program:
perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_config_ext={0x0, 0x8}, 0x100841, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001080), 0x0, 0x0)
io_setup(0x3, &(0x7f0000000180)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
io_setup(0x5dc, &(0x7f0000000000)=<r2=>0x0)
clock_gettime(0x0, &(0x7f00000000c0))
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000000)
r5 = dup(r4)
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r6 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x181)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
ftruncate(r7, 0x80)
sendfile(r6, r7, 0x0, 0x7ffff000)
r8 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r8, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r8, 0x0)
r9 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r9, &(0x7f0000002300)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x4}}, 0x10, 0x0}, 0x0)
sendmsg$tipc(r9, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
accept4(r8, 0x0, 0x0, 0x0)
io_pgetevents(r2, 0x7b, 0x0, &(0x7f0000000080), &(0x7f0000000100)={0x0, 0x3938700}, 0x0)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r11 = dup(r10)
write$UHID_INPUT(r11, &(0x7f0000001040)={0xe, {"a2e3ad099b0d09f91b5e090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0ac6e70a9b334d959b669a240d5b0af3988f7ef31952010affe8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a0000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f19d684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdc020000002d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

[   68.228166][ T5304] Bluetooth: hci0: command tx timeout
[   68.321545][ T5319] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   68.326619][ T5319] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[   68.330043][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0
[   68.333847][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.337955][ T5319] RIP: 0010:iter_file_splice_write+0xe07/0x1510
[   68.340515][ T5319] Code: 00 00 fc ff df 41 80 3c 06 00 49 89 c6 74 08 4c 89 e7 e8 5c 17 df ff 49 c7 04 24 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 df e8 4a 16 df ff 48 8b 44 24 20 48 8b
[   68.347960][ T5319] RSP: 0018:ffffc9000d40f780 EFLAGS: 00010202
[   68.350482][ T5319] RAX: 0000000000000001 RBX: 0000000000000008 RCX: 0000000000000005
[   68.353499][ T5319] RDX: ffffc9000e412000 RSI: 0000000000000000 RDI: 7fffffffffffff7f
[   68.356759][ T5319] RBP: ffffc9000d40fa30 R08: ffffffff8246eae4 R09: 1ffff110087e501b
[   68.359908][ T5319] R10: dffffc0000000000 R11: ffffffff82036da0 R12: ffff888052c68838
[   68.363088][ T5319] R13: 0000000000000000 R14: dffffc0000000000 R15: 7fffffffffffff7f
[   68.366313][ T5319] FS:  00007f1179e7d6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   68.369953][ T5319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.372725][ T5319] CR2: 00007f1179cdd9b8 CR3: 0000000040ed8000 CR4: 0000000000352ef0
[   68.375933][ T5319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.379147][ T5319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000602
[   68.382267][ T5319] Call Trace:
[   68.383574][ T5319]  <TASK>
[   68.384735][ T5319]  ? __die_body+0x5f/0xb0
[   68.386303][ T5319]  ? die_addr+0xb0/0xe0
[   68.388105][ T5319]  ? exc_general_protection+0x3dd/0x5d0
[   68.390528][ T5319]  ? asm_exc_general_protection+0x26/0x30
[   68.392910][ T5319]  ? __pfx_zero_pipe_buf_release+0x10/0x10
[   68.395214][ T5319]  ? iter_file_splice_write+0xd84/0x1510
[   68.397226][ T5319]  ? iter_file_splice_write+0xe07/0x1510
[   68.399446][ T5319]  ? __pfx_iter_file_splice_write+0x10/0x10
[   68.401798][ T5319]  ? rcu_read_lock_any_held+0xb7/0x160
[   68.403983][ T5319]  ? __pfx_iter_file_splice_write+0x10/0x10
[   68.406574][ T5319]  direct_splice_actor+0x11b/0x220
[   68.408806][ T5319]  splice_direct_to_actor+0x586/0xc80
[   68.411074][ T5319]  ? __pfx_direct_splice_actor+0x10/0x10
[   68.413366][ T5319]  ? __pfx_splice_direct_to_actor+0x10/0x10
[   68.415704][ T5319]  ? __fget_files+0x2a/0x410
[   68.417593][ T5319]  ? __pfx_lock_release+0x10/0x10
[   68.419578][ T5319]  do_splice_direct+0x289/0x3e0
[   68.421262][ T5319]  ? __pfx_do_splice_direct+0x10/0x10
[   68.423498][ T5319]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   68.425925][ T5319]  ? rw_verify_area+0x243/0x630
[   68.427859][ T5319]  do_sendfile+0x564/0x8a0
[   68.429773][ T5319]  ? __pfx_do_sendfile+0x10/0x10
[   68.431900][ T5319]  ? __rseq_handle_notify_resume+0x34d/0x14e0
[   68.434559][ T5319]  __se_sys_sendfile64+0x17c/0x1e0
[   68.436706][ T5319]  ? __pfx___se_sys_sendfile64+0x10/0x10
[   68.438963][ T5319]  ? do_syscall_64+0x100/0x230
[   68.440979][ T5319]  ? do_syscall_64+0xb6/0x230
[   68.442871][ T5319]  do_syscall_64+0xf3/0x230
[   68.444773][ T5319]  ? clear_bhb_loop+0x35/0x90
[   68.446698][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.449306][ T5319] RIP: 0033:0x7f1178f8cda9
[   68.451338][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.459387][ T5319] RSP: 002b:00007f1179e7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   68.462936][ T5319] RAX: ffffffffffffffda RBX: 00007f11791a5fa0 RCX: 00007f1178f8cda9
[   68.466298][ T5319] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000009
[   68.469509][ T5319] RBP: 00007f117900e2a0 R08: 0000000000000000 R09: 0000000000000000
[   68.472643][ T5319] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000000
[   68.475926][ T5319] R13: 0000000000000000 R14: 00007f11791a5fa0 R15: 00007ffc91efaa48
[   68.479028][ T5319]  </TASK>
[   68.480557][ T5319] Modules linked in:
[   68.482678][ T5319] ---[ end trace 0000000000000000 ]---
[   68.508462][ T5319] RIP: 0010:iter_file_splice_write+0xe07/0x1510
[   68.508505][ T5319] Code: 00 00 fc ff df 41 80 3c 06 00 49 89 c6 74 08 4c 89 e7 e8 5c 17 df ff 49 c7 04 24 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 df e8 4a 16 df ff 48 8b 44 24 20 48 8b
[   68.508527][ T5319] RSP: 0018:ffffc9000d40f780 EFLAGS: 00010202
[   68.508544][ T5319] RAX: 0000000000000001 RBX: 0000000000000008 RCX: 0000000000000005
[   68.508554][ T5319] RDX: ffffc9000e412000 RSI: 0000000000000000 RDI: 7fffffffffffff7f
[   68.508569][ T5319] RBP: ffffc9000d40fa30 R08: ffffffff8246eae4 R09: 1ffff110087e501b
[   68.508580][ T5319] R10: dffffc0000000000 R11: ffffffff82036da0 R12: ffff888052c68838
[   68.508590][ T5319] R13: 0000000000000000 R14: dffffc0000000000 R15: 7fffffffffffff7f
[   68.508600][ T5319] FS:  00007f1179e7d6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   68.508612][ T5319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.508622][ T5319] CR2: 00007f117917c170 CR3: 0000000040ed8000 CR4: 0000000000352ef0
[   68.508635][ T5319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.508643][ T5319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000602
[   68.508655][ T5319] Kernel panic - not syncing: Fatal exception
[   68.509038][ T5319] Kernel Offset: disabled