Warning: Permanently added '[localhost]:64629' (ECDSA) to the list of known hosts.
2023/03/27 10:55:11 fuzzer started
2023/03/27 10:55:12 dialing manager at localhost:45291
syzkaller login: [   43.470133] cgroup: Unknown subsys name 'net'
[   43.583061] cgroup: Unknown subsys name 'rlimit'
2023/03/27 10:55:27 syscalls: 2217
2023/03/27 10:55:27 code coverage: enabled
2023/03/27 10:55:27 comparison tracing: enabled
2023/03/27 10:55:27 extra coverage: enabled
2023/03/27 10:55:27 setuid sandbox: enabled
2023/03/27 10:55:27 namespace sandbox: enabled
2023/03/27 10:55:27 Android sandbox: enabled
2023/03/27 10:55:27 fault injection: enabled
2023/03/27 10:55:27 leak checking: enabled
2023/03/27 10:55:27 net packet injection: enabled
2023/03/27 10:55:27 net device setup: enabled
2023/03/27 10:55:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2023/03/27 10:55:27 devlink PCI setup: PCI device 0000:00:10.0 is not available
2023/03/27 10:55:27 USB emulation: enabled
2023/03/27 10:55:27 hci packet injection: enabled
2023/03/27 10:55:27 wifi device emulation: enabled
2023/03/27 10:55:27 802.15.4 emulation: enabled
2023/03/27 10:55:27 fetching corpus: 0, signal 0/2000 (executing program)
2023/03/27 10:55:27 fetching corpus: 36, signal 22814/25998 (executing program)
2023/03/27 10:55:27 fetching corpus: 85, signal 39569/43387 (executing program)
2023/03/27 10:55:27 fetching corpus: 135, signal 48242/52733 (executing program)
2023/03/27 10:55:27 fetching corpus: 184, signal 55069/60059 (executing program)
2023/03/27 10:55:28 fetching corpus: 232, signal 59321/64847 (executing program)
2023/03/27 10:55:28 fetching corpus: 282, signal 66545/72065 (executing program)
2023/03/27 10:55:28 fetching corpus: 332, signal 73575/78901 (executing program)
2023/03/27 10:55:28 fetching corpus: 382, signal 78002/83258 (executing program)
2023/03/27 10:55:28 fetching corpus: 431, signal 80853/86187 (executing program)
2023/03/27 10:55:28 fetching corpus: 481, signal 87357/91833 (executing program)
2023/03/27 10:55:29 fetching corpus: 531, signal 90457/94647 (executing program)
2023/03/27 10:55:29 fetching corpus: 581, signal 93820/97519 (executing program)
2023/03/27 10:55:29 fetching corpus: 631, signal 98085/100985 (executing program)
2023/03/27 10:55:29 fetching corpus: 681, signal 102266/104233 (executing program)
2023/03/27 10:55:29 fetching corpus: 731, signal 106150/107023 (executing program)
2023/03/27 10:55:30 fetching corpus: 769, signal 107982/108374 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108416 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108443 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108469 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108498 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108524 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108543 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108561 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108586 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108606 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108629 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108644 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108670 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108694 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108714 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108733 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108753 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108777 (executing program)
2023/03/27 10:55:30 fetching corpus: 770, signal 108011/108801 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/108833 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/108853 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/108874 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/108903 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/108921 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/108941 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/108962 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/108982 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/109008 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/109030 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/109056 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/109073 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108024/109099 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108084/109177 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108084/109194 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108084/109211 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108108/109229 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108108/109252 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108131/109279 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108131/109288 (executing program)
2023/03/27 10:55:30 fetching corpus: 771, signal 108131/109288 (executing program)
2023/03/27 10:55:32 starting 8 fuzzer processes
10:55:32 executing program 0:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

10:55:32 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@getsa={0x34, 0x12, 0x1, 0x0, 0x0, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}}, [@mark={0xc}]}, 0x34}}, 0x0)

10:55:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[   63.226523] audit: type=1400 audit(1679914532.585:6): avc:  denied  { execmem } for  pid=269 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
10:55:32 executing program 3:
syz_emit_ethernet(0x6f, &(0x7f0000000040)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"be7b7540e0a521bf3bd8f58f3feb78058d91f6353e3314dfdfa342e6de1dee30d89fe314b0a132a8259c6f8bb7cd5c62750fe4bf6da157b727"}}}}}}, 0x0)

10:55:32 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000004700)=[{{0x0, 0x0, &(0x7f0000001700)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x1, 0x0, 0x0)

10:55:32 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

10:55:32 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)

10:55:32 executing program 6:
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0)

[   64.381804] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.384351] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.385605] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.388591] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.390159] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   64.391917] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.440699] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.443072] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.446344] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   64.447549] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.448650] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.450664] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.451956] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   64.453229] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   64.454305] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.456224] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.458046] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   64.459506] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   64.460736] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.462633] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   64.464067] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   64.465216] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.469981] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   64.471183] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.525961] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   64.528347] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   64.531371] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   64.532894] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   64.535676] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   64.536768] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   64.538763] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   64.543905] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   64.544957] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   64.547206] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   64.548965] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   64.550033] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   64.562615] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   64.616517] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   64.658073] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   64.678630] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   64.691481] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   64.693076] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   66.408705] Bluetooth: hci0: command 0x0409 tx timeout
[   66.471350] Bluetooth: hci1: command 0x0409 tx timeout
[   66.535540] Bluetooth: hci3: command 0x0409 tx timeout
[   66.536083] Bluetooth: hci2: command 0x0409 tx timeout
[   66.599315] Bluetooth: hci7: Opcode 0x c03 failed: -110
[   66.600383] Bluetooth: hci4: command 0x0409 tx timeout
[   66.664341] Bluetooth: hci5: command 0x0409 tx timeout
[   66.727310] Bluetooth: hci6: command 0x0409 tx timeout
[   68.455861] Bluetooth: hci0: command 0x041b tx timeout
[   68.519371] Bluetooth: hci1: command 0x041b tx timeout
[   68.583381] Bluetooth: hci2: command 0x041b tx timeout
[   68.583407] Bluetooth: hci3: command 0x041b tx timeout
[   68.647337] Bluetooth: hci4: command 0x041b tx timeout
[   68.711409] Bluetooth: hci5: command 0x041b tx timeout
[   68.775596] Bluetooth: hci6: command 0x041b tx timeout
[   70.503323] Bluetooth: hci0: command 0x040f tx timeout
[   70.568296] Bluetooth: hci1: command 0x040f tx timeout
[   70.631292] Bluetooth: hci2: command 0x040f tx timeout
[   70.632884] Bluetooth: hci3: command 0x040f tx timeout
[   70.696282] Bluetooth: hci4: command 0x040f tx timeout
[   70.760297] Bluetooth: hci5: command 0x040f tx timeout
[   70.824294] Bluetooth: hci6: command 0x040f tx timeout
[   71.399304] Bluetooth: hci7: Opcode 0x c03 failed: -110
[   72.552293] Bluetooth: hci0: command 0x0419 tx timeout
[   72.615378] Bluetooth: hci1: command 0x0419 tx timeout
[   72.680842] Bluetooth: hci3: command 0x0419 tx timeout
[   72.680866] Bluetooth: hci2: command 0x0419 tx timeout
[   72.743339] Bluetooth: hci4: command 0x0419 tx timeout
[   72.807341] Bluetooth: hci5: command 0x0419 tx timeout
[   72.871333] Bluetooth: hci6: command 0x0419 tx timeout
[   73.794158] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   73.795117] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   73.796164] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   73.798384] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   73.799340] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   73.799996] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   75.815445] Bluetooth: hci7: command 0x0409 tx timeout
[   77.864295] Bluetooth: hci7: command 0x041b tx timeout
[   79.911296] Bluetooth: hci7: command 0x040f tx timeout
[   81.959296] Bluetooth: hci7: command 0x0419 tx timeout
[  104.694481] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.695196] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.696495] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  104.907421] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.908129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.910026] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  105.536802] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.538179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.541157] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  105.875117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.876105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.878155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  106.083788] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.084795] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.144108] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  106.168573] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.169198] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.171161] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  106.288975] audit: type=1400 audit(1679914575.650:7): avc:  denied  { open } for  pid=3739 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  106.290338] audit: type=1400 audit(1679914575.651:8): avc:  denied  { kernel } for  pid=3739 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  106.356629] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.357196] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.360029] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
10:56:15 executing program 7:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)

10:56:15 executing program 7:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)

[  106.526998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.528354] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.530519] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
10:56:16 executing program 7:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)

10:56:16 executing program 7:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)

10:56:16 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@getsa={0x34, 0x12, 0x1, 0x0, 0x0, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}}, [@mark={0xc}]}, 0x34}}, 0x0)

10:56:16 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

10:56:16 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@getsa={0x34, 0x12, 0x1, 0x0, 0x0, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}}, [@mark={0xc}]}, 0x34}}, 0x0)

10:56:16 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@getsa={0x34, 0x12, 0x1, 0x0, 0x0, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}}, [@mark={0xc}]}, 0x34}}, 0x0)

[  107.275418] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.275966] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.277610] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  107.344973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.345594] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.347080] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  107.389890] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.390499] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.391989] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  107.436705] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.437595] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.438926] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  107.474379] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=3821 'syz-executor.2'
[  107.491669] loop2: detected capacity change from 0 to 40
[  107.509183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.510832] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.513166] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  107.561150] hrtimer: interrupt took 26359 ns
[  107.590610] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.591726] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.594020] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  108.324174] syz-executor.2: attempt to access beyond end of device
[  108.324174] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[  108.326044] Buffer I/O error on dev loop2, logical block 10, lost async page write
[  109.203453] loop5: detected capacity change from 0 to 40
[  109.245313] syz-executor.5: attempt to access beyond end of device
[  109.245313] loop5: rw=2049, sector=92, nr_sectors = 8 limit=40
[  112.025401] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.025991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.027597] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  112.054776] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.055380] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.056758] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
10:56:21 executing program 6:
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0)

10:56:21 executing program 3:
syz_emit_ethernet(0x6f, &(0x7f0000000040)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"be7b7540e0a521bf3bd8f58f3feb78058d91f6353e3314dfdfa342e6de1dee30d89fe314b0a132a8259c6f8bb7cd5c62750fe4bf6da157b727"}}}}}}, 0x0)

10:56:21 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000004700)=[{{0x0, 0x0, &(0x7f0000001700)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x1, 0x0, 0x0)

10:56:21 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

10:56:21 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

10:56:21 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

10:56:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[  112.378162] loop2: detected capacity change from 0 to 40
[  112.383086] loop5: detected capacity change from 0 to 40
10:56:21 executing program 0:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

[  112.430965] syz-executor.5: attempt to access beyond end of device
[  112.430965] loop5: rw=2049, sector=92, nr_sectors = 8 limit=40
[  112.499524] syz-executor.2: attempt to access beyond end of device
[  112.499524] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[  112.500492] Buffer I/O error on dev loop2, logical block 10, lost async page write
10:56:21 executing program 6:
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0)

10:56:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

10:56:21 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

10:56:21 executing program 3:
syz_emit_ethernet(0x6f, &(0x7f0000000040)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"be7b7540e0a521bf3bd8f58f3feb78058d91f6353e3314dfdfa342e6de1dee30d89fe314b0a132a8259c6f8bb7cd5c62750fe4bf6da157b727"}}}}}}, 0x0)

10:56:21 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000004700)=[{{0x0, 0x0, &(0x7f0000001700)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x1, 0x0, 0x0)

10:56:21 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

10:56:21 executing program 0:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

10:56:21 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

[  112.543323] loop5: detected capacity change from 0 to 40
[  112.584557] syz-executor.5: attempt to access beyond end of device
[  112.584557] loop5: rw=2049, sector=92, nr_sectors = 8 limit=40
[  112.605407] loop2: detected capacity change from 0 to 40
10:56:21 executing program 3:
syz_emit_ethernet(0x6f, &(0x7f0000000040)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"be7b7540e0a521bf3bd8f58f3feb78058d91f6353e3314dfdfa342e6de1dee30d89fe314b0a132a8259c6f8bb7cd5c62750fe4bf6da157b727"}}}}}}, 0x0)

10:56:21 executing program 5:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

10:56:22 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000004700)=[{{0x0, 0x0, &(0x7f0000001700)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x1, 0x0, 0x0)

10:56:22 executing program 6:
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0)

10:56:22 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

[  112.711115] loop5: detected capacity change from 0 to 40
[  112.715193] syz-executor.2: attempt to access beyond end of device
[  112.715193] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[  112.716163] Buffer I/O error on dev loop2, logical block 10, lost async page write
[  112.747826] syz-executor.5: attempt to access beyond end of device
[  112.747826] loop5: rw=2049, sector=92, nr_sectors = 8 limit=40
10:56:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

10:56:22 executing program 6:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

[  112.880161] loop2: detected capacity change from 0 to 40
[  113.113952] syz-executor.2: attempt to access beyond end of device
[  113.113952] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[  113.115044] Buffer I/O error on dev loop2, logical block 10, lost async page write
10:56:22 executing program 0:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

10:56:22 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

10:56:22 executing program 6:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

10:56:22 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

10:56:22 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

10:56:22 executing program 2:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

10:56:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

10:56:22 executing program 6:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

10:56:22 executing program 2:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

[  113.336786] loop1: detected capacity change from 0 to 40
10:56:22 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

[  113.400209] syz-executor.1: attempt to access beyond end of device
[  113.400209] loop1: rw=2049, sector=92, nr_sectors = 8 limit=40
[  113.405298] loop3: detected capacity change from 0 to 40
10:56:22 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

10:56:22 executing program 2:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

[  113.445552] syz-executor.3: attempt to access beyond end of device
[  113.445552] loop3: rw=2049, sector=92, nr_sectors = 8 limit=40
10:56:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

[  113.563873] loop1: detected capacity change from 0 to 40
[  113.583475] syz-executor.1: attempt to access beyond end of device
[  113.583475] loop1: rw=2049, sector=92, nr_sectors = 8 limit=40
10:56:23 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

10:56:23 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

[  113.690436] loop2: detected capacity change from 0 to 40
[  113.693480] loop7: detected capacity change from 0 to 40
[  113.703912] loop3: detected capacity change from 0 to 40
10:56:23 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

10:56:23 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

10:56:23 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

10:56:23 executing program 4:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

10:56:23 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

10:56:23 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

[  113.720066] loop6: detected capacity change from 0 to 40
[  113.747874] loop1: detected capacity change from 0 to 40
[  113.753347] loop0: detected capacity change from 0 to 40
[  113.759386] syz-executor.6: attempt to access beyond end of device
[  113.759386] loop6: rw=2049, sector=92, nr_sectors = 8 limit=40
10:56:23 executing program 5:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0)
r2 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x842, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)

[  113.773545] syz-executor.3: attempt to access beyond end of device
[  113.773545] loop3: rw=2049, sector=92, nr_sectors = 8 limit=40
10:56:23 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[  113.801764] syz-executor.2: attempt to access beyond end of device
10:56:23 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

[  113.801764] loop2: rw=2049, sector=92, nr_sectors = 8 limit=40
[  113.840800] syz-executor.1: attempt to access beyond end of device
[  113.840800] loop1: rw=2049, sector=92, nr_sectors = 8 limit=40
[  113.867062] loop6: detected capacity change from 0 to 40
10:56:23 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

[  113.880453] syz-executor.7: attempt to access beyond end of device
[  113.880453] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[  113.881364] Buffer I/O error on dev loop7, logical block 10, lost async page write
[  113.907160] syz-executor.6: attempt to access beyond end of device
[  113.907160] loop6: rw=2049, sector=92, nr_sectors = 8 limit=40
10:56:23 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

[  113.924380] loop4: detected capacity change from 0 to 40
10:56:23 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

[  113.957537] loop2: detected capacity change from 0 to 40
10:56:23 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

[  113.970538] loop3: detected capacity change from 0 to 40
10:56:23 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[  114.025882] loop6: detected capacity change from 0 to 40
[  114.026598] loop7: detected capacity change from 0 to 40
10:56:23 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

[  114.040944] syz-executor.2: attempt to access beyond end of device
[  114.040944] loop2: rw=2049, sector=92, nr_sectors = 8 limit=40
[  114.104757] Buffer I/O error on dev loop7, logical block 10, lost async page write
[  114.161577] Buffer I/O error on dev loop0, logical block 10, lost async page write
[  114.458141] Buffer I/O error on dev loop4, logical block 10, lost async page write
10:56:23 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

10:56:23 executing program 2:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8531)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
sendfile(r2, r1, 0x0, 0xfffffdef)

10:56:23 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

10:56:23 executing program 6:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
msgget$private(0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002580)=[{{&(0x7f00000013c0)={0xa, 0x0, 0x0, @remote}, 0x1c, &(0x7f0000000140)=[{&(0x7f00000000c0)="d7061e52", 0x4}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x38}}], 0x2, 0x0)

10:56:23 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

10:56:23 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mlockall(0x6)

10:56:23 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

10:56:23 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[  114.508936] loop2: detected capacity change from 0 to 40
[  114.511418] loop7: detected capacity change from 0 to 40
[  114.543574] loop0: detected capacity change from 0 to 40
[  114.573961] loop4: detected capacity change from 0 to 40
10:56:23 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mlockall(0x6)

[  114.587199] Buffer I/O error on dev loop7, logical block 10, lost async page write
10:56:23 executing program 6:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
msgget$private(0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002580)=[{{&(0x7f00000013c0)={0xa, 0x0, 0x0, @remote}, 0x1c, &(0x7f0000000140)=[{&(0x7f00000000c0)="d7061e52", 0x4}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x38}}], 0x2, 0x0)

10:56:24 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mlockall(0x6)

10:56:24 executing program 6:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
msgget$private(0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002580)=[{{&(0x7f00000013c0)={0xa, 0x0, 0x0, @remote}, 0x1c, &(0x7f0000000140)=[{&(0x7f00000000c0)="d7061e52", 0x4}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x38}}], 0x2, 0x0)

10:56:24 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mlockall(0x6)

10:56:24 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

[  114.884674] Buffer I/O error on dev loop0, logical block 10, lost async page write
[  115.401347] Buffer I/O error on dev loop4, logical block 10, lost async page write
10:56:24 executing program 6:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
msgget$private(0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002580)=[{{&(0x7f00000013c0)={0xa, 0x0, 0x0, @remote}, 0x1c, &(0x7f0000000140)=[{&(0x7f00000000c0)="d7061e52", 0x4}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x38}}], 0x2, 0x0)

10:56:24 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x2000, 0x0)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000400)='./file0\x00', 0x40000020)
inotify_rm_watch(r0, r1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

10:56:24 executing program 7:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
msgget$private(0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002580)=[{{&(0x7f00000013c0)={0xa, 0x0, 0x0, @remote}, 0x1c, &(0x7f0000000140)=[{&(0x7f00000000c0)="d7061e52", 0x4}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x38}}], 0x2, 0x0)

[  115.467712] general protection fault, probably for non-canonical address 0xdffffc00040012f0: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  115.469078] KASAN: probably user-memory-access in range [0x0000000020009780-0x0000000020009787]
[  115.470118] CPU: 1 PID: 4114 Comm: syz-executor.1 Not tainted 6.3.0-rc3-next-20230327 #1
[  115.474610] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  115.475583] RIP: 0010:do_iter_write+0x477/0x700
[  115.476167] Code: 00 0f 85 fd 01 00 00 4d 8b 7c 24 28 e8 d2 05 c6 ff 48 8b 44 24 18 80 38 00 0f 85 68 01 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3b 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
[  115.478298] RSP: 0018:ffff88803df5fc70 EFLAGS: 00010216
[  115.478944] RAX: 0000000020009780 RBX: ffff88803df5fd60 RCX: ffffc90000807000
[  115.479784] RDX: 00000000040012f0 RSI: ffffffff8185830e RDI: 0000000000000007
[  115.480633] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  115.481494] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888016d17900
[  115.482342] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84a66820
[  115.483197] FS:  00007f71754f2700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  115.484148] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  115.484840] CR2: 0000000020009780 CR3: 0000000016c70000 CR4: 0000000000350ee0
[  115.485687] Call Trace:
[  115.486008]  <TASK>
[  115.486295]  ? import_iovec+0x87/0xb0
[  115.486774]  vfs_writev+0x1ae/0x660
[  115.487239]  ? __pfx_vfs_writev+0x10/0x10
[  115.487748]  ? __fget_files+0x24e/0x480
[  115.488236]  ? lock_release+0x1e3/0x680
[  115.488432] loop4: detected capacity change from 0 to 40
[  115.488743]  ? __fget_files+0x270/0x480
[  115.489649]  __x64_sys_pwritev+0x233/0x310
[  115.490184]  ? __pfx___x64_sys_pwritev+0x10/0x10
[  115.490781]  ? lockdep_hardirqs_on_prepare+0x27b/0x3f0
[  115.491436]  do_syscall_64+0x3f/0x90
[  115.491899]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  115.492527] RIP: 0033:0x7f7177f7cb19
[  115.492978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  115.495117] RSP: 002b:00007f71754f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[  115.496017] RAX: ffffffffffffffda RBX: 00007f717808ff60 RCX: 00007f7177f7cb19
[  115.496853] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000003
[  115.497708] RBP: 00007f7177fd6f6d R08: 0000000000000000 R09: 0000000000000000
[  115.498543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  115.499379] R13: 00007ffc04b1f80f R14: 00007f71754f2300 R15: 0000000000022000
[  115.500233]  </TASK>
[  115.500518] Modules linked in:
[  115.501110] ---[ end trace 0000000000000000 ]---
[  115.501710] RIP: 0010:do_iter_write+0x477/0x700
[  115.502319] Code: 00 0f 85 fd 01 00 00 4d 8b 7c 24 28 e8 d2 05 c6 ff 48 8b 44 24 18 80 38 00 0f 85 68 01 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3b 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
[  115.504470] RSP: 0018:ffff88803df5fc70 EFLAGS: 00010216
[  115.505105] RAX: 0000000020009780 RBX: ffff88803df5fd60 RCX: ffffc90000807000
[  115.505993] RDX: 00000000040012f0 RSI: ffffffff8185830e RDI: 0000000000000007
[  115.506854] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  115.507727] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888016d17900
[  115.508598] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84a66820
[  115.509504] FS:  00007f71754f2700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  115.510495] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  115.511195] CR2: 0000000020009780 CR3: 0000000016c70000 CR4: 0000000000350ee0
10:56:24 executing program 3:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0)
ioctl$CDROMVOLCTRL(r0, 0x5321, 0x0)

10:56:24 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

10:56:24 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffffff, 0x0, 0x10100, 0x100)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000380)=@sha1={0x1, "485f629ef3f2e2f4f765ae1caa2669c2212b8ab0"}, 0x15, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x220)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000001, 0x1000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

10:56:24 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f0000001440), 0x1ff, 0x48a81)
poll(&(0x7f0000000140)=[{r0}], 0x1, 0x0)
pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000009780)="da", 0x1}], 0x1, 0x0, 0x0)

10:56:24 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'wlan1\x00', &(0x7f0000000000)=@ethtool_stats})

10:56:24 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'wlan1\x00', &(0x7f0000000000)=@ethtool_stats})

[  115.527610] loop0: detected capacity change from 0 to 40
10:56:24 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'wlan1\x00', &(0x7f0000000000)=@ethtool_stats})

10:56:24 executing program 7:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
msgget$private(0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002580)=[{{&(0x7f00000013c0)={0xa, 0x0, 0x0, @remote}, 0x1c, &(0x7f0000000140)=[{&(0x7f00000000c0)="d7061e52", 0x4}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x38}}], 0x2, 0x0)

10:56:24 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = dup(r0)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6)

[  115.575908] Buffer I/O error on dev loop4, logical block 10, lost async page write
10:56:24 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x0)

10:56:24 executing program 5:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)="3b8e9f", 0x3}}, 0x0)

[  115.633544] Buffer I/O error on dev loop0, logical block 10, lost async page write
[  115.634935] Bluetooth: MGMT ver 1.22
10:56:25 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:25 executing program 7:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
msgget$private(0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002580)=[{{&(0x7f00000013c0)={0xa, 0x0, 0x0, @remote}, 0x1c, &(0x7f0000000140)=[{&(0x7f00000000c0)="d7061e52", 0x4}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x38}}], 0x2, 0x0)

[  115.660491] ieee802154 phy0 wpan0: encryption failed: -22
10:56:25 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'wlan1\x00', &(0x7f0000000000)=@ethtool_stats})

10:56:25 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = dup(r0)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6)

[  116.297123] general protection fault, probably for non-canonical address 0xdffffc00040012f0: 0000 [#2] PREEMPT SMP KASAN NOPTI
[  116.298116] KASAN: probably user-memory-access in range [0x0000000020009780-0x0000000020009787]
[  116.298808] CPU: 1 PID: 4148 Comm: syz-executor.1 Tainted: G      D            6.3.0-rc3-next-20230327 #1
[  116.299562] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  116.300212] RIP: 0010:do_iter_write+0x477/0x700
[  116.300601] Code: 00 0f 85 fd 01 00 00 4d 8b 7c 24 28 e8 d2 05 c6 ff 48 8b 44 24 18 80 38 00 0f 85 68 01 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3b 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
[  116.302045] RSP: 0018:ffff88803fc27c70 EFLAGS: 00010216
[  116.302482] RAX: 0000000020009780 RBX: ffff88803fc27d60 RCX: ffffc90000c09000
[  116.303048] RDX: 00000000040012f0 RSI: ffffffff8185830e RDI: 0000000000000007
[  116.303614] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  116.304176] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800ebb2500
[  116.304727] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84a66820
[  116.305293] FS:  00007f71754b0700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  116.305933] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.306405] CR2: 00007f71754b0718 CR3: 0000000016c70000 CR4: 0000000000350ee0
[  116.306969] Call Trace:
[  116.307180]  <TASK>
[  116.307375]  ? import_iovec+0x87/0xb0
[  116.307699]  vfs_writev+0x1ae/0x660
[  116.308008]  ? __pfx_vfs_writev+0x10/0x10
[  116.308356]  ? lock_release+0x4d8/0x680
[  116.308705]  ? __fget_files+0x270/0x480
[  116.309040]  __x64_sys_pwritev+0x233/0x310
[  116.309391]  ? __pfx___x64_sys_pwritev+0x10/0x10
[  116.309808]  do_syscall_64+0x3f/0x90
[  116.310115]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  116.310532] RIP: 0033:0x7f7177f7cb19
[  116.310830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  116.312256] RSP: 002b:00007f71754b0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[  116.312854] RAX: ffffffffffffffda RBX: 00007f71780900e0 RCX: 00007f7177f7cb19
[  116.313428] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000003
[  116.314037] RBP: 00007f7177fd6f6d R08: 0000000000000000 R09: 0000000000000000
[  116.314602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  116.315164] R13: 00007ffc04b1f80f R14: 00007f71754b0300 R15: 0000000000022000
[  116.315774]  </TASK>
[  116.315965] Modules linked in:
[  116.316286] ---[ end trace 0000000000000000 ]---
[  116.316659] RIP: 0010:do_iter_write+0x477/0x700
[  116.317047] Code: 00 0f 85 fd 01 00 00 4d 8b 7c 24 28 e8 d2 05 c6 ff 48 8b 44 24 18 80 38 00 0f 85 68 01 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3b 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
[  116.318489] RSP: 0018:ffff88803df5fc70 EFLAGS: 00010216
[  116.318920] RAX: 0000000020009780 RBX: ffff88803df5fd60 RCX: ffffc90000807000
[  116.319498] RDX: 00000000040012f0 RSI: ffffffff8185830e RDI: 0000000000000007
[  116.320071] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  116.320654] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888016d17900
[  116.321226] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84a66820
[  116.321820] FS:  00007f71754b0700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  116.322477] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.322950] CR2: 00007f71754b0718 CR3: 0000000016c70000 CR4: 0000000000350ee0
10:56:26 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f0000001440), 0x1ff, 0x48a81)
poll(&(0x7f0000000140)=[{r0}], 0x1, 0x0)
pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000009780)="da", 0x1}], 0x1, 0x0, 0x0)

10:56:26 executing program 0:
syz_mount_image$vfat(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
openat(r0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0)

10:56:26 executing program 4:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:26 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:26 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = dup(r0)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6)

10:56:26 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = dup(r0)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6)

10:56:26 executing program 5:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)="3b8e9f", 0x3}}, 0x0)

10:56:26 executing program 2:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000028c0), 0x481, 0x0)
write$binfmt_elf64(r0, 0x0, 0x0)

[  117.199874] ieee802154 phy0 wpan0: encryption failed: -22
[  117.207823] general protection fault, probably for non-canonical address 0xdffffc00040012f0: 0000 [#3] PREEMPT SMP KASAN NOPTI
[  117.209303] KASAN: probably user-memory-access in range [0x0000000020009780-0x0000000020009787]
[  117.210443] CPU: 0 PID: 4163 Comm: syz-executor.1 Tainted: G      D            6.3.0-rc3-next-20230327 #1
[  117.211676] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.212749] RIP: 0010:do_iter_write+0x477/0x700
[  117.213385] Code: 00 0f 85 fd 01 00 00 4d 8b 7c 24 28 e8 d2 05 c6 ff 48 8b 44 24 18 80 38 00 0f 85 68 01 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3b 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
[  117.215727] RSP: 0018:ffff88803ff27c70 EFLAGS: 00010216
[  117.216434] RAX: 0000000020009780 RBX: ffff88803ff27d60 RCX: ffffc90000807000
[  117.217340] RDX: 00000000040012f0 RSI: ffffffff8185830e RDI: 0000000000000007
[  117.218283] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  117.219179] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888009a1b400
[  117.220072] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84a66820
[  117.220989] FS:  00007f71754f2700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  117.222044] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.222807] CR2: 0000000020009780 CR3: 000000003c6b8000 CR4: 0000000000350ef0
[  117.223749] Call Trace:
[  117.224102]  <TASK>
[  117.224415]  ? import_iovec+0x87/0xb0
[  117.224940]  vfs_writev+0x1ae/0x660
[  117.225464]  ? __pfx_vfs_writev+0x10/0x10
[  117.226024]  ? lock_release+0x4d8/0x680
[  117.226581]  ? kmem_cache_free+0xff/0x4a0
[  117.227148]  ? do_futex+0x13a/0x380
[  117.227660]  ? __fget_files+0x270/0x480
[  117.228204]  __x64_sys_pwritev+0x233/0x310
[  117.228783]  ? __pfx___x64_sys_pwritev+0x10/0x10
[  117.229431]  ? switch_fpu_return+0x157/0x2e0
[  117.230038]  do_syscall_64+0x3f/0x90
[  117.230544]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  117.231227] RIP: 0033:0x7f7177f7cb19
[  117.231718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  117.234114] RSP: 002b:00007f71754f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[  117.235038] RAX: ffffffffffffffda RBX: 00007f717808ff60 RCX: 00007f7177f7cb19
[  117.235909] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000003
[  117.236773] RBP: 00007f7177fd6f6d R08: 0000000000000000 R09: 0000000000000000
[  117.237649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  117.238508] R13: 00007ffc04b1f80f R14: 00007f71754f2300 R15: 0000000000022000
[  117.239366]  </TASK>
[  117.239666] Modules linked in:
[  117.240186] ---[ end trace 0000000000000000 ]---
[  117.240890] RIP: 0010:do_iter_write+0x477/0x700
[  117.241553] Code: 00 0f 85 fd 01 00 00 4d 8b 7c 24 28 e8 d2 05 c6 ff 48 8b 44 24 18 80 38 00 0f 85 68 01 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3b 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
[  117.243827] RSP: 0018:ffff88803df5fc70 EFLAGS: 00010216
[  117.244569] RAX: 0000000020009780 RBX: ffff88803df5fd60 RCX: ffffc90000807000
[  117.245509] RDX: 00000000040012f0 RSI: ffffffff8185830e RDI: 0000000000000007
[  117.246459] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  117.247391] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888016d17900
[  117.248311] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84a66820
[  117.249214] FS:  00007f71754f2700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  117.250310] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.251076] CR2: 0000000020009780 CR3: 000000003c6b8000 CR4: 0000000000350ef0
10:56:26 executing program 0:
syz_mount_image$vfat(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
openat(r0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0)

10:56:26 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = dup(r0)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6)

10:56:26 executing program 2:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000028c0), 0x481, 0x0)
write$binfmt_elf64(r0, 0x0, 0x0)

10:56:26 executing program 5:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)="3b8e9f", 0x3}}, 0x0)

10:56:26 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = dup(r0)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6)

10:56:26 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = dup(r0)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="15"], 0x6)

10:56:26 executing program 0:
syz_mount_image$vfat(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
openat(r0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0)

[  117.340995] ieee802154 phy0 wpan0: encryption failed: -22
10:56:27 executing program 5:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)="3b8e9f", 0x3}}, 0x0)

10:56:27 executing program 3:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000028c0), 0x481, 0x0)
write$binfmt_elf64(r0, 0x0, 0x0)

10:56:27 executing program 2:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000028c0), 0x481, 0x0)
write$binfmt_elf64(r0, 0x0, 0x0)

10:56:27 executing program 0:
syz_mount_image$vfat(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
openat(r0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0)

10:56:27 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:27 executing program 7:
syz_mount_image$vfat(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
openat(r0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0)

10:56:27 executing program 4:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:27 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f0000001440), 0x1ff, 0x48a81)
poll(&(0x7f0000000140)=[{r0}], 0x1, 0x0)
pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000009780)="da", 0x1}], 0x1, 0x0, 0x0)

[  118.104848] ieee802154 phy0 wpan0: encryption failed: -22
[  118.146573] general protection fault, probably for non-canonical address 0xdffffc00040012f0: 0000 [#4] PREEMPT SMP KASAN NOPTI
[  118.148242] KASAN: probably user-memory-access in range [0x0000000020009780-0x0000000020009787]
[  118.149736] CPU: 0 PID: 4202 Comm: syz-executor.1 Tainted: G      D            6.3.0-rc3-next-20230327 #1
[  118.151124] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  118.152730] RIP: 0010:do_iter_write+0x477/0x700
[  118.153691] Code: 00 0f 85 fd 01 00 00 4d 8b 7c 24 28 e8 d2 05 c6 ff 48 8b 44 24 18 80 38 00 0f 85 68 01 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3b 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
[  118.157135] RSP: 0018:ffff88803e677c70 EFLAGS: 00010216
[  118.158182] RAX: 0000000020009780 RBX: ffff88803e677d60 RCX: ffffc90000807000
[  118.159572] RDX: 00000000040012f0 RSI: ffffffff8185830e RDI: 0000000000000007
10:56:27 executing program 3:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000028c0), 0x481, 0x0)
write$binfmt_elf64(r0, 0x0, 0x0)

[  118.160955] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  118.162501] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888016488a00
[  118.163882] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84a66820
[  118.165273] FS:  00007f71754f2700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  118.166870] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  118.167833] CR2: 0000000020009780 CR3: 000000003c78e000 CR4: 0000000000350ef0
[  118.169018] Call Trace:
[  118.169515]  <TASK>
[  118.169863]  ? import_iovec+0x87/0xb0
[  118.170514]  vfs_writev+0x1ae/0x660
[  118.171083]  ? __pfx_vfs_writev+0x10/0x10
[  118.171709]  ? lock_release+0x4d8/0x680
[  118.172317]  ? finish_task_switch.isra.0+0x203/0x830
[  118.173077]  ? trace_hardirqs_on+0x16/0x100
[  118.173749]  ? do_futex+0x13a/0x380
[  118.174330]  ? __fget_files+0x270/0x480
[  118.174939]  __x64_sys_pwritev+0x233/0x310
[  118.175576]  ? __pfx___x64_sys_pwritev+0x10/0x10
[  118.176308]  do_syscall_64+0x3f/0x90
[  118.176869]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  118.177656] RIP: 0033:0x7f7177f7cb19
[  118.178212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  118.180797] RSP: 002b:00007f71754f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[  118.181912] RAX: ffffffffffffffda RBX: 00007f717808ff60 RCX: 00007f7177f7cb19
[  118.182969] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000003
[  118.183998] RBP: 00007f7177fd6f6d R08: 0000000000000000 R09: 0000000000000000
[  118.185024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  118.186084] R13: 00007ffc04b1f80f R14: 00007f71754f2300 R15: 0000000000022000
[  118.187129]  </TASK>
[  118.187479] Modules linked in:
[  118.189208] ---[ end trace 0000000000000000 ]---
[  118.190965] RIP: 0010:do_iter_write+0x477/0x700
[  118.191962] Code: 00 0f 85 fd 01 00 00 4d 8b 7c 24 28 e8 d2 05 c6 ff 48 8b 44 24 18 80 38 00 0f 85 68 01 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3b 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
[  118.194655] RSP: 0018:ffff88803df5fc70 EFLAGS: 00010216
[  118.195478] RAX: 0000000020009780 RBX: ffff88803df5fd60 RCX: ffffc90000807000
[  118.196541] RDX: 00000000040012f0 RSI: ffffffff8185830e RDI: 0000000000000007
[  118.197635] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  118.198662] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888016d17900
[  118.199543] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84a66820
[  118.200416] FS:  00007f71754f2700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  118.201411] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  118.202169] CR2: 0000000020009780 CR3: 000000003c78e000 CR4: 0000000000350ef0
10:56:27 executing program 2:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000028c0), 0x481, 0x0)
write$binfmt_elf64(r0, 0x0, 0x0)

10:56:27 executing program 5:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:27 executing program 7:
syz_mount_image$vfat(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
openat(r0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0)

10:56:27 executing program 0:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:27 executing program 3:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000028c0), 0x481, 0x0)
write$binfmt_elf64(r0, 0x0, 0x0)

10:56:27 executing program 2:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:27 executing program 7:
syz_mount_image$vfat(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
openat(r0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0)

10:56:27 executing program 5:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:28 executing program 3:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:28 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:28 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:28 executing program 0:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:28 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f0000001440), 0x1ff, 0x48a81)
poll(&(0x7f0000000140)=[{r0}], 0x1, 0x0)
pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000009780)="da", 0x1}], 0x1, 0x0, 0x0)

10:56:28 executing program 4:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:28 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:28 executing program 3:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:28 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:28 executing program 5:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:28 executing program 2:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

[  119.508590] general protection fault, probably for non-canonical address 0xdffffc00040012f0: 0000 [#5] PREEMPT SMP KASAN NOPTI
[  119.509686] KASAN: probably user-memory-access in range [0x0000000020009780-0x0000000020009787]
[  119.510545] CPU: 1 PID: 4249 Comm: syz-executor.1 Tainted: G      D            6.3.0-rc3-next-20230327 #1
[  119.511511] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  119.512316] RIP: 0010:do_iter_write+0x477/0x700
[  119.512809] Code: 00 0f 85 fd 01 00 00 4d 8b 7c 24 28 e8 d2 05 c6 ff 48 8b 44 24 18 80 38 00 0f 85 68 01 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3b 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
[  119.514574] RSP: 0018:ffff88803e8ffc70 EFLAGS: 00010216
[  119.515107] RAX: 0000000020009780 RBX: ffff88803e8ffd60 RCX: ffffc90000807000
[  119.515822] RDX: 00000000040012f0 RSI: ffffffff8185830e RDI: 0000000000000007
[  119.516522] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  119.517225] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800caf1b80
[  119.517977] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84a66820
[  119.518673] FS:  00007f71754f2700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  119.519451] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  119.520033] CR2: 0000000020009780 CR3: 000000003db8e000 CR4: 0000000000350ee0
[  119.520738] Call Trace:
[  119.521000]  <TASK>
[  119.521239]  ? import_iovec+0x87/0xb0
[  119.521642]  vfs_writev+0x1ae/0x660
[  119.522026]  ? __pfx_vfs_writev+0x10/0x10
[  119.522461]  ? lock_release+0x4d8/0x680
[  119.522884]  ? kmem_cache_free+0xff/0x4a0
[  119.523315]  ? do_futex+0x13a/0x380
[  119.523711]  ? __fget_files+0x270/0x480
[  119.524128]  __x64_sys_pwritev+0x233/0x310
[  119.524573]  ? __pfx___x64_sys_pwritev+0x10/0x10
[  119.525066]  ? switch_fpu_return+0x157/0x2e0
[  119.525523]  do_syscall_64+0x3f/0x90
[  119.525914]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  119.526436] RIP: 0033:0x7f7177f7cb19
[  119.526815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  119.528568] RSP: 002b:00007f71754f2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[  119.529324] RAX: ffffffffffffffda RBX: 00007f717808ff60 RCX: 00007f7177f7cb19
[  119.530048] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000003
[  119.530752] RBP: 00007f7177fd6f6d R08: 0000000000000000 R09: 0000000000000000
[  119.531464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  119.532174] R13: 00007ffc04b1f80f R14: 00007f71754f2300 R15: 0000000000022000
[  119.532880]  </TASK>
[  119.533119] Modules linked in:
[  119.534474] ---[ end trace 0000000000000000 ]---
[  119.534967] RIP: 0010:do_iter_write+0x477/0x700
[  119.535657] Code: 00 0f 85 fd 01 00 00 4d 8b 7c 24 28 e8 d2 05 c6 ff 48 8b 44 24 18 80 38 00 0f 85 68 01 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3b 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
[  119.537489] RSP: 0018:ffff88803df5fc70 EFLAGS: 00010216
[  119.538047] RAX: 0000000020009780 RBX: ffff88803df5fd60 RCX: ffffc90000807000
[  119.538770] RDX: 00000000040012f0 RSI: ffffffff8185830e RDI: 0000000000000007
[  119.539489] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  119.540200] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888016d17900
[  119.540902] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84a66820
[  119.541557] FS:  00007f71754f2700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  119.542255] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  119.542755] CR2: 0000000020009780 CR3: 000000003db8e000 CR4: 0000000000350ee0
10:56:28 executing program 0:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:28 executing program 4:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:28 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:29 executing program 3:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:29 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:29 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:29 executing program 2:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(r0)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000180))
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x100, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x100}, 0x1, 0x0, 0x0, 0x8000001}, 0x800)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mincore(&(0x7f0000ffb000/0x1000)=nil, 0x1000, &(0x7f0000000540)=""/138)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x0, 0x5}}, './file0\x00'})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0xb, 0x0, 0x0)
mmap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r3, 0x27000000)

10:56:29 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:29 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:29 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:29 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:29 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:30 executing program 2:
syz_mount_image$nfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

10:56:30 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:30 executing program 2:
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f0000000040))
syz_open_procfs(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @deauth={@with_ht={{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}}, 0x0, @void}}]}, 0x40}}, 0x0)

10:56:30 executing program 2:
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f0000000040))
syz_open_procfs(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @deauth={@with_ht={{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}}, 0x0, @void}}]}, 0x40}}, 0x0)

10:56:30 executing program 2:
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f0000000040))
syz_open_procfs(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @deauth={@with_ht={{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}}, 0x0, @void}}]}, 0x40}}, 0x0)

10:56:30 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:30 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

[  121.737281] syz-executor.4 (4299) used greatest stack depth: 23768 bytes left
10:56:31 executing program 2:
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f0000000040))
syz_open_procfs(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @deauth={@with_ht={{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}}, 0x0, @void}}]}, 0x40}}, 0x0)

10:56:31 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:31 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:31 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:31 executing program 7:
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f0000000040))
syz_open_procfs(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @deauth={@with_ht={{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}}, 0x0, @void}}]}, 0x40}}, 0x0)

10:56:31 executing program 6:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendto(r0, &(0x7f0000000040)="ae", 0x1, 0x881, 0x0, 0x0)
sendto(r0, &(0x7f0000000080)="ae", 0x1, 0x881, 0x0, 0x0)

10:56:31 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:31 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:31 executing program 6:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendto(r0, &(0x7f0000000040)="ae", 0x1, 0x881, 0x0, 0x0)
sendto(r0, &(0x7f0000000080)="ae", 0x1, 0x881, 0x0, 0x0)

10:56:31 executing program 7:
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f0000000040))
syz_open_procfs(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @deauth={@with_ht={{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}}, 0x0, @void}}]}, 0x40}}, 0x0)

10:56:31 executing program 6:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendto(r0, &(0x7f0000000040)="ae", 0x1, 0x881, 0x0, 0x0)
sendto(r0, &(0x7f0000000080)="ae", 0x1, 0x881, 0x0, 0x0)

10:56:31 executing program 7:
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f0000000040))
syz_open_procfs(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @deauth={@with_ht={{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}}, 0x0, @void}}]}, 0x40}}, 0x0)

10:56:31 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:31 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
rmdir(&(0x7f0000000180)='./file0\x00')

10:56:31 executing program 6:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendto(r0, &(0x7f0000000040)="ae", 0x1, 0x881, 0x0, 0x0)
sendto(r0, &(0x7f0000000080)="ae", 0x1, 0x881, 0x0, 0x0)

10:56:31 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f0000000940)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)

10:56:31 executing program 5:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)

10:56:31 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0)
write(r1, &(0x7f0000000200)='E', 0x140000)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r4, r3, 0x0, 0x7fffffff)
sendfile(r2, r3, &(0x7f0000000000)=0x81, 0xfff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r5=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)

10:56:31 executing program 0:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r0, 0xb)

10:56:32 executing program 5:
unshare(0x40480)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

10:56:32 executing program 6:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000000040)=0x1, 0x7f, 0x0)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)

[  122.796256] mmap: syz-executor.6 (4371) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
10:56:32 executing program 5:
unshare(0x40480)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

10:56:32 executing program 0:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r0, 0xb)

10:56:32 executing program 4:
unshare(0x40480)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

10:56:32 executing program 6:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000000040)=0x1, 0x7f, 0x0)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)

10:56:32 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000000040)=0x1, 0x7f, 0x0)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)

10:56:32 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
rmdir(&(0x7f0000000180)='./file0\x00')

10:56:32 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000000040)=0x1, 0x7f, 0x0)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)

10:56:32 executing program 6:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000000040)=0x1, 0x7f, 0x0)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)

10:56:32 executing program 4:
unshare(0x40480)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

10:56:32 executing program 1:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
vmsplice(r0, &(0x7f00000002c0)=[{&(0x7f00000000c0)='\n', 0x1}], 0x7ffff000, 0x0)

10:56:32 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f0000000940)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)

10:56:32 executing program 0:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r0, 0xb)

10:56:32 executing program 5:
unshare(0x40480)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

10:56:33 executing program 5:
unshare(0x40480)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

10:56:33 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000000040)=0x1, 0x7f, 0x0)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)

10:56:33 executing program 6:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000000040)=0x1, 0x7f, 0x0)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)

10:56:33 executing program 1:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
vmsplice(r0, &(0x7f00000002c0)=[{&(0x7f00000000c0)='\n', 0x1}], 0x7ffff000, 0x0)

10:56:33 executing program 0:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r0, 0xb)

10:56:33 executing program 4:
unshare(0x40480)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

10:56:33 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f0000000940)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)

10:56:33 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f0000000940)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)

10:56:33 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f0000000940)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)

10:56:33 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0x92, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x8, 0x0, 0x0, 0x5}, 0x0, 0xfffff7ffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = dup(r0)
connect$inet6(r1, 0x0, 0x0)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r4=>0x0})
sendmsg$inet(r2, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @remote, @broadcast}}}], 0x20}, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fsetxattr$system_posix_acl(r5, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000200)={{}, {}, [{}]}, 0x2c, 0x0)
perf_event_open(&(0x7f00000062c0)={0x4, 0x80, 0xdb, 0x7, 0xff, 0x8, 0x0, 0x1ff, 0xa01, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbee, 0x2, @perf_config_ext={0x8, 0x1}, 0x10, 0x1400, 0xf22, 0x0, 0x5, 0x3, 0x10e2, 0x0, 0x0, 0x0, 0x400}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000340)={0x5, 0x80, 0xe2, 0x7, 0xff, 0x3, 0x0, 0x8e, 0x41180, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x4, 0x4, @perf_config_ext={0xff, 0x80000000}, 0x101a5, 0x0, 0x6, 0x1, 0xfffffffffffffffd, 0x400, 0x2, 0x0, 0x4, 0x0, 0x48}, 0x0, 0xffffffffffffffff, r1, 0x1)

10:56:33 executing program 2:
syz_mount_image$ext4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
rmdir(&(0x7f0000000180)='./file0\x00')

10:56:33 executing program 1:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
vmsplice(r0, &(0x7f00000002c0)=[{&(0x7f00000000c0)='\n', 0x1}], 0x7ffff000, 0x0)

10:56:33 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
rmdir(&(0x7f0000000180)='./file0\x00')

[  124.588907] audit: type=1400 audit(1679914593.951:9): avc:  denied  { tracepoint } for  pid=4416 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1

VM DIAGNOSIS:
10:56:24  Registers:
info registers vcpu 0
RAX=0000004c3ba6d7bc RBX=ffff88800bab0000 RCX=0000000000000000 RDX=0000000000005978
RSI=0000000000000000 RDI=0000004c3ba67e44 RBP=00000000000003e8 RSP=ffff88803eed6dd8
R8 =0000000000000000 R9 =0000000000006d2c R10=0000000000010376 R11=0000000000000001
R12=ffff88800bab0180 R13=ffffed1001756001 R14=dffffc0000000000 R15=0000000000000000
RIP=ffffffff8445fd42 RFL=00000083 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f0958ae4700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2cc21000 CR3=000000003c70e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff824f8615 RDI=ffffffff87f0bdc0 RBP=ffffffff87f0bd80 RSP=ffff88803df5f660
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000031 R11=0000000000000001
R12=0000000000000031 R13=ffffffff87f0bd80 R14=0000000000000010 R15=ffffffff824f8600
RIP=ffffffff824f866d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f71754f2700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020009780 CR3=0000000016c70000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffff00000000000000000000 XMM01=23232323232323232323232323232323
XMM02=ffffffffffffffffffffffffffffffff XMM03=00000000000000000000000000000000
XMM04=ffffffffffff00000000000000000000 XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000