Warning: Permanently added '10.128.0.164' (ECDSA) to the list of known hosts. 2021/05/17 21:18:26 fuzzer started 2021/05/17 21:18:27 dialing manager at 10.128.0.163:35945 2021/05/17 21:18:27 syscalls: 1982 2021/05/17 21:18:27 code coverage: enabled 2021/05/17 21:18:27 comparison tracing: enabled 2021/05/17 21:18:27 extra coverage: enabled 2021/05/17 21:18:27 setuid sandbox: enabled 2021/05/17 21:18:27 namespace sandbox: enabled 2021/05/17 21:18:27 Android sandbox: enabled 2021/05/17 21:18:27 fault injection: enabled 2021/05/17 21:18:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/05/17 21:18:27 net packet injection: /dev/net/tun does not exist 2021/05/17 21:18:27 net device setup: enabled 2021/05/17 21:18:27 concurrency sanitizer: enabled 2021/05/17 21:18:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/05/17 21:18:27 USB emulation: /dev/raw-gadget does not exist 2021/05/17 21:18:27 hci packet injection: /dev/vhci does not exist 2021/05/17 21:18:27 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 2021/05/17 21:18:27 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 2021/05/17 21:18:27 fetching corpus: 0, signal 0/2000 (executing program) 2021/05/17 21:18:27 fetching corpus: 25, signal 11833/11833 (executing program) 2021/05/17 21:18:27 fetching corpus: 25, signal 11833/11833 (executing program) 2021/05/17 21:18:27 fetching corpus: 25, signal 11833/11833 (executing program) 2021/05/17 21:18:27 fetching corpus: 25, signal 11833/11833 (executing program) 2021/05/17 21:18:27 fetching corpus: 25, signal 11833/11833 (executing program) 2021/05/17 21:18:27 fetching corpus: 25, signal 11833/11833 (executing program) 2021/05/17 21:18:28 starting 6 fuzzer processes 21:18:28 executing program 0: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:28 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) mq_open(&(0x7f0000000080), 0x0, 0x0, 0x0) 21:18:28 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:28 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 21:18:28 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) syzkaller login: [ 20.672352][ T25] audit: type=1400 audit(1621286308.404:8): avc: denied { execmem } for pid=1756 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 20.797682][ T1764] cgroup: Unknown subsys name 'perf_event' [ 20.799906][ T1763] cgroup: Unknown subsys name 'perf_event' [ 20.819566][ T1763] cgroup: Unknown subsys name 'net_cls' [ 20.819566][ T1764] cgroup: Unknown subsys name 'net_cls' [ 20.826439][ T1765] cgroup: Unknown subsys name 'perf_event' [ 20.831389][ T1766] cgroup: Unknown subsys name 'perf_event' [ 20.837782][ T1768] cgroup: Unknown subsys name 'perf_event' [ 20.842915][ T1767] cgroup: Unknown subsys name 'perf_event' [ 20.849226][ T1765] cgroup: Unknown subsys name 'net_cls' [ 20.855609][ T1766] cgroup: Unknown subsys name 'net_cls' [ 20.860593][ T1768] cgroup: Unknown subsys name 'net_cls' [ 20.867116][ T1767] cgroup: Unknown subsys name 'net_cls' 21:18:32 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:32 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) mq_open(&(0x7f0000000080), 0x0, 0x0, 0x0) 21:18:32 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:32 executing program 0: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 21:18:32 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:32 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) mq_open(&(0x7f0000000080), 0x0, 0x0, 0x0) 21:18:32 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:32 executing program 0: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 21:18:32 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:32 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 21:18:32 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) mq_open(&(0x7f0000000080), 0x0, 0x0, 0x0) 21:18:32 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:32 executing program 0: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:32 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:32 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:32 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:32 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:32 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:32 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:32 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:32 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:32 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:32 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:32 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:32 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:32 executing program 4: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:32 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 21:18:33 executing program 5: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:33 executing program 4: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:33 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x2742) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x4}) 21:18:33 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:33 executing program 5: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 21:18:33 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:33 executing program 1: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 4: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0) 21:18:33 executing program 0: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 5: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 21:18:33 executing program 2: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 1: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 4: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 0: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 2: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) mq_open(&(0x7f0000000080), 0x0, 0x0, 0x0) 21:18:33 executing program 1: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 4: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 0: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) mq_open(&(0x7f0000000080), 0x0, 0x0, 0x0) 21:18:33 executing program 2: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 4: unshare(0x400) r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 21:18:33 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) mq_open(&(0x7f0000000080), 0x0, 0x0, 0x0) 21:18:33 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfffffd28) fallocate(r0, 0x10, 0xfff000, 0x7fff) 21:18:33 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:33 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7bcbb6db8f92a8f00c0387"], 0x8d) ioctl$TCSETA(r1, 0x5406, &(0x7f00000004c0)={0xfff9, 0x0, 0x0, 0xbffa, 0x0, "078cf0251c0e00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x25, 0x0, 0x0, 0x0, 0x0, "000000001000000000000010000000001000"}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x8000016, 0x0, 0x0, 0x0, 0x0, "2959f5f20fb8000000000f10e7ffffe10300"}) 21:18:33 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x1268, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x0, 0x0, "5d85d28fb35ff46b5e70b35829630a0000761b8cebfc9ec327c746b9c6ac8507f3222c587f2fb87d2b07006d9fd007d5852ff15803b28a000021001000", "3192b6a235d712e4aa436116fbf09889d2fa99325c924958b4425bd8e279374c"}) 21:18:33 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:33 executing program 4: r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000005e00ffffba16a053b1cc7e63975c0ac47b6268e3966cf055d90f15a30f00036200000000", 0x4c}], 0x1}, 0x0) [ 26.045628][ T4685] ================================================================== [ 26.053719][ T4685] BUG: KCSAN: data-race in __xa_clear_mark / xas_find_marked [ 26.061088][ T4685] [ 26.063394][ T4685] write to 0xffff888106a32d70 of 8 bytes by task 44 on cpu 1: [ 26.070829][ T4685] __xa_clear_mark+0x1d9/0x2c0 [ 26.075579][ T4685] test_clear_page_writeback+0x23e/0x560 [ 26.081200][ T4685] end_page_writeback+0xd7/0x1b0 [ 26.086119][ T4685] ext4_finish_bio+0x3e2/0x430 [ 26.090863][ T4685] ext4_release_io_end+0x98/0x200 [ 26.095868][ T4685] ext4_end_io_rsv_work+0x306/0x360 [ 26.101050][ T4685] process_one_work+0x3e9/0x8f0 [ 26.105901][ T4685] worker_thread+0x636/0xae0 [ 26.110475][ T4685] kthread+0x1d0/0x1f0 [ 26.114526][ T4685] ret_from_fork+0x1f/0x30 [ 26.119020][ T4685] [ 26.121326][ T4685] read to 0xffff888106a32d70 of 8 bytes by task 4685 on cpu 0: [ 26.128932][ T4685] xas_find_marked+0x195/0x5f0 [ 26.133681][ T4685] find_get_pages_range_tag+0xf2/0x390 [ 26.139120][ T4685] pagevec_lookup_range_tag+0x37/0x50 [ 26.145254][ T4685] __filemap_fdatawait_range+0xab/0x1b0 [ 26.150779][ T4685] file_write_and_wait_range+0x1c3/0x210 [ 26.156391][ T4685] ext4_sync_file+0x105/0x670 [ 26.161052][ T4685] vfs_fsync_range+0x107/0x120 [ 26.165808][ T4685] ext4_buffered_write_iter+0x39c/0x3f0 [ 26.171373][ T4685] ext4_file_write_iter+0x2e7/0x11d0 [ 26.176653][ T4685] vfs_write+0x69d/0x770 [ 26.180900][ T4685] ksys_write+0xce/0x180 [ 26.185134][ T4685] __x64_sys_write+0x3e/0x50 [ 26.189710][ T4685] do_syscall_64+0x4a/0x90 21:18:33 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x1268, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x0, 0x0, "5d85d28fb35ff46b5e70b35829630a0000761b8cebfc9ec327c746b9c6ac8507f3222c587f2fb87d2b07006d9fd007d5852ff15803b28a000021001000", "3192b6a235d712e4aa436116fbf09889d2fa99325c924958b4425bd8e279374c"}) 21:18:33 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:33 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:33 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfffffd28) fallocate(r0, 0x10, 0xfff000, 0x7fff) 21:18:33 executing program 4: r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000005e00ffffba16a053b1cc7e63975c0ac47b6268e3966cf055d90f15a30f00036200000000", 0x4c}], 0x1}, 0x0) [ 26.194116][ T4685] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 26.200005][ T4685] [ 26.202316][ T4685] Reported by Kernel Concurrency Sanitizer on: [ 26.208442][ T4685] CPU: 0 PID: 4685 Comm: syz-executor.3 Not tainted 5.13.0-rc2-syzkaller #0 [ 26.217115][ T4685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.227166][ T4685] ================================================================== 21:18:34 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x1268, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x0, 0x0, "5d85d28fb35ff46b5e70b35829630a0000761b8cebfc9ec327c746b9c6ac8507f3222c587f2fb87d2b07006d9fd007d5852ff15803b28a000021001000", "3192b6a235d712e4aa436116fbf09889d2fa99325c924958b4425bd8e279374c"}) 21:18:34 executing program 4: r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000005e00ffffba16a053b1cc7e63975c0ac47b6268e3966cf055d90f15a30f00036200000000", 0x4c}], 0x1}, 0x0) 21:18:34 executing program 4: r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000005e00ffffba16a053b1cc7e63975c0ac47b6268e3966cf055d90f15a30f00036200000000", 0x4c}], 0x1}, 0x0) 21:18:34 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:34 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x1268, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x0, 0x0, "5d85d28fb35ff46b5e70b35829630a0000761b8cebfc9ec327c746b9c6ac8507f3222c587f2fb87d2b07006d9fd007d5852ff15803b28a000021001000", "3192b6a235d712e4aa436116fbf09889d2fa99325c924958b4425bd8e279374c"}) 21:18:34 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:34 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfffffd28) fallocate(r0, 0x10, 0xfff000, 0x7fff) 21:18:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:34 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:34 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:34 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:34 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:34 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) [ 27.075073][ C0] hrtimer: interrupt took 12009 ns 21:18:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:35 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfffffd28) fallocate(r0, 0x10, 0xfff000, 0x7fff) 21:18:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:35 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:35 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:36 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:36 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:37 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:37 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) [ 30.145593][ T4902] ================================================================== [ 30.153917][ T4902] BUG: KCSAN: data-race in blk_mq_sched_dispatch_requests / blk_mq_sched_dispatch_requests [ 30.164027][ T4902] [ 30.166345][ T4902] write to 0xffff888102389d58 of 8 bytes by task 4905 on cpu 1: [ 30.173975][ T4902] blk_mq_sched_dispatch_requests+0x90/0x110 [ 30.180085][ T4902] __blk_mq_run_hw_queue+0xbc/0x140 [ 30.185283][ T4902] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 30.191111][ T4902] blk_mq_run_hw_queue+0x22c/0x250 [ 30.196325][ T4902] blk_mq_sched_insert_requests+0x13f/0x200 [ 30.202234][ T4902] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 30.207631][ T4902] blk_flush_plug_list+0x235/0x260 [ 30.212734][ T4902] blk_finish_plug+0x44/0x60 [ 30.217356][ T4902] __iomap_dio_rw+0x780/0xad0 [ 30.222030][ T4902] iomap_dio_rw+0x30/0x70 [ 30.226465][ T4902] ext4_file_write_iter+0xa04/0x11d0 [ 30.231762][ T4902] do_iter_readv_writev+0x2cb/0x360 [ 30.236962][ T4902] do_iter_write+0x112/0x4c0 [ 30.241547][ T4902] vfs_iter_write+0x4c/0x70 [ 30.246067][ T4902] iter_file_splice_write+0x40a/0x750 [ 30.251545][ T4902] direct_splice_actor+0x80/0xa0 [ 30.256487][ T4902] splice_direct_to_actor+0x345/0x650 [ 30.261870][ T4902] do_splice_direct+0xf5/0x170 [ 30.266646][ T4902] do_sendfile+0x773/0xda0 [ 30.271068][ T4902] __x64_sys_sendfile64+0xf2/0x130 [ 30.276188][ T4902] do_syscall_64+0x4a/0x90 [ 30.280710][ T4902] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 30.286613][ T4902] [ 30.288951][ T4902] read to 0xffff888102389d58 of 8 bytes by task 4902 on cpu 0: [ 30.296487][ T4902] blk_mq_sched_dispatch_requests+0x7e/0x110 [ 30.302479][ T4902] __blk_mq_run_hw_queue+0xbc/0x140 [ 30.307689][ T4902] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 30.313507][ T4902] blk_mq_run_hw_queue+0x22c/0x250 [ 30.318721][ T4902] blk_mq_sched_insert_requests+0x13f/0x200 [ 30.324646][ T4902] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 30.330153][ T4902] blk_flush_plug_list+0x235/0x260 [ 30.335256][ T4902] blk_finish_plug+0x44/0x60 [ 30.339847][ T4902] __iomap_dio_rw+0x780/0xad0 [ 30.344590][ T4902] iomap_dio_rw+0x30/0x70 [ 30.348940][ T4902] ext4_file_write_iter+0xa04/0x11d0 [ 30.354220][ T4902] do_iter_readv_writev+0x2cb/0x360 [ 30.359416][ T4902] do_iter_write+0x112/0x4c0 [ 30.364007][ T4902] vfs_iter_write+0x4c/0x70 [ 30.368508][ T4902] iter_file_splice_write+0x40a/0x750 [ 30.373882][ T4902] direct_splice_actor+0x80/0xa0 [ 30.378827][ T4902] splice_direct_to_actor+0x345/0x650 [ 30.384236][ T4902] do_splice_direct+0xf5/0x170 [ 30.389002][ T4902] do_sendfile+0x773/0xda0 [ 30.393417][ T4902] __x64_sys_sendfile64+0xf2/0x130 [ 30.398578][ T4902] do_syscall_64+0x4a/0x90 [ 30.403043][ T4902] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 30.409004][ T4902] [ 30.411328][ T4902] Reported by Kernel Concurrency Sanitizer on: [ 30.417469][ T4902] CPU: 0 PID: 4902 Comm: syz-executor.2 Not tainted 5.13.0-rc2-syzkaller #0 [ 30.426135][ T4902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.436192][ T4902] ================================================================== 21:18:38 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:38 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:38 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:38 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:38 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:39 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) [ 32.573248][ T4977] ================================================================== [ 32.581576][ T4977] BUG: KCSAN: data-race in blk_mq_dispatch_rq_list / blk_mq_dispatch_rq_list [ 32.590339][ T4977] [ 32.592669][ T4977] write to 0xffff888102389d68 of 8 bytes by task 4978 on cpu 1: [ 32.600288][ T4977] blk_mq_dispatch_rq_list+0xac3/0x10b0 [ 32.605832][ T4977] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 32.611380][ T4977] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 32.617623][ T4977] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 32.623606][ T4977] __blk_mq_run_hw_queue+0xbc/0x140 [ 32.628806][ T4977] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 32.634628][ T4977] blk_mq_run_hw_queue+0x22c/0x250 [ 32.639740][ T4977] blk_mq_sched_insert_requests+0x13f/0x200 [ 32.645649][ T4977] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 32.651036][ T4977] blk_flush_plug_list+0x235/0x260 [ 32.656155][ T4977] blk_finish_plug+0x44/0x60 [ 32.660739][ T4977] __iomap_dio_rw+0x780/0xad0 [ 32.665408][ T4977] iomap_dio_rw+0x30/0x70 [ 32.669738][ T4977] ext4_file_write_iter+0xa04/0x11d0 [ 32.675030][ T4977] do_iter_readv_writev+0x2cb/0x360 [ 32.680224][ T4977] do_iter_write+0x112/0x4c0 [ 32.684811][ T4977] vfs_iter_write+0x4c/0x70 [ 32.689432][ T4977] iter_file_splice_write+0x40a/0x750 [ 32.694830][ T4977] direct_splice_actor+0x80/0xa0 [ 32.699770][ T4977] splice_direct_to_actor+0x345/0x650 [ 32.705133][ T4977] do_splice_direct+0xf5/0x170 [ 32.709893][ T4977] do_sendfile+0x773/0xda0 [ 32.714315][ T4977] __x64_sys_sendfile64+0xf2/0x130 [ 32.719504][ T4977] do_syscall_64+0x4a/0x90 [ 32.723916][ T4977] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 32.729818][ T4977] [ 32.732136][ T4977] read to 0xffff888102389d68 of 8 bytes by task 4977 on cpu 0: [ 32.739671][ T4977] blk_mq_dispatch_rq_list+0xab0/0x10b0 [ 32.745209][ T4977] blk_mq_do_dispatch_sched+0x3cb/0x660 [ 32.750777][ T4977] __blk_mq_sched_dispatch_requests+0x21e/0x2c0 [ 32.757008][ T4977] blk_mq_sched_dispatch_requests+0x9f/0x110 [ 32.763076][ T4977] __blk_mq_run_hw_queue+0xbc/0x140 [ 32.768296][ T4977] __blk_mq_delay_run_hw_queue+0x163/0x2f0 [ 32.774091][ T4977] blk_mq_run_hw_queue+0x22c/0x250 [ 32.779215][ T4977] blk_mq_sched_insert_requests+0x13f/0x200 [ 32.785459][ T4977] blk_mq_flush_plug_list+0x2f5/0x3c0 [ 32.790908][ T4977] blk_flush_plug_list+0x235/0x260 [ 32.796313][ T4977] blk_finish_plug+0x44/0x60 [ 32.800892][ T4977] read_pages+0x2d9/0x530 [ 32.805220][ T4977] page_cache_ra_unbounded+0x3c8/0x410 [ 32.810663][ T4977] ondemand_readahead+0x579/0x7b0 [ 32.815687][ T4977] page_cache_sync_ra+0xaf/0xe0 [ 32.820538][ T4977] filemap_read+0x388/0x1230 [ 32.825128][ T4977] generic_file_read_iter+0x75/0x2c0 [ 32.830412][ T4977] ext4_file_read_iter+0x1db/0x290 [ 32.835526][ T4977] generic_file_splice_read+0x22a/0x310 [ 32.841065][ T4977] splice_direct_to_actor+0x2aa/0x650 [ 32.846425][ T4977] do_splice_direct+0xf5/0x170 [ 32.851183][ T4977] do_sendfile+0x773/0xda0 [ 32.855591][ T4977] __x64_sys_sendfile64+0xf2/0x130 [ 32.860700][ T4977] do_syscall_64+0x4a/0x90 [ 32.865112][ T4977] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 32.871010][ T4977] [ 32.873328][ T4977] Reported by Kernel Concurrency Sanitizer on: [ 32.879464][ T4977] CPU: 0 PID: 4977 Comm: syz-executor.2 Not tainted 5.13.0-rc2-syzkaller #0 [ 32.888128][ T4977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.898176][ T4977] ================================================================== 21:18:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:40 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:40 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:40 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:40 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:40 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:40 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:40 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:40 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:41 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:41 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:41 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:41 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:41 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:41 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:41 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:41 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:41 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfffffd28) fallocate(r0, 0x10, 0xfff000, 0x7fff) 21:18:41 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:41 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:41 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:42 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:42 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:42 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x406f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 21:18:42 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x145842, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x46000) lseek(r3, 0x4200, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x8400fffffffb) sendfile(r2, r2, 0x0, 0x8080ffffff7e) 21:18:42 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfffffd28) fallocate(r0, 0x10, 0xfff000, 0x7fff) 21:18:42 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfffffd28) fallocate(r0, 0x10, 0xfff000, 0x7fff) 21:18:42 executing program 0: r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000005e00ffffba16a053b1cc7e63975c0ac47b6268e3966cf055d90f15a30f00036200000000", 0x4c}], 0x1}, 0x0) 21:18:42 executing program 5: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:42 executing program 5: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:42 executing program 0: r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000005e00ffffba16a053b1cc7e63975c0ac47b6268e3966cf055d90f15a30f00036200000000", 0x4c}], 0x1}, 0x0) 21:18:42 executing program 5: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:42 executing program 0: r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000005e00ffffba16a053b1cc7e63975c0ac47b6268e3966cf055d90f15a30f00036200000000", 0x4c}], 0x1}, 0x0) 21:18:42 executing program 5: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:42 executing program 0: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:43 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfffffd28) fallocate(r0, 0x10, 0xfff000, 0x7fff) 21:18:43 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x1268, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x0, 0x0, "5d85d28fb35ff46b5e70b35829630a0000761b8cebfc9ec327c746b9c6ac8507f3222c587f2fb87d2b07006d9fd007d5852ff15803b28a000021001000", "3192b6a235d712e4aa436116fbf09889d2fa99325c924958b4425bd8e279374c"}) 21:18:43 executing program 5: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:43 executing program 0: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:43 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfffffd28) fallocate(r0, 0x10, 0xfff000, 0x7fff) 21:18:43 executing program 1: r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3cd001c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) dup2(r1, r0) 21:18:43 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x1268, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x0, 0x0, "5d85d28fb35ff46b5e70b35829630a0000761b8cebfc9ec327c746b9c6ac8507f3222c587f2fb87d2b07006d9fd007d5852ff15803b28a000021001000", "3192b6a235d712e4aa436116fbf09889d2fa99325c924958b4425bd8e279374c"}) 21:18:43 executing program 1: r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3cd001c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) dup2(r1, r0) 21:18:43 executing program 0: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:43 executing program 5: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000063000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000835000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000916000/0x2000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 21:18:43 executing program 0: r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3cd001c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) dup2(r1, r0) 21:18:43 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x1268, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x0, 0x0, "5d85d28fb35ff46b5e70b35829630a0000761b8cebfc9ec327c746b9c6ac8507f3222c587f2fb87d2b07006d9fd007d5852ff15803b28a000021001000", "3192b6a235d712e4aa436116fbf09889d2fa99325c924958b4425bd8e279374c"})