syzkaller login: [   38.111525] sshd (244) used greatest stack depth: 24768 bytes left
Warning: Permanently added '[localhost]:52900' (ECDSA) to the list of known hosts.
2022/09/21 10:37:41 fuzzer started
2022/09/21 10:37:41 dialing manager at localhost:34957
[   39.773594] cgroup: Unknown subsys name 'net'
[   39.844109] cgroup: Unknown subsys name 'rlimit'
2022/09/21 10:37:55 syscalls: 2215
2022/09/21 10:37:55 code coverage: enabled
2022/09/21 10:37:55 comparison tracing: enabled
2022/09/21 10:37:55 extra coverage: enabled
2022/09/21 10:37:55 setuid sandbox: enabled
2022/09/21 10:37:55 namespace sandbox: enabled
2022/09/21 10:37:55 Android sandbox: enabled
2022/09/21 10:37:55 fault injection: enabled
2022/09/21 10:37:55 leak checking: enabled
2022/09/21 10:37:55 net packet injection: enabled
2022/09/21 10:37:55 net device setup: enabled
2022/09/21 10:37:55 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/21 10:37:55 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/21 10:37:55 USB emulation: enabled
2022/09/21 10:37:55 hci packet injection: enabled
2022/09/21 10:37:55 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220920                                          )
2022/09/21 10:37:55 802.15.4 emulation: enabled
2022/09/21 10:37:55 fetching corpus: 50, signal 24698/26513 (executing program)
2022/09/21 10:37:55 fetching corpus: 100, signal 38362/41768 (executing program)
2022/09/21 10:37:56 fetching corpus: 150, signal 47762/52658 (executing program)
2022/09/21 10:37:56 fetching corpus: 200, signal 57400/63609 (executing program)
2022/09/21 10:37:56 fetching corpus: 250, signal 61170/68737 (executing program)
2022/09/21 10:37:56 fetching corpus: 300, signal 68700/77340 (executing program)
2022/09/21 10:37:56 fetching corpus: 350, signal 73467/83286 (executing program)
2022/09/21 10:37:56 fetching corpus: 400, signal 78920/89816 (executing program)
2022/09/21 10:37:56 fetching corpus: 450, signal 81734/93781 (executing program)
2022/09/21 10:37:56 fetching corpus: 500, signal 84374/97533 (executing program)
2022/09/21 10:37:56 fetching corpus: 550, signal 88934/103027 (executing program)
2022/09/21 10:37:56 fetching corpus: 600, signal 91416/106572 (executing program)
2022/09/21 10:37:57 fetching corpus: 650, signal 94025/110214 (executing program)
2022/09/21 10:37:57 fetching corpus: 700, signal 96246/113385 (executing program)
2022/09/21 10:37:57 fetching corpus: 750, signal 98546/116648 (executing program)
2022/09/21 10:37:57 fetching corpus: 800, signal 101245/120230 (executing program)
2022/09/21 10:37:57 fetching corpus: 850, signal 105614/125148 (executing program)
2022/09/21 10:37:57 fetching corpus: 900, signal 107775/128135 (executing program)
2022/09/21 10:37:57 fetching corpus: 950, signal 111503/132439 (executing program)
2022/09/21 10:37:57 fetching corpus: 1000, signal 113970/135542 (executing program)
2022/09/21 10:37:57 fetching corpus: 1050, signal 116240/138510 (executing program)
2022/09/21 10:37:57 fetching corpus: 1100, signal 117875/140915 (executing program)
2022/09/21 10:37:57 fetching corpus: 1150, signal 119569/143377 (executing program)
2022/09/21 10:37:58 fetching corpus: 1200, signal 121743/146148 (executing program)
2022/09/21 10:37:58 fetching corpus: 1250, signal 123853/148834 (executing program)
2022/09/21 10:37:58 fetching corpus: 1300, signal 125792/151373 (executing program)
2022/09/21 10:37:58 fetching corpus: 1350, signal 127365/153613 (executing program)
2022/09/21 10:37:58 fetching corpus: 1400, signal 129387/156147 (executing program)
2022/09/21 10:37:58 fetching corpus: 1450, signal 130424/157889 (executing program)
2022/09/21 10:37:58 fetching corpus: 1500, signal 131566/159725 (executing program)
2022/09/21 10:37:58 fetching corpus: 1550, signal 133154/161843 (executing program)
2022/09/21 10:37:58 fetching corpus: 1600, signal 134886/164027 (executing program)
2022/09/21 10:37:58 fetching corpus: 1650, signal 136014/165820 (executing program)
2022/09/21 10:37:59 fetching corpus: 1700, signal 137848/168041 (executing program)
2022/09/21 10:37:59 fetching corpus: 1750, signal 140160/170591 (executing program)
2022/09/21 10:37:59 fetching corpus: 1800, signal 142163/172860 (executing program)
2022/09/21 10:37:59 fetching corpus: 1850, signal 143573/174692 (executing program)
2022/09/21 10:37:59 fetching corpus: 1900, signal 145093/176589 (executing program)
2022/09/21 10:37:59 fetching corpus: 1950, signal 146146/178153 (executing program)
2022/09/21 10:37:59 fetching corpus: 2000, signal 147365/179872 (executing program)
2022/09/21 10:37:59 fetching corpus: 2050, signal 148682/181547 (executing program)
2022/09/21 10:37:59 fetching corpus: 2100, signal 150982/183875 (executing program)
2022/09/21 10:38:00 fetching corpus: 2150, signal 152587/185671 (executing program)
2022/09/21 10:38:00 fetching corpus: 2200, signal 153515/187043 (executing program)
2022/09/21 10:38:00 fetching corpus: 2250, signal 155268/188897 (executing program)
2022/09/21 10:38:00 fetching corpus: 2300, signal 156313/190276 (executing program)
2022/09/21 10:38:00 fetching corpus: 2350, signal 157473/191794 (executing program)
2022/09/21 10:38:00 fetching corpus: 2400, signal 158054/192919 (executing program)
2022/09/21 10:38:00 fetching corpus: 2450, signal 159307/194408 (executing program)
2022/09/21 10:38:00 fetching corpus: 2500, signal 159980/195530 (executing program)
2022/09/21 10:38:00 fetching corpus: 2550, signal 160785/196761 (executing program)
2022/09/21 10:38:00 fetching corpus: 2600, signal 162124/198236 (executing program)
2022/09/21 10:38:00 fetching corpus: 2650, signal 163685/199785 (executing program)
2022/09/21 10:38:00 fetching corpus: 2700, signal 165770/201639 (executing program)
2022/09/21 10:38:01 fetching corpus: 2750, signal 167634/203356 (executing program)
2022/09/21 10:38:01 fetching corpus: 2800, signal 168547/204484 (executing program)
2022/09/21 10:38:01 fetching corpus: 2850, signal 169492/205660 (executing program)
2022/09/21 10:38:01 fetching corpus: 2900, signal 170512/206805 (executing program)
2022/09/21 10:38:01 fetching corpus: 2950, signal 171362/207845 (executing program)
2022/09/21 10:38:01 fetching corpus: 3000, signal 172195/208972 (executing program)
2022/09/21 10:38:01 fetching corpus: 3050, signal 172953/209961 (executing program)
2022/09/21 10:38:01 fetching corpus: 3100, signal 173733/210964 (executing program)
2022/09/21 10:38:01 fetching corpus: 3150, signal 176098/212834 (executing program)
2022/09/21 10:38:01 fetching corpus: 3200, signal 176882/213875 (executing program)
2022/09/21 10:38:02 fetching corpus: 3250, signal 177856/214884 (executing program)
2022/09/21 10:38:02 fetching corpus: 3300, signal 178531/215723 (executing program)
2022/09/21 10:38:02 fetching corpus: 3350, signal 179459/216696 (executing program)
2022/09/21 10:38:02 fetching corpus: 3400, signal 180453/217710 (executing program)
2022/09/21 10:38:02 fetching corpus: 3450, signal 181455/218714 (executing program)
2022/09/21 10:38:02 fetching corpus: 3500, signal 182560/219797 (executing program)
2022/09/21 10:38:02 fetching corpus: 3550, signal 183315/220657 (executing program)
2022/09/21 10:38:02 fetching corpus: 3600, signal 184244/221549 (executing program)
2022/09/21 10:38:02 fetching corpus: 3650, signal 185465/222554 (executing program)
2022/09/21 10:38:03 fetching corpus: 3700, signal 186291/223389 (executing program)
2022/09/21 10:38:03 fetching corpus: 3750, signal 187140/224192 (executing program)
2022/09/21 10:38:03 fetching corpus: 3800, signal 187459/224827 (executing program)
2022/09/21 10:38:03 fetching corpus: 3850, signal 188621/225781 (executing program)
2022/09/21 10:38:03 fetching corpus: 3900, signal 189370/226533 (executing program)
2022/09/21 10:38:03 fetching corpus: 3950, signal 190165/227262 (executing program)
2022/09/21 10:38:03 fetching corpus: 4000, signal 190814/227961 (executing program)
2022/09/21 10:38:03 fetching corpus: 4050, signal 191733/228802 (executing program)
2022/09/21 10:38:03 fetching corpus: 4100, signal 192621/229544 (executing program)
2022/09/21 10:38:03 fetching corpus: 4150, signal 193125/230203 (executing program)
2022/09/21 10:38:03 fetching corpus: 4200, signal 193626/230815 (executing program)
2022/09/21 10:38:04 fetching corpus: 4250, signal 194454/231562 (executing program)
2022/09/21 10:38:04 fetching corpus: 4300, signal 195300/232280 (executing program)
2022/09/21 10:38:04 fetching corpus: 4350, signal 196450/233038 (executing program)
2022/09/21 10:38:04 fetching corpus: 4400, signal 197380/233678 (executing program)
2022/09/21 10:38:04 fetching corpus: 4450, signal 198131/234286 (executing program)
2022/09/21 10:38:04 fetching corpus: 4500, signal 198509/234785 (executing program)
2022/09/21 10:38:04 fetching corpus: 4550, signal 199106/235349 (executing program)
2022/09/21 10:38:04 fetching corpus: 4600, signal 200139/236010 (executing program)
2022/09/21 10:38:04 fetching corpus: 4650, signal 200790/236540 (executing program)
2022/09/21 10:38:04 fetching corpus: 4700, signal 201428/237071 (executing program)
2022/09/21 10:38:04 fetching corpus: 4750, signal 202293/237838 (executing program)
2022/09/21 10:38:05 fetching corpus: 4800, signal 202814/238330 (executing program)
2022/09/21 10:38:05 fetching corpus: 4850, signal 203330/238830 (executing program)
2022/09/21 10:38:05 fetching corpus: 4900, signal 203869/239315 (executing program)
2022/09/21 10:38:05 fetching corpus: 4950, signal 204427/239782 (executing program)
2022/09/21 10:38:05 fetching corpus: 5000, signal 205296/240300 (executing program)
2022/09/21 10:38:05 fetching corpus: 5050, signal 206412/240842 (executing program)
2022/09/21 10:38:05 fetching corpus: 5100, signal 206918/241277 (executing program)
2022/09/21 10:38:05 fetching corpus: 5150, signal 207824/241741 (executing program)
2022/09/21 10:38:05 fetching corpus: 5200, signal 208983/242239 (executing program)
2022/09/21 10:38:05 fetching corpus: 5250, signal 209707/242672 (executing program)
2022/09/21 10:38:06 fetching corpus: 5300, signal 210210/243082 (executing program)
2022/09/21 10:38:06 fetching corpus: 5350, signal 210396/243398 (executing program)
2022/09/21 10:38:06 fetching corpus: 5400, signal 210836/243769 (executing program)
2022/09/21 10:38:06 fetching corpus: 5450, signal 211359/244158 (executing program)
2022/09/21 10:38:06 fetching corpus: 5500, signal 212160/244615 (executing program)
2022/09/21 10:38:06 fetching corpus: 5550, signal 212898/245009 (executing program)
2022/09/21 10:38:06 fetching corpus: 5600, signal 213422/245346 (executing program)
2022/09/21 10:38:06 fetching corpus: 5650, signal 213865/245657 (executing program)
2022/09/21 10:38:06 fetching corpus: 5700, signal 214861/246039 (executing program)
2022/09/21 10:38:06 fetching corpus: 5750, signal 215459/246328 (executing program)
2022/09/21 10:38:07 fetching corpus: 5800, signal 216756/246683 (executing program)
2022/09/21 10:38:07 fetching corpus: 5850, signal 217102/246945 (executing program)
2022/09/21 10:38:07 fetching corpus: 5900, signal 218068/247292 (executing program)
2022/09/21 10:38:07 fetching corpus: 5950, signal 218348/247551 (executing program)
2022/09/21 10:38:07 fetching corpus: 6000, signal 219144/247849 (executing program)
2022/09/21 10:38:07 fetching corpus: 6050, signal 219507/248089 (executing program)
2022/09/21 10:38:07 fetching corpus: 6100, signal 220354/248339 (executing program)
2022/09/21 10:38:07 fetching corpus: 6150, signal 221201/248413 (executing program)
2022/09/21 10:38:07 fetching corpus: 6200, signal 221609/248431 (executing program)
2022/09/21 10:38:07 fetching corpus: 6250, signal 222243/248431 (executing program)
2022/09/21 10:38:08 fetching corpus: 6300, signal 222891/248436 (executing program)
2022/09/21 10:38:08 fetching corpus: 6350, signal 223668/248449 (executing program)
2022/09/21 10:38:08 fetching corpus: 6400, signal 224015/248460 (executing program)
2022/09/21 10:38:08 fetching corpus: 6450, signal 224850/248461 (executing program)
2022/09/21 10:38:08 fetching corpus: 6500, signal 225319/248465 (executing program)
2022/09/21 10:38:08 fetching corpus: 6550, signal 225781/248479 (executing program)
2022/09/21 10:38:08 fetching corpus: 6600, signal 226199/248479 (executing program)
2022/09/21 10:38:08 fetching corpus: 6650, signal 226902/248522 (executing program)
2022/09/21 10:38:08 fetching corpus: 6700, signal 227306/248525 (executing program)
2022/09/21 10:38:08 fetching corpus: 6750, signal 227610/248525 (executing program)
2022/09/21 10:38:08 fetching corpus: 6779, signal 227807/248526 (executing program)
2022/09/21 10:38:08 fetching corpus: 6779, signal 227807/248526 (executing program)
2022/09/21 10:38:11 starting 8 fuzzer processes
10:38:11 executing program 0:
ioctl$TIOCL_SCROLLCONSOLE(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0xd, 0x10000})
ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, &(0x7f0000000040))
r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TIOCGISO7816(r0, 0x80285442, &(0x7f0000000080))
ioctl$KDSETLED(r0, 0x4b32, 0x8)
ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f00000000c0)=0x4)
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x8ef0)
ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000100))
r2 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCMGET(r2, 0x5415, &(0x7f0000000140))
splice(r0, &(0x7f0000000180)=0x6, r2, &(0x7f00000001c0)=0x8, 0x0, 0x9)
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000200)={0x1, 0x4, 0xf5})
write(r2, &(0x7f0000000240)="f4f74b3346261cf05df20133b0fde3663eadec689dece845c90443036e0d966c931a71a04c1f7c09e3eab6c139c92e8b07afe4fd66996eb047c4a2fee995fa5e7ed9363ae6e851c65124c9e159c8372f3d5e6e6a0ae2893d7d2e673eb202f8105403edde81c49aed8e5aea6ab0eeea5af23476c9405f04561f2137ca3ccd337b876207cc171aad1e791462aa3a94d2aede7383778cfe53d4706d1685dc827dc8cc665cd6ce832eccf6dc83ad90325fe67d662e25b6fa4bfcf3cdb8eacd98785957134ca17fe76e928eda02e715ad7225c8acc3d567b1dd73ccc4b03e90fcd3703ed867132d3ea1bd12c4", 0xea)
ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000340)={0x0, 0x4, 0x4, 0xffffffff, 0x14, "c6b88de86662bf4507ee4747eeb9f300203818", 0x2c96, 0x7})
r3 = dup3(r1, r0, 0x80000)
ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f00000003c0)={0x2, &(0x7f0000000380)=[{0xe82, 0x40}, {0x5, 0x654}]})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000400))
r4 = fcntl$dupfd(r2, 0x0, r2)
r5 = socket$inet6_icmp(0xa, 0x2, 0x3a)
sendmsg$unix(r4, &(0x7f0000002080)={&(0x7f0000001700)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000001880)=[{&(0x7f0000001780)="571ec11912ca4565ff64c105868c0b28e97f4774a6089f4d7936b160e85440655a3c1e4b9be1925814776ff246307fa741e94759045a7d607f3fdfcc1a51414b87db5d7ce1f1844e3e0032fa9bb3217b6cdfd873b841f1eee8b8a59e837da1fc45ffbaa6bbf6cf4339aa6c026e22a0126a12acf8f40be115dcb2d86fdb5eb1bcd4b57fd8cdbb76fd7159656b8ade7bba45963bd61c92bb5369b0c5f6fa6b2a85555cf9a8cd30c25e6066cc4eada3da6aa4dee7a1aed3f900e3b7d2d655efee7836a744b18201c00fc3f1f5ca6d20a45cfb3951530ca5372254e0835e9d8a96f56df5", 0xe2}], 0x1, &(0x7f0000001fc0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xee01}}}, @rights={{0x20, 0x1, 0x1, [r1, r2, r5, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, 0xee01}}}, @cred={{0x1c}}], 0xc0, 0x80}, 0x51000)

10:38:11 executing program 3:
r0 = semget(0x3, 0x0, 0x2a2)
semctl$IPC_RMID(r0, 0x0, 0x0)
r1 = semget(0x3, 0x4, 0x400)
r2 = semget$private(0x0, 0x2, 0x514)
semctl$IPC_RMID(r2, 0x0, 0x0)
semctl$SEM_INFO(r2, 0x4, 0x13, &(0x7f0000000000)=""/4096)
r3 = semget(0x1, 0x0, 0x120)
semctl$SEM_INFO(r3, 0x4, 0x13, &(0x7f0000001000)=""/200)
semctl$SETVAL(r2, 0x4, 0x10, &(0x7f0000001100)=0x6)
semtimedop(r0, &(0x7f0000001140)=[{0x3, 0x7f, 0x800}, {0x2, 0x800, 0x1800}, {0x0, 0x703, 0x1000}, {0x3, 0x1ff}, {0x0, 0x9}, {0x4, 0x6, 0x1800}], 0x6, &(0x7f0000001180)={0x0, 0x989680})
r4 = semget$private(0x0, 0x4, 0x20)
semtimedop(r4, &(0x7f00000011c0)=[{0x4, 0x400, 0x800}], 0x1, &(0x7f0000001200)={0x77359400})
r5 = semget(0x1, 0x2, 0x1b0)
semctl$GETPID(r5, 0x4, 0xb, &(0x7f0000001240)=""/216)
semctl$GETZCNT(r4, 0x4, 0xf, &(0x7f0000001340)=""/243)
semctl$IPC_RMID(0x0, 0x0, 0x0)
semtimedop(r1, &(0x7f0000001440)=[{0x1, 0xffc0, 0x800}, {0x0, 0x7, 0x1800}, {0x3, 0x0, 0x800}, {0x4, 0xa00, 0x1000}, {0x3, 0x200, 0x400}], 0x5, &(0x7f0000001480)={0x77359400})
semget$private(0x0, 0x2, 0xc0)
semctl$SETVAL(r4, 0x2, 0x10, &(0x7f00000014c0)=0x9)
semctl$SETVAL(r1, 0x0, 0x10, &(0x7f0000001500)=0x2c8)

10:38:11 executing program 1:
setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000000000)={{0xa, 0x4e23, 0x0, @local, 0x1f}, {0xa, 0x4e20, 0x3, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x6, [0x0, 0x3ff, 0x7, 0x1, 0x2, 0x84, 0x9, 0x3]}, 0x5c)
ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, &(0x7f0000000080)={{0x80000001, 0x2b798e63}, 0x100, './file0\x00'})
r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x440040, 0x10)
bind$unix(0xffffffffffffffff, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e)
r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000280)='syz0\x00', 0x200002, 0x0)
ioctl$int_out(r1, 0x5460, &(0x7f00000002c0))
openat$cgroup_devices(r1, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0)
r2 = fspick(r0, &(0x7f0000000340)='./file0\x00', 0x0)
ioctl$BINDER_CTL_ADD(0xffffffffffffffff, 0xc1086201, &(0x7f0000000380)={'custom1\x00'})
r3 = dup3(r0, r2, 0x80000)
mknodat(r3, &(0x7f00000004c0)='./file0\x00', 0x0, 0x100020)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x38, 0x3e9, 0x200, 0x70bd27, 0x25dfdbfb, {0x8, 0x0, 0x1, 0xffffffffffffffff, 0x699, 0x1, 0xbd, 0x6, 0x0, 0xdf}}, 0x38}, 0x1, 0x0, 0x0, 0x4d978fb1787c16bf}, 0x8000)
ioctl$BLKGETSIZE(r3, 0x1260, &(0x7f0000000600))
getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000900)={{{@in=@initdev, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@dev}, 0x0, @in=@private}}, &(0x7f0000000a00)=0xe8)
syz_mount_image$iso9660(&(0x7f0000000640), &(0x7f0000000680)='./file0\x00', 0x45, 0x3, &(0x7f0000000880)=[{&(0x7f00000006c0)="48c4e69c5adf232c660207ba30cd86c6b51839ec8c5519d3bfa665e1283ddd1b7867b7ea01d582b4e450dc99320cee3cb318137dfb20763350822afcf904da8af146e98b0cc34d2b3d103d0f5b8ac30741a37f8020148f261e6cc302fb5503c8fda40043060319732d5d80f71ece2be44d76a123a462760bd0c769a4d0d92e7b0044e1463cc1ca4d807f1b98a859d189c32d914e72", 0x95, 0x3}, {&(0x7f0000000780)="fa7b334955280c6e77b1026b9ac2764d43fbc4f7a2a4185d9deb6baf72bcb74d88d553dc59d6d35314a345f7f577956d", 0x30, 0x80fb}, {&(0x7f00000007c0)="14e20d41593551bc1328c7400ecadabe2452b6a9b68643ecd0fc4cfe9cd84c3fd92dbc197ae1f5d296a7ed8ceda84b6ab2d00a83b2f596378901274ce04ace5385fcdaedc9d33ccecabbcea273837f16b0886c58bd93f762c4f935113fad9fc276170495bc0d1f904c5dc435691a52953aecf02fa0662f2534091976c8ba0026bb1f4538136f3ece987168", 0x8b, 0x86}], 0x20001, &(0x7f0000000a40)={[{@dmode={'dmode', 0x3d, 0x3e}}, {}], [{@smackfsfloor={'smackfsfloor', 0x3d, '@\\'}}, {@euid_lt={'euid<', r4}}, {@fowner_gt}]})
ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, &(0x7f0000000ac0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d40), r3)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r3, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x2000208}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x34, r5, 0x100, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x35c}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xf0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x14}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x78}]}, 0x34}, 0x1, 0x0, 0x0, 0x8040}, 0x894)
r6 = syz_mount_image$nfs4(&(0x7f0000000e40), &(0x7f0000000e80)='./file0\x00', 0x8, 0x2, &(0x7f0000000fc0)=[{&(0x7f0000000ec0)="e1f50483b1aa5524fd079ee8ff822de701ab1ecab2b34ba7f38fba04a7fabe29caefb8ce1abad626fc613e5ad61e5c593898cf3420091547451b0e294fcebad0c2a709ea266db2f43371f6db9f0fc3f00cef3616e5c036f5c5986d0ae59c5e71578ee539f4b2cc6c", 0x68, 0x200}, {&(0x7f0000000f40)="4b573a431902d49fd897f675581f7bf225dc265b3dcd63c95a2450733e1329b90b47bf8012f15730b17107146242102fe2863fd8397f2092b1229ab08de292bb554eceb8557277", 0x47, 0x100000000}], 0x100000, &(0x7f0000001000)={[{'[,:'}, {'dmode'}, {'syz0\x00'}], [{@uid_lt={'uid<', r4}}, {@subj_type={'subj_type', 0x3d, '-'}}]})
ioctl$BTRFS_IOC_BALANCE(r6, 0x5000940c, 0x0)

10:38:11 executing program 5:
ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000))
r0 = syz_open_dev$mouse(&(0x7f0000000040), 0x401, 0x20000)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000080))
r1 = syz_open_pts(r0, 0x40800)
ioctl$KDDISABIO(r1, 0x4b37)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, &(0x7f00000000c0)={0x8, 'wlan1\x00', {'hsr0\x00'}, 0xff})
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = timerfd_create(0x3, 0x800)
r4 = fcntl$dupfd(r2, 0x0, r3)
r5 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000100), 0x200c2, 0x0)
pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000140)="23f8dcd62f8150634a9efb7f9f1ae2e43554a9e6e44a8ee81c0b320a6a5315b60911b13a6c630abb7010aad22869832050d087131667b287c5be9b842a28d4963131d5116c5c2fbef811a56c7215d1b9d2a3bb357e3adc4877b3aa7012a30021b4fcdf61e1fdbb66221a566610332ff0721efd6e7e89a569a8662c413b5fcc5eea88406e0a0ad7aea6717a32fced4fc2d191a43ab50d2474b779f35752c3a84bb9180fb922237b3d29b7cf58ec17bc4a824ccc60affd5a0047f768168bc6619e00e533d517181df768d10573141a211736eb91a041ac0c393dd45504f61fb54b91b6e13dd47cb2", 0xe7}], 0x1, 0xff, 0x9, 0x13)
r6 = syz_open_dev$sg(&(0x7f0000000280), 0x1, 0x101000)
pwritev2(r6, &(0x7f0000001480)=[{&(0x7f00000002c0)="6f9b2c8133c7c1d4c8b1b7d02cc967d0b6ee77967a3779bb3b7daf0c685247316f906726a3a874df0b5bef2c2d6e0c6f256b385466600cb47a5a677663ad1611ea2d8f1a7fd3767a0f62f05a4d4b620dfece0feb890de9d7a2a42b7f3f1d42928c3a89fbcb2bebcc21b7890fb51cfb80c4f99c684885261fabc0efaa4a3bf7384f38b77d24ad15451cd128e310d6ce142275bca6303809165fc25e607bb7b6244c7e82e4ff7254869127cdb4be1b6fb064b4886714169d41871bf1edd24f6787c5561bd68177e40fb15b9a55aaa12011dd7b55d3bf4d38b6bb7d54538f1c36614319384f", 0xe4}, {&(0x7f00000003c0)="c7792a6b83a3f72217b3f62a8290e8babedf24042769402885199372c4e8165b4486cdeeecfa0b294161bd8706a964bad901b2531b4acb751e9f878af417777d6d993665bf15f894e8fcc89a310f6f9b644efcafe4e61461245241ea842f5c252aa0627e605339dc97624d782e15fe72915cf3984504342fac9ce7ea1a1d93773dec59ad3d317989a59c48aa9aa69e54555041085a97c93263334bbf5b03ccaf4ff341f2207f5ba753670d30c923901f2b17d6a4cc9e455408f06aec6f51a04aad1780775b3fdd98b4e0b2a19d3a668388b5829aebb22c99f855ce5def945552fc0de5057a2e4159725e74fd8d50b373d15e742d2cfae4572d355132cfc6169ffc5f07366c63493e59dc8142f01fcc736883c4adb84f04a61f71b33d21eaa77480207e25ea5a3e5840a310fb43ca5c2b76659e03d97e9a4dd64d9bfb5b5bae5ada8f4c4309fd87a0f1d0c4364d009b0c83f2cbc42af4055ea80a90565c1fa2dcb2482fd6c59a545f4d87d76117ce575cec467be27bf4d61d4b338ecfabf6d7d33b4214c3c40f6b04e59b137d6552964fb2bb9c66158f79abf936036e4d421b7d5fb03f6d35c8a43857ce6ba025bc10802aa95bb855ce966d9181f727b09d990b2f8d0730f217005353d7ff55757c3b78ed514300b778826f25ee69ae6cc92632a43f3f914f08adad5ef1f236a575ba75fdbdfc9050b5257aa8aa16f1223a66f990a386573e02c9f979a3f1f86207d02dffbebd67b124196e8ad75f6642627452058f50786bd3bfb40bd4fa1a523888e8fb9c116bf739c2c61d97bee77dbbae6bdcd200f4ae7b9fac2a51a36ebaa993641557e4a0d32533e8e30a0914a9d4506285ad5d4f6722171c119e3513e745da61bcd74c564006c3da79e1f99b4a2e2a9ce3ba3468dc871e177e09ba947810b0b1d4ee96300e8f848aa46d260894ddcf04e8e9205c7b0d2361a8c1d0357dbdde7fcc5c5f24534a29c88b99b8f0cf81e13b218c27bc0c8eab2dcfdff9253dae0f2a6723254d342646adf03ac21a7309f4796447ff80323002280b6d9904540a1d7b83e5489929183b10e0aab04d3a722409693faf1d10ac5c78e1b6dbe015b35a9210664752f68457d1e9e38f614a03527d447f3618a78ebccd4e3d79fca0a8e5fc0887293c2a986db70ad931eaafa88b84f6e1a18b993993342592954c38302f7fc951ff2def92d2cde17c837234d1488fc41d8d51031c648cc5654cfa337548b9e6495a169e6bc8368ec4dc56fe8eb95b823afc37b17f5e047d89dd3d65a659a00281be0ee677d4f4651a0516f0266a8b4021319f2d952f755b69a3740830ea53f7b4ad4b50816ccc6c38182c55209a91c7fb3325bea8aa775062fbd0be27ddcd819c6fa3b0e3abf7605eaea51b14824b6d7ce7ea5ca02b2c4903b7276c0959a73400ad1410abdcfb5e0fdbe6466f887d2bc2527d62cd5192df4c4bd60a4bf34fb3c4f804eba619eef9d8dd8b7daebe89201896396af6d8aaa8e83905de857b40ce877fed9129fee1bbb8ebe5c5c7db893b48197944d746cba9fd10d75f691d8942f271f140beb33bdf3b84b8869e2abf2250a83e2fb88c4c70d375e67a05fe474e81843f751c8bef6424cb8e5ca7c84d4837c2c6e95d20d40a89df2e8f8677b5f793a5f37073457c9c3c715af81412367202756c898623ff450988bfbf848b80e224c105c5607d137f657d4c48599270015403156d679d7d6aa14b00722f8256681452732b8282235849fd45fee8c4c188b5044b2acefa2a011bf327b5ccc5563904acf579e02bcf996f0c4c053b0e4190555d2922340c84bd2f4459a425ef54d98ae6a6c88b96dc2c983d1b57eb8614dcda80059297d3e9cef3fe1b3a8dd926ad4665cb60b0a4c8e56a02ac0ed2fee087cd07b11d9352094e54bc40f0e2425e6f84e2429280e82676594a4b49847387c8f10f819d9d3694f1bb1b996be0313a256aa39ec28789752fff34bfe9cd8242c7849a2bce31e9d92cdd206c3742a3d1d57273ec5f57152bad3c738fd71a0a6d96981f3e2c03a86a0e3188a98b2893dc87722f64ff5b53057bc97cbd9107134f9d7075c42129ed4379cc5fb1c2911278ba5c6aa281369e2c4246f8498f2c8a0491644b04f28a8600ad368763ec5889c64246c3ebc3fec360440631e34d205706776ba3da8aa95586393ce4147cef8f05f63ea0adaa8e0079bcd65c997a3eb6b7500cafa54e7203e63e2868fb4235b907b04b7d31e83e8e34487d98192fbcd847a29430c16c8bddeecc9c926eb6677933e135e2175dfa8fb0192a3b02b0795f6d21c2014410e313c873c12f54963dd3264bc1f5fb27b78c306dcf479948296a5153bca40d959b31325d69041244650d51ca47722b55cc13a59118c3e53412ccdf19eeecb8c4a522be28bd13d2f8f5a34c60078a60fde03f88a692ea0e47b5e7b62c30b05f1c8ba7c3d8f0aff6c2904f62d122afeae0ac185167455bbc588adf5bb07c225400a10aa9b6227587cf06e181983657bc773806223c1e908077fe8efbc9b8b34c72e6fd0969cdc5f067d9a0392a3970683a08bcd5ebb7882d6e0f60915afa530e15480c6a1a08d6cec9fc951ecba27fdb27d1965c303c6d67e407f741bcb597a700e3698f4f3ba44de6f513124c4f89a9a2975b765dd8e997aac4a90a883e5e044b6a7e4de05d83e0279fcd38f80868cad0a6c03f60b0dc87401c51b001ccc68893fba15a246cea8126224f1797b88704be3a63179d601513e54346951ed2f98fbfa7d662fa4d58b4c876713b63fc317e38adcc991873085d566c7c6c3e708928fe34743143c22c55ef78f00c21d0cf73e6a600d7c30daf99c345d317e76b4d7e1cca86452f88b292fefc5cb4ce236882ab15cdb8e529b14ca2da74781ab87584c020a21554c4c71ca80bda166ef91cb2a8c5ec79d2e68a57f87b283ea9a0fd9292274b36a24b684bbe80881aedc59dd445b4744fb1125165fa5301268217a77265aed14392b7a059bf6dcd398880a15ba6c443ad95801ff26e3dfb8b7eef291453f81e94b342ed66873acaa04829ec08934be33b233cf7fe1fde561d45a8adb73cd38dfe68c9ac1fbdf92302fc7ffeafc7212fead7bc861a3eff6af2abc77af48f9c282fb42fcfcb7b5e7627ca01e9568a4f58ef8c3650082d27e492fd654041624b753f5a48c89e9a2a92c82e346cb1e08a64e2008a5b747e5aca43c8c5de640e18d95e40c820f4ffd1969d5e5997a34b2f70175df36de6a5cadb76a3badc2d27ced3f576f9fcaa424627d480a418726400a949a73ed30fd190c206461e58393e5088c46a82dc4de748ddfa60598ade3faa79b37bfe07c0d69ddb389610199d76505d2a71269a216cdcd59a5ddad41faa6cd10e62223818574e6997f13bcd1342a4cdad7a5b7087cb0e7726c4ef58641c10ce0a4b3c6f5b75e7cb249a9b380250a0b6fd43f90ac0fbb4fc22c0c583d589d32fbd3bd5319026b43be0b89427fe9230b07f257b0a6c105212b64235711c8cea1286089dc77a902569ff66290635c0089c384d101678a7fa60dd9b662f11e8228bd6f036d008bbecda9495f5bdffac81e4894eeb0c8197ce7161fc50c99d9e722f76bf56db05374667b46f57e9574a21926a65b5a7355d17063f72d43815daf467eb697f565316beb365440acc17a6d931ed0bd494c388c19ce3d715923fe03f284cd2191ca092ba5fc565aed8a7a9c5efa93b2e9005bc3252aa5cff92c5b34308435423733dfce055ef53d35e953f4d8126d3293fe0233164d7900eee76d92e1d9f9305b26903f44d21c6c281eb8c68467055b4872ddbfd01b8e9386f7db6c5ef6710955f0413fcdb7e396737e9845b16c174db2ff1fef4eec4605aefcdc2d6de4600456e78a90bdd90a66b49c415aa7fc6c8f5034eb45ac5b12953319981a344bf74440e3556fe18a585481d6ce57520f3a09c568d02deefd71393a48420dc6cbc46d4064b8001c11d2976455839c7a1e3a68e225764ae6d31b659ad73a6a2111ea1b5bdd45d41a904a4b3169a615033c134311ef17da986e19ab0bbaca10bbc32776748131d520565a8b57aa157ba9d6914f20e1b722858bd1efd5123d719dd4c9ca91436d098a8f564382cba9386397f3d50ceb58323b4d5946c45c395e8972965a6391070e538abf6e8482cc761f38722705299b1e0eeae7b51a1c195061bc26e5d745dcbb73698c903d5e5ce14ef618daab7cbe1e99739580d87e255556978e4adf4873f678be0002e6e3171908459a171cc39872132a27fffd066d5e3b5cb02375079367f7f604d6155813a37a188b97e0409ea5220d96b091ea63f14325cc9d12c7d423ebea86b3a9237b5d15c92385041169d93b703539a93d1434c4da9816e08b37ccdaed45abc8f6e7c43da5f2fb72d65cfbd1f446ad4c4febcec2623f8043ad9de583d1bd657b0672e85940a1e84e8dfe18fb401b67152191387315dc0f0f74661d9ddc71507549c456984420244df714dd7d71aca9d4e07aefb72a2fe94a3e4733689f9e06083ec9cc7d5a2fdf969c2d20dc910c08928296bf0aec5a13e11e55410a6545c53f94a8785af57f0ff63318f1e6192985bc88829d658438500e8b3ab36d8eb0cb7a3c630d67c3ca2238d17b9a43f1ceeeea4475f8f30185e53dacf2ed442f96401ea5cce1b530a7f89652c7737386998bddf0c472a9fb11d18831806c5d15a41a2f2a30156d6a738f8c22b7131021f025a07550d93175cd7a6c9eb217a235e6f9d5fa87bc212159f85bdbd0d427fd7278c561111c0034fa33eed8464e863a48d8841a974dde0c6c04f923cb7cd2f50af7bdbd0449b42dadf24cf69e1a3addd78fbca8be0b56bd8ebe2475cf5cf0b9321c37afb3f578825f8bf193cb3f7dc7ccde138af57e2bca6d31d85218efa1823aa9b0d24f758f94d0a450c8715d77371c53a2a80e30959c2b7b05a830eaccdc452ae76d06464d24c00053634ca3813c6cbc4165c0f6256959453b66bd6600c6c57517a38afc7ffe1e3dc34fefdf14f3504371b6ba952175288b1ed8bb01c82bd4b05c27f62eadec268f4e731e3add0016c6ea3ad20368b2c5cd5e465019eff2a68c88548f96bcfbb542c7f0292fd11024d708b79e592ecb8cda4e0510c541ca25d3f03348b308d144deffef33c8da2cc397c0e9048b348bccea847d7d784c2ceaeac2f81bea73aaa97edccd47a76769b8b41b290a2a02d7a2b203a6dfc99a600780ccc0dd72d5fed46f495c329a3a46650b031f73e19b6b7dd2625e8f9d23c465091e0f59c7d05b5ab0df6647acc16ef7a5a033caa8c6318d2f225ee16c9d929e317533e0814661ab2aff6bb5deb74e2cba64bbc39e9a7d491df77840ba152de6319ccc45782045429373829a25f5aeccdda3e17ff856afcda4c9e070bc60110bf2d60875b5717b9909a97419c5771df11445049051241cec1cb26774f453f685d35f6cc84797a112d44888f9bda890be20b8fb51f75a771dfe24339a7d21900f0f1b7ea0915aa4a0ca7740e264f4d81a4479bd150df3b0d9eb21b752a75f63b89188955bae86466d551c14e9da9df0471a15031d7944e72a25a183e067d9578f59396c024b9fc0420f50b5ce820f7159dd8b548d0e943fe7203b1a305a97bcbf2a6c243b741695af6caaa89d15d77cacf923b54d27d44c6043d4aae32a91dc56a562b47d7ec67433ca25c0791c3a75125ada334f373ec52fcfa0beb8b697f95a646a28a13c20f9f94aa1b2b7be71e20bf9bc923a61428d772af59c624bb830487dbff3570f9d37442e7d4b3de7f38c7", 0x1000}, {&(0x7f00000013c0)="4490b519cf69eb1ea5ee691bc38e8815b5aed75f41d4f8fff0af630b0a2d7392052eda0f0f64e3af5ff0a846e15d5d433f7d1f568a4d14e0412af6071e380c5d613d216732fcfa33252ba80c988767c7febb2ea1a30185e3ff22fb7663a92cc5aa8c4614c03bb9b7c2ec9cd347ccf6ea499ca650a39f225dab3b177fe3e9800c7b521072caa9004618b005c35455a00d40795efe90ee70f6ed30a875b44800370bf600fe37033da2810e932b26", 0xad}], 0x3, 0xffffffff, 0x7, 0x8)
r7 = openat$zero(0xffffffffffffff9c, &(0x7f00000014c0), 0x40100, 0x0)
ioctl$TIOCGDEV(r7, 0x80045432, &(0x7f0000001500))
signalfd4(r5, &(0x7f0000001540)={[0xdb9a]}, 0x8, 0x0)
shutdown(r7, 0x0)
ioctl$RNDGETENTCNT(r4, 0x80045200, &(0x7f0000001580))
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f00000015c0)={'vcan0\x00', {0x2, 0x0, @dev}})
fstat(0xffffffffffffffff, &(0x7f0000001600))

10:38:11 executing program 2:
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000080)=0x80)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_netdev_private(r2, 0x89f8, &(0x7f00000000c0)="4aa7294f7d57a2a77836ba7a5057697c2165825b9782a30518808c3ee055ce43badd330c512c85b5047cb07ae31e592e30f589e76df9901f41e65138a2ab8409df3a40c5c325a0d9365ad4de629e770bac04cc0bf995ef34b4520b764864")
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000140)={'veth0\x00', @ifru_addrs=@hci}})
r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x100010, r3, 0x33d1000)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r3, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r4=>r2, {0x5}}, './file0\x00'})
connect(r1, &(0x7f0000000200)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x4e21, @loopback}, 0x2, 0x1, 0x4, 0x2}}, 0x80)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r1, 0x8040942d, &(0x7f0000000280))
statx(r4, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100, &(0x7f0000000300))
r5 = open(&(0x7f0000000400)='./file0\x00', 0x0, 0x22)
r6 = openat(r5, &(0x7f0000000440)='./file0\x00', 0x183, 0x100)
ioctl$FS_IOC_MEASURE_VERITY(r5, 0xc0046686, &(0x7f0000000480)={0x3, 0x52, "64498e5436cdfeaef0e86b27ce5c0431d290b2d10795dc0904730efe4340b220e6c105284186b7a5634f75db5ba37aaf596c24a299adbabd15e1184a8e92e63b90f7a50b9b46f7e59167233c5cc430ec1bbd"})
sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x84, 0x0, 0xc, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x11}, @void, @void}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x28, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}], @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x84}, 0x1, 0x0, 0x0, 0x404c000}, 0x4)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r7, &(0x7f0000000680)={0x24, @long={0x3, 0x1}}, 0x14)
ioctl$FS_IOC_GETVERSION(r5, 0x80087601, &(0x7f00000006c0))
mount_setattr(0xffffffffffffff9c, &(0x7f0000000700)='./file0\x00', 0x8000, &(0x7f0000000740)={0x0, 0x7b, 0x120000, {r6}}, 0x20)
r8 = signalfd4(r6, &(0x7f0000000780)={[0x1]}, 0x8, 0x800)
ioctl$EXT4_IOC_SWAP_BOOT(r8, 0x6611)

10:38:11 executing program 4:
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, &(0x7f0000000000)={0x6a1, "bb738da0651c28fc78a3f0eafe4631d9ac1493323edd01de1d27fe98f610a12a258d4aae14dc7df88ac020b210f673d1029ba0897a222d855fddb390bbb33651dfbe5c60076cd1f720495aaab758f2caba58b4b5d03c2cf9f571e367df6e56e8b4724cd57328bd83ca63b40cb84865d979d949d79b3c853998eb0ca73e825137e518847ef918d76651e0da7e6f5e5fd72f5b40dcb9a942627ce924a1a0418ac8e7b190db6e6613b7c2b0ddb559ec1a2fa266cfec653ae951d1613d2d96bb782080302452586dfd95e6d682c424ba7df057928d306ece69b778d397e4e1c6360f44e567a685cb5f96348f62ab88a75e244c0a2b36332d25ad4459babf1944889e1794c09dd6ac3424a89e6ea6a23c457ce7a4ba397d32e190539c4629720d751a6fcb965a90bddd0fef7ef5b337c5366d798a4577e99a4becbe26048a46910f2b12465fe146463421f08c14c040b054f6fad991968ac0591987f294ff8de04922d602103a5c46e2c57e9cd0be5efbe9253d337a425d7af0b0aa03ff4439ad0046b0e8e0ec5cd902f1ee3d173791c1b5a063b885ff508efa22f8904c855c0c8e60ec0c1b0257a56dbeea2d35d8be1d4cc61a1d142b20dcd73822526ff00f534aaa44e4ce0f69ca629e77cf7191b04299e7272383e2990c97ed2306aba935e730fa6a747d5c74030c08b95469d089581d2d9c3df426e8b99408a790b3ef6cc4e9e099c8b161fc43fc96f04d5f772dfccef034746db3d2fcd435766f071a14ced06345f82fed1e780ec6c3390737291c4ec2419d9d5bbc42834fd338ad539b0b7398254df38f501610820e0277d16ba929d68b55ea39add12a0475c500b8d7e412106a877af7b3b2bcd1bc77dc9345beb9f5366a344e185e24ffed7d35c7cf00260fb388e18e1eda737b71cbb5103aac7f02e250715a0f895e61cfa2cdd3eac712945ec0188d6b22851b6b523b03de4fd748b8a0c1eb3e839f6230ce9415461505013967f38853de60a19cd65f2838742cc4838ebc6a4bef03fb898376af1401797effaba17cfb7073e9cefd851a0794bf6056aa513705b66688f2def50911132105de2d19638dfb7157b885450ddb87f38b4668b4169be595cdf82e7af533a61d4e2059c7c621cf92ba0cf9332bd491be28f6d3289dbc883087995a1ee9fd5f2c93a8a84422271bd9b8df36e435fafa30c0a2518426bc76c455dbc8c29116f347406a4bf2c0e6e2f5d3a2e36ba2f41d61fab425c1f7299443106e02a14fa0bbd829c1cdc4c50cf56e147ee3306c8c056e9f9af8ffca296ac731a27655fca149d891484232b8a043ab4fede4620e833fbe0d6ef056a34dc53b0d0d0052c8e32772ae4bc8db1e3121491dff008cf310303a4334b3a95002448f0aa59c1b98d638bbdcac637a19434de1f238a1bb0771c9a2dd3684aaf20bf6936c7a1a82e22796f5ab6c71aca8dd737551b527b6b3265eda3c22f359393f653493a9287555602631377015781ee1fe840c9c69bf2b38cc8d4471a43c60d3b9bdb5c1b7a26813048b299c742f9da1c891e9db022ba7421b8dc9d19ccf2cdcbc238048922551fae3dac98854b2806ab90cb5a23a40ef8ee4e47cb5d8ffc5bdba186c42aafe7f70c581a6f3e312df70385a064a763aca6bee7e19c75e2881078f45414c2b36cb78009d94ed8d884fe03aecd5341a47c1a5ca2064e7327bdf89ca482015ed9c3af2954f2895e8e70a560a97f885ea9398869d1da8188017f47c5520369a34c85bf3363feecb1642c82b75c000d55bac5545563a9d2d1ebe89a2a2aeb1940675a6cf845e019d4f1116149011ffbeb51e6131fedeae4c2e5ceb2c7cd5a51f493dfcc82c6013a3157cac189f07d16a0851adc98ceab5c62d7fc30ee4f90e901319d42db24b8def132137d146a28cb346d2aafdd265e1d3eeac3553085083c7d00b3dbb63206cf6eaff5c284e13dc058d9f01d8ed6f21323d6b4e66ff8604e31d307495ab3205d67c9e21945075246575d5d2112fee77791b81cf68a0bff4616860382a988127c20b804f9ce0472477316130c6a8c040e571b445c5a48fc89ef6ab5db4ed0b8bafdaf362c27f9dea04808f9157538f034d56e0119e991a06fb263934545fc7de75dd4524eaeb699f19cba1546062d6dae6cbe06c32f3a762772b574d9f1de783df5fd65ecd4df29c95f714f8e58e92ccf2f4f35fdc4f9e1f00117d0288a3ac2a76284c8d0c7599d5a6ab3c4d2d037095c74d667ff1a7aaac6d85a127e6856997194046c311efd732b04b1b8b9dcf8f82119a052c2e65b21ca63629f941f27ed153809689a8c85906ab7e83329b959f43604f243fc25de2bd057ae2ff280a25e037aa5c4c4cea0c236da349684023f0a4a912dd72da520636db07dee9d79d588aec"})
ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, &(0x7f00000006c0)={{}, "53c491375c0cc06190b79d825b14a172499497f11efed2593202dfe63a41986ac063af9fb01ddaebe09502000057d9fa83e760365049f9a0647d35f1a522d2798e3c9e5e4cb42f2cb6cb4f961954fef6c3676f1ac1a61fc8db7cbeecfd18c082cfb65b3f6029156e078a3132068e34b627b5d9fe49697347230993a904a0a54cc5aa8e1cc9e32dab340a6e0730846df13bab091591f5b2a87f0719dbe67e212296b5d7cae965c0a06c3825f1eb10fbd12cd223b119bd406471d1c5975bf71fa0caffaf6bc3057e6d784fe87b4c5ffba94359dcfc3cdfc92e4cc65628ac8c12bfeb0db66e6a3146f89c378777761a8cb0e0b7cb4aafb87cdeb97daeb2dbbb3c7f2c7998de0c2be97c516a03c9cb057425583dc4ee60aa209d661d569f5b4984c3a48700e5571e85d63c5033537be6749e403d02d1330092fe51556bd5112f4550749e682f9ef008ee01cddd6d1c3da4fa3c99bdeefb2dfc54a4e72c805dc1143edb351cb4e06535e767d2281ca0eb244b32a9a9bd01e0c700728719c28a5a1e38047e95ea9ce3837a424a42c8fd646783c2a2efb306b44dcdc5ffabc267925b47d8068b7548849c1420aa5f677b0465a502f68c369737575d36634c1dd679a2c8c320c5828e685b5f64824fc720ffa44917f34c3d78389f5413238c36a850cf917090bf5beee489769cd2677e0f32f5aad92c547a805a0878a8e852121446a90fc27bbdf878146b9985f0a6a7f3ce390ed2ac102187d584ef27cfee356561a5b785a86103b0be8cdda2e10056c7656e64fa4ee34d32422ba944e0999c949fd61947521a75ab8606c8da583454acaf88d03c1d588cc8987aa2e58edd7fc1d59ff7beced11afabc8e8c0b426a8795ff335ed372263bb3b2bf67ea46b8635e3955e4afe14859dadccca79574871a1a6355a11f64b4e5349683e8f7783ce8ead0def5c060013c6736e104981596c41765881eaf47214d1c674d7891de965d7f3b86345b5e36ec60aca55ee7679652ab0b2fca7d9d1e0feb01b07f69f82c5468c54b69f3a60f1621a6e4d45e822abcbb16420b3c79a55150a08d097db5ad4dfc31548c5fb1f63ddf40fb74b0ceda3d221017d6e1e52cd6b5b878dd6a4b88029f136f040d8217d3260543fc3e104a3b95610ae91061a59ee37aedd9a3f909ade3da255a71b1bd4d7e783bc7e0cb570fb6204fb6d0139dc92e2865c045880b100fe92eb449d5fc64b7b114cb0de857a98535faf73582bc32c51a5af5a962e1c5d119c2d8e5d3587e593889fcb71d9a3449d2d79622b1b27c5a6dda1dfd004999495fb4c940889453d63c8485b5d4e558258fca1a8e7e4ffd69638a86ecc496f4862ca46353ccfc01b2514eb54abafb3748a386b8de051b38cd27ac18e6012a20adca4334481288baf26f7cf3c9abc02ab8cf490e0ce35916cb6f73aad30944924e165e1a12c8efedd6ecb5adb4dd1c295162d65783ece78d74379e31d8fcebb1b7c5d9daf6a668bb3f1118dd60ba12a801435d86f75ac0900cc6595720cb46f38b64f27a79d0bc93826df089ab0b7819dfd884fe86c52b3da886f1e4b033de6b56602f12328d0b15dd99c1eab1ec30fede49f7016059f6833a3ba03c9afc1ebd0a2bec7fa097856df052f8fcd6aab8a92a3f7ebd26c8208ac185e1cddc51b92ed31feb1fe93c265e026135b5763154f648d22ff0e798145ceb50df69139354a62ec48788e8609849b9f8ef96c9564c2bf3ba8a77d67a07afb472b939fc021d59719e88359a265ff61499cf418c6e1b4483026b6298fdf8bc517658736b0594abfa96c50a6f0d1fc04dac730bbf6ace5bf8d7350e6233150b552365478b4b3a9c64d89732b5b9d94839199685996e4f97bce78f567814b654bcef9081d58c0e7b6e4dac512d0770e236f09ab8d94b870209cd6f2ef41f220d3410766e3e5959744a3465e4b07d030b7ea3fba2b28a71017c6d3611f85e64c0ce56772c3539eecf124d4d0583782d1d897d38df4de537b31e1414fde1453569e7dd2b9cf6e0579c83509af06ee4169f03fc4dc2993360704f23d6bc328606548667227b3d814164e0778679c5e4fccc0d001bed516b3cd9db28bcbd0ba5925d6414ed99f8aa1c1d45b6926f4b2ef961e73d6e71569636672b4934aae74da2b963efb6cc42d60865a437ccabeb2c51cef9d5fb0d48505eb93bc5b15488be0a8924d7335fd0565f55879d3a89da5e35c85da3d8af0287838340eb907537d1f1a66fe6327c86c38ffd61ff1bd86900cfa8c439e2592d96b7c74ab75bb834861d3b51a99b6ec21eddd61867e881f6e30cf8f9eabd2b4b5b82abd7208be8d1980a77431cd5d49e9e3c28c755482db86019a3d2e733d7e648e2f0136fd4445f440939e3e3d458aa93d8c217108e8dce9ed9b8d6d866d7a76ef93774084f21b69a21be26f4e0fdf5789fb7d17f35084a3d9ce4ee4852d3686e8020add778e7d3bc683607ae3db6e970284604c8a85d54911382af5c10c443b154475dc473b9376cb9bae6c90a4bc210c50a8617691ee70eaba51b99a42cfd97cd5137d328b443ff893d1ed93e0fa09cf78c7ec34d9ab42007c481136efcb51d82521012141003e10eea3a17ddd5b220e0f421c8212a9c96c8053f3e28bfeba1081300cc62b3d662bc201f1cad4e5fc141b15e0fc2cbc654476ae8c4b55bd9917ad6ad4d754bb50cef621b5f31497686f7e7836f5241a2aae04491d9a16e43ee35f80f57acc0416eb5d69362680964f5c3503dbfc0014ccf263f2a7e9bada43296e190873e83adf0ab0ec84d46a53100e3446bdaedff9eb9a6a0622296928866791b2407902d67aefe6b3a6574880d573d936efbdcfc5f00d9f1b4408d8a9b2123465a19c589a28afafb60dbf807a59b4dd797f8b4e29e4e0cbcb6338ba47f2381152d5cd39ca4ed63320d3d15e2ae3ffbadc8bd4dee9840cb973e3ac6907adc75d3b53a80593f467e6bd86fad67a7d13bc708a381603ffd42f527a988346be9870b3e567308783e502cf4f60a6a95f306ac4acc784de02731b5f61a2af59fbd7a7d760f644a89d1dd6b421b2485b138e60173e8d74fa9ebd44d05f40e33d0f90938d214e48a1293504f2ac3562831d2ec97f82b2f16c01117791076bc959f1bbc0e089978f588690b77e9c5ed5ecb8108ae4979083566bae8a5f886789100b3abba65f7c3be97a931e9bc37f63530c48e41716d34498e8152d1526e3d5bd0f047510242403c406939bdd58899381e74e43b56e9a794287c43d0d3c7b29f759fd2c2e0e6196a7cc00d32b19731801c1eda529463651dda41d2527a5f117d502f5fa98541a520ab0077d3457bf1b000a3227a9b5e98d4ea52c92dc8e934f118fb19988b7c5db9cdf8b729bf32f44b4431f30d23a7745b1723e46cc69823080263453d7f7380bb4d69654f8f3529ca91964af940c4a9186b91965e7fb117d9a3338bf71488f9db31b8d50f64e3cac153b0ee2a00f33f8020db988f8e538241c939e5ec645bdf06787d323696bdc41c57e1cd1a1eca643f49cfd4f33c9e20c6ef4558b6fcbec4be41561c04042acfef18f89a2f29b738656877edc2c25ea6392466bd9e981e2e76b74358e533ba78a15094408511c3448c0c67a8643c71353d6ab45574c2956c5484d38b0c1e196ce3a059e33e9ccde5b723226070544829b9e7963aff592590ccccd8ac0cb7eee71fd58ec2cda4613d052085f22b14d3068dd124e97d9361e83b5fe44d2a09c0f1d98c66d3b090405efb07d9b46e5d4bd6746fc546216af64319487a55f1a9db7bd147fe110dfbcd6219fc1900a38a56c5a4a707690034c01ee95fe9fd6fce2c18bfabdefb949a95e938d874adfcb8ed1736aadabc2c8174fcb7bf71078d8599bd1835d0e630b9dca9bf2da9332850c0b263dad25e442a8214ee10263a170f6024d2ffd647cb9fd30e6ea916a322f9135e9fe821306d430e424bf8b8c718861987d70b11fdb5cac834ee88cebd685bf05018bc0da3491e89b9ccf617de912a29cf01bf73639eedcbcbd30e6d78849296ab6d974c144835608c7d60540b1da84a7e5a7e76d7ac6c8e6e1e4e1ea9fe7bf54ab80f1cdfc510e59e7e6e5a42c8b3ad0b2401b65f40673af510b7a2b520f1bb6067785f29b396aaaadabb150c66058eccf3924a17db84d0141e5a1acdcf51bb59cb01a7a7964fa0ed0d1a73ed461f7c06c647ca82055ecc95083b2917c558021d31bac4778710f84eb731909d6d2fad385b679ee8dfd4f6cf13daa4ddcd26a9a1c07c7a0e65a43a98f62993f9c25d7a8a44fa24cb9e09d49a807fa685b9c8273ac7058acd5b5499ae3f267e250705c3d4b24fd64c3160828f63269148556b095a5111f1fd6211a9cead6cba055325200ca7fa8928c11383c9029ccb0a1b304af0bf47172a5f5db2890d2a2a717cae6185c366327b3d006ec5f4f44e17ce7c4e84a3c03b1470ca9b052662a603ddb9f4969b4d4fa2f0895571aae516be7f39e9ea76d9572a21d6d48f7ae343aed33a5e9f01c05c9ec6817c61cdfd1c8561ae2f47b38acd497100159ce1f7072784be39da2e59c3744cf88ca50d920c9f01192509d8eb304816674607f4ec895321864adba9978d7508c76ef35691e6fffab80621a821aebf53d61810188e309587a9a17ae9be8d880933065395102a368418231e324b6424ff5e27bdfa6a7d1553e6e1e6e6a5011e68f13dd187b3d47bdef51cf97f8d0c03cda65c394fd42e1eceee29219021f721b63fba68fc579fe25613d883e67958cd52432871d929d7e2197c541def958ee3c9336c203323cd4c6a8f0c016ee4979fbf4c42b9bdadbc669de703268fb4bef1de38ff898df41f0e5fce090c52a8f098c07a422267c1c4a8e8a909eaa9ea3cf618eda1a89de75bc7416ae6cb374dd4a4d3260efac22209392dab2d89c6296179b6006f33eaffa005a37909f1e94b39898531960a1368d5d552ae254a0a8e4a71b0515c57bf97a1a944dce6b15409c0410cb27149af6c9d4c058884f9b4f239894423ea366a335b00e642026c7c906523d7aa20136d08fd7155001fea66fcce6982cbf42ff82382426e560312a0ab1c892f6040f403175141aa8b2d78601d75ebd8c4767014f3b2fb457790e99e0b2f5dc5f0d7b0928f516240d09e1c7e0b45f7d627dea8f17faf91ab41b61b237963ea3762e2ab46b249d5512d64be514531c9ff41dca6e04ef511d1a642543880b220028807adf647fa72347fdbb107dcd1b2ac434345be32ccdfd83399c931c1149c53ca76aed2c858d875a3efa93269c912a542eb03ef1039d7b67b30d04a023ed1435105959591037ebe9810a43f39ed2a12daa340ef2a27540e3c999c2461b96c4784e0d63a024575e4a27ce771b0a786c289143f47cbf1fefb34d03883813caa8a59c0cb2d725be0bf1f1d31c64004b21b64502ea67aa8fe8a7b09f8d59745e4d0c9d2e81b8276a3c8b832adaa2e2024509e549785e9164cfab1add5990eddc8c1f0d48eff448839a5e6f279a72b943990cb446cc0bdc6d67a63efd068e2304456fde4d9136e9503778c279dc12498cbdb7534695f1a2d27ca6e27e34b5d48fe6f5c7a2b7a0e6dc400fbc8d37630a2685fbcf00305952a50850c03c22b5faa23f6d4b51d6f9515e65b2d50885ec0a4ded0bfeaaad2a014c36882a45e8ec908885ee8fca8b0ab77d6beb9a1bf8408f31d0a42db938ab49f624dc8a4634c30d2aea454fc0a02b3d210fd182743866058d259e92d7dbe96c987dfca6eb33546557bacd083d66150041faa28be9761"})
ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f00000016c0))
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001700), 0x1)
ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, &(0x7f0000001780)={{r0}, 0x6, &(0x7f0000001740)=[0x4, 0xd4, 0x8, 0x0, 0x48f8, 0x3], 0x7, 0xd, [0x80000000, 0x7, 0x0, 0x1f]})
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
fcntl$getown(r1, 0x9)
fsetxattr$security_selinux(r0, &(0x7f0000001800), &(0x7f0000001840)='system_u:object_r:tmp_t:s0\x00', 0x1b, 0x0)
ioctl$HIDIOCGRDESCSIZE(r1, 0x80044801, &(0x7f0000001880))
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, &(0x7f00000018c0)={0x72b, "8d6759376d839356f76a20232981cd7057804bd47da69c1e26c12712497402c1abdc40b26b315c1b7666f1cc40f5a3bf9208ca3b8edcf7a6bd497d000eda403729f6a511efd1db8427d4e2287aab3f1de27ef2e89abb3dce93ab4497e159049afdab9dd098ff46166e3f2acf74a11dff58fabd98d372e79a28ba9adaf90899a0b73d45b18f223cce4d36976a6c513f6b2adb6486f35e8ebed15e37464ce976408c507a15045b94c532105efc97db375ef131b6eb022fcef4223150a6b72ee3047d227bac7854b11e3b048f99d91aae0ebf6bd034df862b1dbcb996e09222ec121b1c7ce333485f73387abc8b2749f56902fe6680b2f02196fd568a60ce7f97de8a0a119674ccd3a766b0992d098b9273df1e339ea42e40592d72ce10f49164fdb5ad7e2fae911432219e4d4eaf0a989b8d8752751bcb4b8a4341d418b08c53ecbe0264446608eb656abd4446d4840ae29f88b39615f56705d4ace0e6eaa50be941d853a705095053b4efd9951f4019a979cd6b887a6aa05ad9d6c1ce2d026a2588b7e2b941841e5f71e6743c9a7e108dbdc18021441ad7db319aff3cceb9811119ce306191f51261cece765e89d24ace13e53aa793c2f15d4c12dacdb0cc218dd99e023ac26380d314cd590e3d1914ddf8281c08574323291d96cca09f571a7898a31d3f9876027a186a695cf51942f50850499d75b2068b2eb8292612deb36596d9c14e83b61356b2d2d535c296512f0076b638d637281816e358ed9c1298e1e0c4d0134f1aec6e75040d1c65c2c8afb0c5f8ab0daa26c5367b18ec16f8e84663b9a3bcad9b7ca762f639baa0b14d9b0d81e832d38435f618a64d28adb32a984af9c02119a84b5f70f5d00a68b815636a8dadd14da2277714dc0122092202c585b97fd7b9d68617c1caa302c4d1c2fd2d52f27096392bdba8efe78216dbb5398362d270f21f9ffeb013c279e80dd763900bb7ca1ccfc3a60d126658b78e6d487ab0b5d2a7d9d8609c77e14f6ecdcc7a889736d6aca9fea88eaea75316d6b9cc1b3dd9ac2a9312705fb40139f1dfc24453fd29109e2734d3d84fb1b5466b5ace4682664df80978399b8cb5c0014a3ca5964dc5c37e51aa368702788d64a59bce527b222f8d8755631ca57c31074a21574cb0f8af997b38a9280ce59f3f52d5e3cc2da82bf46d1d5f40f20740350c61eb44c93a56adce3279feec57083a3790d8a61e185dffa72c9ca6b2d357b4402609b77d97654f5a0279d23e06c59bccb6ca10e9bd5b6262d44916622ab12ca2bd904cd82f9aa20560c95895e2538e17bd810092975879819e9598ed36bb0621bd55c237f9e8655a2474ab91faad1ef4f7193be3b3bcd36d227895e6a88699d137e615e6382f3d4734b2365e460f52d9f354316a51775aca09708f02eb42d12763778d9b5e1dc7026f430a5ff0cff272f1dc13845fbb06b18903a24fae3b88903a6db48029fa10ea67c54b7659668d23d8164399878727fe25bf03e110b5a6788393f76f847a73b0b073fae8461c8922c3b9fa6af091269cf651149169dab98148dd3416cb1ddefaf84b1869181a1ee971f8c50518bd0cc125e44cd321199f8c66904e5c57ee9527bf427ffea070694c2106cd8791e7803cc9777ddf5a6c87637c67900994ca0588280ac52e4f41a915e8214aef95dc361facc3c092508304dcb3ca02e9c46addaf78b73ce615e46e31b9084f83581290b1b9956a7b9b6266345762a6e8b5005efbe437549708b1a89b96bca095bdf206c45ff57dd9600ae014d720a624dbe7b086a6b1607685021d8660e7da600c513d67001f57cdd8d9ddcad682e7cb4e7b8bc957961608a865c9f6d8b41e6952d0d4e94a033c2dc5c734599d60ae7a6f343125a6b36dab34278c60449ed1d01cae0d85211027fb2238fc4b6716b7247a8fb85b6fcea1c547af4614508e5f9a64c327563494d8cd2a1a655b8f08458ac9960fb7f7ade7c46085bf3a5bb90c718ce475ea8bdbe8fc30a8bb8aa46eb7c6372a62b8e6f184627f99be5c4748943834893823e768fdcc6f854d0b002dea844542aa6899aab0179a8aba94b459e91a46c312094c1e6a103dca24953a7085e6e8a86d922a8cd47041362f1dff674b644317633345fb997f483553662be295d03060f7668db78b602cee229e95d7b23d7c55694f1b3e9e97328c23dbdb231ed34871ab62dbabb0517bf7cdd4e411669b8722e8ad42ed7cbe8e413700dcee9a56999018099b8162823d17a027adcecbfff2caff3a9635b659ed064ef0d7d23a2feee3b07cc92c6f18ca15abee277b9a16e08040415f121e4f00cf3f8081040e899574ae8e1b7f0b3134b73d3d72d2a1cd12f0943576fa8ef87a07fe42ce522890ebff95265d85c42f19b9ca7e449fd8a8575dc65809fa82ed3d381b063a7b5f5f561283316fffd116e78e6ebf04c53302425103d04de57ed2313917212503b64108dbead14ccc1c0a80a616469c08f716ce69e4360aa86b2edcc89aab848f71e02e499f8b3e0b29e8c0f24a3c8776d22aac6680a32a4e49dce331cbd66998c077a85a04e1075824b47ba1bddde32aa676e6d92365f745274bb4"})
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002000)='/proc/consoles\x00', 0x0, 0x0)
ioctl$SG_GET_ACCESS_COUNT(r2, 0x2289, &(0x7f0000002040))
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000002080), 0x602000, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f00000020c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}})
ioctl$BTRFS_IOC_DEV_REPLACE(r3, 0xca289435, &(0x7f00000024c0)={0x0, 0x9, @start={r4, 0x1, "df81700f46e9916b4a98d8751ac6b5cac618359f6d615a6a5df89258add1f96811da9d204d110143163be8e4a5c320076743e19f22443ff884b6368580e76715043294fcc3533710b93627aabfca9c844c6b949916c3237e69b7c647cdfb304ceafec74a50fc985208fb7d35a9df58f17472da327442267ec675ad35c84db23b31bbb553cf2e413021ca288e0beac89a25e2f419c8a569676c87f33bd8996d0efd4a6972fa176c57cf194eda65e4669dc57f2f53b3073aba6451007268617ea036f84d69118f1f536b4df1cbb56882e3ff2b8c82ef3d32fe1964c87e16cdbac39d08b0524db3b93f06e22f8a7887b0b0bcc24ffa916ffc50f26ce38a8edfc880e668d3f6847bb82c8d265d4d72753ebf7cc492d6aace0c7a198d855534a908eccba306d0f607f17273f879f4daebe99a90bea9681f3fdc007dac719f3e93c96ef73e151bcf1128f0754de2a59e4bfc12032cad2f12a4d47852184846fac09adb04ce70a323ac37d10c8537d17902b36e895cd1691762ec2d877ef60c2d24e6573443c403c35f42bba424fb7264e1067db9765a8efb278c08892bc4ab7b4823e4a15f5d53791fb8ed98db87c551bf27dccd01109c743d6970271dfecdad971e7ebfeb82e694bce2258cb11d1d7ce80895e7d2014480dff8038a75f65dfa92311d8f83bafd631e86d28a576ff266d7bf04ff257f827dfa1a39e3313079665cb87c86265b107139ca0032fac4083f0980865dca92796d6a54db92856b849827576ae3b34f8cf146b42a48fe240adaa5e0e5ba88208a293fa646ea7211d4b668091612d8129c0f06e22ca569a31ddb9a9e561ecfef4862503c73a2126edcec90f3dc94743cf419a40f1f102b8e630daf8a60f43a6ede047d1694ca9fdde5a3726ac449267d1e7a18a5026870639ccf4d2b4d9a15e2e7480358c672daaa7b59cbf70baf4e721ee13338453eb1d6847517cc705036f974169c9d21a55e2355c1820b11da954b60990d8f716ca452a8ac058893f09a1df729ba3aa99b39e6e56a2f233a509c26d073c2101aceb2030147c32d57ff849c82a3cd85f3597e92478cd4e5bd4e6997799ae952e952320b965dcdfa7efbb6790e17acf42e51326c2c6abdaab77faa34a4098cbdc029835021ed1b0a569570363ec92445cd8e117c3ad894687eee6adb6e3de27ead2819fc8a5c6718c6d861d2a40b0b57d59989f432fda41b85bef1c673c41a7dca99ff5fe1522b4f6fa0264ae7c2251f28ac9680c20c159b5503fb0a64e5f6ef898d4493b8d08c0cfb83f38f9c5e561923afd90fa13099bc238cb031b2f971f4ce14558048c655defa375d7d85c2b6ab8b5d87f7d0440ff3d13ec0d91c204e6ea9a7dd309c5775f1956eabfe63c2853b16f062b180cc925cbcd6b59de1566b75dfcd96ac4ac770addcb1ab2a22f8ffca9a46935d7f4a6aa7ceb7", "a25bba1dcfe143e406b3b1b3bf5e050cb6035a7a0651ffb92d7c4bb96a7e9c0dcafad180df6f4fe9157353918a80efb584029047361fe14ab41e3999da506d9a5c50f6cf24fe04e311989968a46ded5868571c62de599263e614e39eec337144ded60c89d05e92333b7e2a7850516b33de19f50f4f0584f808a9963323efb33c2d764f6726d0a15a67ecfa55de238533a38c3cdafc9f184a20d9a31ed3968f9ea34083bf8d53f7eb3bcef0dbf37cf8930235e496e083326cd8b931736e74529629d2d5bbb6ebea047fce70e70bac9ede9936e2394884c2d30fc2393abcebca797c6888a38753ff80cdf8e0f6d1b99ce5e4af32e8ba78120516be7c5d2a24c90b553044094b1c17d39617dbf705b0d1eeb23f7d607cf236056712c58c480bbf9e1a4575c61f58f9abbeb50f3b538775c6c704a36db9c654b91838aea42db1516277941d5efa3a20280de176381e77d31067e143504db74590b8f756e7d23be68842bb416f94eaeff030e093df54654188f0d2055dbb3c8bfdf1e635a92384f675c09cda1e93a027711312002ca35a2d7c617344de79a30b79efd06be9c0ba92c316223965f4f92974b2399f7b80a53a9ba9fb161d488185f48f5654afcdb9efbdad7f007e953f6484982829d299b95b14bb48fb815236aef61a1b2473e2161083d489c0707ddc3d93601bbdbd2d4b8828d0958b377d97f52f1a8a1b6da7036b9556d87d473d3ac0d85bf5b9b3baa8a98cc200bba29043ed5be28ae819b7dfcdf13c21e8243dac8f8e7a58a73338476e8124555c6629d0d8c63e1b72e6f0f069cc313de4710365111c2ac6155f4f57d34962422f63f257b96b93b5b02d95f58d756b21ff1232919c4c4369aa1546d8489d8c9c3547c094a31c6d7c99fd5ef1720c83c252e5cc0b26a0704477c02a133a7a7750e3103e74ebdb904cacda7c10f48acc574369dc7d861c1288390f56ae12fb1b328418be875c0f8995d78baff1e91871b584e67bdbb5c172b9cfa40038edced6a28e50841a376d2d2e5b4dc14df6898b0bb02252f39116e3147002976849b40f1164bc0f96265d6c033a9053bce92c695454188a758230fe0b650fe99f966ecb3b6e5eca6fa799928d6828280d3ed25e97bc728d7b486d2a5272f4c555bd67271f5a31a900809e50b492631e02c1ebe9acf9e4ba2851a6be1f12449f8dd64d7c64259ee9166b27dba6233f831963287aa74c7a80092b50826eacb5dd66e43fb4e9827b056897035f09f5f321067662e3016354a0ba4062d27db7ed85d4b73a11272f0cab21c53fd91ee8a5717c76b20e95afde4a5f9cf9bc0685ca514f215b6c0fa89121220d3e1368700b4b3d3655b65ca11902ae778def1d752cf1f17adaeb7613402307d8a6a7a863f329f6aead6ab1c122f0ab8b4b7f2e5afea7efc957fcd0e929c55d6d81e74ffd31bc292b5fd6"}, [0x1, 0x4, 0xffffffffffffffff, 0x8, 0x400, 0x4, 0x9, 0x800, 0x800000000, 0xfffffffffffffffa, 0x9d, 0x20000, 0x20, 0x9, 0x100, 0x7fffffff, 0x6, 0x4, 0x3, 0x9, 0x10001, 0x7, 0x9, 0xac5, 0x9, 0xffff, 0x6, 0x1, 0x8, 0xc5, 0x100000000, 0xfff, 0x2, 0x9, 0x81, 0x401, 0x3ff, 0x1000, 0x1, 0x8, 0xd02c, 0x100, 0x4b43, 0x2, 0x5, 0x2, 0xbf, 0x8, 0xfbf, 0x4, 0x5, 0x7ff, 0x7, 0x6, 0x100000000, 0x4, 0x9, 0xfffffffffffff801, 0x8, 0x0, 0x3, 0x5e, 0x2, 0x44]})
fcntl$dupfd(r1, 0x406, 0xffffffffffffffff)
r5 = accept4$inet6(r2, &(0x7f0000002f00)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000002f40)=0x1c, 0x100000)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000002f80)=<r6=>0x0)
fcntl$lock(r5, 0x24, &(0x7f0000002fc0)={0x1, 0x0, 0x8, 0x7, r6})
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000003140)={'syztnl2\x00', &(0x7f00000030c0)={'syztnl1\x00', 0x0, 0x2f, 0xb4, 0x5c, 0x6, 0x169bc5db0265ed11, @mcast1, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7838, 0x40, 0x5c99, 0x1}})

[   69.033743] audit: type=1400 audit(1663756691.168:6): avc:  denied  { execmem } for  pid=286 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
10:38:11 executing program 7:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000000))
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000200)=0xd256, 0x1cf82ec)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000240)={<r1=>0x0, <r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f00000002c0)={r1, 0x1, r0, 0xc08, 0x80000})
r3 = getpid()
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001bc0)=[{{&(0x7f0000000500), 0x6e, &(0x7f0000000700)=[{&(0x7f0000000580)=""/51, 0x33}, {&(0x7f00000005c0)=""/238, 0xee}, {&(0x7f00000006c0)=""/50, 0x32}], 0x3, &(0x7f0000000740)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, <r4=>0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}}, {{&(0x7f00000007c0)=@abs, 0x6e, &(0x7f0000001ac0)=[{&(0x7f0000000840)=""/155, 0x9b}, {&(0x7f0000000900)=""/224, 0xe0}, {&(0x7f0000000a00)=""/179, 0xb3}, {&(0x7f0000000ac0)=""/4096, 0x1000}], 0x4, &(0x7f0000001b00)=[@rights={{0x38, 0x1, 0x1, [<r5=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r6=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {<r7=>0x0}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb0}}], 0x2, 0x40010000, &(0x7f0000001c40)={0x77359400})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000001c80)={0x0, <r8=>0x0})
clone3(&(0x7f0000001f00)={0x40002000, &(0x7f0000001d00), &(0x7f0000001d40), &(0x7f0000001d80)=<r9=>0x0, {}, &(0x7f0000001dc0)=""/41, 0x29, &(0x7f0000001e00)=""/144, &(0x7f0000001ec0)=[r2, 0x0, r2, r2], 0x4}, 0x58)
r10 = clone3(&(0x7f0000001fc0)={0x40000800, &(0x7f0000000300)=<r11=>0xffffffffffffffff, &(0x7f0000000340), &(0x7f0000000380)=<r12=>0x0, {0x3f}, &(0x7f00000003c0)=""/85, 0x55, &(0x7f0000000440)=""/174, &(0x7f0000001f80)=[0x0, r3, r7, r8, r2, r2, r9, r2], 0x8}, 0x58)
ioctl$F2FS_IOC_FLUSH_DEVICE(r6, 0x4008f50a, &(0x7f0000002040)={0x1d90, 0x5})
accept$unix(0xffffffffffffffff, &(0x7f0000002080), &(0x7f0000002100)=0x6e)
sendfile(r11, 0xffffffffffffffff, &(0x7f0000002140)=0xfffffffffffffff9, 0x5)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000002180)=<r13=>0x0)
pidfd_open(r13, 0x0)
r14 = accept4$inet(r5, &(0x7f00000021c0)={0x2, 0x0, @broadcast}, &(0x7f0000002200)=0x10, 0x800)
ftruncate(r14, 0x4)
ioctl$GIO_UNISCRNMAP(r4, 0x4b69, &(0x7f0000002240)=""/64)
r15 = clone3(&(0x7f0000002500)={0x40000980, &(0x7f0000002280), &(0x7f00000022c0), &(0x7f0000002300), {0x1c}, &(0x7f0000002340)=""/94, 0x5e, &(0x7f00000023c0)=""/200, &(0x7f00000024c0)=[r2, r7, r12, r10, r8], 0x5, {r6}}, 0x58)
process_vm_readv(r15, &(0x7f0000002600)=[{&(0x7f0000002580)=""/50, 0x32}, {&(0x7f00000025c0)=""/21, 0x15}], 0x2, &(0x7f0000002980)=[{&(0x7f0000002640)=""/81, 0x51}, {&(0x7f00000026c0)=""/238, 0xee}, {&(0x7f00000027c0)=""/236, 0xec}, {&(0x7f00000028c0)=""/140, 0x8c}], 0x4, 0x0)

10:38:11 executing program 6:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip_mr_vif\x00')
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xec, 0x0, 0x8, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffff9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_BEARER={0xa8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x22, @mcast2, 0x2}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x7}}}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff7}]}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x42ca5cdf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}]}]}, @TIPC_NLA_NET={0x4}]}, 0xec}, 0x1, 0x0, 0x0, 0x800}, 0x10)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xdb}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x40}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040}, 0x40010)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0)
sendmsg$NL80211_CMD_PROBE_CLIENT(r0, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x64, r1, 0x400, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0xca1, 0x3a}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x64}, 0x1, 0x0, 0x0, 0x4008000}, 0x24004880)
r2 = creat(&(0x7f0000000480)='./file0\x00', 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_GET_MPP(r2, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x34, r3, 0x8, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x4c000}, 0x80)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x3c, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0xfffffff7}, @ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0x200}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0x1}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8, 0x16, 0x760}, @ETHTOOL_A_COALESCE_TX_USECS_LOW={0x8, 0x10, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048080}, 0x8000)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000780), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x14, r5, 0x100, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000880)={{0x1, 0x1, 0x18, <r6=>r2}, './file0\x00'})
sendmsg$NL80211_CMD_DEAUTHENTICATE(r6, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_REASON_CODE={0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4010080)
ioctl$AUTOFS_IOC_CATATONIC(r2, 0x9362, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000009c0)={{0x1, 0x1, 0x18, <r7=>0xffffffffffffffff, {0x4}}, './file0\x00'})
write$selinux_attr(r7, &(0x7f0000000a00)='system_u:object_r:ptmx_t:s0\x00', 0x1c)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000a40)='/proc/consoles\x00', 0x0, 0x0)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r8, &(0x7f0000000b40)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x14, 0x0, 0x10, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x884)
sendmsg$TIPC_CMD_SET_LINK_TOL(r8, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x68, 0x0, 0x2, 0x70bd27, 0x25dfdbff, {{}, {}, {0x4c, 0x18, {0x7, @media='ib\x00'}}}, ["", "", ""]}, 0x68}}, 0x4000)

[   70.244585] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   70.247592] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   70.248575] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   70.252241] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   70.253613] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   70.254568] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   70.267199] Bluetooth: hci0: HCI_REQ-0x0c1a
[   70.331811] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   70.333139] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   70.334421] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   70.335523] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   70.336920] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   70.338217] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   70.339018] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   70.340823] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   70.341650] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   70.343139] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   70.346628] Bluetooth: hci3: HCI_REQ-0x0c1a
[   70.369329] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   70.370757] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   70.374529] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   70.374828] Bluetooth: hci2: HCI_REQ-0x0c1a
[   70.377147] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   70.379003] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   70.381040] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   70.382590] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   70.382653] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   70.385292] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   70.386607] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   70.389336] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   70.390469] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   70.391919] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   70.393859] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   70.398588] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   70.399475] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   70.399758] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   70.401647] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   70.401790] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   70.403058] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   70.407314] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   70.410826] Bluetooth: hci7: HCI_REQ-0x0c1a
[   70.416075] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   70.438150] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   70.442751] Bluetooth: hci5: HCI_REQ-0x0c1a
[   70.477922] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   70.480490] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   70.482137] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   70.485453] Bluetooth: hci6: HCI_REQ-0x0c1a
[   70.497510] Bluetooth: hci4: HCI_REQ-0x0c1a
[   72.336209] Bluetooth: hci1: Opcode 0x c03 failed: -110
[   72.336227] Bluetooth: hci0: command 0x0409 tx timeout
[   72.399992] Bluetooth: hci2: command 0x0409 tx timeout
[   72.400017] Bluetooth: hci3: command 0x0409 tx timeout
[   72.463917] Bluetooth: hci7: command 0x0409 tx timeout
[   72.527810] Bluetooth: hci4: command 0x0409 tx timeout
[   72.528605] Bluetooth: hci6: command 0x0409 tx timeout
[   72.529292] Bluetooth: hci5: command 0x0409 tx timeout
[   74.383829] Bluetooth: hci0: command 0x041b tx timeout
[   74.448032] Bluetooth: hci3: command 0x041b tx timeout
[   74.448813] Bluetooth: hci2: command 0x041b tx timeout
[   74.511738] Bluetooth: hci7: command 0x041b tx timeout
[   74.575831] Bluetooth: hci5: command 0x041b tx timeout
[   74.576425] Bluetooth: hci6: command 0x041b tx timeout
[   74.577290] Bluetooth: hci4: command 0x041b tx timeout
[   76.431730] Bluetooth: hci0: command 0x040f tx timeout
[   76.495747] Bluetooth: hci2: command 0x040f tx timeout
[   76.495780] Bluetooth: hci3: command 0x040f tx timeout
[   76.559809] Bluetooth: hci7: command 0x040f tx timeout
[   76.623855] Bluetooth: hci4: command 0x040f tx timeout
[   76.623885] Bluetooth: hci6: command 0x040f tx timeout
[   76.624442] Bluetooth: hci5: command 0x040f tx timeout
[   77.583796] Bluetooth: hci1: Opcode 0x c03 failed: -110
[   78.479744] Bluetooth: hci0: command 0x0419 tx timeout
[   78.543830] Bluetooth: hci2: command 0x0419 tx timeout
[   78.544441] Bluetooth: hci3: command 0x0419 tx timeout
[   78.607783] Bluetooth: hci7: command 0x0419 tx timeout
[   78.671758] Bluetooth: hci5: command 0x0419 tx timeout
[   78.672738] Bluetooth: hci6: command 0x0419 tx timeout
[   78.673262] Bluetooth: hci4: command 0x0419 tx timeout
[   80.422922] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   80.433077] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   80.457080] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   80.480230] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   80.482168] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   80.492977] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   80.519744] Bluetooth: hci1: HCI_REQ-0x0c1a
[   82.575768] Bluetooth: hci1: command 0x0409 tx timeout
[   84.623786] Bluetooth: hci1: command 0x041b tx timeout
[   86.671797] Bluetooth: hci1: command 0x040f tx timeout
[   88.719727] Bluetooth: hci1: command 0x0419 tx timeout
[  130.052427] syz-executor.4 (302) used greatest stack depth: 24024 bytes left
[  132.691948] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  132.693478] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  132.697163] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  132.763901] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  132.766388] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  132.767441] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  132.768574] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  132.770310] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  132.772251] Bluetooth: hci2: HCI_REQ-0x0c1a
[  132.783212] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  132.788534] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  132.790212] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  132.791343] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  132.793089] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  132.798370] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  132.799261] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  132.806953] Bluetooth: hci7: HCI_REQ-0x0c1a
[  132.809284] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  132.811371] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  132.816841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  132.821300] Bluetooth: hci5: HCI_REQ-0x0c1a
[  134.415827] Bluetooth: hci0: Opcode 0x c03 failed: -110
[  134.735897] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  134.737356] Bluetooth: hci4: Opcode 0x c03 failed: -110
[  134.738175] Bluetooth: hci3: Opcode 0x c03 failed: -110
[  134.799799] Bluetooth: hci2: command 0x0409 tx timeout
[  134.863770] Bluetooth: hci5: command 0x0409 tx timeout
[  134.864633] Bluetooth: hci7: command 0x0409 tx timeout
[  136.847741] Bluetooth: hci2: command 0x041b tx timeout
[  136.911836] Bluetooth: hci7: command 0x041b tx timeout
[  136.912483] Bluetooth: hci5: command 0x041b tx timeout
[  136.944569] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  136.947391] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  136.956166] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  136.962956] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  136.966132] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  136.969131] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  136.980932] Bluetooth: hci0: HCI_REQ-0x0c1a
[  137.530430] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  137.532865] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  137.540582] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  137.555497] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  137.566278] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  137.567333] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  137.600736] Bluetooth: hci3: HCI_REQ-0x0c1a
[  137.813044] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  137.816414] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  137.817516] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  137.821116] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  137.822535] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  137.830334] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  137.846306] Bluetooth: hci4: HCI_REQ-0x0c1a
[  137.875847] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  137.877772] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  137.881568] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  137.888945] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  137.951017] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  137.958785] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  137.984190] Bluetooth: hci6: HCI_REQ-0x0c1a
[  138.895756] Bluetooth: hci2: command 0x040f tx timeout
[  138.959737] Bluetooth: hci5: command 0x040f tx timeout
[  138.959774] Bluetooth: hci7: command 0x040f tx timeout
[  139.024791] Bluetooth: hci0: command 0x0409 tx timeout
[  139.664743] Bluetooth: hci3: command 0x0409 tx timeout
[  139.856788] Bluetooth: hci4: command 0x0409 tx timeout
[  140.047773] Bluetooth: hci6: command 0x0409 tx timeout
[  140.944312] Bluetooth: hci2: command 0x0419 tx timeout
[  141.007925] Bluetooth: hci5: command 0x0419 tx timeout
[  141.008752] Bluetooth: hci7: command 0x0419 tx timeout
[  141.072735] Bluetooth: hci0: command 0x041b tx timeout
[  141.711769] Bluetooth: hci3: command 0x041b tx timeout
[  141.903747] Bluetooth: hci4: command 0x041b tx timeout
[  142.096782] Bluetooth: hci6: command 0x041b tx timeout
[  142.292611] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  142.294405] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  142.295385] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  142.298580] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  142.300791] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  142.301724] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  142.375748] Bluetooth: hci1: HCI_REQ-0x0c1a
[  143.120827] Bluetooth: hci0: command 0x040f tx timeout
[  143.759782] Bluetooth: hci3: command 0x040f tx timeout
[  143.951721] Bluetooth: hci4: command 0x040f tx timeout
[  144.144898] Bluetooth: hci6: command 0x040f tx timeout
[  144.399811] Bluetooth: hci1: command 0x0409 tx timeout
[  145.167727] Bluetooth: hci0: command 0x0419 tx timeout
[  145.807745] Bluetooth: hci3: command 0x0419 tx timeout
[  146.000734] Bluetooth: hci4: command 0x0419 tx timeout
[  146.191725] Bluetooth: hci6: command 0x0419 tx timeout
[  146.447801] Bluetooth: hci1: command 0x041b tx timeout
[  148.495789] Bluetooth: hci1: command 0x040f tx timeout
[  150.543727] Bluetooth: hci1: command 0x0419 tx timeout
10:40:13 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x1f, @private0={0xfc, 0x0, '\x00', 0x1}, 0xd032}, 0x1c)
socket$packet(0x11, 0x0, 0x300)
syz_emit_ethernet(0x76, &(0x7f00000001c0)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x3, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "f2e2a6", 0x0, 0x0, 0x0, @private2, @remote, [@hopopts], "52168a0f02b79fbf"}}}}}}}, 0x0)

10:40:13 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000e2f4655fe2f4655f0100ffff53ef010001000000e1f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="000000000000000000000000fc8e0b4946704d25a0f18393550c433b010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="0300000004", 0x5, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000e1f4655fe2f4655fe2f4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f0000012800)="8081000000180000e1f4655fe1f4655fe1f4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030", 0x3d, 0x4800}, {&(0x7f0000013900)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x30000}], 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="456163d4999ff9490106574204c449529d76a7b5535cac09bf43182f85e35b047d551870d5a16b1691fc5b7f711e0f6d67fe86679bf1725e20b56b9c4209e6216327e3ff63e3e572cf112f17467d0001000000000000f1f35a67d389c48c3f2aee979dc7c72feb8e4a7fca36cb0f1742bb213a3b9ddd0b87e509878870d4f87a974d62f8123a8b65a452d236f724c3de0afbc276081af5"])

10:40:13 executing program 2:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = openat(r1, &(0x7f0000000180)='.\x00', 0x600000, 0x20)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000001c0), 0x50000, 0x0)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000240), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_loose}, {@nodevmap}, {@cache_loose}], [{@obj_role={'obj_role', 0x3d, 'vfat\x00'}}, {@appraise_type}, {@context={'context', 0x3d, 'user_u'}}]}})
open_tree(r3, &(0x7f00000000c0)='./file1\x00', 0x1900)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r6 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r6, 0x1, 0x0, 0xf, 0x0, 0x18)
ioctl$VFAT_IOCTL_READDIR_SHORT(r6, 0x82307202, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r7 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
pwrite64(r7, &(0x7f0000000140)="c0", 0x1, 0x75d6)
write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r5, 0xc018937a, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r8=>r4, {0x3ff}}, './file0\x00'})
ioctl$SNAPSHOT_FREE(r8, 0x3305)

[  191.483464] loop5: detected capacity change from 0 to 4096
[  191.494929] ext4: Unknown parameter 'Eacԙ��IWB�IR�v��S\�	�C/��[}Upաk��[qmg��g��r^ �k�B	�!c'��c��r�/F}'
[  191.507679] loop2: detected capacity change from 0 to 40
10:40:13 executing program 5:
syz_mount_image$vfat(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}], 0x0, &(0x7f0000011200)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)={0x4c, 0x1, 0x2, 0x5, 0x0, 0x0, {}, [@CTA_EXPECT_MASTER={0x38, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}]}, 0x4c}}, 0x80)
ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f00000004c0)=0x33f)
r1 = open(&(0x7f0000000400)='./file1\x00', 0x117c80, 0x48)
r2 = open_tree(r1, &(0x7f0000000480)='./file1\x00', 0x8100)
mount_setattr(r2, &(0x7f00000000c0)='./file1\x00', 0x1000, &(0x7f0000000180)={0x8, 0x80, 0x1e0000}, 0x20)
lseek(0xffffffffffffffff, 0x0, 0x3)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0xe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'sit0\x00', <r5=>0x0})
sendmsg$inet(r3, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0x2}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @multicast1, @broadcast}}}], 0x20}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x80200, 0x2)

[  191.596284] syz-executor.2: attempt to access beyond end of device
[  191.596284] loop2: rw=2049, sector=88, nr_sectors = 4 limit=40
[  191.631489] syz-executor.2: attempt to access beyond end of device
[  191.631489] loop2: rw=2049, sector=88, nr_sectors = 4 limit=40
[  191.647517] audit: type=1400 audit(1663756813.782:7): avc:  denied  { open } for  pid=6807 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  191.649101] audit: type=1400 audit(1663756813.782:8): avc:  denied  { kernel } for  pid=6807 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  191.661180] ------------[ cut here ]------------
[  191.661201] 
[  191.661204] ======================================================
[  191.661207] WARNING: possible circular locking dependency detected
[  191.661211] 6.0.0-rc6-next-20220920 #1 Not tainted
[  191.661218] ------------------------------------------------------
[  191.661221] syz-executor.5/6808 is trying to acquire lock:
[  191.661227] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  191.661262] 
[  191.661262] but task is already holding lock:
[  191.661265] ffff88800d370020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  191.661291] 
[  191.661291] which lock already depends on the new lock.
[  191.661291] 
[  191.661294] 
[  191.661294] the existing dependency chain (in reverse order) is:
[  191.661297] 
[  191.661297] -> #3 (&ctx->lock){....}-{2:2}:
[  191.661311]        _raw_spin_lock+0x2a/0x40
[  191.661329]        __perf_event_task_sched_out+0x53b/0x18d0
[  191.661342]        __schedule+0xedd/0x2470
[  191.661354]        schedule+0xda/0x1b0
[  191.661366]        exit_to_user_mode_prepare+0x114/0x1a0
[  191.661377]        syscall_exit_to_user_mode+0x19/0x40
[  191.661388]        do_syscall_64+0x48/0x90
[  191.661403]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  191.661422] 
[  191.661422] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  191.661435]        _raw_spin_lock_nested+0x30/0x40
[  191.661452]        raw_spin_rq_lock_nested+0x1e/0x30
[  191.661464]        task_fork_fair+0x63/0x4d0
[  191.661480]        sched_cgroup_fork+0x3d0/0x540
[  191.661494]        copy_process+0x4183/0x6e20
[  191.661504]        kernel_clone+0xe7/0x890
[  191.661513]        user_mode_thread+0xad/0xf0
[  191.661523]        rest_init+0x24/0x250
[  191.661533]        arch_call_rest_init+0xf/0x14
[  191.661548]        start_kernel+0x4c1/0x4e6
[  191.661560]        secondary_startup_64_no_verify+0xe0/0xeb
[  191.661573] 
[  191.661573] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  191.661586]        _raw_spin_lock_irqsave+0x39/0x60
[  191.661603]        try_to_wake_up+0xab/0x1930
[  191.661616]        up+0x75/0xb0
[  191.661627]        __up_console_sem+0x6e/0x80
[  191.661642]        console_unlock+0x46a/0x590
[  191.661660]        vprintk_emit+0x1bd/0x560
[  191.661676]        vprintk+0x84/0xa0
[  191.661692]        _printk+0xba/0xf1
[  191.661701]        kauditd_hold_skb.cold+0x3f/0x4e
[  191.661717]        kauditd_send_queue+0x233/0x290
[  191.661731]        kauditd_thread+0x5da/0x9a0
[  191.661744]        kthread+0x2ed/0x3a0
[  191.661758]        ret_from_fork+0x22/0x30
[  191.661770] 
[  191.661770] -> #0 ((console_sem).lock){....}-{2:2}:
[  191.661784]        __lock_acquire+0x2a02/0x5e70
[  191.661800]        lock_acquire+0x1a2/0x530
[  191.661815]        _raw_spin_lock_irqsave+0x39/0x60
[  191.661832]        down_trylock+0xe/0x70
[  191.661844]        __down_trylock_console_sem+0x3b/0xd0
[  191.661860]        vprintk_emit+0x16b/0x560
[  191.661876]        vprintk+0x84/0xa0
[  191.661891]        _printk+0xba/0xf1
[  191.661900]        report_bug.cold+0x72/0xab
[  191.661915]        handle_bug+0x3c/0x70
[  191.661930]        exc_invalid_op+0x14/0x50
[  191.661945]        asm_exc_invalid_op+0x16/0x20
[  191.661955]        group_sched_out.part.0+0x2c7/0x460
[  191.661966]        ctx_sched_out+0x8f1/0xc10
[  191.661976]        __perf_event_task_sched_out+0x6d0/0x18d0
[  191.661988]        __schedule+0xedd/0x2470
[  191.662000]        schedule+0xda/0x1b0
[  191.662011]        exit_to_user_mode_prepare+0x114/0x1a0
[  191.662022]        syscall_exit_to_user_mode+0x19/0x40
[  191.662033]        do_syscall_64+0x48/0x90
[  191.662048]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  191.662066] 
[  191.662066] other info that might help us debug this:
[  191.662066] 
[  191.662069] Chain exists of:
[  191.662069]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  191.662069] 
[  191.662084]  Possible unsafe locking scenario:
[  191.662084] 
[  191.662086]        CPU0                    CPU1
[  191.662088]        ----                    ----
[  191.662090]   lock(&ctx->lock);
[  191.662095]                                lock(&rq->__lock);
[  191.662102]                                lock(&ctx->lock);
[  191.662108]   lock((console_sem).lock);
[  191.662113] 
[  191.662113]  *** DEADLOCK ***
[  191.662113] 
[  191.662115] 2 locks held by syz-executor.5/6808:
[  191.662122]  #0: ffff88806cf37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  191.662149]  #1: ffff88800d370020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  191.662177] 
[  191.662177] stack backtrace:
[  191.662179] CPU: 1 PID: 6808 Comm: syz-executor.5 Not tainted 6.0.0-rc6-next-20220920 #1
[  191.662192] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  191.662200] Call Trace:
[  191.662202]  <TASK>
[  191.662207]  dump_stack_lvl+0x8b/0xb3
[  191.662223]  check_noncircular+0x263/0x2e0
[  191.662239]  ? format_decode+0x26c/0xb50
[  191.662254]  ? print_circular_bug+0x450/0x450
[  191.662271]  ? enable_ptr_key_workfn+0x20/0x20
[  191.662285]  ? __lockdep_reset_lock+0x180/0x180
[  191.662302]  ? format_decode+0x26c/0xb50
[  191.662317]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  191.662335]  __lock_acquire+0x2a02/0x5e70
[  191.662356]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  191.662379]  lock_acquire+0x1a2/0x530
[  191.662395]  ? down_trylock+0xe/0x70
[  191.662410]  ? lock_release+0x750/0x750
[  191.662429]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  191.662452]  ? vprintk+0x84/0xa0
[  191.662470]  _raw_spin_lock_irqsave+0x39/0x60
[  191.662487]  ? down_trylock+0xe/0x70
[  191.662501]  down_trylock+0xe/0x70
[  191.662514]  ? vprintk+0x84/0xa0
[  191.662530]  __down_trylock_console_sem+0x3b/0xd0
[  191.662547]  vprintk_emit+0x16b/0x560
[  191.662564]  ? lock_downgrade+0x6d0/0x6d0
[  191.662582]  vprintk+0x84/0xa0
[  191.662599]  _printk+0xba/0xf1
[  191.662609]  ? record_print_text.cold+0x16/0x16
[  191.662622]  ? hrtimer_try_to_cancel+0x163/0x2c0
[  191.662635]  ? lock_downgrade+0x6d0/0x6d0
[  191.662653]  ? report_bug.cold+0x66/0xab
[  191.662669]  ? group_sched_out.part.0+0x2c7/0x460
[  191.662681]  report_bug.cold+0x72/0xab
[  191.662698]  handle_bug+0x3c/0x70
[  191.662714]  exc_invalid_op+0x14/0x50
[  191.662730]  asm_exc_invalid_op+0x16/0x20
[  191.662741] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  191.662754] Code: 5e 41 5f e9 9b b9 ef ff e8 96 b9 ef ff 65 8b 1d 0b 13 ac 7e 31 ff 89 de e8 36 b6 ef ff 85 db 0f 84 8a 00 00 00 e8 79 b9 ef ff <0f> 0b e9 a5 fe ff ff e8 6d b9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  191.662765] RSP: 0018:ffff8880331bfc48 EFLAGS: 00010006
[  191.662774] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  191.662782] RDX: ffff888017753580 RSI: ffffffff815662c7 RDI: 0000000000000005
[  191.662789] RBP: ffff888030d08000 R08: 0000000000000005 R09: 0000000000000001
[  191.662797] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800d370000
[  191.662804] R13: ffff88806cf3d140 R14: ffffffff8547c820 R15: 0000000000000002
[  191.662815]  ? group_sched_out.part.0+0x2c7/0x460
[  191.662828]  ? group_sched_out.part.0+0x2c7/0x460
[  191.662841]  ctx_sched_out+0x8f1/0xc10
[  191.662854]  __perf_event_task_sched_out+0x6d0/0x18d0
[  191.662870]  ? lock_is_held_type+0xd7/0x130
[  191.662882]  ? __perf_cgroup_move+0x160/0x160
[  191.662894]  ? set_next_entity+0x304/0x550
[  191.662911]  ? update_curr+0x267/0x740
[  191.662929]  ? lock_is_held_type+0xd7/0x130
[  191.662941]  __schedule+0xedd/0x2470
[  191.662957]  ? io_schedule_timeout+0x150/0x150
[  191.662972]  ? __x64_sys_futex_time32+0x480/0x480
[  191.662985]  schedule+0xda/0x1b0
[  191.662999]  exit_to_user_mode_prepare+0x114/0x1a0
[  191.663011]  syscall_exit_to_user_mode+0x19/0x40
[  191.663023]  do_syscall_64+0x48/0x90
[  191.663039]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  191.663058] RIP: 0033:0x7fe0f26feb19
[  191.663067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  191.663077] RSP: 002b:00007fe0efc74218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  191.663088] RAX: 0000000000000001 RBX: 00007fe0f2811f68 RCX: 00007fe0f26feb19
[  191.663096] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe0f2811f6c
[  191.663103] RBP: 00007fe0f2811f60 R08: 000000000000000e R09: 0000000000000000
[  191.663110] R10: 0000000000000007 R11: 0000000000000246 R12: 00007fe0f2811f6c
[  191.663117] R13: 00007ffe234946cf R14: 00007fe0efc74300 R15: 0000000000022000
[  191.663130]  </TASK>
[  191.719516] WARNING: CPU: 1 PID: 6808 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  191.720183] Modules linked in:
[  191.720434] CPU: 1 PID: 6808 Comm: syz-executor.5 Not tainted 6.0.0-rc6-next-20220920 #1
[  191.721037] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  191.721874] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  191.722274] Code: 5e 41 5f e9 9b b9 ef ff e8 96 b9 ef ff 65 8b 1d 0b 13 ac 7e 31 ff 89 de e8 36 b6 ef ff 85 db 0f 84 8a 00 00 00 e8 79 b9 ef ff <0f> 0b e9 a5 fe ff ff e8 6d b9 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  191.723557] RSP: 0018:ffff8880331bfc48 EFLAGS: 00010006
[  191.723932] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  191.724462] RDX: ffff888017753580 RSI: ffffffff815662c7 RDI: 0000000000000005
[  191.725005] RBP: ffff888030d08000 R08: 0000000000000005 R09: 0000000000000001
[  191.725537] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800d370000
[  191.726063] R13: ffff88806cf3d140 R14: ffffffff8547c820 R15: 0000000000000002
[  191.726591] FS:  00007fe0efc74700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  191.727187] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  191.727624] CR2: 0000558307ea24c8 CR3: 0000000020dd0000 CR4: 0000000000350ee0
[  191.728142] Call Trace:
[  191.728343]  <TASK>
[  191.728520]  ctx_sched_out+0x8f1/0xc10
[  191.728802]  __perf_event_task_sched_out+0x6d0/0x18d0
[  191.729205]  ? lock_is_held_type+0xd7/0x130
[  191.729533]  ? __perf_cgroup_move+0x160/0x160
[  191.729873]  ? set_next_entity+0x304/0x550
[  191.730196]  ? update_curr+0x267/0x740
[  191.730495]  ? lock_is_held_type+0xd7/0x130
[  191.730811]  __schedule+0xedd/0x2470
[  191.731096]  ? io_schedule_timeout+0x150/0x150
[  191.731431]  ? __x64_sys_futex_time32+0x480/0x480
[  191.731792]  schedule+0xda/0x1b0
[  191.732056]  exit_to_user_mode_prepare+0x114/0x1a0
[  191.732413]  syscall_exit_to_user_mode+0x19/0x40
[  191.732773]  do_syscall_64+0x48/0x90
[  191.733068]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  191.733457] RIP: 0033:0x7fe0f26feb19
[  191.733735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  191.735058] RSP: 002b:00007fe0efc74218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  191.735613] RAX: 0000000000000001 RBX: 00007fe0f2811f68 RCX: 00007fe0f26feb19
[  191.736134] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe0f2811f6c
[  191.736664] RBP: 00007fe0f2811f60 R08: 000000000000000e R09: 0000000000000000
[  191.737207] R10: 0000000000000007 R11: 0000000000000246 R12: 00007fe0f2811f6c
[  191.737706] R13: 00007ffe234946cf R14: 00007fe0efc74300 R15: 0000000000022000
[  191.738220]  </TASK>
[  191.738398] irq event stamp: 1458
[  191.738660] hardirqs last  enabled at (1457): [<ffffffff8133f8f9>] exit_to_user_mode_prepare+0x109/0x1a0
[  191.739334] hardirqs last disabled at (1458): [<ffffffff8424c195>] __schedule+0x1225/0x2470
[  191.739922] softirqs last  enabled at (898): [<ffffffff8342fc97>] netlink_insert+0x187/0x1700
[  191.740550] softirqs last disabled at (896): [<ffffffff83238c5b>] release_sock+0x1b/0x1b0
[  191.741148] ---[ end trace 0000000000000000 ]---
[  191.741915] kworker/u4:0: attempt to access beyond end of device
[  191.741915] loop2: rw=1, sector=92, nr_sectors = 32 limit=40
[  191.742963] kworker/u4:0: attempt to access beyond end of device
[  191.742963] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
10:40:13 executing program 2:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = openat(r1, &(0x7f0000000180)='.\x00', 0x600000, 0x20)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000001c0), 0x50000, 0x0)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000240), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_loose}, {@nodevmap}, {@cache_loose}], [{@obj_role={'obj_role', 0x3d, 'vfat\x00'}}, {@appraise_type}, {@context={'context', 0x3d, 'user_u'}}]}})
open_tree(r3, &(0x7f00000000c0)='./file1\x00', 0x1900)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r6 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r6, 0x1, 0x0, 0xf, 0x0, 0x18)
ioctl$VFAT_IOCTL_READDIR_SHORT(r6, 0x82307202, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r7 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
pwrite64(r7, &(0x7f0000000140)="c0", 0x1, 0x75d6)
write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r5, 0xc018937a, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r8=>r4, {0x3ff}}, './file0\x00'})
ioctl$SNAPSHOT_FREE(r8, 0x3305)

[  191.743855] Buffer I/O error on dev loop2, logical block 31, lost async page write
[  191.793601] loop2: detected capacity change from 0 to 40
[  191.829133] syz-executor.2: attempt to access beyond end of device
[  191.829133] loop2: rw=2049, sector=88, nr_sectors = 4 limit=40
10:40:13 executing program 2:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = openat(r1, &(0x7f0000000180)='.\x00', 0x600000, 0x20)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000001c0), 0x50000, 0x0)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000240), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_loose}, {@nodevmap}, {@cache_loose}], [{@obj_role={'obj_role', 0x3d, 'vfat\x00'}}, {@appraise_type}, {@context={'context', 0x3d, 'user_u'}}]}})
open_tree(r3, &(0x7f00000000c0)='./file1\x00', 0x1900)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r6 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r6, 0x1, 0x0, 0xf, 0x0, 0x18)
ioctl$VFAT_IOCTL_READDIR_SHORT(r6, 0x82307202, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r7 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
pwrite64(r7, &(0x7f0000000140)="c0", 0x1, 0x75d6)
write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r5, 0xc018937a, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r8=>r4, {0x3ff}}, './file0\x00'})
ioctl$SNAPSHOT_FREE(r8, 0x3305)

[  191.895020] loop2: detected capacity change from 0 to 40
[  191.928259] syz-executor.2: attempt to access beyond end of device
[  191.928259] loop2: rw=2049, sector=88, nr_sectors = 4 limit=40
10:40:14 executing program 2:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = openat(r1, &(0x7f0000000180)='.\x00', 0x600000, 0x20)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000001c0), 0x50000, 0x0)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000240), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_loose}, {@nodevmap}, {@cache_loose}], [{@obj_role={'obj_role', 0x3d, 'vfat\x00'}}, {@appraise_type}, {@context={'context', 0x3d, 'user_u'}}]}})
open_tree(r3, &(0x7f00000000c0)='./file1\x00', 0x1900)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r6 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r6, 0x1, 0x0, 0xf, 0x0, 0x18)
ioctl$VFAT_IOCTL_READDIR_SHORT(r6, 0x82307202, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r7 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
pwrite64(r7, &(0x7f0000000140)="c0", 0x1, 0x75d6)
write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r5, 0xc018937a, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r8=>r4, {0x3ff}}, './file0\x00'})
ioctl$SNAPSHOT_FREE(r8, 0x3305)

[  192.015292] loop2: detected capacity change from 0 to 40
[  192.057003] syz-executor.2: attempt to access beyond end of device
[  192.057003] loop2: rw=2049, sector=88, nr_sectors = 4 limit=40
10:40:14 executing program 2:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = openat(r1, &(0x7f0000000180)='.\x00', 0x600000, 0x20)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000001c0), 0x50000, 0x0)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000240), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_loose}, {@nodevmap}, {@cache_loose}], [{@obj_role={'obj_role', 0x3d, 'vfat\x00'}}, {@appraise_type}, {@context={'context', 0x3d, 'user_u'}}]}})
open_tree(r3, &(0x7f00000000c0)='./file1\x00', 0x1900)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r6 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080), &(0x7f0000000200))
io_uring_enter(r6, 0x1, 0x0, 0xf, 0x0, 0x18)
ioctl$VFAT_IOCTL_READDIR_SHORT(r6, 0x82307202, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r7 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
pwrite64(r7, &(0x7f0000000140)="c0", 0x1, 0x75d6)
write$binfmt_aout(r5, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r5, 0xc018937a, &(0x7f0000000380)={{0x1, 0x1, 0x18, r4, {0x3ff}}, './file0\x00'})

[  192.190501] loop2: detected capacity change from 0 to 40
[  192.244466] syz-executor.2: attempt to access beyond end of device
[  192.244466] loop2: rw=2049, sector=88, nr_sectors = 4 limit=40
[  195.514598] loop1: detected capacity change from 0 to 128
[  195.524399] audit: type=1400 audit(1663756817.659:9): avc:  denied  { associate } for  pid=7093 comm="syz-executor.4" name="timer" dev="devtmpfs" ino=130 scontext=system_u:object_r:tmp_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=filesystem permissive=1
[  195.529148] loop1: detected capacity change from 0 to 264192
[  195.534479] loop1: detected capacity change from 0 to 128
[  195.542170] loop1: detected capacity change from 0 to 264192
[  196.624686] Bluetooth: hci5: Opcode 0x c03 failed: -110
[  200.847793] Bluetooth: hci5: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
10:40:14  Registers:
info registers vcpu 0
RAX=e02422c8018a3500 RBX=ffffffff85b0d83c RCX=ffffffff812a2ba8 RDX=0000000000000000
RSI=0000000000000008 RDI=ffffffff85b03d50 RBP=ffffed1006627ead RSP=ffff88803313f558
R8 =0000000000000000 R9 =ffffffff85b03d57 R10=0000000000000000 R11=0000000000000001
R12=ffffffff854073a0 R13=0000000000000000 R14=ffffffff8544dac8 R15=0000000000092cc0
RIP=ffffffff812a2f07 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fa374c09368 CR3=000000000f0c6000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f
YMM01=0000000000000000 0000000000000000 322e6f732e6c6462 696c2f756e672d78
YMM02=0000000000000000 0000000000000000 00322e6f732e6c64 62696c2f756e672d
YMM03=0000000000000000 0000000000000000 78756e696c2d3436 5f3638782f62696c
YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000026 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822b1551 RDI=ffffffff87643ba0 RBP=ffffffff87643b60 RSP=ffff8880331bf698
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000026 R11=0000000000000001
R12=0000000000000026 R13=ffffffff87643b60 R14=0000000000000010 R15=ffffffff822b1540
RIP=ffffffff822b15a9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fe0efc74700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000558307ea24c8 CR3=0000000020dd0000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 5f7a79730a3a3520 6d6172676f727020
YMM02=0000000000000000 0000000000000000 3030303066377830 2826202c30783028
YMM03=0000000000000000 0000000000000000 2c317830202c3078 30202c273030785c
YMM04=0000000000000000 0000000000000000 307830202c5d7d35 327830202c223130
YMM05=0000000000000000 0000000000000000 3030303430303032 3030303038663030
YMM06=0000000000000000 0000000000000000 3030333435323938 3636333766363436
YMM07=0000000000000000 0000000000000000 3030303030663778 3028267b5b3d2930
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000