31 12:33:49 fetching corpus: 6989, signal 240813/275022 (executing program) 2022/10/31 12:33:49 fetching corpus: 7039, signal 241304/275022 (executing program) 2022/10/31 12:33:50 fetching corpus: 7089, signal 241722/275032 (executing program) 2022/10/31 12:33:50 fetching corpus: 7139, signal 242401/275032 (executing program) 2022/10/31 12:33:50 fetching corpus: 7189, signal 244130/275035 (executing program) 2022/10/31 12:33:50 fetching corpus: 7239, signal 244475/275036 (executing program) 2022/10/31 12:33:50 fetching corpus: 7289, signal 245219/275039 (executing program) 2022/10/31 12:33:50 fetching corpus: 7339, signal 245530/275048 (executing program) 2022/10/31 12:33:50 fetching corpus: 7389, signal 245912/275049 (executing program) 2022/10/31 12:33:51 fetching corpus: 7439, signal 246416/275053 (executing program) 2022/10/31 12:33:51 fetching corpus: 7489, signal 246861/275053 (executing program) 2022/10/31 12:33:51 fetching corpus: 7539, signal 247440/275054 (executing program) 2022/10/31 12:33:51 fetching corpus: 7589, signal 247730/275054 (executing program) 2022/10/31 12:33:51 fetching corpus: 7639, signal 248090/275059 (executing program) 2022/10/31 12:33:51 fetching corpus: 7688, signal 248758/275059 (executing program) 2022/10/31 12:33:51 fetching corpus: 7738, signal 249370/275073 (executing program) 2022/10/31 12:33:51 fetching corpus: 7788, signal 249735/275073 (executing program) 2022/10/31 12:33:52 fetching corpus: 7837, signal 250292/275076 (executing program) 2022/10/31 12:33:52 fetching corpus: 7887, signal 250729/275078 (executing program) 2022/10/31 12:33:52 fetching corpus: 7937, signal 251255/275078 (executing program) 2022/10/31 12:33:52 fetching corpus: 7987, signal 251753/275078 (executing program) 2022/10/31 12:33:52 fetching corpus: 8037, signal 252171/275078 (executing program) 2022/10/31 12:33:52 fetching corpus: 8087, signal 252552/275078 (executing program) 2022/10/31 12:33:52 fetching corpus: 8137, signal 252979/275080 (executing program) 2022/10/31 12:33:52 fetching corpus: 8187, signal 253390/275086 (executing program) 2022/10/31 12:33:53 fetching corpus: 8237, signal 253727/275088 (executing program) 2022/10/31 12:33:53 fetching corpus: 8287, signal 254270/275088 (executing program) 2022/10/31 12:33:53 fetching corpus: 8337, signal 254731/275088 (executing program) 2022/10/31 12:33:53 fetching corpus: 8387, signal 255033/275088 (executing program) 2022/10/31 12:33:53 fetching corpus: 8437, signal 255464/275091 (executing program) 2022/10/31 12:33:53 fetching corpus: 8487, signal 255817/275091 (executing program) 2022/10/31 12:33:53 fetching corpus: 8537, signal 256351/275091 (executing program) 2022/10/31 12:33:53 fetching corpus: 8587, signal 256635/275091 (executing program) 2022/10/31 12:33:54 fetching corpus: 8637, signal 256947/275091 (executing program) 2022/10/31 12:33:54 fetching corpus: 8687, signal 257565/275091 (executing program) 2022/10/31 12:33:54 fetching corpus: 8737, signal 257999/275091 (executing program) 2022/10/31 12:33:54 fetching corpus: 8787, signal 258445/275091 (executing program) 2022/10/31 12:33:54 fetching corpus: 8836, signal 258910/275112 (executing program) 2022/10/31 12:33:54 fetching corpus: 8886, signal 259403/275113 (executing program) 2022/10/31 12:33:54 fetching corpus: 8936, signal 259815/275113 (executing program) 2022/10/31 12:33:54 fetching corpus: 8986, signal 260555/275113 (executing program) 2022/10/31 12:33:55 fetching corpus: 9036, signal 261033/275114 (executing program) 2022/10/31 12:33:55 fetching corpus: 9086, signal 261369/275115 (executing program) 2022/10/31 12:33:55 fetching corpus: 9136, signal 261682/275144 (executing program) 2022/10/31 12:33:55 fetching corpus: 9186, signal 262036/275145 (executing program) 2022/10/31 12:33:55 fetching corpus: 9236, signal 262309/275145 (executing program) 2022/10/31 12:33:55 fetching corpus: 9286, signal 262606/275145 (executing program) 2022/10/31 12:33:55 fetching corpus: 9336, signal 263066/275150 (executing program) 2022/10/31 12:33:55 fetching corpus: 9385, signal 263416/275150 (executing program) 2022/10/31 12:33:55 fetching corpus: 9435, signal 263701/275156 (executing program) 2022/10/31 12:33:56 fetching corpus: 9485, signal 264190/275156 (executing program) 2022/10/31 12:33:56 fetching corpus: 9535, signal 264555/275156 (executing program) 2022/10/31 12:33:56 fetching corpus: 9585, signal 264760/275156 (executing program) 2022/10/31 12:33:56 fetching corpus: 9635, signal 265066/275157 (executing program) 2022/10/31 12:33:56 fetching corpus: 9685, signal 265593/275157 (executing program) 2022/10/31 12:33:56 fetching corpus: 9735, signal 265888/275157 (executing program) 2022/10/31 12:33:56 fetching corpus: 9785, signal 266277/275157 (executing program) 2022/10/31 12:33:56 fetching corpus: 9835, signal 266645/275167 (executing program) 2022/10/31 12:33:57 fetching corpus: 9885, signal 267067/275233 (executing program) 2022/10/31 12:33:57 fetching corpus: 9935, signal 267332/275233 (executing program) 2022/10/31 12:33:57 fetching corpus: 9985, signal 267652/275233 (executing program) 2022/10/31 12:33:57 fetching corpus: 10035, signal 268328/275233 (executing program) 2022/10/31 12:33:57 fetching corpus: 10085, signal 268512/275234 (executing program) 2022/10/31 12:33:57 fetching corpus: 10135, signal 268931/275242 (executing program) 2022/10/31 12:33:57 fetching corpus: 10185, signal 269280/275242 (executing program) 2022/10/31 12:33:57 fetching corpus: 10235, signal 269629/275242 (executing program) 2022/10/31 12:33:57 fetching corpus: 10285, signal 269974/275242 (executing program) 2022/10/31 12:33:57 fetching corpus: 10304, signal 270088/275244 (executing program) 2022/10/31 12:33:57 fetching corpus: 10304, signal 270088/275244 (executing program) 2022/10/31 12:34:00 starting 8 fuzzer processes 12:34:00 executing program 0: mlock2(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0) syz_io_uring_setup(0x42da, &(0x7f0000000100)={0x0, 0x7b27}, &(0x7f0000680000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000180), &(0x7f00000002c0)) 12:34:00 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x5, 0x2, 0x0, 0x0, 0x0, 0x80120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x100000001}, 0x0, 0xc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000380)={r0, 0x8, 0x1, 0x400}) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f00000003c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4244, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x4}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r2, &(0x7f0000000080)="01", 0x292e9) 12:34:00 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000000)=0x80000) 12:34:00 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) splice(r0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x4) pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) [ 76.719759] audit: type=1400 audit(1667219640.380:6): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:34:00 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg$unix(r1, &(0x7f00000052c0)=[{{0x0, 0x0, 0x0}}], 0x500, 0x2, 0x0) 12:34:00 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000040100000018000100", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/75, 0x4b}], 0x1) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1\x00'}) syncfs(r1) 12:34:00 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) 12:34:00 executing program 7: getgroups(0x2, &(0x7f0000000940)=[0xffffffffffffffff, 0xffffffffffffffff]) setresgid(0xffffffffffffffff, 0x0, r0) [ 77.947614] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.949897] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.952311] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.953446] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.955252] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.956131] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.961207] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.961603] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.964709] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.966324] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.968055] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.970195] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.977536] Bluetooth: hci0: HCI_REQ-0x0c1a [ 77.977559] Bluetooth: hci1: HCI_REQ-0x0c1a [ 78.043254] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 78.047799] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 78.053747] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 78.056240] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 78.059259] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.061944] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.064229] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 78.065273] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.067306] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 78.072031] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.072127] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.076696] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 78.079259] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 78.080370] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.083756] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 78.086637] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 78.089455] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.091282] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 78.092792] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 78.093983] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 78.094781] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.095535] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.102179] Bluetooth: hci5: HCI_REQ-0x0c1a [ 78.103956] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 78.105306] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.106355] Bluetooth: hci2: HCI_REQ-0x0c1a [ 78.121236] Bluetooth: hci4: HCI_REQ-0x0c1a [ 78.187730] Bluetooth: hci6: HCI_REQ-0x0c1a [ 80.029193] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 80.030069] Bluetooth: hci1: command 0x0409 tx timeout [ 80.030817] Bluetooth: hci0: command 0x0409 tx timeout [ 80.031729] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 80.156552] Bluetooth: hci4: command 0x0409 tx timeout [ 80.157370] Bluetooth: hci2: command 0x0409 tx timeout [ 80.157872] Bluetooth: hci5: command 0x0409 tx timeout [ 80.220554] Bluetooth: hci6: command 0x0409 tx timeout [ 82.076530] Bluetooth: hci0: command 0x041b tx timeout [ 82.076993] Bluetooth: hci1: command 0x041b tx timeout [ 82.205762] Bluetooth: hci5: command 0x041b tx timeout [ 82.206186] Bluetooth: hci2: command 0x041b tx timeout [ 82.206598] Bluetooth: hci4: command 0x041b tx timeout [ 82.268540] Bluetooth: hci6: command 0x041b tx timeout [ 83.588321] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.591096] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.591930] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.596020] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.597103] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 83.598973] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.603972] Bluetooth: hci3: HCI_REQ-0x0c1a [ 83.936391] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 83.937587] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 83.938427] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 83.940968] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 83.942176] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 83.943048] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 83.949535] Bluetooth: hci7: HCI_REQ-0x0c1a [ 84.124768] Bluetooth: hci1: command 0x040f tx timeout [ 84.124786] Bluetooth: hci0: command 0x040f tx timeout [ 84.252546] Bluetooth: hci4: command 0x040f tx timeout [ 84.253162] Bluetooth: hci2: command 0x040f tx timeout [ 84.253594] Bluetooth: hci5: command 0x040f tx timeout [ 84.317566] Bluetooth: hci6: command 0x040f tx timeout [ 85.660543] Bluetooth: hci3: command 0x0409 tx timeout [ 85.980596] Bluetooth: hci7: command 0x0409 tx timeout [ 86.172520] Bluetooth: hci0: command 0x0419 tx timeout [ 86.172953] Bluetooth: hci1: command 0x0419 tx timeout [ 86.300572] Bluetooth: hci5: command 0x0419 tx timeout [ 86.301006] Bluetooth: hci2: command 0x0419 tx timeout [ 86.301404] Bluetooth: hci4: command 0x0419 tx timeout [ 86.364652] Bluetooth: hci6: command 0x0419 tx timeout [ 87.709568] Bluetooth: hci3: command 0x041b tx timeout [ 88.028559] Bluetooth: hci7: command 0x041b tx timeout [ 89.757604] Bluetooth: hci3: command 0x040f tx timeout [ 90.076510] Bluetooth: hci7: command 0x040f tx timeout [ 91.805527] Bluetooth: hci3: command 0x0419 tx timeout [ 92.125652] Bluetooth: hci7: command 0x0419 tx timeout [ 135.228724] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.229311] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.230560] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 135.385887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.386689] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.388140] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 135.500053] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.500662] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.502264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 135.521689] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.522322] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.524354] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 135.745205] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.746725] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.749403] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 136.009743] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.010346] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.011829] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 136.062634] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.063228] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.064658] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 136.344289] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.344944] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.346666] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 136.449938] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.450620] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.526139] audit: type=1400 audit(1667219700.186:7): avc: denied { open } for pid=3810 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 136.528666] audit: type=1400 audit(1667219700.186:8): avc: denied { kernel } for pid=3810 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 136.543159] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 136.614475] hrtimer: interrupt took 20358 ns [ 136.632987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.633662] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.635681] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 12:35:00 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x5, 0x2, 0x0, 0x0, 0x0, 0x80120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x100000001}, 0x0, 0xc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000380)={r0, 0x8, 0x1, 0x400}) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f00000003c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4244, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x4}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r2, &(0x7f0000000080)="01", 0x292e9) 12:35:00 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x5, 0x2, 0x0, 0x0, 0x0, 0x80120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x100000001}, 0x0, 0xc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000380)={r0, 0x8, 0x1, 0x400}) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f00000003c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4244, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x4}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r2, &(0x7f0000000080)="01", 0x292e9) 12:35:01 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x5, 0x2, 0x0, 0x0, 0x0, 0x80120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x100000001}, 0x0, 0xc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000380)={r0, 0x8, 0x1, 0x400}) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f00000003c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4244, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x4}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r2, &(0x7f0000000080)="01", 0x292e9) 12:35:01 executing program 1: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create(0x400) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FITHAW(r1, 0xc0045878) syncfs(r0) 12:35:02 executing program 1: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create(0x400) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FITHAW(r1, 0xc0045878) syncfs(r0) 12:35:02 executing program 1: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create(0x400) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FITHAW(r1, 0xc0045878) syncfs(r0) 12:35:02 executing program 1: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create(0x400) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FITHAW(r1, 0xc0045878) syncfs(r0) 12:35:02 executing program 1: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create(0x400) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FITHAW(r1, 0xc0045878) syncfs(r0) [ 139.190122] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 139.190729] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 139.192228] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 139.229635] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 139.230281] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 139.231974] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 139.854995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 139.855974] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 139.858125] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 139.881625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 139.882259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 139.884023] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 140.673621] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 140.676288] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 140.678228] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 140.684626] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 140.688631] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 140.690263] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 140.696808] Bluetooth: hci2: HCI_REQ-0x0c1a [ 140.730423] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 140.735963] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 140.737535] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 140.745055] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 140.746963] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 140.748877] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 140.755932] Bluetooth: hci4: HCI_REQ-0x0c1a [ 142.428574] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 142.684558] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 142.748565] Bluetooth: hci2: command 0x0409 tx timeout [ 142.812561] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 142.813856] Bluetooth: hci4: command 0x0409 tx timeout [ 144.796542] Bluetooth: hci2: command 0x041b tx timeout [ 144.861508] Bluetooth: hci4: command 0x041b tx timeout [ 146.844531] Bluetooth: hci2: command 0x040f tx timeout [ 146.908559] Bluetooth: hci4: command 0x040f tx timeout [ 146.908590] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 147.036546] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 147.228561] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 148.892556] Bluetooth: hci2: command 0x0419 tx timeout [ 148.956554] Bluetooth: hci4: command 0x0419 tx timeout [ 151.452513] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 151.772572] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 151.901535] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 153.845285] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 153.847645] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 153.848708] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 153.851710] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 153.853704] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 153.855017] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 153.858953] Bluetooth: hci0: HCI_REQ-0x0c1a [ 155.868552] Bluetooth: hci0: command 0x0409 tx timeout [ 156.252523] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 156.380512] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 157.916794] Bluetooth: hci0: command 0x041b tx timeout [ 158.703402] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 158.705953] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 158.707987] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 158.710352] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 158.712165] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 158.712952] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 158.716842] Bluetooth: hci1: HCI_REQ-0x0c1a [ 158.820271] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 158.821725] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 158.822370] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 158.824044] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 158.829794] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 158.830680] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 158.833814] Bluetooth: hci5: HCI_REQ-0x0c1a [ 159.324977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.325739] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.327371] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 159.374873] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.375697] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.377293] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 159.814264] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.814888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.816403] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 159.895148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.895969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.897617] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 159.964594] Bluetooth: hci0: command 0x040f tx timeout [ 160.733288] Bluetooth: hci1: command 0x0409 tx timeout [ 160.860599] Bluetooth: hci5: command 0x0409 tx timeout [ 162.012545] Bluetooth: hci0: command 0x0419 tx timeout [ 162.780592] Bluetooth: hci1: command 0x041b tx timeout [ 162.908521] Bluetooth: hci5: command 0x041b tx timeout [ 164.828631] Bluetooth: hci1: command 0x040f tx timeout [ 164.956523] Bluetooth: hci5: command 0x040f tx timeout [ 166.876837] Bluetooth: hci1: command 0x0419 tx timeout [ 167.004544] Bluetooth: hci5: command 0x0419 tx timeout [ 174.537816] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.538612] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.540418] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 174.615672] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.616220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.617824] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 178.443910] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 178.444516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 178.446954] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 178.466639] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 178.467186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 178.468607] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 180.364011] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.364950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.367385] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 180.399397] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.400589] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.403127] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 12:35:44 executing program 0: mlock2(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0) syz_io_uring_setup(0x42da, &(0x7f0000000100)={0x0, 0x7b27}, &(0x7f0000680000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000180), &(0x7f00000002c0)) 12:35:44 executing program 7: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000040100000018000100", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/75, 0x4b}], 0x1) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1\x00'}) syncfs(r1) 12:35:44 executing program 1: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create(0x400) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FITHAW(r1, 0xc0045878) syncfs(r0) 12:35:44 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000040100000018000100", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/75, 0x4b}], 0x1) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1\x00'}) syncfs(r1) 12:35:44 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg$unix(r1, &(0x7f00000052c0)=[{{0x0, 0x0, 0x0}}], 0x500, 0x2, 0x0) 12:35:44 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) 12:35:44 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) splice(r0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x4) pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) 12:35:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000000)=0x80000) 12:35:44 executing program 7: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000040100000018000100", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/75, 0x4b}], 0x1) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1\x00'}) syncfs(r1) 12:35:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000000)=0x80000) 12:35:44 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg$unix(r1, &(0x7f00000052c0)=[{{0x0, 0x0, 0x0}}], 0x500, 0x2, 0x0) 12:35:45 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) splice(r0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x4) pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) 12:35:45 executing program 1: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create(0x400) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FITHAW(r1, 0xc0045878) syncfs(r0) 12:35:45 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) 12:35:45 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000040100000018000100", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/75, 0x4b}], 0x1) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1\x00'}) syncfs(r1) 12:35:45 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000000)=0x80000) 12:35:45 executing program 0: mlock2(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0) syz_io_uring_setup(0x42da, &(0x7f0000000100)={0x0, 0x7b27}, &(0x7f0000680000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000180), &(0x7f00000002c0)) 12:35:45 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) splice(r0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x4) pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) 12:35:45 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000040100000018000100", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/75, 0x4b}], 0x1) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1\x00'}) syncfs(r1) 12:35:45 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) splice(r0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x4) pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) 12:35:45 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000040100000018000100", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/75, 0x4b}], 0x1) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1\x00'}) syncfs(r1) 12:35:45 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}) 12:35:45 executing program 7: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000040100000018000100", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/75, 0x4b}], 0x1) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1\x00'}) syncfs(r1) 12:35:45 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg$unix(r1, &(0x7f00000052c0)=[{{0x0, 0x0, 0x0}}], 0x500, 0x2, 0x0) 12:35:45 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) splice(r0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x4) pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) [ 182.313229] capability: warning: `syz-executor.2' uses deprecated v2 capabilities in a way that may be insecure 12:35:45 executing program 2: capget(&(0x7f0000000a00)={0x20071026}, &(0x7f0000000a40)) 12:35:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000a940)=[{&(0x7f00000001c0)={0x1c, 0x5e, 0x1, 0x0, 0x0, "", [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @uid}]}]}, 0x1c}], 0x1}, 0x0) 12:35:46 executing program 5: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:46 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_mount_image$vfat(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f00000001c0)={0x0, 0x0, "ae67a9513104352e77ba391f91bb0a459484ff8f46bfe38771ee5ad9bf876f84c5f503d26ad563a45834a60de30b858b0dc99a018b6e5efb9a53590b1f887532fd58fdf4621c056706e0688f71e3e226e2e832a58510b374647fa8379ef793946122b716e138d40ce3c51a2a0b922a7b867141a7f11e75150e15eba31e1439e60c0fc708b5d0e90bfdfdfc2443ae8aff1453898aad7b6aaf4304414ba7f698d07cba9c6dae7b0067784355084e1f5b7f8fd50febae9a95bc51c42c5ab9989eb2acd6eb5801cd5c98cd51fad982c82e57b03c5aa05a4df7e55948541b461014d2ea36419931e6eb4c0ad451c2e4b15c047e1f6bcb113e00e6df12b79ba614dfc9", "93c07ef6241aff1cd7572ecebb3e35f0d56134900a732a425a9fc251a693a7d6d79cae5e2fb6447c3c4d48f7919ce08246e72c8f70cf3bbcaf783cf3e07a70138539a51647986ccc20a9ddf43a94cc8a3b987be064a04378e2985226aa12ddc091efb37ffbe905dce9d00f2e07992ab566192a8975241e2524c0e758cfdd6d8f8aab626009e12af7dcdbae0cd119ac68b4a2acf3751eb17c26d60d600131728906aeb4f468060b402b152ce35b1423c3f9896de83c14f822f9efce02d8127e900936f5b9178a37b3fc60011726142a4dc8eff7a803541f1859a99ab61f52582019e2cd695380fbcef9d84c4978e8d06f911923b535cc3b448f7e97fce10f510ad70711e899bf331db79594a5ff785f23bc762d03064c501f7006860cb4c1afca90125e69602ddbc3264dc1e07478196043cf15bd71ae523251ec6dcdf15d57938b36ffcd3702e81d2957253444c37f2c8d455a8b2ca399d2e9264c9ea3a13d1ebb3fceaa581eda62099da298ba2f116d0750d33bf0e943df9b713f93f4fd9cfc203b7dcfe1aacb2b083045736599776e1bf8095dfb5c3b35176450e10a2a16a0cad1a713fa558640ed09b93343e963170f17612958e7ae43de22a8c0457ecc3aa5325d7acb022f222d8b194a884953268228ac0bc82d76dbd21199e72436dc330398d802a60151445c083499ca72dbe3ce954d7cac58c24676f0711dc632843d1d0c1a8b2e79224392aeda178cb61f3cb9719ccd395deb8dd74f334651d563b72489d3c5d058462aa13834debdf01b5025dd0944c3a881f609376293caaab9b29129ba61c8460014170248724c11c923a5c936e5ac49b984c43e36ee67002613ec0b3c7ea62cbf712917f507dcd892127ff0cfd81e82613501ccee482c6206e909b5af02f23466802ce369d030d57fe2e44ccbee9e1c667aa4452326eed6adfda7c00e50f667295cdef5598a75d7b4513945b10cb43dce69d8402f644620aaf506c2965d125ec39813ee51af5970343354d0bbd39ee92754e315e4e928f5d9ddd1e489b5ecf22552b6801e6a00d09e90d5af8c4d21577d771b6a6935ca3cfce2928289b582b899ee5ba2d4cc32eaf67ec68bf457a0279c1b3361b0b2290a472973af2bb4587110e8edd8675a5b7c232ba61b31d61af0709fd33cee533015113532f2475cc5be777bce5681da7c9a1a4bccb4dff02e038a8f93aeff2a819d1ba12ab6b2d0a4df67711958e33667c724e289190f42caf64b2f77b023aac88ca32225de592f05fa468783c3ac63c145c24ab81f7321b14467b76c9ab05a2e88680a18e41902f0873a90d2c97968ea6d033a42014c3af3903912822b93fc2cb3f6709107f00a2b8fa0d7077ad9ea93588db146dafd8746563d5e09538245adf56d546ed29f9d7e6a15308429884a83a063f5d5da42841128283cb706622895177168627dc286a3a7976b81d49eac1f2e540bf9f3abe29d31fb77110462194bfe249bb02405c059cf49c9a74dac38fc7c31c95120baf3e1cf4ce2f987bf8b9037af26c47f1ed7d76b35cda708d5b8c60bf8e0cb7f6ef3b48705ed6b4074470c00d73858e6400e6a50471d3d6ec58be0a1dad512c784eb2d906d3fc14d9f340bca7e486c5cdfe09a1120ed68ac8ee09be4dcc8002e231cd887f050bfe557770d7bf8537473813b67b2597fbab50cfc6bf7ab0dd44fcac64baa0cfece08b8e1681081ef467f80f266b3016329783270d5bec6756060e00f8d8cc4a1a4f6c3054c99419767f5dcf0bcadd66a427223b21a2dd752a13ac03eb9e4e5b975a84f7620309d0bb5e42b38eb3b8407311091d7ff4a68aaae138a77c4711170acb138e4ccc9235bcd9051be4161ca0f6662b4bc8a7f31796b6cf8a4a980232ddf8b36d52ed55902aedad5a7e60721036317f2c05c2ec885d550cc3f2f55e25037113e9ff5c2ee8a625534f1ac4d756190400ca631027e9ec34d3ee035066c7b7eee21ee9628ca4d843d7bdd5c3e785b1828a7fab02ff625649e33fad10bb1f4295600bef6ac1a0ebb478ae8db4f02bfa740bfd31128c6c4085364af3ff241ec2eb9e08e9a8798d6c4861f6fa5b31b2556b13f1fa98cf30b0955c14be8b2e379134d22fbfc78e1eb54ba90e509d31448655059844a0fe3fab6da168e3424654205f2cd523a8338f036bb3cb0c6f474b783ef1039e4236ae00c021f1fc8254d0732c50dbe8af5baf9b29e1eb506644918ea859bcc3c597b6a35cb1798147fbfd462e8a761b1f7d4a04b0b09760fbfb0a85667d5b97592ca2fddf05ee7cf0e43d90ac54087d7ce962a0298d770e7c7c06425d6bd5dce4acde87e0e37d223a8c58665f35a58a5569e2fc3c90d97af7fcf13c82b271d6bc7f11b6d3f315daca92072e2d7b438326055bba482760b6506d959fcfe0fc6caee8de58d293b3f6fe03d6eff1b87ccd3e9601fab4961ce00870f7f5af445c030745dab9d48724dff12f2dd73f5e64bea27d55f68e8365c5c09a04b25a12ebde0d841e11977d7686dfa24d32dbcc767ff4263576d37167e418da31ff812ef3849e6910c400081885bd2f243c03cd1794a6613b05f8df485d2ca89777f6535e27d506b1b5a92adab42cb06ed0eae8ae8657ef1e25f12bcd345eae90147869ac18e894a75db0b49c35bf4792650a6def6e9139d801409294a22531575ea9c9d3fd14079453e8c109be1f8376c155dba8927f2a59b78cfcd7833edb72be919afe4d7d7cf0a9cbc6eb718d3acae9efe0055f3c5caa0f543e61764cead8489d4981166fbe52b0b71c1a5604857116a3b9e0589b878f03ac21be78de542ceae0cc2b9cf5288246ce92997d46c038e6d7be3dbe8fac2e1e91926ce8b776d0a051af0967ae14d3afe9ce207680dfdc9a1255f246afae7fc28a35fb2b86fb9cc14ec90d98fc6076cabd2e75670827ad1d9d8a189c0e2bd55935f6f263b76f749f4ff5b7a063d711c0621d8dd38b5439cc5a161325b5e3cbfd6ea78b77f56136c3d6732d5f84978a7bc76a0f0f7aa2deff414d8d545c77a803017bc0fb7d0acfc1661e0c31954f4aa833328f270705a483af75a28358c3a2be45c4216002a1122f2b02af7e3a25cda679067e1f7f3c11a13907b61dcab781a15a5337d76c87c031673b876e8bef4a890542bb526a8a7b74aca5c6fe0fd25e7c4e2e2a86c21ac7ce727986c4f57a0f7fe72953e8f526ca7c1086468106d824ced7a81d916a47fcbb995994ea3da1630211a77d278ace94fe2ba5222f6d09cf2bc74a7480d4166fac8b1ec2a13f7e0752663e3cf93f6deb9e79bb964c3efe6b2b50da0e7de7f02d4c51e99d1fe1d8e5b9e05ac6f392d536a3fda4a46a2db9dda043c7d35e6d800683ef35e410b9c405537ad53e5b1a32a412804cf32175ba1e6ded3f4e17e9bca2601e44d22bcd6d3ba81b1a017e2a9136c38e8da2a292d05533778b9fabcf9e8d9ae70dad779a0a894bd910884e207181fd07c999075d485bbec2364accbe1f408a0ae5209eb262154255f698e72efefcda9f569a289853f09b1ba9f4e093b1d9153e7092eb059426474d47ec3a0a38ec1daa1b0c05ff5f219c6cbeac82c477e55c171ed3c40df771e085b3199acc3531ecabaea8c136d7a0b730732dba0253073247accb91ddbfba8647d1908916452d03567b675e28be71b38414b70b5d5c48cc6aa5588b64b13529cdea47554e10d7050a8f982ccc0ff7774c4d438e6a63759852f71c428f0159b76e743e642e3a2a28e9e18c93cf29968f997600c546a703e2db8de5ef91fc74db8c5296464f96ca3ffa36d0d05792b671af1d8db8dd9f2086c9463e0689b490b751055f1b0ff96ad7b0fa23636b5607f7f354887dbf6735587025291d9ee7b42318d145c57f9d1e91d798397d065a7516be26f205f1eec052e8ab883f77d30c23cd9ac0fbe63845889ae103fbbea8427c1b7eb7feeb2c6807204999363bbd05aaa2eade2bbee6192e63cd2c9e8b9fa8dc43bd8a86129c66a918330d24a08150b609ebc588447dd7b3d80eaacb743c3bf8b462685293ee139f7ced406cc8383e68dcd80dbc3217c86952b1365f6399801cd1db7bb1ad3acc705e9f79c5de2f02092eb964de4d0f61a14d8526895c5e2d20f1d2f5127a9de6b537ac82bc01d68bfccdc66f303332457dae71da14edfd27d5a59ad07e467ce32c198756b2a93d4ca6dc7601109e14431e2b6db05bc05754e47f3453cc9b167d4a1da51aed3760a982dd31afa2b05379c5a56356aec7bd45a15266f93f7211fd3cd6a9b3f6da42028030cf951ca728b25ee09b4e2b0fcd1683af5d46809a73d32c8648689e0647e41b9c93ccd8606d196fd0b940e68e877bc7e0edb79c4b0f702403846bdf0090d20ec2dca4b9751f66f60fb25ba588911c7c5ffecc693a2d9316247af9a05faa838940a0ac729b800bbdba88e33fbbf9d4ab27895ad2341773ef7826754456d58a15cfeb6647e6ef17781f0750a0ad8ee6427c4c7377215441b94e0927044906e46502925c1b57a7a13d209f0abb7a838a001184c1cc8c8bfea022f6fd3ed62326e5bffce01e8f2d71edbbb1b412c290b498e41ff47b8403bca61547b03f5d2a1eb358bd988206c53f672b9a38ea06cdf032f8ddf6f649b44655538b52e89b4c98d203f8bd48c64c41e763b77a0b9990c3a1adce7872bbd7af7ba51ea1d7efa07467890e785689f55b9416b9abc3e40e3fe76025117c3f95c5999509d6efde42ba94a926a32729599147bc3d01723975b79025b4e2969845725f9197f1c37894c4ea0720fab2a18fa62df73866a84892169ef7f89f879f03972bf743cf2eecb1a47785f5b519b84d35d7ac94c4f0d3ffb1cdd35a7188e44d983fab2c2c01320e34e03e41c4c7f4f90819c7f8c49b40750f98d76ae4fff97b472e1a610bd2e3a8fc66d81f30f3e454e55151695650d8563ff8c13bae9d595b9dd08d25878231d499d35258ee318af5b4fa3b3bc10c9d8a4b00965dc0032fed7a6703ae564ab082cace09680e3a289f31e4c72da030d5b3123e6cd466f3b5a9686b7eba7a1348d6479017beef06870ef5dae9557a623f3484f3abeccb136cf73f69393196e3349d810d191fc7c1dfb95b7b0cfba8ae9d13e40cfba2662549268677e16033ebc43bf5e85fbac199cf4a9452faefb2f1809f1864375db1852674ac3c765fc66ce03cbda332b4d10ff4b87377e5383a4da6588985654d91f0193871396c1873c591b5fe74aa7813e6a84b4397f1f6c1b4925e7a94ef0aab0ee5881f3c94b1992445c40e504973ed808ff52901a70d90b7dcc84413e032f1751b58446d77d6adad36526c0fe43783957c70c3bcd7edd625011817161fd5d01f95ccaef2f362400a1371ff5da2f26927bad11a9b061e69c0de4a92dc42db249ab6273f64ebb45c7653fca8d"}) fchdir(0xffffffffffffffff) [ 183.325914] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 183.337903] Bluetooth: hci0: Opcode 0x c03 failed: -4 12:35:50 executing program 0: mlock2(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0) syz_io_uring_setup(0x42da, &(0x7f0000000100)={0x0, 0x7b27}, &(0x7f0000680000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000180), &(0x7f00000002c0)) 12:35:50 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) splice(r0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x4) pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x7fffff8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x119) 12:35:50 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000000c0)=0x3, 0x4) sendmmsg$inet(r1, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000000)="d0", 0x1}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f000000b2c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/18, 0x12}}], 0x1, 0x0, 0x0) 12:35:50 executing program 4: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000340)={0x0, "f82a5ba671a3f4c740888b6561168345af4ffce898405c352a052c55114faebe0f64244ace8e5c4aedd9efd7b54e780efef2209c1afa3281b68a274f4c838062"}, 0x48, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x1e, r0, r1, r0, 0x0) 12:35:50 executing program 5: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:50 executing program 6: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:50 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000040100000018000100", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/75, 0x4b}], 0x1) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1\x00'}) syncfs(r1) 12:35:50 executing program 7: perf_event_open(&(0x7f0000003700)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:50 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x18, &(0x7f0000000600), 0x4) [ 187.365359] Bluetooth: hci0: Opcode 0x c03 failed: -4 12:35:51 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000000c0)=0x3, 0x4) sendmmsg$inet(r1, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000000)="d0", 0x1}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f000000b2c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/18, 0x12}}], 0x1, 0x0, 0x0) 12:35:51 executing program 5: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:51 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat(0xffffffffffffff9c, &(0x7f00000014c0)='./file0\x00', 0x26e1, 0x62) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)=ANY=[@ANYBLOB="010000040100000018000100", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/75, 0x4b}], 0x1) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file1\x00'}) syncfs(r1) 12:35:51 executing program 4: syz_emit_ethernet(0x34, &(0x7f0000000000)={@local, @broadcast, @val={@void}, {@generic={0x88f7, "6912768b592faeff1710c14066587581430a665bb95eb071e68cb92c970b63392966"}}}, 0x0) 12:35:51 executing program 1: chown(&(0x7f0000000100)='./cgroup/cgroup.procs\x00', 0x0, 0x0) 12:35:51 executing program 7: perf_event_open(&(0x7f0000003700)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:51 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, 0x0, 0x0) 12:35:51 executing program 6: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:51 executing program 1: chown(&(0x7f0000000100)='./cgroup/cgroup.procs\x00', 0x0, 0x0) 12:35:51 executing program 4: syz_emit_ethernet(0x34, &(0x7f0000000000)={@local, @broadcast, @val={@void}, {@generic={0x88f7, "6912768b592faeff1710c14066587581430a665bb95eb071e68cb92c970b63392966"}}}, 0x0) 12:35:51 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, 0x0, 0x0) 12:35:51 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000000c0)=0x3, 0x4) sendmmsg$inet(r1, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000000)="d0", 0x1}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f000000b2c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/18, 0x12}}], 0x1, 0x0, 0x0) [ 188.445119] Bluetooth: hci0: Opcode 0x c03 failed: -4 12:35:52 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, 0x0, 0x0) 12:35:52 executing program 1: chown(&(0x7f0000000100)='./cgroup/cgroup.procs\x00', 0x0, 0x0) 12:35:52 executing program 4: syz_emit_ethernet(0x34, &(0x7f0000000000)={@local, @broadcast, @val={@void}, {@generic={0x88f7, "6912768b592faeff1710c14066587581430a665bb95eb071e68cb92c970b63392966"}}}, 0x0) 12:35:52 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000000c0)=0x3, 0x4) sendmmsg$inet(r1, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000000)="d0", 0x1}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f000000b2c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/18, 0x12}}], 0x1, 0x0, 0x0) 12:35:52 executing program 7: perf_event_open(&(0x7f0000003700)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:52 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) 12:35:52 executing program 6: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:52 executing program 5: ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000800)={0x6, 0x0, 0x20, 0x81, 0x6, 0x89}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f00000004c0)) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x30000004}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r3, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x3d}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000001600), 0x400000, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:52 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) syncfs(r0) 12:35:52 executing program 4: syz_emit_ethernet(0x34, &(0x7f0000000000)={@local, @broadcast, @val={@void}, {@generic={0x88f7, "6912768b592faeff1710c14066587581430a665bb95eb071e68cb92c970b63392966"}}}, 0x0) 12:35:52 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, 0x0, 0x0) 12:35:52 executing program 1: chown(&(0x7f0000000100)='./cgroup/cgroup.procs\x00', 0x0, 0x0) 12:35:52 executing program 2: capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000580)) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) 12:35:52 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) syncfs(r0) 12:35:52 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r0, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) 12:35:52 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x28, 0x1, 0x4, 0x101, 0x0, 0x0, {}, [@NFULA_CFG_MODE={0xa, 0x2, {0x0, 0x2}}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x28}}, 0x0) 12:35:52 executing program 7: perf_event_open(&(0x7f0000003700)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:52 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) syncfs(r0) 12:35:52 executing program 0: r0 = syz_io_uring_setup(0x190b, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000280)) io_uring_register$IORING_REGISTER_PROBE(r0, 0x19, &(0x7f00000002c0), 0x0) 12:35:52 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x1b, &(0x7f0000000040)={@dev}, 0x14) 12:35:52 executing program 6: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 12:35:52 executing program 7: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000240), 0xa080, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000340)) r1 = syz_io_uring_setup(0x190b, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) symlink(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00') syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0\x00'}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x6a) semctl$SETVAL(0x0, 0x0, 0x10, &(0x7f0000000000)) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000040)=""/116) io_uring_enter(r1, 0x1, 0x0, 0x0, 0x0, 0x0) 12:35:52 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) shutdown(r0, 0x0) [ 190.253788] Bluetooth: hci0: Opcode 0x c03 failed: -4 12:35:54 executing program 4: sysfs$2(0x2, 0x5, &(0x7f0000000000)=""/154) 12:35:54 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x8901, &(0x7f0000000180)) 12:35:54 executing program 7: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000240), 0xa080, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000340)) r1 = syz_io_uring_setup(0x190b, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) symlink(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00') syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0\x00'}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x6a) semctl$SETVAL(0x0, 0x0, 0x10, &(0x7f0000000000)) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000040)=""/116) io_uring_enter(r1, 0x1, 0x0, 0x0, 0x0, 0x0) 12:35:54 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) geteuid() 12:35:54 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) write$sndseq(0xffffffffffffffff, 0x0, 0x0) close(r0) 12:35:54 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) syncfs(r0) 12:35:54 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_buf(r0, 0x107, 0x0, 0x0, &(0x7f0000000a00)) 12:35:54 executing program 5: syz_genetlink_get_family_id$tipc(&(0x7f0000000580), 0xffffffffffffffff) syz_genetlink_get_family_id$ethtool(&(0x7f0000000900), 0xffffffffffffffff) 12:35:54 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/udp\x00') read$hiddev(r0, &(0x7f0000000000)=""/109, 0x6d) 12:35:54 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r0, &(0x7f0000000000)) 12:35:54 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) write$sndseq(0xffffffffffffffff, 0x0, 0x0) close(r0) 12:35:54 executing program 4: sysfs$2(0x2, 0x5, &(0x7f0000000000)=""/154) 12:35:54 executing program 1: kexec_load(0x0, 0x0, 0x0, 0x2) 12:35:54 executing program 3: openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) lchown(0x0, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000280)={0x20, 0x5a, 0x1, 0x0, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x1, [@typed={0x9, 0x1, 0x0, 0x0, @binary="5fc27faa76"}]}]}, 0x20}], 0x1}, 0x0) 12:35:54 executing program 7: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000240), 0xa080, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000340)) r1 = syz_io_uring_setup(0x190b, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) symlink(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00') syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0\x00'}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x6a) semctl$SETVAL(0x0, 0x0, 0x10, &(0x7f0000000000)) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000040)=""/116) io_uring_enter(r1, 0x1, 0x0, 0x0, 0x0, 0x0) [ 190.579711] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 190.594427] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 12:35:54 executing program 4: sysfs$2(0x2, 0x5, &(0x7f0000000000)=""/154) 12:35:54 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) write$sndseq(0xffffffffffffffff, 0x0, 0x0) close(r0) 12:35:54 executing program 1: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000680)={0x0, 0x1df2, 0x0, 0x0, 0x285}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f00000005c0)=@isdn}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x3, &(0x7f0000000840)="48896913cf013d4841ef6bd14bad7a1ef5fa89345ea411569e4eaf84b8a00d198b2076417c28fbe24620551513f8def24459fabab7ccebc57e475330793cc850fde8f6291d79a28b11ebc15c87f626cd0236120652566bf3c5fdedf7015636e78bee2846e55020cdb943d3759ae4bcf110eb601878d4323e7d363100b0408ab930c87cec5602c395c1c80ef0f70e9b859631", 0x6, 0x0, 0x1, {0x2, r4}}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 12:35:54 executing program 2: openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x8281, 0x0) 12:35:54 executing program 6: keyctl$search(0x2, 0x0, 0x0, &(0x7f00000001c0)={'syz', 0x3}, 0x0) 12:35:54 executing program 3: openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) r0 = syz_io_uring_setup(0x65f5, &(0x7f0000000500)={0x0, 0x0, 0x2}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000580), &(0x7f00000005c0)) syz_open_dev$char_usb(0xc, 0xb4, 0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000600), 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0) syz_io_uring_setup(0x23ea, &(0x7f0000000780)={0x0, 0x0, 0x2}, &(0x7f0000811000/0x2000)=nil, &(0x7f0000712000/0x4000)=nil, 0x0, 0x0) r1 = syz_io_uring_setup(0x4ac1, &(0x7f0000000900), &(0x7f0000ff3000/0xc000)=nil, &(0x7f0000e74000/0x2000)=nil, &(0x7f0000000980), &(0x7f00000009c0)) io_uring_register$IORING_REGISTER_PROBE(r1, 0x8, &(0x7f0000000a00)={0x0, 0x0, 0x0, '\x00', [{}]}, 0x1) 12:35:54 executing program 7: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000240), 0xa080, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000340)) r1 = syz_io_uring_setup(0x190b, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) symlink(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00') syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0\x00'}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x6a) semctl$SETVAL(0x0, 0x0, 0x10, &(0x7f0000000000)) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000040)=""/116) io_uring_enter(r1, 0x1, 0x0, 0x0, 0x0, 0x0) 12:35:54 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, 0x0, 0x48) 12:35:54 executing program 2: openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x8281, 0x0) 12:35:54 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) write$sndseq(0xffffffffffffffff, 0x0, 0x0) close(r0) 12:35:54 executing program 4: sysfs$2(0x2, 0x5, &(0x7f0000000000)=""/154) 12:35:54 executing program 7: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockname(r0, 0x0, &(0x7f00000000c0)) 12:35:54 executing program 3: prlimit64(0x0, 0x8, &(0x7f0000000040), 0x0) mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) 12:35:54 executing program 1: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000680)={0x0, 0x1df2, 0x0, 0x0, 0x285}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f00000005c0)=@isdn}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x3, &(0x7f0000000840)="48896913cf013d4841ef6bd14bad7a1ef5fa89345ea411569e4eaf84b8a00d198b2076417c28fbe24620551513f8def24459fabab7ccebc57e475330793cc850fde8f6291d79a28b11ebc15c87f626cd0236120652566bf3c5fdedf7015636e78bee2846e55020cdb943d3759ae4bcf110eb601878d4323e7d363100b0408ab930c87cec5602c395c1c80ef0f70e9b859631", 0x6, 0x0, 0x1, {0x2, r4}}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 12:35:54 executing program 6: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 12:35:54 executing program 4: r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8955, &(0x7f0000002440)={{0x2, 0x0, @multicast1}, {}, 0x3a, {0x2, 0x0, @empty}}) 12:35:54 executing program 5: r0 = syz_open_dev$rtc(&(0x7f00000007c0), 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40187013, &(0x7f0000000000)={0x0, 0xfffffffe}) [ 190.972368] syz-executor.4 uses obsolete (PF_INET,SOCK_PACKET) [ 191.239193] BUG: unable to handle page fault for address: ffffed100fffc000 [ 191.239735] #PF: supervisor write access in kernel mode [ 191.240107] #PF: error_code(0x0002) - not-present page [ 191.240445] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 191.240903] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 191.241467] CPU: 0 PID: 6511 Comm: syz-executor.6 Not tainted 6.1.0-rc3-next-20221031 #1 [ 191.245234] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 191.245767] RIP: 0010:__memset+0x24/0x50 [ 191.246058] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 191.247212] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 191.247560] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 191.248027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 191.248521] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 191.249021] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 191.249507] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 191.249999] FS: 00007f7e2a32b700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 191.250579] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.251078] CR2: ffffed100fffc000 CR3: 0000000016b4a000 CR4: 0000000000350ef0 [ 191.251782] Call Trace: [ 191.252041] [ 191.252276] kasan_unpoison+0x23/0x60 [ 191.252664] mempool_exit+0x1c2/0x330 [ 191.253054] bioset_exit+0x2c9/0x630 [ 191.253439] disk_release+0x143/0x490 [ 191.253822] ? disk_release+0x0/0x490 [ 191.254209] ? device_release+0x0/0x250 [ 191.254616] device_release+0xa2/0x250 [ 191.255005] ? device_release+0x0/0x250 [ 191.255401] kobject_put+0x173/0x280 [ 191.255779] put_device+0x1b/0x40 [ 191.256129] put_disk+0x41/0x60 [ 191.256467] loop_control_ioctl+0x4d1/0x630 [ 191.256895] ? loop_control_ioctl+0x0/0x630 [ 191.257341] ? selinux_file_ioctl+0xb1/0x270 [ 191.257800] ? loop_control_ioctl+0x0/0x630 [ 191.258260] __x64_sys_ioctl+0x19a/0x220 [ 191.258682] do_syscall_64+0x3b/0xa0 [ 191.259067] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 191.259581] RIP: 0033:0x7f7e2cdb5b19 [ 191.259949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 191.261665] RSP: 002b:00007f7e2a32b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 191.262421] RAX: ffffffffffffffda RBX: 00007f7e2cec8f60 RCX: 00007f7e2cdb5b19 [ 191.263023] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 191.263488] RBP: 00007f7e2ce0ff6d R08: 0000000000000000 R09: 0000000000000000 [ 191.263962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 191.264434] R13: 00007fff0469846f R14: 00007f7e2a32b300 R15: 0000000000022000 [ 191.264911] [ 191.265070] Modules linked in: [ 191.265296] CR2: ffffed100fffc000 [ 191.265536] ---[ end trace 0000000000000000 ]--- [ 191.265852] RIP: 0010:__memset+0x24/0x50 [ 191.266138] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 191.267328] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 191.267689] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 191.268175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 191.268671] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 191.269164] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 191.269667] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 191.270161] FS: 00007f7e2a32b700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 191.270714] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.271112] CR2: ffffed100fffc000 CR3: 0000000016b4a000 CR4: 0000000000350ef0 12:35:55 executing program 2: openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x8281, 0x0) 12:35:55 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:35:55 executing program 7: openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0xa80, 0x0) 12:35:55 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) creat(0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x10000027f) 12:35:55 executing program 5: r0 = syz_open_dev$rtc(&(0x7f00000007c0), 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40187013, &(0x7f0000000000)={0x0, 0xfffffffe}) 12:35:55 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x7fffffe, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000001bc0)={'\x00', {0x2, 0x0, @private}}) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, r1, 0x0) sendfile(r0, r0, 0x0, 0x5f1) openat(r0, &(0x7f0000000000)='./file1\x00', 0x426000, 0x110) 12:35:55 executing program 6: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 12:35:55 executing program 1: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000680)={0x0, 0x1df2, 0x0, 0x0, 0x285}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f00000005c0)=@isdn}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x3, &(0x7f0000000840)="48896913cf013d4841ef6bd14bad7a1ef5fa89345ea411569e4eaf84b8a00d198b2076417c28fbe24620551513f8def24459fabab7ccebc57e475330793cc850fde8f6291d79a28b11ebc15c87f626cd0236120652566bf3c5fdedf7015636e78bee2846e55020cdb943d3759ae4bcf110eb601878d4323e7d363100b0408ab930c87cec5602c395c1c80ef0f70e9b859631", 0x6, 0x0, 0x1, {0x2, r4}}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 12:35:55 executing program 5: r0 = syz_open_dev$rtc(&(0x7f00000007c0), 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40187013, &(0x7f0000000000)={0x0, 0xfffffffe}) 12:35:55 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:35:55 executing program 2: openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x8281, 0x0) 12:35:55 executing program 1: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000680)={0x0, 0x1df2, 0x0, 0x0, 0x285}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f00000005c0)=@isdn}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup/syz1\x00', 0x200002, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x3, &(0x7f0000000840)="48896913cf013d4841ef6bd14bad7a1ef5fa89345ea411569e4eaf84b8a00d198b2076417c28fbe24620551513f8def24459fabab7ccebc57e475330793cc850fde8f6291d79a28b11ebc15c87f626cd0236120652566bf3c5fdedf7015636e78bee2846e55020cdb943d3759ae4bcf110eb601878d4323e7d363100b0408ab930c87cec5602c395c1c80ef0f70e9b859631", 0x6, 0x0, 0x1, {0x2, r4}}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 12:35:55 executing program 7: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 12:35:55 executing program 5: r0 = syz_open_dev$rtc(&(0x7f00000007c0), 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40187013, &(0x7f0000000000)={0x0, 0xfffffffe}) 12:35:55 executing program 3: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 12:35:55 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:35:55 executing program 6: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 12:35:55 executing program 2: r0 = socket$inet(0x2, 0x0, 0x5) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x4}]}) recvmmsg(r0, 0x0, 0x0, 0x1, 0x0) 12:35:55 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x7fffffe, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000001bc0)={'\x00', {0x2, 0x0, @private}}) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, r1, 0x0) sendfile(r0, r0, 0x0, 0x5f1) openat(r0, &(0x7f0000000000)='./file1\x00', 0x426000, 0x110) 12:35:55 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 192.160654] audit: type=1326 audit(1667219755.804:9): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6564 comm="syz-executor.2" exe="/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e1c968b19 code=0x0 12:35:55 executing program 5: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = shmget(0x0, 0x1000, 0x20, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) 12:35:55 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=ANY=[]) mknodat$loop(r0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000b00), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0]) umount2(&(0x7f0000000080)='./file0\x00', 0x0) [ 192.252810] random: crng reseeded on system resumption 12:35:55 executing program 3: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) [ 192.414492] BUG: unable to handle page fault for address: ffffed100fffc000 [ 192.415081] #PF: supervisor write access in kernel mode [ 192.415477] #PF: error_code(0x0002) - not-present page [ 192.415976] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 192.416481] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI [ 192.416874] CPU: 1 PID: 6570 Comm: syz-executor.6 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 192.417601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 192.418167] RIP: 0010:__memset+0x24/0x50 [ 192.418486] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 192.419669] RSP: 0018:ffff88804307fcc0 EFLAGS: 00010212 [ 192.420033] RAX: 0000000000000000 RBX: ffff88800c0cc240 RCX: 1ffffe21fe6071fb [ 192.420515] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 192.420996] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819848 [ 192.421514] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 192.422028] R13: ffff88800c0cc240 R14: ffffffff815f27a0 R15: 1ffff1100112261f [ 192.422632] FS: 00007f7e2a32b700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 192.423208] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.423599] CR2: ffffed100fffc000 CR3: 000000000e44a000 CR4: 0000000000350ee0 [ 192.424069] Call Trace: [ 192.424315] [ 192.424493] kasan_unpoison+0x23/0x60 [ 192.424770] mempool_exit+0x1c2/0x330 [ 192.425042] bioset_exit+0x2c9/0x630 [ 192.425407] disk_release+0x143/0x490 [ 192.425724] ? disk_release+0x0/0x490 [ 192.426005] ? device_release+0x0/0x250 [ 192.426308] device_release+0xa2/0x250 [ 192.426609] ? device_release+0x0/0x250 [ 192.426903] kobject_put+0x173/0x280 [ 192.427247] put_device+0x1b/0x40 [ 192.427495] put_disk+0x41/0x60 [ 192.427754] loop_control_ioctl+0x4d1/0x630 [ 192.428055] ? loop_control_ioctl+0x0/0x630 [ 192.428356] ? selinux_file_ioctl+0xb1/0x270 [ 192.428675] ? loop_control_ioctl+0x0/0x630 [ 192.428980] __x64_sys_ioctl+0x19a/0x220 [ 192.429270] do_syscall_64+0x3b/0xa0 [ 192.429549] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 192.429927] RIP: 0033:0x7f7e2cdb5b19 [ 192.430200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 192.431503] RSP: 002b:00007f7e2a32b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 192.432060] RAX: ffffffffffffffda RBX: 00007f7e2cec8f60 RCX: 00007f7e2cdb5b19 [ 192.432589] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000005 [ 192.433128] RBP: 00007f7e2ce0ff6d R08: 0000000000000000 R09: 0000000000000000 [ 192.433705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.434297] R13: 00007fff0469846f R14: 00007f7e2a32b300 R15: 0000000000022000 [ 192.434838] [ 192.435022] Modules linked in: [ 192.435272] CR2: ffffed100fffc000 [ 192.435524] ---[ end trace 0000000000000000 ]--- [ 192.435842] RIP: 0010:__memset+0x24/0x50 [ 192.436133] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 192.437463] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 192.437865] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 192.438405] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 192.438928] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 192.439458] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 192.439985] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 192.440516] FS: 00007f7e2a32b700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 192.441110] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.441541] CR2: ffffed100fffc000 CR3: 000000000e44a000 CR4: 0000000000350ee0 [ 192.526837] BUG: unable to handle page fault for address: ffffed100fffc000 [ 192.527373] #PF: supervisor write access in kernel mode [ 192.527743] #PF: error_code(0x0002) - not-present page [ 192.528103] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 192.528567] Oops: 0002 [#3] PREEMPT SMP KASAN NOPTI [ 192.528925] CPU: 1 PID: 6568 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 192.529618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 192.530211] RIP: 0010:__memset+0x24/0x50 [ 192.530556] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 192.531871] RSP: 0018:ffff888041c27cc0 EFLAGS: 00010212 [ 192.532267] RAX: 0000000000000000 RBX: ffff88800c0cc3c0 RCX: 1ffffe21fe607201 [ 192.532753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 192.533243] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819878 [ 192.533738] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 192.534214] R13: ffff88800c0cc3c0 R14: ffffffff815f27a0 R15: 1ffff1100112221f [ 192.534724] FS: 00007f80386ab700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 192.535280] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.535681] CR2: ffffed100fffc000 CR3: 0000000018a9e000 CR4: 0000000000350ee0 [ 192.536166] Call Trace: [ 192.536350] [ 192.536510] kasan_unpoison+0x23/0x60 [ 192.536777] mempool_exit+0x1c2/0x330 [ 192.537053] bioset_exit+0x2c9/0x630 [ 192.537327] disk_release+0x143/0x490 [ 192.537601] ? disk_release+0x0/0x490 [ 192.537868] ? device_release+0x0/0x250 [ 192.538146] device_release+0xa2/0x250 [ 192.538441] ? device_release+0x0/0x250 [ 192.538718] kobject_put+0x173/0x280 [ 192.539002] put_device+0x1b/0x40 [ 192.539265] put_disk+0x41/0x60 [ 192.539514] loop_control_ioctl+0x4d1/0x630 [ 192.539833] ? loop_control_ioctl+0x0/0x630 [ 192.540150] ? selinux_file_ioctl+0xb1/0x270 [ 192.540478] ? loop_control_ioctl+0x0/0x630 [ 192.540799] __x64_sys_ioctl+0x19a/0x220 [ 192.541107] do_syscall_64+0x3b/0xa0 [ 192.541389] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 192.541770] RIP: 0033:0x7f803b135b19 [ 192.542039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 192.543297] RSP: 002b:00007f80386ab188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 192.543818] RAX: ffffffffffffffda RBX: 00007f803b248f60 RCX: 00007f803b135b19 [ 192.544304] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000005 [ 192.544787] RBP: 00007f803b18ff6d R08: 0000000000000000 R09: 0000000000000000 [ 192.545278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.545763] R13: 00007fff3be80f8f R14: 00007f80386ab300 R15: 0000000000022000 [ 192.546267] [ 192.546443] Modules linked in: [ 192.546672] CR2: ffffed100fffc000 [ 192.546921] ---[ end trace 0000000000000000 ]--- [ 192.547261] RIP: 0010:__memset+0x24/0x50 [ 192.547574] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 192.548857] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 192.549230] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 192.549707] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 192.550178] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 192.550685] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 192.551168] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 192.551641] FS: 00007f80386ab700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 192.552177] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.552590] CR2: ffffed100fffc000 CR3: 0000000018a9e000 CR4: 0000000000350ee0 12:35:56 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) close(r0) 12:35:56 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=ANY=[]) mknodat$loop(r0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000b00), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0]) umount2(&(0x7f0000000080)='./file0\x00', 0x0) 12:35:56 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=ANY=[]) mknodat$loop(r0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000b00), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0]) umount2(&(0x7f0000000080)='./file0\x00', 0x0) [ 192.695881] BUG: unable to handle page fault for address: ffffed100fffc000 [ 192.696431] #PF: supervisor write access in kernel mode [ 192.696808] #PF: error_code(0x0002) - not-present page [ 192.697183] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 192.697677] Oops: 0002 [#4] PREEMPT SMP KASAN NOPTI [ 192.698040] CPU: 0 PID: 6576 Comm: syz-executor.5 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 192.698794] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 192.699461] RIP: 0010:__memset+0x24/0x50 [ 192.699785] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 192.701069] RSP: 0018:ffff888042eefcc0 EFLAGS: 00010212 [ 192.701456] RAX: 0000000000000000 RBX: ffff88800c0cc540 RCX: 1ffffe21fe607207 [ 192.701968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 192.702495] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed10018198a8 [ 192.703012] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 192.703533] R13: ffff88800c0cc540 R14: ffffffff815f27a0 R15: 1ffff11001124e1f [ 192.704075] FS: 00007fb01ce86700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 192.704661] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.705085] CR2: ffffed100fffc000 CR3: 000000001948c000 CR4: 0000000000350ef0 [ 192.705616] Call Trace: [ 192.705810] [ 192.705983] kasan_unpoison+0x23/0x60 [ 192.706269] mempool_exit+0x1c2/0x330 [ 192.706567] bioset_exit+0x2c9/0x630 [ 192.706860] disk_release+0x143/0x490 [ 192.707160] ? disk_release+0x0/0x490 [ 192.707454] ? device_release+0x0/0x250 [ 192.707755] device_release+0xa2/0x250 [ 192.708052] ? device_release+0x0/0x250 [ 192.708356] kobject_put+0x173/0x280 [ 192.708645] put_device+0x1b/0x40 [ 192.708907] put_disk+0x41/0x60 [ 192.709165] loop_control_ioctl+0x4d1/0x630 [ 192.709490] ? loop_control_ioctl+0x0/0x630 [ 192.709811] ? selinux_file_ioctl+0xb1/0x270 [ 192.710158] ? loop_control_ioctl+0x0/0x630 [ 192.710486] __x64_sys_ioctl+0x19a/0x220 [ 192.710802] do_syscall_64+0x3b/0xa0 [ 192.711098] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 192.711479] RIP: 0033:0x7fb01f910b19 [ 192.711754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 192.713031] RSP: 002b:00007fb01ce86188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 192.713585] RAX: ffffffffffffffda RBX: 00007fb01fa23f60 RCX: 00007fb01f910b19 [ 192.714126] RDX: 0000000000000003 RSI: 0000000000004c81 RDI: 0000000000000006 [ 192.714683] RBP: 00007fb01f96af6d R08: 0000000000000000 R09: 0000000000000000 [ 192.715215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.715717] R13: 00007fffdc72266f R14: 00007fb01ce86300 R15: 0000000000022000 [ 192.716262] [ 192.716447] Modules linked in: [ 192.716693] CR2: ffffed100fffc000 [ 192.716965] ---[ end trace 0000000000000000 ]--- [ 192.717312] RIP: 0010:__memset+0x24/0x50 [ 192.717637] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 192.718942] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 192.719348] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 192.719876] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 192.720392] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 192.720904] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 192.721448] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 192.721953] FS: 00007fb01ce86700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 192.722534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.722960] CR2: ffffed100fffc000 CR3: 000000001948c000 CR4: 0000000000350ef0 [ 192.818707] BUG: unable to handle page fault for address: ffffed100fffc000 [ 192.819198] #PF: supervisor write access in kernel mode [ 192.819548] #PF: error_code(0x0002) - not-present page [ 192.819884] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 192.820329] Oops: 0002 [#5] PREEMPT SMP KASAN NOPTI [ 192.820653] CPU: 0 PID: 6585 Comm: syz-executor.3 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 192.821272] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 192.821803] RIP: 0010:__memset+0x24/0x50 [ 192.822088] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 192.823243] RSP: 0018:ffff888041e8fcc0 EFLAGS: 00010212 [ 192.823599] RAX: 0000000000000000 RBX: ffff88800c0cc6c0 RCX: 1ffffe21fe60720d [ 192.824065] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 192.824523] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed10018198d8 [ 192.824988] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 192.825454] R13: ffff88800c0cc6c0 R14: ffffffff815f27a0 R15: 1ffff11001124a1f [ 192.825920] FS: 00007f173202f700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 192.826484] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.826868] CR2: ffffed100fffc000 CR3: 0000000031b22000 CR4: 0000000000350ef0 [ 192.827331] Call Trace: [ 192.827506] [ 192.827661] kasan_unpoison+0x23/0x60 [ 192.827933] mempool_exit+0x1c2/0x330 [ 192.828203] bioset_exit+0x2c9/0x630 [ 192.828459] disk_release+0x143/0x490 [ 192.828722] ? disk_release+0x0/0x490 [ 192.828989] ? device_release+0x0/0x250 [ 192.829259] device_release+0xa2/0x250 [ 192.829522] ? device_release+0x0/0x250 [ 192.829788] kobject_put+0x173/0x280 [ 192.830043] put_device+0x1b/0x40 [ 192.830279] put_disk+0x41/0x60 [ 192.830511] loop_control_ioctl+0x4d1/0x630 [ 192.830802] ? loop_control_ioctl+0x0/0x630 [ 192.831090] ? selinux_file_ioctl+0xb1/0x270 [ 192.831392] ? loop_control_ioctl+0x0/0x630 [ 192.831689] __x64_sys_ioctl+0x19a/0x220 [ 192.831968] do_syscall_64+0x3b/0xa0 [ 192.832231] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 192.832580] RIP: 0033:0x7f1734ab9b19 [ 192.832832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 192.834017] RSP: 002b:00007f173202f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 192.834528] RAX: ffffffffffffffda RBX: 00007f1734bccf60 RCX: 00007f1734ab9b19 [ 192.834998] RDX: 0000000000000004 RSI: 0000000000004c81 RDI: 0000000000000005 [ 192.835472] RBP: 00007f1734b13f6d R08: 0000000000000000 R09: 0000000000000000 [ 192.835940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.836413] R13: 00007ffff1f3b33f R14: 00007f173202f300 R15: 0000000000022000 [ 192.836896] [ 192.837060] Modules linked in: [ 192.837281] CR2: ffffed100fffc000 [ 192.837519] ---[ end trace 0000000000000000 ]--- [ 192.837836] RIP: 0010:__memset+0x24/0x50 [ 192.838128] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 192.839338] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 192.839695] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 192.840172] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 192.840641] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 192.841132] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 192.841606] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 192.842081] FS: 00007f173202f700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 192.842628] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.843020] CR2: ffffed100fffc000 CR3: 0000000031b22000 CR4: 0000000000350ef0 [ 192.979007] audit: type=1326 audit(1667219756.639:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6564 comm="syz-executor.2" exe="/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e1c968b19 code=0x0 [ 193.024088] random: crng reseeded on system resumption 12:35:56 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) close(r0) 12:35:56 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x7fffffe, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000001bc0)={'\x00', {0x2, 0x0, @private}}) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, r1, 0x0) sendfile(r0, r0, 0x0, 0x5f1) openat(r0, &(0x7f0000000000)='./file1\x00', 0x426000, 0x110) 12:35:56 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=ANY=[]) mknodat$loop(r0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000b00), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0]) umount2(&(0x7f0000000080)='./file0\x00', 0x0) 12:35:56 executing program 6: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 12:35:56 executing program 7: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 12:35:56 executing program 2: r0 = syz_open_dev$rtc(&(0x7f0000000200), 0x0, 0x0) pread64(r0, 0x0, 0x0, 0x0) 12:35:56 executing program 5: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = shmget(0x0, 0x1000, 0x20, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) 12:35:56 executing program 3: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) [ 193.366587] random: crng reseeded on system resumption 12:35:57 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) close(r0) 12:35:57 executing program 2: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = shmget(0x0, 0x1000, 0x20, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) [ 193.476738] BUG: unable to handle page fault for address: ffffed100fffc000 [ 193.477331] #PF: supervisor write access in kernel mode [ 193.477724] #PF: error_code(0x0002) - not-present page [ 193.478111] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 193.478644] Oops: 0002 [#6] PREEMPT SMP KASAN NOPTI [ 193.479040] CPU: 0 PID: 6616 Comm: syz-executor.3 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 193.479771] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 193.480396] RIP: 0010:__memset+0x24/0x50 [ 193.480728] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 193.482251] RSP: 0018:ffff888044a9fcc0 EFLAGS: 00010212 [ 193.482651] RAX: 0000000000000000 RBX: ffff88800c0cc840 RCX: 1ffffe21fe607213 [ 193.483177] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 193.483718] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819908 [ 193.484257] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 193.484805] R13: ffff88800c0cc840 R14: ffffffff815f27a0 R15: 1ffff1100112461f [ 193.485347] FS: 00007f173202f700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 193.485951] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.486401] CR2: ffffed100fffc000 CR3: 000000001f254000 CR4: 0000000000350ef0 [ 193.486926] Call Trace: [ 193.487130] [ 193.487311] kasan_unpoison+0x23/0x60 [ 193.487613] mempool_exit+0x1c2/0x330 [ 193.487924] bioset_exit+0x2c9/0x630 [ 193.488228] disk_release+0x143/0x490 [ 193.488531] ? disk_release+0x0/0x490 [ 193.488835] ? device_release+0x0/0x250 [ 193.489157] device_release+0xa2/0x250 [ 193.489467] ? device_release+0x0/0x250 [ 193.489777] kobject_put+0x173/0x280 [ 193.490077] put_device+0x1b/0x40 [ 193.490369] put_disk+0x41/0x60 [ 193.490634] loop_control_ioctl+0x4d1/0x630 [ 193.490982] ? loop_control_ioctl+0x0/0x630 [ 193.491325] ? selinux_file_ioctl+0xb1/0x270 [ 193.491702] ? loop_control_ioctl+0x0/0x630 [ 193.492054] __x64_sys_ioctl+0x19a/0x220 [ 193.492381] do_syscall_64+0x3b/0xa0 [ 193.492684] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 193.493085] RIP: 0033:0x7f1734ab9b19 [ 193.493378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 193.494766] RSP: 002b:00007f173202f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 193.495351] RAX: ffffffffffffffda RBX: 00007f1734bccf60 RCX: 00007f1734ab9b19 [ 193.495901] RDX: 0000000000000005 RSI: 0000000000004c81 RDI: 0000000000000005 [ 193.496438] RBP: 00007f1734b13f6d R08: 0000000000000000 R09: 0000000000000000 [ 193.496957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.497478] R13: 00007ffff1f3b33f R14: 00007f173202f300 R15: 0000000000022000 [ 193.498020] [ 193.498202] Modules linked in: [ 193.498461] CR2: ffffed100fffc000 [ 193.498733] ---[ end trace 0000000000000000 ]--- [ 193.499086] RIP: 0010:__memset+0x24/0x50 [ 193.499413] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 193.500765] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 193.501172] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 193.501691] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 193.502239] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 193.502799] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 193.503338] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 193.503881] FS: 00007f173202f700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 193.504494] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.504933] CR2: ffffed100fffc000 CR3: 000000001f254000 CR4: 0000000000350ef0 12:35:57 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) close(r0) 12:35:57 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) close(r0) 12:35:57 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) close(r0) 12:35:57 executing program 1: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = shmget(0x0, 0x1000, 0x20, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) 12:35:57 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x7fffffe, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000001bc0)={'\x00', {0x2, 0x0, @private}}) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, r1, 0x0) sendfile(r0, r0, 0x0, 0x5f1) openat(r0, &(0x7f0000000000)='./file1\x00', 0x426000, 0x110) 12:35:57 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) close(r0) [ 194.000420] BUG: unable to handle page fault for address: ffffed100fffc000 [ 194.000942] #PF: supervisor write access in kernel mode [ 194.001308] #PF: error_code(0x0002) - not-present page [ 194.001686] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 194.002177] Oops: 0002 [#7] PREEMPT SMP KASAN NOPTI [ 194.002586] CPU: 1 PID: 6626 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 194.003227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 194.003808] RIP: 0010:__memset+0x24/0x50 [ 194.004135] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 194.005365] RSP: 0018:ffff8880429d7cc0 EFLAGS: 00010212 [ 194.005742] RAX: 0000000000000000 RBX: ffff88800c0cc9c0 RCX: 1ffffe21fe607219 [ 194.006254] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 194.006790] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819938 [ 194.007310] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 194.007839] R13: ffff88800c0cc9c0 R14: ffffffff815f27a0 R15: 1ffff1100112421f [ 194.008357] FS: 00007f80386ab700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 194.008947] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.009386] CR2: ffffed100fffc000 CR3: 00000000381da000 CR4: 0000000000350ee0 [ 194.009896] Call Trace: [ 194.010089] [ 194.010258] kasan_unpoison+0x23/0x60 [ 194.010548] mempool_exit+0x1c2/0x330 [ 194.010845] bioset_exit+0x2c9/0x630 [ 194.011135] disk_release+0x143/0x490 [ 194.011432] ? disk_release+0x0/0x490 [ 194.011716] ? device_release+0x0/0x250 [ 194.012014] device_release+0xa2/0x250 [ 194.012302] ? device_release+0x0/0x250 [ 194.012592] kobject_put+0x173/0x280 [ 194.012871] put_device+0x1b/0x40 [ 194.013134] put_disk+0x41/0x60 [ 194.013383] loop_control_ioctl+0x4d1/0x630 [ 194.013701] ? loop_control_ioctl+0x0/0x630 [ 194.014028] ? selinux_file_ioctl+0xb1/0x270 [ 194.014371] ? loop_control_ioctl+0x0/0x630 [ 194.014695] __x64_sys_ioctl+0x19a/0x220 [ 194.014999] do_syscall_64+0x3b/0xa0 [ 194.015285] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 194.015667] RIP: 0033:0x7f803b135b19 [ 194.015938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 194.017228] RSP: 002b:00007f80386ab188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 194.017771] RAX: ffffffffffffffda RBX: 00007f803b248f60 RCX: 00007f803b135b19 [ 194.018280] RDX: 0000000000000006 RSI: 0000000000004c81 RDI: 0000000000000005 [ 194.018804] RBP: 00007f803b18ff6d R08: 0000000000000000 R09: 0000000000000000 [ 194.019309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 194.019818] R13: 00007fff3be80f8f R14: 00007f80386ab300 R15: 0000000000022000 [ 194.020332] [ 194.020509] Modules linked in: [ 194.020750] CR2: ffffed100fffc000 [ 194.021003] ---[ end trace 0000000000000000 ]--- [ 194.021335] RIP: 0010:__memset+0x24/0x50 [ 194.021645] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 194.022937] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 194.023323] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 194.023830] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 194.024333] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 194.024842] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 194.025347] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 194.025855] FS: 00007f80386ab700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 194.026434] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.026847] CR2: ffffed100fffc000 CR3: 00000000381da000 CR4: 0000000000350ee0 [ 194.110509] BUG: unable to handle page fault for address: ffffed100fffc000 [ 194.111050] #PF: supervisor write access in kernel mode [ 194.111420] #PF: error_code(0x0002) - not-present page [ 194.111842] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 194.112363] Oops: 0002 [#8] PREEMPT SMP KASAN NOPTI [ 194.112716] CPU: 1 PID: 6625 Comm: syz-executor.5 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 194.113381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 194.113941] RIP: 0010:__memset+0x24/0x50 [ 194.114244] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 194.115522] RSP: 0018:ffff8880449efcc0 EFLAGS: 00010212 [ 194.115945] RAX: 0000000000000000 RBX: ffff88800c0ccb40 RCX: 1ffffe21fe60721f [ 194.116528] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 194.117101] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819968 [ 194.117686] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 194.118216] R13: ffff88800c0ccb40 R14: ffffffff815f27a0 R15: 1ffff11001125e1f [ 194.118790] FS: 00007fb01ce86700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 194.119439] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.119849] CR2: ffffed100fffc000 CR3: 000000001539e000 CR4: 0000000000350ee0 [ 194.120340] Call Trace: [ 194.120522] [ 194.120683] kasan_unpoison+0x23/0x60 [ 194.121018] mempool_exit+0x1c2/0x330 [ 194.121305] bioset_exit+0x2c9/0x630 [ 194.121588] disk_release+0x143/0x490 [ 194.121863] ? disk_release+0x0/0x490 [ 194.122148] ? device_release+0x0/0x250 [ 194.122445] device_release+0xa2/0x250 [ 194.122731] ? device_release+0x0/0x250 [ 194.123015] kobject_put+0x173/0x280 [ 194.123290] put_device+0x1b/0x40 [ 194.123542] put_disk+0x41/0x60 [ 194.123812] loop_control_ioctl+0x4d1/0x630 [ 194.124163] ? loop_control_ioctl+0x0/0x630 [ 194.124454] ? selinux_file_ioctl+0xb1/0x270 [ 194.124765] ? loop_control_ioctl+0x0/0x630 [ 194.125076] __x64_sys_ioctl+0x19a/0x220 [ 194.125359] do_syscall_64+0x3b/0xa0 [ 194.125626] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 194.125973] RIP: 0033:0x7fb01f910b19 [ 194.126237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 194.127530] RSP: 002b:00007fb01ce86188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 194.128103] RAX: ffffffffffffffda RBX: 00007fb01fa23f60 RCX: 00007fb01f910b19 [ 194.128599] RDX: 0000000000000007 RSI: 0000000000004c81 RDI: 0000000000000006 [ 194.129064] RBP: 00007fb01f96af6d R08: 0000000000000000 R09: 0000000000000000 [ 194.129530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 194.130008] R13: 00007fffdc72266f R14: 00007fb01ce86300 R15: 0000000000022000 [ 194.130516] [ 194.130681] Modules linked in: [ 194.130912] CR2: ffffed100fffc000 [ 194.131154] ---[ end trace 0000000000000000 ]--- [ 194.131472] RIP: 0010:__memset+0x24/0x50 [ 194.131766] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 194.132998] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 194.133368] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 194.133851] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 194.134339] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 194.134833] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 194.135330] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 194.135826] FS: 00007fb01ce86700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 194.136378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.136776] CR2: ffffed100fffc000 CR3: 000000001539e000 CR4: 0000000000350ee0 [ 194.210679] BUG: unable to handle page fault for address: ffffed100fffc000 [ 194.211190] #PF: supervisor write access in kernel mode [ 194.211545] #PF: error_code(0x0002) - not-present page [ 194.211890] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 194.212334] Oops: 0002 [#9] PREEMPT SMP KASAN NOPTI [ 194.212664] CPU: 1 PID: 6645 Comm: syz-executor.1 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 194.213309] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 194.213869] RIP: 0010:__memset+0x24/0x50 [ 194.214172] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 194.215414] RSP: 0018:ffff888043b3fcc0 EFLAGS: 00010212 [ 194.215780] RAX: 0000000000000000 RBX: ffff88800c0cce40 RCX: 1ffffe21fe60722b [ 194.216272] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 194.216761] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed10018199c8 [ 194.217255] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 194.217745] R13: ffff88800c0cce40 R14: ffffffff815f27a0 R15: 1ffff11002b9481f [ 194.218240] FS: 00007fbc6525f700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 194.218796] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.219179] CR2: ffffed100fffc000 CR3: 000000000d622000 CR4: 0000000000350ee0 [ 194.219654] Call Trace: [ 194.219838] [ 194.220000] kasan_unpoison+0x23/0x60 [ 194.220273] mempool_exit+0x1c2/0x330 [ 194.220552] bioset_exit+0x2c9/0x630 [ 194.220818] disk_release+0x143/0x490 [ 194.221090] ? disk_release+0x0/0x490 [ 194.221362] ? device_release+0x0/0x250 [ 194.221644] device_release+0xa2/0x250 [ 194.221924] ? device_release+0x0/0x250 [ 194.222193] kobject_put+0x173/0x280 [ 194.222464] put_device+0x1b/0x40 [ 194.222701] put_disk+0x41/0x60 [ 194.222946] loop_control_ioctl+0x4d1/0x630 [ 194.223240] ? loop_control_ioctl+0x0/0x630 [ 194.223532] ? selinux_file_ioctl+0xb1/0x270 [ 194.223839] ? loop_control_ioctl+0x0/0x630 [ 194.224129] __x64_sys_ioctl+0x19a/0x220 [ 194.224429] do_syscall_64+0x3b/0xa0 [ 194.224716] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 194.225087] RIP: 0033:0x7fbc67ce9b19 [ 194.225347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 194.226596] RSP: 002b:00007fbc6525f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 194.227123] RAX: ffffffffffffffda RBX: 00007fbc67dfcf60 RCX: 00007fbc67ce9b19 [ 194.227613] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000006 [ 194.228102] RBP: 00007fbc67d43f6d R08: 0000000000000000 R09: 0000000000000000 [ 194.228597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 194.229088] R13: 00007fff9ea2540f R14: 00007fbc6525f300 R15: 0000000000022000 [ 194.229581] [ 194.229748] Modules linked in: [ 194.229977] CR2: ffffed100fffc000 [ 194.230222] ---[ end trace 0000000000000000 ]--- [ 194.230568] RIP: 0010:__memset+0x24/0x50 [ 194.230863] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 194.232106] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 194.232476] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 194.232970] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 194.233430] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 194.233916] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 194.234404] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 194.234898] FS: 00007fbc6525f700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 194.235451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.235833] CR2: ffffed100fffc000 CR3: 000000000d622000 CR4: 0000000000350ee0 12:35:57 executing program 0: r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) 12:35:57 executing program 7: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) shmat(r0, &(0x7f0000fef000/0x3000)=nil, 0x6000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) 12:35:57 executing program 0: r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) 12:35:57 executing program 5: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = shmget(0x0, 0x1000, 0x20, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) [ 194.461799] BUG: unable to handle page fault for address: ffffed100fffc000 [ 194.462269] #PF: supervisor write access in kernel mode [ 194.462594] #PF: error_code(0x0002) - not-present page [ 194.462906] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 194.463316] Oops: 0002 [#10] PREEMPT SMP KASAN NOPTI [ 194.463622] CPU: 1 PID: 6665 Comm: syz-executor.7 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 194.464196] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 194.464682] RIP: 0010:__memset+0x24/0x50 [ 194.464949] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 194.466036] RSP: 0018:ffff888044bcfcc0 EFLAGS: 00010212 [ 194.466362] RAX: 0000000000000000 RBX: ffff88800c0cccc0 RCX: 1ffffe21fe607225 [ 194.466808] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 194.467231] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819998 [ 194.467654] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 194.468076] R13: ffff88800c0cccc0 R14: ffffffff815f27a0 R15: 1ffff11002b9421f [ 194.468503] FS: 00007f80386ab700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 194.468983] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.469336] CR2: ffffed100fffc000 CR3: 0000000018a70000 CR4: 0000000000350ee0 [ 194.469762] Call Trace: [ 194.469924] [ 194.470068] kasan_unpoison+0x23/0x60 [ 194.470307] mempool_exit+0x1c2/0x330 [ 194.470562] bioset_exit+0x2c9/0x630 [ 194.470803] disk_release+0x143/0x490 [ 194.471045] ? disk_release+0x0/0x490 [ 194.471287] ? device_release+0x0/0x250 [ 194.471537] device_release+0xa2/0x250 [ 194.471780] ? device_release+0x0/0x250 [ 194.472026] kobject_put+0x173/0x280 [ 194.472264] put_device+0x1b/0x40 [ 194.472484] put_disk+0x41/0x60 [ 194.472696] loop_control_ioctl+0x4d1/0x630 [ 194.472969] ? loop_control_ioctl+0x0/0x630 [ 194.473238] ? selinux_file_ioctl+0xb1/0x270 [ 194.473523] ? loop_control_ioctl+0x0/0x630 [ 194.473793] __x64_sys_ioctl+0x19a/0x220 [ 194.474053] do_syscall_64+0x3b/0xa0 [ 194.474295] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 194.474625] RIP: 0033:0x7f803b135b19 [ 194.474856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 194.475915] RSP: 002b:00007f80386ab188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 194.476382] RAX: ffffffffffffffda RBX: 00007f803b248f60 RCX: 00007f803b135b19 [ 194.476808] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 194.477236] RBP: 00007f803b18ff6d R08: 0000000000000000 R09: 0000000000000000 [ 194.477661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 194.478087] R13: 00007fff3be80f8f R14: 00007f80386ab300 R15: 0000000000022000 [ 194.478526] [ 194.478676] Modules linked in: [ 194.478881] CR2: ffffed100fffc000 [ 194.479092] ---[ end trace 0000000000000000 ]--- [ 194.479377] RIP: 0010:__memset+0x24/0x50 [ 194.479651] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 194.480773] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 194.481094] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 194.481516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 194.481939] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 194.482362] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 12:35:58 executing program 6: r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) [ 194.482854] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 194.483330] FS: 00007f80386ab700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 194.483851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.484227] CR2: ffffed100fffc000 CR3: 0000000018a70000 CR4: 0000000000350ee0 12:35:58 executing program 6: r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) 12:35:58 executing program 0: r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) [ 194.558925] random: crng reseeded on system resumption 12:35:58 executing program 1: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = shmget(0x0, 0x1000, 0x20, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) 12:35:58 executing program 0: r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) 12:35:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f000000c340)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)={0x14, 0x2e, 0xe21, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0) 12:35:58 executing program 6: r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) 12:35:58 executing program 2: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = shmget(0x0, 0x1000, 0x20, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) 12:35:58 executing program 4: r0 = fsopen(&(0x7f0000000040)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) renameat(r1, &(0x7f0000000140)='./file0/file0\x00', 0xffffffffffffffff, 0x0) 12:35:58 executing program 5: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = shmget(0x0, 0x1000, 0x20, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) 12:35:58 executing program 7: syslog(0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1ce3ffffa7fbf62de3d572f985484579bf673ee9d425e3bc1adf80e1db04da1e1321468bd68bd9576a80a67e3ddbc6cb37b6c753b9dcb68a540e3a0db59e26c11c694dd1825ddbcc347c33252a5d3c388ee86b6b1fd51f695575eb853b2cd14e992080df583097caa0699847ac64313d13546880da756fb0485e37f3e1b5903a9b5cb1f2dd3fa0eac0d0015a94dbaeabf474aff0db1c9ca83d3c63ddb959a902f7983623fe9796953792c555ec5f8591dea277b8218eef50ae6dca3b77554a40f1765eea2c726b3ffa164d17413a95856cc86f4dba559832397b763294594d955c7a51084edbf252a1eac2c712dacdc8a93e86c70059e3eef5606a5d7e9167b16ca7ff9a24a0491370bd", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) r3 = getpid() r4 = signalfd(r0, &(0x7f00000001c0)={[0x2]}, 0x8) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x1) r5 = accept$inet(r2, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@private2, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe8) kcmp(r3, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x1340, 0x7, 0x2c5}, r3, 0xe, r1, 0x0) 12:35:58 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) setpriority(0x0, 0x0, 0x0) 12:35:59 executing program 6: r0 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f00000001c0)='./file0\x00') renameat(r1, &(0x7f0000000140)='./file0/file0\x00', r1, &(0x7f0000000180)='./file1\x00') fspick(r1, &(0x7f0000000040)='./file1\x00', 0x0) 12:35:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f000000c340)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)={0x14, 0x2e, 0xe21, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0) [ 195.369193] random: crng reseeded on system resumption 12:35:59 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x46d0, 0x4) 12:35:59 executing program 0: mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0) mlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0) 12:35:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f000000c340)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)={0x14, 0x2e, 0xe21, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0) 12:35:59 executing program 6: futex(&(0x7f0000000280), 0x5, 0x0, 0x0, &(0x7f0000000300), 0x0) 12:35:59 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x29, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='devpts\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x14}, 0x18) [ 195.905672] syz-executor.7 (6696) used greatest stack depth: 23384 bytes left [ 196.101977] BUG: unable to handle page fault for address: ffffed100fffc000 [ 196.102697] #PF: supervisor write access in kernel mode [ 196.103154] #PF: error_code(0x0002) - not-present page [ 196.103620] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 196.104201] Oops: 0002 [#11] PREEMPT SMP KASAN NOPTI [ 196.104676] CPU: 0 PID: 6688 Comm: syz-executor.1 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 196.105552] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 196.106313] RIP: 0010:__memset+0x24/0x50 [ 196.106736] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 196.108408] RSP: 0018:ffff888041e67cc0 EFLAGS: 00010212 [ 196.108865] RAX: 0000000000000000 RBX: ffff888032f67000 RCX: 1ffffe21fefc18b2 [ 196.109479] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 196.110141] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed10065ece00 [ 196.110777] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 196.111408] R13: ffff888032f67000 R14: ffffffff815f27a0 R15: 1ffff110033eee1f [ 196.112031] FS: 00007fbc6525f700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 196.112729] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 196.113234] CR2: ffffed100fffc000 CR3: 0000000032c66000 CR4: 0000000000350ef0 [ 196.113853] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 196.114500] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 196.115168] Call Trace: [ 196.115420] [ 196.115642] kasan_unpoison+0x23/0x60 [ 196.116017] mempool_exit+0x1c2/0x330 [ 196.116401] bioset_exit+0x2c9/0x630 [ 196.116781] disk_release+0x143/0x490 [ 196.117158] ? disk_release+0x0/0x490 [ 196.117534] ? device_release+0x0/0x250 [ 196.117917] device_release+0xa2/0x250 [ 196.118301] ? device_release+0x0/0x250 [ 196.118705] kobject_put+0x173/0x280 [ 196.119073] put_device+0x1b/0x40 [ 196.119396] put_disk+0x41/0x60 [ 196.119727] loop_control_ioctl+0x4d1/0x630 [ 196.120124] ? loop_control_ioctl+0x0/0x630 [ 196.120517] ? selinux_file_ioctl+0xb1/0x270 [ 196.120937] ? loop_control_ioctl+0x0/0x630 [ 196.121335] __x64_sys_ioctl+0x19a/0x220 [ 196.121745] do_syscall_64+0x3b/0xa0 [ 196.122103] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 196.122600] RIP: 0033:0x7fbc67ce9b19 [ 196.122962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 196.124658] RSP: 002b:00007fbc6525f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 196.125396] RAX: ffffffffffffffda RBX: 00007fbc67dfcf60 RCX: 00007fbc67ce9b19 [ 196.126078] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000006 [ 196.126773] RBP: 00007fbc67d43f6d R08: 0000000000000000 R09: 0000000000000000 [ 196.127444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 196.128113] R13: 00007fff9ea2540f R14: 00007fbc6525f300 R15: 0000000000022000 [ 196.128785] [ 196.129013] Modules linked in: [ 196.129311] CR2: ffffed100fffc000 [ 196.129650] ---[ end trace 0000000000000000 ]--- [ 196.130204] RIP: 0010:__memset+0x24/0x50 [ 196.130647] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 196.132207] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 196.132684] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 196.133304] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 196.133948] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 196.134580] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 196.135192] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 196.135846] FS: 00007fbc6525f700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 196.136595] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 196.137137] CR2: ffffed100fffc000 CR3: 0000000032c66000 CR4: 0000000000350ef0 [ 196.137816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 196.138491] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 12:35:59 executing program 4: mincore(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xfffffffffffffffd) 12:35:59 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800, 0x0, {0x0, r2}}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x4004, @fd=r1, 0x101, &(0x7f0000000380)=""/83, 0x53, 0x3, 0x1}, 0x3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) getsockname$packet(r3, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r1, 0x89fb, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x4, 0xfe, 0x40, 0x5, 0x32, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x7, 0x7800, 0x10001}}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xfd}}, 0x14) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2080000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 12:35:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f000000c340)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)={0x14, 0x2e, 0xe21, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0) 12:35:59 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, &(0x7f00000001c0)) 12:35:59 executing program 2: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = shmget(0x0, 0x1000, 0x20, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) 12:35:59 executing program 7: syslog(0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1ce3ffffa7fbf62de3d572f985484579bf673ee9d425e3bc1adf80e1db04da1e1321468bd68bd9576a80a67e3ddbc6cb37b6c753b9dcb68a540e3a0db59e26c11c694dd1825ddbcc347c33252a5d3c388ee86b6b1fd51f695575eb853b2cd14e992080df583097caa0699847ac64313d13546880da756fb0485e37f3e1b5903a9b5cb1f2dd3fa0eac0d0015a94dbaeabf474aff0db1c9ca83d3c63ddb959a902f7983623fe9796953792c555ec5f8591dea277b8218eef50ae6dca3b77554a40f1765eea2c726b3ffa164d17413a95856cc86f4dba559832397b763294594d955c7a51084edbf252a1eac2c712dacdc8a93e86c70059e3eef5606a5d7e9167b16ca7ff9a24a0491370bd", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) r3 = getpid() r4 = signalfd(r0, &(0x7f00000001c0)={[0x2]}, 0x8) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x1) r5 = accept$inet(r2, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@private2, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe8) kcmp(r3, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x1340, 0x7, 0x2c5}, r3, 0xe, r1, 0x0) 12:35:59 executing program 1: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = shmget(0x0, 0x1000, 0x20, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) shmat(0x0, &(0x7f0000fe9000/0x3000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000feb000/0x3000)=nil, 0x0) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x149, 0x7}, 0x10601, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r4, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) 12:35:59 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, &(0x7f00000001c0)) 12:35:59 executing program 4: syslog(0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1ce3ffffa7fbf62de3d572f985484579bf673ee9d425e3bc1adf80e1db04da1e1321468bd68bd9576a80a67e3ddbc6cb37b6c753b9dcb68a540e3a0db59e26c11c694dd1825ddbcc347c33252a5d3c388ee86b6b1fd51f695575eb853b2cd14e992080df583097caa0699847ac64313d13546880da756fb0485e37f3e1b5903a9b5cb1f2dd3fa0eac0d0015a94dbaeabf474aff0db1c9ca83d3c63ddb959a902f7983623fe9796953792c555ec5f8591dea277b8218eef50ae6dca3b77554a40f1765eea2c726b3ffa164d17413a95856cc86f4dba559832397b763294594d955c7a51084edbf252a1eac2c712dacdc8a93e86c70059e3eef5606a5d7e9167b16ca7ff9a24a0491370bd", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) r3 = getpid() r4 = signalfd(r0, &(0x7f00000001c0)={[0x2]}, 0x8) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x1) r5 = accept$inet(r2, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@private2, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe8) kcmp(r3, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x1340, 0x7, 0x2c5}, r3, 0xe, r1, 0x0) [ 196.282041] random: crng reseeded on system resumption 12:35:59 executing program 5: syslog(0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1ce3ffffa7fbf62de3d572f985484579bf673ee9d425e3bc1adf80e1db04da1e1321468bd68bd9576a80a67e3ddbc6cb37b6c753b9dcb68a540e3a0db59e26c11c694dd1825ddbcc347c33252a5d3c388ee86b6b1fd51f695575eb853b2cd14e992080df583097caa0699847ac64313d13546880da756fb0485e37f3e1b5903a9b5cb1f2dd3fa0eac0d0015a94dbaeabf474aff0db1c9ca83d3c63ddb959a902f7983623fe9796953792c555ec5f8591dea277b8218eef50ae6dca3b77554a40f1765eea2c726b3ffa164d17413a95856cc86f4dba559832397b763294594d955c7a51084edbf252a1eac2c712dacdc8a93e86c70059e3eef5606a5d7e9167b16ca7ff9a24a0491370bd", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) r3 = getpid() r4 = signalfd(r0, &(0x7f00000001c0)={[0x2]}, 0x8) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x1) r5 = accept$inet(r2, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@private2, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe8) kcmp(r3, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x1340, 0x7, 0x2c5}, r3, 0xe, r1, 0x0) 12:35:59 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}]}}) 12:36:00 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, &(0x7f00000001c0)) [ 196.514562] BUG: unable to handle page fault for address: ffffed100fffc000 [ 196.515182] #PF: supervisor write access in kernel mode [ 196.515615] #PF: error_code(0x0002) - not-present page [ 196.516037] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 196.516568] Oops: 0002 [#12] PREEMPT SMP KASAN NOPTI [ 196.516982] CPU: 1 PID: 6734 Comm: syz-executor.2 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 196.517760] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 196.518435] RIP: 0010:__memset+0x24/0x50 [ 196.518770] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 196.520157] RSP: 0018:ffff88804326fcc0 EFLAGS: 00010212 [ 196.520590] RAX: 0000000000000000 RBX: ffff88800ebc5300 RCX: 1ffffe21fe6b303e [ 196.521163] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 196.521720] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001d78a60 [ 196.522260] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 196.522844] R13: ffff88800ebc5300 R14: ffffffff815f27a0 R15: 1ffff1100112281f [ 196.523417] FS: 00007f7e19ede700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 196.524048] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 196.524533] CR2: ffffed100fffc000 CR3: 00000000197aa000 CR4: 0000000000350ee0 [ 196.525120] Call Trace: [ 196.525336] [ 196.525525] kasan_unpoison+0x23/0x60 [ 196.525849] mempool_exit+0x1c2/0x330 [ 196.526185] bioset_exit+0x2c9/0x630 [ 196.526515] disk_release+0x143/0x490 [ 196.526841] ? disk_release+0x0/0x490 [ 196.527157] ? device_release+0x0/0x250 [ 196.527486] device_release+0xa2/0x250 [ 196.527815] ? device_release+0x0/0x250 [ 196.528140] kobject_put+0x173/0x280 [ 196.528458] put_device+0x1b/0x40 [ 196.528753] put_disk+0x41/0x60 [ 196.529040] loop_control_ioctl+0x4d1/0x630 [ 196.529396] ? loop_control_ioctl+0x0/0x630 [ 196.529747] ? selinux_file_ioctl+0xb1/0x270 [ 196.530121] ? loop_control_ioctl+0x0/0x630 [ 196.530489] __x64_sys_ioctl+0x19a/0x220 [ 196.530829] do_syscall_64+0x3b/0xa0 [ 196.531139] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 196.531532] RIP: 0033:0x7f7e1c968b19 [ 196.531818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 196.533243] RSP: 002b:00007f7e19ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 196.533854] RAX: ffffffffffffffda RBX: 00007f7e1ca7bf60 RCX: 00007f7e1c968b19 [ 196.534445] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 196.535035] RBP: 00007f7e1c9c2f6d R08: 0000000000000000 R09: 0000000000000000 [ 196.535604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 196.536170] R13: 00007ffdd92af9ef R14: 00007f7e19ede300 R15: 0000000000022000 [ 196.536735] [ 196.536929] Modules linked in: [ 196.537193] CR2: ffffed100fffc000 [ 196.537475] ---[ end trace 0000000000000000 ]--- [ 196.537854] RIP: 0010:__memset+0x24/0x50 [ 196.538198] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 196.539649] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 196.540063] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 196.540639] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 196.541205] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 196.541772] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 196.542354] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 196.542933] FS: 00007f7e19ede700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 196.543571] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 196.544037] CR2: ffffed100fffc000 CR3: 00000000197aa000 CR4: 0000000000350ee0 12:36:00 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, &(0x7f00000001c0)) [ 196.573320] syz-executor.7 (6736) used greatest stack depth: 22616 bytes left 12:36:00 executing program 7: syslog(0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1ce3ffffa7fbf62de3d572f985484579bf673ee9d425e3bc1adf80e1db04da1e1321468bd68bd9576a80a67e3ddbc6cb37b6c753b9dcb68a540e3a0db59e26c11c694dd1825ddbcc347c33252a5d3c388ee86b6b1fd51f695575eb853b2cd14e992080df583097caa0699847ac64313d13546880da756fb0485e37f3e1b5903a9b5cb1f2dd3fa0eac0d0015a94dbaeabf474aff0db1c9ca83d3c63ddb959a902f7983623fe9796953792c555ec5f8591dea277b8218eef50ae6dca3b77554a40f1765eea2c726b3ffa164d17413a95856cc86f4dba559832397b763294594d955c7a51084edbf252a1eac2c712dacdc8a93e86c70059e3eef5606a5d7e9167b16ca7ff9a24a0491370bd", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) r3 = getpid() r4 = signalfd(r0, &(0x7f00000001c0)={[0x2]}, 0x8) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x1) r5 = accept$inet(r2, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@private2, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe8) kcmp(r3, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x1340, 0x7, 0x2c5}, r3, 0xe, r1, 0x0) [ 196.678130] BUG: unable to handle page fault for address: ffffed100fffc000 [ 196.678709] #PF: supervisor write access in kernel mode [ 196.679069] #PF: error_code(0x0002) - not-present page [ 196.679423] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 196.679893] Oops: 0002 [#13] PREEMPT SMP KASAN NOPTI [ 196.680238] CPU: 1 PID: 6738 Comm: syz-executor.1 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 196.680874] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 196.681516] RIP: 0010:__memset+0x24/0x50 [ 196.681915] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 196.683233] RSP: 0018:ffff8880430efcc0 EFLAGS: 00010212 [ 196.683607] RAX: 0000000000000000 RBX: ffff888032f67180 RCX: 1ffffe21fefc18b8 [ 196.684102] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 196.684630] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed10065ece30 [ 196.685155] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 196.685656] R13: ffff888032f67180 R14: ffffffff815f27a0 R15: 1ffff11002b59c1f [ 196.686178] FS: 00007fbc6525f700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 196.686783] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 196.687220] CR2: ffffed100fffc000 CR3: 0000000015c50000 CR4: 0000000000350ee0 [ 196.687751] Call Trace: [ 196.687956] [ 196.688132] kasan_unpoison+0x23/0x60 [ 196.688433] mempool_exit+0x1c2/0x330 [ 196.688748] bioset_exit+0x2c9/0x630 [ 196.689051] disk_release+0x143/0x490 [ 196.689348] ? disk_release+0x0/0x490 [ 196.689644] ? device_release+0x0/0x250 [ 196.689945] device_release+0xa2/0x250 [ 196.690246] ? device_release+0x0/0x250 [ 196.690565] kobject_put+0x173/0x280 [ 196.690861] put_device+0x1b/0x40 [ 196.691124] put_disk+0x41/0x60 [ 196.691377] loop_control_ioctl+0x4d1/0x630 [ 196.691704] ? loop_control_ioctl+0x0/0x630 [ 196.692024] ? selinux_file_ioctl+0xb1/0x270 [ 196.692368] ? loop_control_ioctl+0x0/0x630 [ 196.692685] __x64_sys_ioctl+0x19a/0x220 [ 196.693001] do_syscall_64+0x3b/0xa0 [ 196.693292] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 196.693677] RIP: 0033:0x7fbc67ce9b19 [ 196.693971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 196.695283] RSP: 002b:00007fbc6525f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 196.695842] RAX: ffffffffffffffda RBX: 00007fbc67dfcf60 RCX: 00007fbc67ce9b19 [ 196.696361] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000006 [ 196.696888] RBP: 00007fbc67d43f6d R08: 0000000000000000 R09: 0000000000000000 [ 196.697403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 196.697909] R13: 00007fff9ea2540f R14: 00007fbc6525f300 R15: 0000000000022000 [ 196.698439] [ 196.698610] Modules linked in: [ 196.698860] CR2: ffffed100fffc000 [ 196.699115] ---[ end trace 0000000000000000 ]--- [ 196.699466] RIP: 0010:__memset+0x24/0x50 [ 196.699783] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 196.701084] RSP: 0018:ffff88804317fcc0 EFLAGS: 00010212 [ 196.701455] RAX: 0000000000000000 RBX: ffff88800c0cc0c0 RCX: 1ffffe21fe6071f5 [ 196.701939] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 196.702472] RBP: ffff88800c0dbc80 R08: 0000000000000005 R09: ffffed1001819818 [ 196.703005] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c0dbc80 [ 196.703525] R13: ffff88800c0cc0c0 R14: ffffffff815f27a0 R15: 1ffff11001122a1f [ 196.704044] FS: 00007fbc6525f700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 196.704624] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 196.705025] CR2: ffffed100fffc000 CR3: 0000000015c50000 CR4: 0000000000350ee0 12:36:00 executing program 3: syz_mount_image$vfat(&(0x7f0000000f80), &(0x7f0000000fc0)='./file0\x00', 0x0, 0x0, &(0x7f0000001080), 0x0, &(0x7f0000001000)={[{@fat=@nfs}, {@utf8}]}) 12:36:00 executing program 3: syslog(0x0, 0x0, 0x0) syslog(0x2, &(0x7f0000000380)=""/66, 0x42) syslog(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) getpid() signalfd(0xffffffffffffffff, 0x0, 0x0) accept$inet(0xffffffffffffffff, 0x0, 0x0) 12:36:00 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() tgkill(r0, r0, 0x0) 12:36:00 executing program 4: syslog(0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1ce3ffffa7fbf62de3d572f985484579bf673ee9d425e3bc1adf80e1db04da1e1321468bd68bd9576a80a67e3ddbc6cb37b6c753b9dcb68a540e3a0db59e26c11c694dd1825ddbcc347c33252a5d3c388ee86b6b1fd51f695575eb853b2cd14e992080df583097caa0699847ac64313d13546880da756fb0485e37f3e1b5903a9b5cb1f2dd3fa0eac0d0015a94dbaeabf474aff0db1c9ca83d3c63ddb959a902f7983623fe9796953792c555ec5f8591dea277b8218eef50ae6dca3b77554a40f1765eea2c726b3ffa164d17413a95856cc86f4dba559832397b763294594d955c7a51084edbf252a1eac2c712dacdc8a93e86c70059e3eef5606a5d7e9167b16ca7ff9a24a0491370bd", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) r3 = getpid() r4 = signalfd(r0, &(0x7f00000001c0)={[0x2]}, 0x8) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x1) r5 = accept$inet(r2, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@private2, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe8) kcmp(r3, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x1340, 0x7, 0x2c5}, r3, 0xe, r1, 0x0) 12:36:00 executing program 5: syslog(0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1ce3ffffa7fbf62de3d572f985484579bf673ee9d425e3bc1adf80e1db04da1e1321468bd68bd9576a80a67e3ddbc6cb37b6c753b9dcb68a540e3a0db59e26c11c694dd1825ddbcc347c33252a5d3c388ee86b6b1fd51f695575eb853b2cd14e992080df583097caa0699847ac64313d13546880da756fb0485e37f3e1b5903a9b5cb1f2dd3fa0eac0d0015a94dbaeabf474aff0db1c9ca83d3c63ddb959a902f7983623fe9796953792c555ec5f8591dea277b8218eef50ae6dca3b77554a40f1765eea2c726b3ffa164d17413a95856cc86f4dba559832397b763294594d955c7a51084edbf252a1eac2c712dacdc8a93e86c70059e3eef5606a5d7e9167b16ca7ff9a24a0491370bd", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) r3 = getpid() r4 = signalfd(r0, &(0x7f00000001c0)={[0x2]}, 0x8) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x1) r5 = accept$inet(r2, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@private2, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe8) kcmp(r3, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x1340, 0x7, 0x2c5}, r3, 0xe, r1, 0x0) 12:36:00 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800, 0x0, {0x0, r2}}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x4004, @fd=r1, 0x101, &(0x7f0000000380)=""/83, 0x53, 0x3, 0x1}, 0x3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) getsockname$packet(r3, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r1, 0x89fb, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x4, 0xfe, 0x40, 0x5, 0x32, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x7, 0x7800, 0x10001}}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xfd}}, 0x14) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2080000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 12:36:00 executing program 7: syslog(0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1ce3ffffa7fbf62de3d572f985484579bf673ee9d425e3bc1adf80e1db04da1e1321468bd68bd9576a80a67e3ddbc6cb37b6c753b9dcb68a540e3a0db59e26c11c694dd1825ddbcc347c33252a5d3c388ee86b6b1fd51f695575eb853b2cd14e992080df583097caa0699847ac64313d13546880da756fb0485e37f3e1b5903a9b5cb1f2dd3fa0eac0d0015a94dbaeabf474aff0db1c9ca83d3c63ddb959a902f7983623fe9796953792c555ec5f8591dea277b8218eef50ae6dca3b77554a40f1765eea2c726b3ffa164d17413a95856cc86f4dba559832397b763294594d955c7a51084edbf252a1eac2c712dacdc8a93e86c70059e3eef5606a5d7e9167b16ca7ff9a24a0491370bd", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) r3 = getpid() r4 = signalfd(r0, &(0x7f00000001c0)={[0x2]}, 0x8) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x1) r5 = accept$inet(r2, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@private2, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe8) kcmp(r3, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x1340, 0x7, 0x2c5}, r3, 0xe, r1, 0x0) 12:36:00 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000680), 0xe0802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) 12:36:01 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000680), 0xe0802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) 12:36:01 executing program 4: syslog(0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1ce3ffffa7fbf62de3d572f985484579bf673ee9d425e3bc1adf80e1db04da1e1321468bd68bd9576a80a67e3ddbc6cb37b6c753b9dcb68a540e3a0db59e26c11c694dd1825ddbcc347c33252a5d3c388ee86b6b1fd51f695575eb853b2cd14e992080df583097caa0699847ac64313d13546880da756fb0485e37f3e1b5903a9b5cb1f2dd3fa0eac0d0015a94dbaeabf474aff0db1c9ca83d3c63ddb959a902f7983623fe9796953792c555ec5f8591dea277b8218eef50ae6dca3b77554a40f1765eea2c726b3ffa164d17413a95856cc86f4dba559832397b763294594d955c7a51084edbf252a1eac2c712dacdc8a93e86c70059e3eef5606a5d7e9167b16ca7ff9a24a0491370bd", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) r3 = getpid() r4 = signalfd(r0, &(0x7f00000001c0)={[0x2]}, 0x8) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x1) r5 = accept$inet(r2, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@private2, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe8) kcmp(r3, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x1340, 0x7, 0x2c5}, r3, 0xe, r1, 0x0) 12:36:01 executing program 5: syslog(0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1ce3ffffa7fbf62de3d572f985484579bf673ee9d425e3bc1adf80e1db04da1e1321468bd68bd9576a80a67e3ddbc6cb37b6c753b9dcb68a540e3a0db59e26c11c694dd1825ddbcc347c33252a5d3c388ee86b6b1fd51f695575eb853b2cd14e992080df583097caa0699847ac64313d13546880da756fb0485e37f3e1b5903a9b5cb1f2dd3fa0eac0d0015a94dbaeabf474aff0db1c9ca83d3c63ddb959a902f7983623fe9796953792c555ec5f8591dea277b8218eef50ae6dca3b77554a40f1765eea2c726b3ffa164d17413a95856cc86f4dba559832397b763294594d955c7a51084edbf252a1eac2c712dacdc8a93e86c70059e3eef5606a5d7e9167b16ca7ff9a24a0491370bd", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) r3 = getpid() r4 = signalfd(r0, &(0x7f00000001c0)={[0x2]}, 0x8) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x1) r5 = accept$inet(r2, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@private2, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe8) kcmp(r3, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x1, 0x3, 0x0, 0x5, 0x0, 0x315, 0x20, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8d90, 0x1, @perf_bp={&(0x7f0000000200), 0x1}, 0x10, 0x9, 0x269387ea, 0x5, 0x1340, 0x7, 0x2c5}, r3, 0xe, r1, 0x0) 12:36:01 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800, 0x0, {0x0, r2}}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x4004, @fd=r1, 0x101, &(0x7f0000000380)=""/83, 0x53, 0x3, 0x1}, 0x3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) getsockname$packet(r3, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r1, 0x89fb, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x4, 0xfe, 0x40, 0x5, 0x32, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x7, 0x7800, 0x10001}}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xfd}}, 0x14) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2080000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 12:36:01 executing program 3: syz_emit_ethernet(0xae, &(0x7f0000000000)={@empty, @link_local, @val={@void}, {@ipv4={0x800, @gre={{0x16, 0x4, 0x0, 0x0, 0x9c, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0xb, 0x0, [@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast]}, @rr={0x7, 0x2b, 0x0, [@rand_addr, @local, @multicast1, @local, @empty, @rand_addr, @loopback, @broadcast, @broadcast, @multicast2]}, @ra={0x94, 0x4}, @timestamp={0x44, 0x8, 0x0, 0x0, 0x0, [0x0]}]}}}}}}, 0x0) 12:36:01 executing program 7: perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x25882, 0xc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x200, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x4) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write(r0, &(0x7f0000000080)="01", 0x41030) 12:36:01 executing program 2: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x4d031, 0xffffffffffffffff, 0x0) r0 = eventfd(0x0) write(r0, &(0x7f00000041c0)="ef58f9b4c16f207a", 0x8) 12:36:01 executing program 1: r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8955, &(0x7f0000002440)={{0x2, 0x0, @loopback}, {0x306, @dev}, 0x18, {0x2, 0x0, @broadcast}, 'lo\x00'}) 12:36:01 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, 0x0) 12:36:01 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000680), 0xe0802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) 12:36:01 executing program 3: r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x21354) 12:36:01 executing program 1: r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8955, &(0x7f0000002440)={{0x2, 0x0, @loopback}, {0x306, @dev}, 0x18, {0x2, 0x0, @broadcast}, 'lo\x00'}) 12:36:01 executing program 7: perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x25882, 0xc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x200, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x4) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write(r0, &(0x7f0000000080)="01", 0x41030) 12:36:01 executing program 2: r0 = socket$unix(0x1, 0x5, 0x0) io_setup(0x4e, &(0x7f0000000000)=0x0) io_submit(r1, 0x1, &(0x7f0000001740)=[&(0x7f0000000240)={0x0, 0x0, 0x2, 0x5, 0x0, r0, 0x0}]) 12:36:01 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000180)=""/4096) 12:36:01 executing program 4: syslog(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2, 0x40010, r0, 0x101) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x20, 0x3, 0xe0, 0x4, 0x0, 0x7fff, 0x4024, 0xc, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000140), 0x2}, 0x3a04, 0x2, 0x7f1, 0x1, 0x4, 0x7, 0x7fff, 0x0, 0x2, 0x0, 0x1}, 0x0, 0xd, r0, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="ce01", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x100, 0x22) 12:36:01 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000400)=0x80, &(0x7f0000000300)=@isdn, 0x0, 0x80800, 0x0, {0x0, r2}}, 0x3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @loopback}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x4004, @fd=r1, 0x101, &(0x7f0000000380)=""/83, 0x53, 0x3, 0x1}, 0x3) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) getsockname$packet(r3, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r1, 0x89fb, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x4, 0xfe, 0x40, 0x5, 0x32, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x7, 0x7800, 0x10001}}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xfd}}, 0x14) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2080000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 12:36:02 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0xfffffffffffffffc, 0x0) 12:36:02 executing program 1: r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8955, &(0x7f0000002440)={{0x2, 0x0, @loopback}, {0x306, @dev}, 0x18, {0x2, 0x0, @broadcast}, 'lo\x00'}) 12:36:02 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000680), 0xe0802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) 12:36:02 executing program 2: syz_emit_ethernet(0x46, &(0x7f0000000100)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x10, 0x3a, 0xff, @empty, @local, {[], @ndisc_ra}}}}}, 0x0) 12:36:02 executing program 3: r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x21354) 12:36:02 executing program 1: r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8955, &(0x7f0000002440)={{0x2, 0x0, @loopback}, {0x306, @dev}, 0x18, {0x2, 0x0, @broadcast}, 'lo\x00'}) 12:36:02 executing program 5: openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000005c0)={0x14}, 0x14}}, 0x0) 12:36:02 executing program 3: r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x21354) 12:36:02 executing program 2: setxattr$incfs_size(0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000001e00), 0x0, 0x0) ppoll(&(0x7f0000000340)=[{r0}], 0x1, &(0x7f0000000380)={0x0, 0x3938700}, 0x0, 0x0) 12:36:02 executing program 7: perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x25882, 0xc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x200, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x4) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write(r0, &(0x7f0000000080)="01", 0x41030) 12:36:02 executing program 5: openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000005c0)={0x14}, 0x14}}, 0x0) 12:36:02 executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) link(&(0x7f0000000300)='./file1\x00', &(0x7f0000000480)='./file0\x00') 12:36:02 executing program 3: r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x21354) 12:36:02 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 12:36:02 executing program 2: setxattr$incfs_size(0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000001e00), 0x0, 0x0) ppoll(&(0x7f0000000340)=[{r0}], 0x1, &(0x7f0000000380)={0x0, 0x3938700}, 0x0, 0x0) 12:36:02 executing program 4: syslog(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2, 0x40010, r0, 0x101) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x20, 0x3, 0xe0, 0x4, 0x0, 0x7fff, 0x4024, 0xc, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000140), 0x2}, 0x3a04, 0x2, 0x7f1, 0x1, 0x4, 0x7, 0x7fff, 0x0, 0x2, 0x0, 0x1}, 0x0, 0xd, r0, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="ce01", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x100, 0x22) 12:36:02 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000340), r0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x14}, 0x14}}, 0x20000040) 12:36:02 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 12:36:03 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x80010, 0xffffffffffffffff, 0xa015000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000180)=']{\x00', 0x0, 0xffffffffffffffff) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x100000a, 0x11, r0, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x11, 0x0, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0xff, 0x4, 0x5, 0x3f, 0x0, 0x100000001, 0x81080, 0xe, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x2, 0x13439f45}, 0x43441, 0x9, 0x400, 0x0, 0x6, 0x101, 0x3, 0x0, 0x6, 0x0, 0x8}, 0x0, 0xc, r3, 0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x8, 0xfffffffffffffe8c}, 0x0, 0x0, 0x0, 0x8, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) 12:36:03 executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) link(&(0x7f0000000300)='./file1\x00', &(0x7f0000000480)='./file0\x00') 12:36:03 executing program 2: setxattr$incfs_size(0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000001e00), 0x0, 0x0) ppoll(&(0x7f0000000340)=[{r0}], 0x1, &(0x7f0000000380)={0x0, 0x3938700}, 0x0, 0x0) 12:36:03 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 12:36:03 executing program 5: openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000005c0)={0x14}, 0x14}}, 0x0) 12:36:03 executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) link(&(0x7f0000000300)='./file1\x00', &(0x7f0000000480)='./file0\x00') 12:36:03 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 12:36:04 executing program 4: syslog(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2, 0x40010, r0, 0x101) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x20, 0x3, 0xe0, 0x4, 0x0, 0x7fff, 0x4024, 0xc, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000140), 0x2}, 0x3a04, 0x2, 0x7f1, 0x1, 0x4, 0x7, 0x7fff, 0x0, 0x2, 0x0, 0x1}, 0x0, 0xd, r0, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="ce01", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x100, 0x22) 12:36:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x56ad, &(0x7f0000000140)={0x0, 0x6c4c, 0x10, 0x2, 0x212}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000), 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x800000000000, 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) getpgid(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') pread64(r1, &(0x7f0000000300)=""/102389, 0x18ff5, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x400080, 0x0) 12:36:04 executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) link(&(0x7f0000000300)='./file1\x00', &(0x7f0000000480)='./file0\x00') 12:36:04 executing program 5: openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000005c0)={0x14}, 0x14}}, 0x0) 12:36:04 executing program 2: setxattr$incfs_size(0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000001e00), 0x0, 0x0) ppoll(&(0x7f0000000340)=[{r0}], 0x1, &(0x7f0000000380)={0x0, 0x3938700}, 0x0, 0x0) 12:36:04 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x80010, 0xffffffffffffffff, 0xa015000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000180)=']{\x00', 0x0, 0xffffffffffffffff) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x100000a, 0x11, r0, 0xa015000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x11, 0x0, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0x7}, 0x15182, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0xff, 0x4, 0x5, 0x3f, 0x0, 0x100000001, 0x81080, 0xe, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x2, 0x13439f45}, 0x43441, 0x9, 0x400, 0x0, 0x6, 0x101, 0x3, 0x0, 0x6, 0x0, 0x8}, 0x0, 0xc, r3, 0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x8, 0xfffffffffffffe8c}, 0x0, 0x0, 0x0, 0x8, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r0, 0x0, 0xfffffdef) 12:36:04 executing program 7: perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x25882, 0xc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x200, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x4) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffdef) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write(r0, &(0x7f0000000080)="01", 0x41030) 12:36:04 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) 12:36:04 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x1) r0 = epoll_create(0x4) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x2) io_submit(0x0, 0x30, &(0x7f0000001340)) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x541c, &(0x7f0000000180)) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r3, &(0x7f0000000040)=[{&(0x7f0000000300)="0342edecebdd40", 0x7}, {&(0x7f0000000180)}, {&(0x7f0000000440)="cb59080af0522b7a097ad2d9fa8c0fa2d6e144bcee5c6c3602af9b34e557025a12b76979fd75c1670677d807ae4bc46df2437d1e489bcd0d42376be2a82cc11b19c2fe9ad547d82806a8a2759cf7a9e4356014c8795e0de13fbf8b0f92c7f6ef4942c13ce63e0839fb02bbdf91731c5269a21b7d2208fe28b8f12938081f983f4eeae13caabb00ef288b2868c7fd89dd6d879f095c2b711d65569f0bab369c64f9963083a8334d25640fa38b65a3e7d21434be46f03d683afdcde3f6add3ffe7337d6865b420cf4ecc0920effd2efb4991c0a61d5ef78a3d1b3909393f4d52f519e31040d1a2b6bbe3057f62d6137c6c0294eb1ba47697ddb0cf0cf123ae93834de351c483b1f01e4afb68c45dc5e44235b6354cbe2b45a85a1d134b2a499dff3fe5df675c7c35828b7f10afc6c8faaf0266a0cbbec9c80076cf8fadea", 0x13d}], 0x3, 0x9e74, 0x2) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000080)) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffff3e}}, 0x0, 0x0, 0xffffffffffffffff, 0x8) 12:36:04 executing program 6: socket$inet(0x2, 0x0, 0x0) [ 200.573924] audit: type=1400 audit(1667219764.233:11): avc: denied { block_suspend } for pid=6937 comm="syz-executor.0" capability=36 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 12:36:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @dev}, 0xc) setsockopt$inet_mreqn(r0, 0x0, 0x25, &(0x7f00000003c0)={@multicast1, @local}, 0xc) 12:36:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x56ad, &(0x7f0000000140)={0x0, 0x6c4c, 0x10, 0x2, 0x212}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000), 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x800000000000, 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) getpgid(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') pread64(r1, &(0x7f0000000300)=""/102389, 0x18ff5, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x400080, 0x0) 12:36:04 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2, 0x0) pwrite64(r0, &(0x7f00000000c0)='9', 0x1, 0x8040000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) fallocate(r1, 0x3, 0x0, 0x4000) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)='Z', 0x1}], 0x1) 12:36:04 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)={{}, {0x4}}, 0x24, 0x0) 12:36:04 executing program 4: syslog(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2, 0x40010, r0, 0x101) sendfile(r1, r2, 0x0, 0x10000027f) socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x20, 0x3, 0xe0, 0x4, 0x0, 0x7fff, 0x4024, 0xc, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000140), 0x2}, 0x3a04, 0x2, 0x7f1, 0x1, 0x4, 0x7, 0x7fff, 0x0, 0x2, 0x0, 0x1}, 0x0, 0xd, r0, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="ce01", @ANYRES16, @ANYBLOB="ff05002179043f5918d8d6000000000000ffff"], 0x1c}}, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x100, 0x22) 12:36:04 executing program 2: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) lseek(r0, 0xc1, 0x1) 12:36:04 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) 12:36:04 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)) r1 = fcntl$getown(r0, 0x9) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000440)={0x3, &(0x7f0000000400)=[{0x1, 0xff, 0x9, 0x2}, {0x6, 0x0, 0x2, 0x7}, {0x400, 0x0, 0x6, 0x10000}]}, 0x10) syz_open_procfs(r1, &(0x7f0000000200)='net/bnep\x00') ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) socket$netlink(0x10, 0x3, 0x0) setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000000), 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, 0x0, 0x2, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x4}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24008080}, 0x4814) ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000040)={'ip6tnl0\x00', &(0x7f00000011c0)={'ip6gre0\x00', 0x0, 0x29, 0x7, 0x65, 0x101, 0x0, @remote, @mcast2, 0x8, 0x7, 0x5, 0x1}}) syz_emit_ethernet(0x2a, &(0x7f00000003c0)=ANY=[@ANYBLOB="bb0100000000000000aaaabb0800d0a06a8308d25077894500001c000000000011907800000000f5220257bad8afc86b3f00000000"], 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) fstat(r2, &(0x7f0000000180)) setsockopt$sock_timeval(r3, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 12:36:04 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) 12:36:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x56ad, &(0x7f0000000140)={0x0, 0x6c4c, 0x10, 0x2, 0x212}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000), 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x800000000000, 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) getpgid(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') pread64(r1, &(0x7f0000000300)=""/102389, 0x18ff5, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x400080, 0x0) 12:36:04 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) VM DIAGNOSIS: 12:35:55 Registers: info registers vcpu 0 RAX=000000000000007a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82451091 RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff88804317f508 R8 =0000000000000001 R9 =000000000000000a R10=000000000000007a R11=0000000000000001 R12=000000000000007a R13=ffffffff879a19a0 R14=0000000000000010 R15=ffffffff82451080 RIP=ffffffff824510e9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7e2a32b700 00000000 00000000 GS =0000 ffff88806d000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe5121bca000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe5121bc8000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed100fffc000 CR3=0000000016b4a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000ff0000 XMM01=6a6e695f31313230385f7a7973006273 XMM02=00000000000000000000000000000000 XMM03=00007f7e2ce9c7c800007f7e2ce9c7c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffed100da254c0 RBX=ffffed100da254c1 RCX=ffffffff812c0202 RDX=ffffed100da254c1 RSI=0000000000000004 RDI=ffff88806d12a600 RBP=ffffed100da254c0 RSP=ffff88806d1095c8 R8 =0000000000000001 R9 =ffff88806d12a603 R10=ffffed100da254c0 R11=0000000000000001 R12=ffff88806d12a608 R13=ffff88806d12a610 R14=0000000000000000 R15=ffff88806d12a600 RIP=ffffffff817baf15 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f37688af8c0 00000000 00000000 GS =0000 ffff88806d100000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe2b742c0000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe2b742be000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbc67dcdb58 CR3=00000000158ce000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffff00ffffff0000000000 XMM02=7269762f736563697665642f7379732f XMM03=622f6c6175747269762f736563697665 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000560faa2daf800000560faa2deb20 XMM06=0000560faa2d5d50ffffffff00000002 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000