Warning: Permanently added '[localhost]:35406' (ECDSA) to the list of known hosts.
2022/12/06 11:07:17 fuzzer started
2022/12/06 11:07:17 dialing manager at localhost:38749
syzkaller login: [   45.928961] cgroup: Unknown subsys name 'net'
[   46.046708] cgroup: Unknown subsys name 'rlimit'
2022/12/06 11:07:31 syscalls: 2217
2022/12/06 11:07:31 code coverage: enabled
2022/12/06 11:07:31 comparison tracing: enabled
2022/12/06 11:07:31 extra coverage: enabled
2022/12/06 11:07:31 setuid sandbox: enabled
2022/12/06 11:07:31 namespace sandbox: enabled
2022/12/06 11:07:31 Android sandbox: enabled
2022/12/06 11:07:31 fault injection: enabled
2022/12/06 11:07:31 leak checking: enabled
2022/12/06 11:07:31 net packet injection: enabled
2022/12/06 11:07:31 net device setup: enabled
2022/12/06 11:07:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/12/06 11:07:31 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/12/06 11:07:31 USB emulation: enabled
2022/12/06 11:07:31 hci packet injection: enabled
2022/12/06 11:07:31 wifi device emulation: enabled
2022/12/06 11:07:31 802.15.4 emulation: enabled
2022/12/06 11:07:31 fetching corpus: 0, signal 0/2000 (executing program)
2022/12/06 11:07:32 fetching corpus: 30, signal 15448/19165 (executing program)
2022/12/06 11:07:32 fetching corpus: 76, signal 32837/37961 (executing program)
2022/12/06 11:07:32 fetching corpus: 125, signal 44377/50796 (executing program)
2022/12/06 11:07:32 fetching corpus: 174, signal 54050/61648 (executing program)
2022/12/06 11:07:32 fetching corpus: 224, signal 63228/71927 (executing program)
2022/12/06 11:07:32 fetching corpus: 274, signal 70815/80472 (executing program)
2022/12/06 11:07:32 fetching corpus: 323, signal 76286/86925 (executing program)
2022/12/06 11:07:32 fetching corpus: 373, signal 83220/94633 (executing program)
2022/12/06 11:07:32 fetching corpus: 423, signal 86835/99167 (executing program)
2022/12/06 11:07:33 fetching corpus: 473, signal 90636/103878 (executing program)
2022/12/06 11:07:33 fetching corpus: 523, signal 94313/108342 (executing program)
2022/12/06 11:07:33 fetching corpus: 573, signal 98518/113246 (executing program)
2022/12/06 11:07:33 fetching corpus: 623, signal 101512/116988 (executing program)
2022/12/06 11:07:33 fetching corpus: 672, signal 105995/121953 (executing program)
2022/12/06 11:07:33 fetching corpus: 722, signal 108503/125155 (executing program)
2022/12/06 11:07:33 fetching corpus: 772, signal 111572/128809 (executing program)
2022/12/06 11:07:34 fetching corpus: 822, signal 116339/133831 (executing program)
2022/12/06 11:07:34 fetching corpus: 872, signal 119385/137285 (executing program)
2022/12/06 11:07:34 fetching corpus: 922, signal 122120/140466 (executing program)
2022/12/06 11:07:34 fetching corpus: 972, signal 124992/143703 (executing program)
2022/12/06 11:07:34 fetching corpus: 1022, signal 127740/146823 (executing program)
2022/12/06 11:07:34 fetching corpus: 1072, signal 129583/149115 (executing program)
2022/12/06 11:07:34 fetching corpus: 1122, signal 131556/151546 (executing program)
2022/12/06 11:07:35 fetching corpus: 1172, signal 134012/154300 (executing program)
2022/12/06 11:07:35 fetching corpus: 1222, signal 136680/157153 (executing program)
2022/12/06 11:07:35 fetching corpus: 1272, signal 139165/159857 (executing program)
2022/12/06 11:07:35 fetching corpus: 1322, signal 141632/162498 (executing program)
2022/12/06 11:07:35 fetching corpus: 1371, signal 143345/164488 (executing program)
2022/12/06 11:07:35 fetching corpus: 1421, signal 145650/166927 (executing program)
2022/12/06 11:07:35 fetching corpus: 1471, signal 148050/169373 (executing program)
2022/12/06 11:07:36 fetching corpus: 1521, signal 150298/171661 (executing program)
2022/12/06 11:07:36 fetching corpus: 1571, signal 152772/174073 (executing program)
2022/12/06 11:07:36 fetching corpus: 1621, signal 154263/175788 (executing program)
2022/12/06 11:07:36 fetching corpus: 1671, signal 156119/177696 (executing program)
2022/12/06 11:07:36 fetching corpus: 1721, signal 157362/179172 (executing program)
2022/12/06 11:07:36 fetching corpus: 1771, signal 158806/180733 (executing program)
2022/12/06 11:07:36 fetching corpus: 1821, signal 160508/182470 (executing program)
2022/12/06 11:07:37 fetching corpus: 1871, signal 163350/184973 (executing program)
2022/12/06 11:07:37 fetching corpus: 1919, signal 164848/186556 (executing program)
2022/12/06 11:07:37 fetching corpus: 1969, signal 166539/188175 (executing program)
2022/12/06 11:07:37 fetching corpus: 2019, signal 168370/189838 (executing program)
2022/12/06 11:07:37 fetching corpus: 2068, signal 169699/191146 (executing program)
2022/12/06 11:07:37 fetching corpus: 2117, signal 172620/193458 (executing program)
2022/12/06 11:07:38 fetching corpus: 2167, signal 173725/194635 (executing program)
2022/12/06 11:07:38 fetching corpus: 2217, signal 174728/195680 (executing program)
2022/12/06 11:07:38 fetching corpus: 2265, signal 176092/197002 (executing program)
2022/12/06 11:07:38 fetching corpus: 2315, signal 177866/198471 (executing program)
2022/12/06 11:07:38 fetching corpus: 2363, signal 178782/199424 (executing program)
2022/12/06 11:07:38 fetching corpus: 2413, signal 180322/200705 (executing program)
2022/12/06 11:07:38 fetching corpus: 2463, signal 181529/201763 (executing program)
2022/12/06 11:07:39 fetching corpus: 2513, signal 182491/202661 (executing program)
2022/12/06 11:07:39 fetching corpus: 2563, signal 184077/203862 (executing program)
2022/12/06 11:07:39 fetching corpus: 2613, signal 185729/205121 (executing program)
2022/12/06 11:07:39 fetching corpus: 2662, signal 186601/205901 (executing program)
2022/12/06 11:07:39 fetching corpus: 2712, signal 187543/206734 (executing program)
2022/12/06 11:07:39 fetching corpus: 2762, signal 188404/207518 (executing program)
2022/12/06 11:07:39 fetching corpus: 2812, signal 189859/208561 (executing program)
2022/12/06 11:07:40 fetching corpus: 2862, signal 190563/209264 (executing program)
2022/12/06 11:07:40 fetching corpus: 2912, signal 191567/210055 (executing program)
2022/12/06 11:07:40 fetching corpus: 2962, signal 192414/210723 (executing program)
2022/12/06 11:07:40 fetching corpus: 3012, signal 193382/211415 (executing program)
2022/12/06 11:07:40 fetching corpus: 3061, signal 194321/212136 (executing program)
2022/12/06 11:07:40 fetching corpus: 3111, signal 195208/212760 (executing program)
2022/12/06 11:07:40 fetching corpus: 3160, signal 196026/213415 (executing program)
2022/12/06 11:07:41 fetching corpus: 3210, signal 197049/214081 (executing program)
2022/12/06 11:07:41 fetching corpus: 3260, signal 198409/214895 (executing program)
2022/12/06 11:07:41 fetching corpus: 3310, signal 199847/215726 (executing program)
2022/12/06 11:07:41 fetching corpus: 3360, signal 201256/216580 (executing program)
2022/12/06 11:07:41 fetching corpus: 3410, signal 202366/217256 (executing program)
2022/12/06 11:07:41 fetching corpus: 3459, signal 203613/217923 (executing program)
2022/12/06 11:07:42 fetching corpus: 3509, signal 204511/218501 (executing program)
2022/12/06 11:07:42 fetching corpus: 3559, signal 205086/218902 (executing program)
2022/12/06 11:07:42 fetching corpus: 3609, signal 205852/219355 (executing program)
2022/12/06 11:07:42 fetching corpus: 3659, signal 207178/219966 (executing program)
2022/12/06 11:07:42 fetching corpus: 3709, signal 208050/220436 (executing program)
2022/12/06 11:07:42 fetching corpus: 3759, signal 208890/220870 (executing program)
2022/12/06 11:07:42 fetching corpus: 3809, signal 209803/221305 (executing program)
2022/12/06 11:07:43 fetching corpus: 3859, signal 210511/221669 (executing program)
2022/12/06 11:07:43 fetching corpus: 3909, signal 211453/222090 (executing program)
2022/12/06 11:07:43 fetching corpus: 3959, signal 212152/222426 (executing program)
2022/12/06 11:07:43 fetching corpus: 4009, signal 212904/222780 (executing program)
2022/12/06 11:07:43 fetching corpus: 4059, signal 213496/223074 (executing program)
2022/12/06 11:07:43 fetching corpus: 4109, signal 213866/223269 (executing program)
2022/12/06 11:07:43 fetching corpus: 4159, signal 214676/223564 (executing program)
2022/12/06 11:07:44 fetching corpus: 4209, signal 215870/223966 (executing program)
2022/12/06 11:07:44 fetching corpus: 4259, signal 216291/224144 (executing program)
2022/12/06 11:07:44 fetching corpus: 4309, signal 216722/224319 (executing program)
2022/12/06 11:07:44 fetching corpus: 4359, signal 217311/224519 (executing program)
2022/12/06 11:07:44 fetching corpus: 4409, signal 217970/224747 (executing program)
2022/12/06 11:07:44 fetching corpus: 4458, signal 218635/224977 (executing program)
2022/12/06 11:07:44 fetching corpus: 4508, signal 219340/225164 (executing program)
2022/12/06 11:07:45 fetching corpus: 4558, signal 219792/225315 (executing program)
2022/12/06 11:07:45 fetching corpus: 4608, signal 220438/225488 (executing program)
2022/12/06 11:07:45 fetching corpus: 4658, signal 221317/225706 (executing program)
2022/12/06 11:07:45 fetching corpus: 4708, signal 222140/225878 (executing program)
2022/12/06 11:07:45 fetching corpus: 4726, signal 222249/225928 (executing program)
2022/12/06 11:07:45 fetching corpus: 4726, signal 222249/225961 (executing program)
2022/12/06 11:07:45 fetching corpus: 4726, signal 222249/225997 (executing program)
2022/12/06 11:07:45 fetching corpus: 4726, signal 222249/226041 (executing program)
2022/12/06 11:07:45 fetching corpus: 4726, signal 222249/226078 (executing program)
2022/12/06 11:07:45 fetching corpus: 4726, signal 222249/226114 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226159 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226207 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226256 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226311 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226347 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226389 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226435 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226467 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226496 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226533 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226577 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226595 (executing program)
2022/12/06 11:07:45 fetching corpus: 4727, signal 222251/226595 (executing program)
2022/12/06 11:07:48 starting 8 fuzzer processes
11:07:48 executing program 0:
getpid()
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
r2 = signalfd(r0, &(0x7f0000000240)={[0xfffffffffffffff8]}, 0x8)
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0xf7, 0xb1, 0x80, 0x4, 0x0, 0x4, 0x48c00, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0x7fffffff, 0x7f}, 0x4400, 0x100000000, 0x5, 0x0, 0x7ff, 0x1f, 0x1f, 0x0, 0x4, 0x0, 0x7}, r1, 0xb, r2, 0x9)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2e2f66696c653000851be510a43930abac53d5ee29b8bc433d1c0a88142877c80de8edb123cfe7541cef5e4a858b7f72894a8ec6158336046e"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000082, &(0x7f00000001c0)='hugetlbfs\x00')
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x42, 0x0)
stat(&(0x7f0000000480)='./cgroup/cgroup.procs\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x1000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@fowner_gt={'fowner>', r4}}, {@permit_directio}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x80}}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_measure}, {@obj_role}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@appraise}]}})

11:07:48 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
times(&(0x7f0000000100))

11:07:48 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
setresuid(0x0, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000003a00)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f0000000800)={0xa, 0x4e23, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000c00)=[@dstopts_2292={{0x18}}], 0x18}}], 0x2, 0x0)

[   75.485673] audit: type=1400 audit(1670324868.686:6): avc:  denied  { execmem } for  pid=257 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
11:07:48 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000300)="03", 0x1}], 0x5, 0x0, 0x0)

11:07:48 executing program 4:
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, 0x0, 0x0)

11:07:48 executing program 6:
r0 = epoll_create(0x1)
r1 = socket$packet(0x11, 0x3, 0x300)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0))
r2 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r3=>0x0})
sendto(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)=@xdp={0x2c, 0x0, r3}, 0x80)

11:07:48 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2)
write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125)
close_range(r1, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3)
r2 = io_uring_setup(0x62db, &(0x7f0000001040))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x2)

11:07:48 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, 0x0)

[   76.801493] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   76.804496] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   76.806673] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   76.810648] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   76.812859] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   76.814845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   76.857733] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   76.860185] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   76.861873] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   76.865188] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   76.867464] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   76.868848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   76.875736] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   76.884451] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   76.889859] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   76.891444] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   76.893668] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   76.897969] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   76.916915] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   76.917893] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   76.921329] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   76.922848] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   76.924632] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   76.925860] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   76.928778] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   76.930498] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   76.933376] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   76.936897] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   76.958484] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   76.969592] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   77.084018] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   77.088352] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   77.095014] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   77.113574] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   77.123651] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   77.130998] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   78.885805] Bluetooth: hci2: command 0x0409 tx timeout
[   78.885837] Bluetooth: hci0: command 0x0409 tx timeout
[   78.948985] Bluetooth: hci5: Opcode 0x c03 failed: -110
[   79.012270] Bluetooth: hci1: command 0x0409 tx timeout
[   79.013180] Bluetooth: hci7: Opcode 0x c03 failed: -110
[   79.013360] Bluetooth: hci4: command 0x0409 tx timeout
[   79.014282] Bluetooth: hci3: command 0x0409 tx timeout
[   79.204222] Bluetooth: hci6: command 0x0409 tx timeout
[   80.932222] Bluetooth: hci0: command 0x041b tx timeout
[   80.932538] Bluetooth: hci2: command 0x041b tx timeout
[   81.060177] Bluetooth: hci4: command 0x041b tx timeout
[   81.060197] Bluetooth: hci1: command 0x041b tx timeout
[   81.061163] Bluetooth: hci3: command 0x041b tx timeout
[   81.252134] Bluetooth: hci6: command 0x041b tx timeout
[   81.946373] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   81.947783] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   81.948542] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   81.951243] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   81.952166] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   81.953400] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   82.105507] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   82.106773] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   82.108481] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   82.110880] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   82.113554] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   82.122886] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   82.980232] Bluetooth: hci0: command 0x040f tx timeout
[   82.981496] Bluetooth: hci2: command 0x040f tx timeout
[   83.108188] Bluetooth: hci3: command 0x040f tx timeout
[   83.108204] Bluetooth: hci4: command 0x040f tx timeout
[   83.109164] Bluetooth: hci1: command 0x040f tx timeout
[   83.301150] Bluetooth: hci6: command 0x040f tx timeout
[   84.004176] Bluetooth: hci5: command 0x0409 tx timeout
[   84.196274] Bluetooth: hci7: command 0x0409 tx timeout
[   85.029221] Bluetooth: hci2: command 0x0419 tx timeout
[   85.029623] Bluetooth: hci0: command 0x0419 tx timeout
[   85.156174] Bluetooth: hci1: command 0x0419 tx timeout
[   85.156593] Bluetooth: hci3: command 0x0419 tx timeout
[   85.157323] Bluetooth: hci4: command 0x0419 tx timeout
[   85.348176] Bluetooth: hci6: command 0x0419 tx timeout
[   86.052197] Bluetooth: hci5: command 0x041b tx timeout
[   86.244143] Bluetooth: hci7: command 0x041b tx timeout
[   88.100164] Bluetooth: hci5: command 0x040f tx timeout
[   88.292206] Bluetooth: hci7: command 0x040f tx timeout
[   90.148142] Bluetooth: hci5: command 0x0419 tx timeout
[   90.340148] Bluetooth: hci7: command 0x0419 tx timeout
[  127.848696] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.849648] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.850874] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  128.029038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.029749] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.031238] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  128.343795] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.344609] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.346194] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  128.473690] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.474332] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.477199] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  128.642774] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.643546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.644855] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  128.675180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.675706] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.677247] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  129.036575] audit: type=1400 audit(1670324922.237:7): avc:  denied  { open } for  pid=3756 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  129.038678] audit: type=1400 audit(1670324922.239:8): avc:  denied  { kernel } for  pid=3756 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  129.078110] hrtimer: interrupt took 19657 ns
[  129.168414] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.169049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.170347] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  129.210956] 9pnet_virtio: no channels available for device ./file0
[  129.218457] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.219115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.226767] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  129.311171] 9pnet_virtio: no channels available for device ./file0
[  129.361673] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.362793] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.364143] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  129.442002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.442646] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.444158] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  129.832528] audit: type=1400 audit(1670324923.033:9): avc:  denied  { read } for  pid=3796 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  129.942954] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in;
[  129.942954]    program syz-executor.5 not setting count and/or reply_len properly
[  129.949754] ------------[ cut here ]------------
[  129.950451] WARNING: CPU: 1 PID: 3801 at lib/iov_iter.c:629 _copy_from_iter+0x2f1/0x1130
[  129.951030] Modules linked in:
[  129.951275] CPU: 1 PID: 3801 Comm: syz-executor.5 Not tainted 6.1.0-rc8-next-20221206 #1
[  129.951772] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  129.952300] RIP: 0010:_copy_from_iter+0x2f1/0x1130
[  129.956424] Code: 37 ff 44 89 f3 e9 2f ff ff ff e8 7a 07 37 ff be 79 02 00 00 48 c7 c7 80 c0 9e 84 e8 49 87 5a ff e9 13 fe ff ff e8 5f 07 37 ff <0f> 0b 45 31 f6 e9 77 ff ff ff e8 50 07 37 ff 31 ff 89 ee e8 17 03
[  129.957627] RSP: 0018:ffff8880408b75e8 EFLAGS: 00010202
[  129.958017] RAX: 0000000000003f80 RBX: 0000000000000000 RCX: ffffc9000921c000
[  129.958622] RDX: 0000000000040000 RSI: ffffffff82124d21 RDI: 0000000000000001
[  129.959279] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  129.959919] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000001000
[  129.960586] R13: ffffea0001027600 R14: 0000000000001000 R15: ffff8880408b7818
[  129.961265] FS:  00007f5c196ef700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  129.961993] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  129.962550] CR2: 00007ff795686d5c CR3: 000000003a566000 CR4: 0000000000350ee0
[  129.963216] Call Trace:
[  129.963468]  <TASK>
[  129.963687]  ? __kmem_cache_alloc_node+0x25b/0x400
[  129.964188]  ? __pfx__copy_from_iter+0x10/0x10
[  129.964625]  ? bio_add_pc_page+0xbc/0x100
[  129.965015]  ? page_copy_sane+0xd3/0x390
[  129.965444]  copy_page_from_iter+0xe3/0x180
[  129.965867]  blk_rq_map_user_iov+0xb0c/0x1650
[  129.966346]  ? lock_is_held_type+0xdb/0x130
[  129.966769]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  129.967274]  ? __pfx_lock_release+0x10/0x10
[  129.967691]  ? __pfx___alloc_pages+0x10/0x10
[  129.968137]  ? mark_held_locks+0x9e/0xe0
[  129.968533]  ? import_single_range+0x333/0x400
[  129.968979]  blk_rq_map_user_io+0x1ee/0x220
[  129.969428]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  129.969907]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  129.970393]  ? sg_build_indirect.isra.0+0x3b2/0x640
[  129.970748]  sg_common_write.constprop.0+0xd84/0x15e0
[  129.971131]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  129.971515]  ? _raw_spin_unlock_irqrestore+0x37/0x60
[  129.971882]  sg_write.part.0+0x706/0xb20
[  129.972184]  ? __pfx_sg_write.part.0+0x10/0x10
[  129.972511]  ? schedule+0xf5/0x1b0
[  129.972767]  ? futex_unqueue+0xb7/0x120
[  129.973051]  ? futex_wait+0x503/0x690
[  129.973353]  ? lock_is_held_type+0xdb/0x130
[  129.973680]  ? inode_security+0x105/0x140
[  129.973985]  ? avc_policy_seqno+0xd/0x70
[  129.974297]  ? selinux_file_permission+0x3a/0x510
[  129.974654]  sg_write+0x88/0xe0
[  129.974897]  vfs_write+0x358/0xe40
[  129.975174]  ? __pfx_sg_write+0x10/0x10
[  129.975459]  ? __pfx_vfs_write+0x10/0x10
[  129.975757]  ? __pfx_do_futex+0x10/0x10
[  129.976046]  ? syscall_enter_from_user_mode+0x1c/0x50
[  129.976426]  ? perf_trace_preemptirq_template+0xa6/0x410
[  129.976814]  ? __fget_light+0x212/0x280
[  129.977122]  ksys_write+0x12b/0x260
[  129.977392]  ? __pfx_ksys_write+0x10/0x10
[  129.977704]  ? syscall_enter_from_user_mode+0x21/0x50
[  129.978077]  ? syscall_enter_from_user_mode+0x21/0x50
[  129.978483]  do_syscall_64+0x3f/0x90
[  129.978747]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  129.979182] RIP: 0033:0x7f5c1c19ab19
[  129.979447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  129.980659] RSP: 002b:00007f5c196ef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  129.981185] RAX: ffffffffffffffda RBX: 00007f5c1c2ae020 RCX: 00007f5c1c19ab19
[  129.981687] RDX: 0000000000000125 RSI: 00000000200003c0 RDI: 0000000000000006
[  129.982185] RBP: 00007f5c1c1f4f6d R08: 0000000000000000 R09: 0000000000000000
[  129.982667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  129.983159] R13: 00007ffee0d4ab8f R14: 00007f5c196ef300 R15: 0000000000022000
[  129.983647]  </TASK>
[  129.983815] irq event stamp: 2333
[  129.984054] hardirqs last  enabled at (2343): [<ffffffff812e2588>] __up_console_sem+0x78/0x80
[  129.984650] hardirqs last disabled at (2354): [<ffffffff812e256d>] __up_console_sem+0x5d/0x80
[  129.985941] softirqs last  enabled at (2646): [<ffffffff8118443b>] __irq_exit_rcu+0x11b/0x180
[  129.986689] softirqs last disabled at (2659): [<ffffffff8118443b>] __irq_exit_rcu+0x11b/0x180
[  129.987294] ---[ end trace 0000000000000000 ]---
[  130.534663] loop3: detected capacity change from 0 to 40
[  130.975841] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  130.978933] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.979699] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.981377] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  131.053559] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.054312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.055727] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  131.282651] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  132.281183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.281838] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.283763] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  132.316358] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.316920] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.318430] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  132.385856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.386502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.392272] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  132.401590] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.402155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.403662] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  132.911413] Zero length message leads to an empty skb
11:08:46 executing program 0:
getpid()
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
r2 = signalfd(r0, &(0x7f0000000240)={[0xfffffffffffffff8]}, 0x8)
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0xf7, 0xb1, 0x80, 0x4, 0x0, 0x4, 0x48c00, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0x7fffffff, 0x7f}, 0x4400, 0x100000000, 0x5, 0x0, 0x7ff, 0x1f, 0x1f, 0x0, 0x4, 0x0, 0x7}, r1, 0xb, r2, 0x9)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2e2f66696c653000851be510a43930abac53d5ee29b8bc433d1c0a88142877c80de8edb123cfe7541cef5e4a858b7f72894a8ec6158336046e"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000082, &(0x7f00000001c0)='hugetlbfs\x00')
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x42, 0x0)
stat(&(0x7f0000000480)='./cgroup/cgroup.procs\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x1000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@fowner_gt={'fowner>', r4}}, {@permit_directio}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x80}}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_measure}, {@obj_role}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@appraise}]}})

11:08:46 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000300)="03", 0x1}], 0x5, 0x0, 0x0)

11:08:46 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
times(&(0x7f0000000100))

11:08:46 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2)
write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125)
close_range(r1, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3)
r2 = io_uring_setup(0x62db, &(0x7f0000001040))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x2)

11:08:46 executing program 6:
r0 = epoll_create(0x1)
r1 = socket$packet(0x11, 0x3, 0x300)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0))
r2 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r3=>0x0})
sendto(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)=@xdp={0x2c, 0x0, r3}, 0x80)

11:08:46 executing program 4:
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, 0x0, 0x0)

11:08:46 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
setresuid(0x0, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000003a00)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f0000000800)={0xa, 0x4e23, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000c00)=[@dstopts_2292={{0x18}}], 0x18}}], 0x2, 0x0)

11:08:46 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, 0x0)

[  133.072418] loop3: detected capacity change from 0 to 40
[  133.074864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  133.093853] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in;
[  133.093853]    program syz-executor.5 not setting count and/or reply_len properly
11:08:46 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
times(&(0x7f0000000100))

11:08:46 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000300)="03", 0x1}], 0x5, 0x0, 0x0)

11:08:46 executing program 6:
r0 = epoll_create(0x1)
r1 = socket$packet(0x11, 0x3, 0x300)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0))
r2 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r3=>0x0})
sendto(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)=@xdp={0x2c, 0x0, r3}, 0x80)

11:08:46 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
setresuid(0x0, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000003a00)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f0000000800)={0xa, 0x4e23, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000c00)=[@dstopts_2292={{0x18}}], 0x18}}], 0x2, 0x0)

[  133.206906] loop3: detected capacity change from 0 to 40
11:08:46 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, 0x0)

11:08:46 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
times(&(0x7f0000000100))

11:08:46 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2)
write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125)
close_range(r1, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3)
r2 = io_uring_setup(0x62db, &(0x7f0000001040))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x2)

11:08:46 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
setresuid(0x0, r0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000003a00)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f0000000800)={0xa, 0x4e23, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000c00)=[@dstopts_2292={{0x18}}], 0x18}}], 0x2, 0x0)

11:08:46 executing program 0:
getpid()
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
r2 = signalfd(r0, &(0x7f0000000240)={[0xfffffffffffffff8]}, 0x8)
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0xf7, 0xb1, 0x80, 0x4, 0x0, 0x4, 0x48c00, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0x7fffffff, 0x7f}, 0x4400, 0x100000000, 0x5, 0x0, 0x7ff, 0x1f, 0x1f, 0x0, 0x4, 0x0, 0x7}, r1, 0xb, r2, 0x9)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2e2f66696c653000851be510a43930abac53d5ee29b8bc433d1c0a88142877c80de8edb123cfe7541cef5e4a858b7f72894a8ec6158336046e"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000082, &(0x7f00000001c0)='hugetlbfs\x00')
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x42, 0x0)
stat(&(0x7f0000000480)='./cgroup/cgroup.procs\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x1000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@fowner_gt={'fowner>', r4}}, {@permit_directio}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x80}}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_measure}, {@obj_role}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@appraise}]}})

11:08:46 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, 0x0)

11:08:46 executing program 4:
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, 0x0, 0x0)

11:08:46 executing program 6:
r0 = epoll_create(0x1)
r1 = socket$packet(0x11, 0x3, 0x300)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0))
r2 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r3=>0x0})
sendto(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)=@xdp={0x2c, 0x0, r3}, 0x80)

11:08:46 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000300)="03", 0x1}], 0x5, 0x0, 0x0)

[  133.544768] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  133.565600] loop3: detected capacity change from 0 to 40
11:08:46 executing program 6:
getpid()
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
r2 = signalfd(r0, &(0x7f0000000240)={[0xfffffffffffffff8]}, 0x8)
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0xf7, 0xb1, 0x80, 0x4, 0x0, 0x4, 0x48c00, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0x7fffffff, 0x7f}, 0x4400, 0x100000000, 0x5, 0x0, 0x7ff, 0x1f, 0x1f, 0x0, 0x4, 0x0, 0x7}, r1, 0xb, r2, 0x9)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2e2f66696c653000851be510a43930abac53d5ee29b8bc433d1c0a88142877c80de8edb123cfe7541cef5e4a858b7f72894a8ec6158336046e"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000082, &(0x7f00000001c0)='hugetlbfs\x00')
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x42, 0x0)
stat(&(0x7f0000000480)='./cgroup/cgroup.procs\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x1000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@fowner_gt={'fowner>', r4}}, {@permit_directio}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x80}}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_measure}, {@obj_role}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@appraise}]}})

11:08:46 executing program 1:
getpid()
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
r2 = signalfd(r0, &(0x7f0000000240)={[0xfffffffffffffff8]}, 0x8)
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0xf7, 0xb1, 0x80, 0x4, 0x0, 0x4, 0x48c00, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0x7fffffff, 0x7f}, 0x4400, 0x100000000, 0x5, 0x0, 0x7ff, 0x1f, 0x1f, 0x0, 0x4, 0x0, 0x7}, r1, 0xb, r2, 0x9)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2e2f66696c653000851be510a43930abac53d5ee29b8bc433d1c0a88142877c80de8edb123cfe7541cef5e4a858b7f72894a8ec6158336046e"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000082, &(0x7f00000001c0)='hugetlbfs\x00')
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x42, 0x0)
stat(&(0x7f0000000480)='./cgroup/cgroup.procs\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x1000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@fowner_gt={'fowner>', r4}}, {@permit_directio}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x80}}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_measure}, {@obj_role}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@appraise}]}})

11:08:46 executing program 2:
r0 = epoll_create(0x1)
r1 = socket$packet(0x11, 0x3, 0x300)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0))
r2 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r3=>0x0})
sendto(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)=@xdp={0x2c, 0x0, r3}, 0x80)

[  133.712436] 9pnet_virtio: no channels available for device ./file0
11:08:46 executing program 2:
r0 = epoll_create(0x1)
r1 = socket$packet(0x11, 0x3, 0x300)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0))
r2 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r3=>0x0})
sendto(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)=@xdp={0x2c, 0x0, r3}, 0x80)

11:08:46 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000300)="03", 0x1}], 0x5, 0x0, 0x0)

11:08:47 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2)
write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125)
close_range(r1, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3)
r2 = io_uring_setup(0x62db, &(0x7f0000001040))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x2)

11:08:47 executing program 0:
getpid()
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
r2 = signalfd(r0, &(0x7f0000000240)={[0xfffffffffffffff8]}, 0x8)
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0xf7, 0xb1, 0x80, 0x4, 0x0, 0x4, 0x48c00, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0x7fffffff, 0x7f}, 0x4400, 0x100000000, 0x5, 0x0, 0x7ff, 0x1f, 0x1f, 0x0, 0x4, 0x0, 0x7}, r1, 0xb, r2, 0x9)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2e2f66696c653000851be510a43930abac53d5ee29b8bc433d1c0a88142877c80de8edb123cfe7541cef5e4a858b7f72894a8ec6158336046e"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000082, &(0x7f00000001c0)='hugetlbfs\x00')
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x42, 0x0)
stat(&(0x7f0000000480)='./cgroup/cgroup.procs\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x1000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@fowner_gt={'fowner>', r4}}, {@permit_directio}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x80}}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_measure}, {@obj_role}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@appraise}]}})

[  133.830262] loop7: detected capacity change from 0 to 40
[  133.850438] 9pnet_virtio: no channels available for device ./file0
11:08:47 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2)
write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125)
close_range(r1, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3)
r2 = io_uring_setup(0x62db, &(0x7f0000001040))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x2)

[  133.866246] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in;
[  133.866246]    program syz-executor.3 not setting count and/or reply_len properly
11:08:47 executing program 4:
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, 0x0, 0x0)

11:08:47 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000300)="03", 0x1}], 0x5, 0x0, 0x0)

[  133.938408] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in;
[  133.938408]    program syz-executor.5 not setting count and/or reply_len properly
[  133.959182] 9pnet_virtio: no channels available for device ./file0
[  133.961209] loop7: detected capacity change from 0 to 40
[  133.962021] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  134.039890] 9pnet_virtio: no channels available for device ./file0
11:08:47 executing program 2:
r0 = epoll_create(0x1)
r1 = socket$packet(0x11, 0x3, 0x300)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0))
r2 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r3=>0x0})
sendto(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)=@xdp={0x2c, 0x0, r3}, 0x80)

11:08:47 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2)
write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125)
close_range(r1, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3)
r2 = io_uring_setup(0x62db, &(0x7f0000001040))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x2)

11:08:47 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000300)="03", 0x1}], 0x5, 0x0, 0x0)

11:08:47 executing program 1:
getpid()
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
r2 = signalfd(r0, &(0x7f0000000240)={[0xfffffffffffffff8]}, 0x8)
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0xf7, 0xb1, 0x80, 0x4, 0x0, 0x4, 0x48c00, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0x7fffffff, 0x7f}, 0x4400, 0x100000000, 0x5, 0x0, 0x7ff, 0x1f, 0x1f, 0x0, 0x4, 0x0, 0x7}, r1, 0xb, r2, 0x9)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2e2f66696c653000851be510a43930abac53d5ee29b8bc433d1c0a88142877c80de8edb123cfe7541cef5e4a858b7f72894a8ec6158336046e"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000082, &(0x7f00000001c0)='hugetlbfs\x00')
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x42, 0x0)
stat(&(0x7f0000000480)='./cgroup/cgroup.procs\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x1000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@fowner_gt={'fowner>', r4}}, {@permit_directio}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x80}}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_measure}, {@obj_role}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@appraise}]}})

11:08:47 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2)
write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125)
close_range(r1, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3)
r2 = io_uring_setup(0x62db, &(0x7f0000001040))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x2)

11:08:47 executing program 6:
getpid()
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
r2 = signalfd(r0, &(0x7f0000000240)={[0xfffffffffffffff8]}, 0x8)
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0xf7, 0xb1, 0x80, 0x4, 0x0, 0x4, 0x48c00, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0x7fffffff, 0x7f}, 0x4400, 0x100000000, 0x5, 0x0, 0x7ff, 0x1f, 0x1f, 0x0, 0x4, 0x0, 0x7}, r1, 0xb, r2, 0x9)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2e2f66696c653000851be510a43930abac53d5ee29b8bc433d1c0a88142877c80de8edb123cfe7541cef5e4a858b7f72894a8ec6158336046e"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000082, &(0x7f00000001c0)='hugetlbfs\x00')
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x42, 0x0)
stat(&(0x7f0000000480)='./cgroup/cgroup.procs\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x1000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@fowner_gt={'fowner>', r4}}, {@permit_directio}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x80}}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_measure}, {@obj_role}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@appraise}]}})

11:08:47 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

11:08:47 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
lseek(r0, 0x0, 0x0)

[  134.734088] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in;
[  134.734088]    program syz-executor.0 not setting count and/or reply_len properly
[  134.743009] loop7: detected capacity change from 0 to 40
11:08:48 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

[  134.859500] 9pnet_virtio: no channels available for device ./file0
11:08:48 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

11:08:48 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

11:08:48 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
lseek(r0, 0x0, 0x0)

11:08:48 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

11:08:48 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

11:08:48 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2)
write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125)
close_range(r1, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3)
r2 = io_uring_setup(0x62db, &(0x7f0000001040))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x2)

11:08:48 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
lseek(r0, 0x0, 0x0)

11:08:48 executing program 1:
getpid()
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
r2 = signalfd(r0, &(0x7f0000000240)={[0xfffffffffffffff8]}, 0x8)
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0xf7, 0xb1, 0x80, 0x4, 0x0, 0x4, 0x48c00, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0x7fffffff, 0x7f}, 0x4400, 0x100000000, 0x5, 0x0, 0x7ff, 0x1f, 0x1f, 0x0, 0x4, 0x0, 0x7}, r1, 0xb, r2, 0x9)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2e2f66696c653000851be510a43930abac53d5ee29b8bc433d1c0a88142877c80de8edb123cfe7541cef5e4a858b7f72894a8ec6158336046e"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000082, &(0x7f00000001c0)='hugetlbfs\x00')
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x42, 0x0)
stat(&(0x7f0000000480)='./cgroup/cgroup.procs\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x1000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@fowner_gt={'fowner>', r4}}, {@permit_directio}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x80}}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_measure}, {@obj_role}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@appraise}]}})

11:08:48 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
lseek(r0, 0x0, 0x0)

11:08:48 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2)
write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125)
close_range(r1, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3)
r2 = io_uring_setup(0x62db, &(0x7f0000001040))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x2)

11:08:48 executing program 6:
getpid()
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
r2 = signalfd(r0, &(0x7f0000000240)={[0xfffffffffffffff8]}, 0x8)
perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0xf7, 0xb1, 0x80, 0x4, 0x0, 0x4, 0x48c00, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0x7fffffff, 0x7f}, 0x4400, 0x100000000, 0x5, 0x0, 0x7ff, 0x1f, 0x1f, 0x0, 0x4, 0x0, 0x7}, r1, 0xb, r2, 0x9)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2e2f66696c653000851be510a43930abac53d5ee29b8bc433d1c0a88142877c80de8edb123cfe7541cef5e4a858b7f72894a8ec6158336046e"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000082, &(0x7f00000001c0)='hugetlbfs\x00')
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x42, 0x0)
stat(&(0x7f0000000480)='./cgroup/cgroup.procs\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x1000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@fowner_gt={'fowner>', r4}}, {@permit_directio}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x80}}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_measure}, {@obj_role}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@appraise}]}})

[  135.493995] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in;
[  135.493995]    program syz-executor.3 not setting count and/or reply_len properly
[  135.529165] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in;
[  135.529165]    program syz-executor.0 not setting count and/or reply_len properly
11:08:48 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

[  135.669390] 9pnet_virtio: no channels available for device ./file0
11:08:48 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

11:08:48 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
lseek(r0, 0x0, 0x0)

11:08:48 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
lseek(r0, 0x0, 0x0)

[  135.725878] 9pnet_virtio: no channels available for device ./file0
11:08:48 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

11:08:49 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

11:08:49 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

11:08:49 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
lseek(r0, 0x0, 0x0)

11:08:49 executing program 6:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x16, 0x0, 0x101, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r0)

11:08:49 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

11:08:49 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = semget$private(0x0, 0x4, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x6ba8c)

11:08:49 executing program 6:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x16, 0x0, 0x101, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r0)

11:08:49 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x16, 0x0, 0x101, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r0)

11:08:49 executing program 7:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000017c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$nbd(r0, &(0x7f0000001c00), 0x10)

11:08:49 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2)
write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125)
close_range(r1, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3)
r2 = io_uring_setup(0x62db, &(0x7f0000001040))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x2)

11:08:49 executing program 2:
prlimit64(0x0, 0x7, &(0x7f0000000080)={0x4, 0xff22}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)

11:08:49 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000002, 0x401a012, r1, 0x0)
pkey_mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff)

[  136.561678] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in;
[  136.561678]    program syz-executor.0 not setting count and/or reply_len properly
11:08:49 executing program 3:
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r3 = inotify_init1(0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x1c0)
clock_gettime(0x0, &(0x7f0000000100)={<r5=>0x0, <r6=>0x0})
utimensat(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}, {r5, r6/1000+10000}}, 0x0)
dup2(r4, r4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000010c0)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x4, 0x0, 0x1, [@typed={0x8, 0x17, 0x0, 0x0, @pid}]}]}, 0x2c}], 0x1}, 0x0)
pidfd_getfd(r4, r7, 0x0)
r8 = dup2(r3, r2)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x108000, 0xd0)
recvmsg$unix(r8, &(0x7f0000000200)={&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000540)=""/248, 0xf8}], 0x1, &(0x7f0000000400)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0xf0}, 0x0)

11:08:49 executing program 6:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x16, 0x0, 0x101, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r0)

11:08:49 executing program 2:
prlimit64(0x0, 0x7, &(0x7f0000000080)={0x4, 0xff22}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)

11:08:49 executing program 7:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000200)=""/148, 0xfffffffffffffcda, 0x0, &(0x7f0000000140)=""/122, 0x7a}, &(0x7f00000001c0)=0x38)

11:08:49 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x16, 0x0, 0x101, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r0)

11:08:49 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000002, 0x401a012, r1, 0x0)
pkey_mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff)

11:08:49 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000002, 0x401a012, r1, 0x0)
pkey_mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff)

11:08:49 executing program 6:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x16, 0x0, 0x101, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r0)

[  136.736593] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
11:08:50 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x16, 0x0, 0x101, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r0)

11:08:50 executing program 6:
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r3 = inotify_init1(0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x1c0)
clock_gettime(0x0, &(0x7f0000000100)={<r5=>0x0, <r6=>0x0})
utimensat(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}, {r5, r6/1000+10000}}, 0x0)
dup2(r4, r4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000010c0)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x4, 0x0, 0x1, [@typed={0x8, 0x17, 0x0, 0x0, @pid}]}]}, 0x2c}], 0x1}, 0x0)
pidfd_getfd(r4, r7, 0x0)
r8 = dup2(r3, r2)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x108000, 0xd0)
recvmsg$unix(r8, &(0x7f0000000200)={&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000540)=""/248, 0xf8}], 0x1, &(0x7f0000000400)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0xf0}, 0x0)

11:08:50 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000002, 0x401a012, r1, 0x0)
pkey_mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff)

11:08:50 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000002, 0x401a012, r1, 0x0)
pkey_mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff)

11:08:50 executing program 3:
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r3 = inotify_init1(0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x1c0)
clock_gettime(0x0, &(0x7f0000000100)={<r5=>0x0, <r6=>0x0})
utimensat(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}, {r5, r6/1000+10000}}, 0x0)
dup2(r4, r4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000010c0)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x4, 0x0, 0x1, [@typed={0x8, 0x17, 0x0, 0x0, @pid}]}]}, 0x2c}], 0x1}, 0x0)
pidfd_getfd(r4, r7, 0x0)
r8 = dup2(r3, r2)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x108000, 0xd0)
recvmsg$unix(r8, &(0x7f0000000200)={&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000540)=""/248, 0xf8}], 0x1, &(0x7f0000000400)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0xf0}, 0x0)

11:08:50 executing program 2:
prlimit64(0x0, 0x7, &(0x7f0000000080)={0x4, 0xff22}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)

11:08:50 executing program 7:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000200)=""/148, 0xfffffffffffffcda, 0x0, &(0x7f0000000140)=""/122, 0x7a}, &(0x7f00000001c0)=0x38)

11:08:50 executing program 0:
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r3 = inotify_init1(0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x1c0)
clock_gettime(0x0, &(0x7f0000000100)={<r5=>0x0, <r6=>0x0})
utimensat(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}, {r5, r6/1000+10000}}, 0x0)
dup2(r4, r4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000010c0)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x4, 0x0, 0x1, [@typed={0x8, 0x17, 0x0, 0x0, @pid}]}]}, 0x2c}], 0x1}, 0x0)
pidfd_getfd(r4, r7, 0x0)
r8 = dup2(r3, r2)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x108000, 0xd0)
recvmsg$unix(r8, &(0x7f0000000200)={&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000540)=""/248, 0xf8}], 0x1, &(0x7f0000000400)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0xf0}, 0x0)

11:08:50 executing program 2:
prlimit64(0x0, 0x7, &(0x7f0000000080)={0x4, 0xff22}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)

11:08:50 executing program 7:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000200)=""/148, 0xfffffffffffffcda, 0x0, &(0x7f0000000140)=""/122, 0x7a}, &(0x7f00000001c0)=0x38)

11:08:50 executing program 1:
mq_notify(0xffffffffffffffff, 0x0)
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = io_uring_setup(0x16f4, &(0x7f00000002c0)={0x0, 0xf497, 0x0, 0x0, 0x81})
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000380)=[0xffffffffffffffff, r0], 0x2)

11:08:50 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000002, 0x401a012, r1, 0x0)
pkey_mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff)

11:08:50 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000002, 0x401a012, r1, 0x0)
pkey_mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0xffffffffffffffff)
pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff)

11:08:50 executing program 2:
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000400)='./file0\x00', 0x40000020)
mount(&(0x7f0000000180)=ANY=[@ANYBLOB="2f649627b005"], &(0x7f0000000200)='./file1\x00', &(0x7f0000000380)='logfs\x00', 0x0, &(0x7f00000003c0)='/dev/loop')
pwrite64(r0, &(0x7f0000000780), 0x0, 0x8)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYBLOB="f6d7279938cda34fbd3c"])

11:08:50 executing program 1:
mq_notify(0xffffffffffffffff, 0x0)
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = io_uring_setup(0x16f4, &(0x7f00000002c0)={0x0, 0xf497, 0x0, 0x0, 0x81})
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000380)=[0xffffffffffffffff, r0], 0x2)

11:08:50 executing program 7:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000200)=""/148, 0xfffffffffffffcda, 0x0, &(0x7f0000000140)=""/122, 0x7a}, &(0x7f00000001c0)=0x38)

[  137.238246] netlink: 'syz-executor.6': attribute type 4 has an invalid length.
[  137.243607] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  137.255569] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  137.456901] 9pnet_fd: Insufficient options for proto=fd
11:08:50 executing program 1:
mq_notify(0xffffffffffffffff, 0x0)
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = io_uring_setup(0x16f4, &(0x7f00000002c0)={0x0, 0xf497, 0x0, 0x0, 0x81})
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000380)=[0xffffffffffffffff, r0], 0x2)

11:08:50 executing program 7:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setstatus(r0, 0x4, 0x42800)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

11:08:50 executing program 6:
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r3 = inotify_init1(0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x1c0)
clock_gettime(0x0, &(0x7f0000000100)={<r5=>0x0, <r6=>0x0})
utimensat(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}, {r5, r6/1000+10000}}, 0x0)
dup2(r4, r4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000010c0)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x4, 0x0, 0x1, [@typed={0x8, 0x17, 0x0, 0x0, @pid}]}]}, 0x2c}], 0x1}, 0x0)
pidfd_getfd(r4, r7, 0x0)
r8 = dup2(r3, r2)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x108000, 0xd0)
recvmsg$unix(r8, &(0x7f0000000200)={&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000540)=""/248, 0xf8}], 0x1, &(0x7f0000000400)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0xf0}, 0x0)

11:08:50 executing program 0:
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r3 = inotify_init1(0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x1c0)
clock_gettime(0x0, &(0x7f0000000100)={<r5=>0x0, <r6=>0x0})
utimensat(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}, {r5, r6/1000+10000}}, 0x0)
dup2(r4, r4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000010c0)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x4, 0x0, 0x1, [@typed={0x8, 0x17, 0x0, 0x0, @pid}]}]}, 0x2c}], 0x1}, 0x0)
pidfd_getfd(r4, r7, 0x0)
r8 = dup2(r3, r2)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x108000, 0xd0)
recvmsg$unix(r8, &(0x7f0000000200)={&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000540)=""/248, 0xf8}], 0x1, &(0x7f0000000400)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0xf0}, 0x0)

11:08:50 executing program 2:
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000400)='./file0\x00', 0x40000020)
mount(&(0x7f0000000180)=ANY=[@ANYBLOB="2f649627b005"], &(0x7f0000000200)='./file1\x00', &(0x7f0000000380)='logfs\x00', 0x0, &(0x7f00000003c0)='/dev/loop')
pwrite64(r0, &(0x7f0000000780), 0x0, 0x8)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYBLOB="f6d7279938cda34fbd3c"])

11:08:50 executing program 5:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835d6fb6b6d4a6bd2e86e6000000", @ANYRESHEX, @ANYBLOB=',\x00'])
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000001, 0xb6}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0)

11:08:50 executing program 3:
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r3 = inotify_init1(0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x1c0)
clock_gettime(0x0, &(0x7f0000000100)={<r5=>0x0, <r6=>0x0})
utimensat(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}, {r5, r6/1000+10000}}, 0x0)
dup2(r4, r4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000010c0)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x4, 0x0, 0x1, [@typed={0x8, 0x17, 0x0, 0x0, @pid}]}]}, 0x2c}], 0x1}, 0x0)
pidfd_getfd(r4, r7, 0x0)
r8 = dup2(r3, r2)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x108000, 0xd0)
recvmsg$unix(r8, &(0x7f0000000200)={&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000540)=""/248, 0xf8}], 0x1, &(0x7f0000000400)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0xf0}, 0x0)

11:08:50 executing program 7:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setstatus(r0, 0x4, 0x42800)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

11:08:50 executing program 1:
mq_notify(0xffffffffffffffff, 0x0)
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = io_uring_setup(0x16f4, &(0x7f00000002c0)={0x0, 0xf497, 0x0, 0x0, 0x81})
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000380)=[0xffffffffffffffff, r0], 0x2)

11:08:50 executing program 4:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setstatus(r0, 0x4, 0x42800)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

11:08:50 executing program 7:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setstatus(r0, 0x4, 0x42800)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

[  137.599046] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  137.610502] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
11:08:50 executing program 4:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setstatus(r0, 0x4, 0x42800)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

[  137.625086] netlink: 'syz-executor.6': attribute type 4 has an invalid length.
11:08:50 executing program 1:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setstatus(r0, 0x4, 0x42800)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

11:08:50 executing program 2:
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000400)='./file0\x00', 0x40000020)
mount(&(0x7f0000000180)=ANY=[@ANYBLOB="2f649627b005"], &(0x7f0000000200)='./file1\x00', &(0x7f0000000380)='logfs\x00', 0x0, &(0x7f00000003c0)='/dev/loop')
pwrite64(r0, &(0x7f0000000780), 0x0, 0x8)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYBLOB="f6d7279938cda34fbd3c"])

11:08:50 executing program 0:
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r3 = inotify_init1(0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x1c0)
clock_gettime(0x0, &(0x7f0000000100)={<r5=>0x0, <r6=>0x0})
utimensat(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}, {r5, r6/1000+10000}}, 0x0)
dup2(r4, r4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000010c0)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x4, 0x0, 0x1, [@typed={0x8, 0x17, 0x0, 0x0, @pid}]}]}, 0x2c}], 0x1}, 0x0)
pidfd_getfd(r4, r7, 0x0)
r8 = dup2(r3, r2)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x108000, 0xd0)
recvmsg$unix(r8, &(0x7f0000000200)={&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000540)=""/248, 0xf8}], 0x1, &(0x7f0000000400)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0xf0}, 0x0)

11:08:50 executing program 6:
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r3 = inotify_init1(0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x1c0)
clock_gettime(0x0, &(0x7f0000000100)={<r5=>0x0, <r6=>0x0})
utimensat(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}, {r5, r6/1000+10000}}, 0x0)
dup2(r4, r4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000010c0)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x4, 0x0, 0x1, [@typed={0x8, 0x17, 0x0, 0x0, @pid}]}]}, 0x2c}], 0x1}, 0x0)
pidfd_getfd(r4, r7, 0x0)
r8 = dup2(r3, r2)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x108000, 0xd0)
recvmsg$unix(r8, &(0x7f0000000200)={&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000540)=""/248, 0xf8}], 0x1, &(0x7f0000000400)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0xf0}, 0x0)

11:08:50 executing program 7:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setstatus(r0, 0x4, 0x42800)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

11:08:50 executing program 3:
r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x535081, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r3 = inotify_init1(0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x1c0)
clock_gettime(0x0, &(0x7f0000000100)={<r5=>0x0, <r6=>0x0})
utimensat(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}, {r5, r6/1000+10000}}, 0x0)
dup2(r4, r4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000010c0)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x4, 0x0, 0x1, [@typed={0x8, 0x17, 0x0, 0x0, @pid}]}]}, 0x2c}], 0x1}, 0x0)
pidfd_getfd(r4, r7, 0x0)
r8 = dup2(r3, r2)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x108000, 0xd0)
recvmsg$unix(r8, &(0x7f0000000200)={&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000540)=""/248, 0xf8}], 0x1, &(0x7f0000000400)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0xf0}, 0x0)

11:08:50 executing program 4:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setstatus(r0, 0x4, 0x42800)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

[  137.858276] 9pnet_fd: Insufficient options for proto=fd
[  137.987494] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  138.041733] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
11:08:51 executing program 1:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setstatus(r0, 0x4, 0x42800)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

11:08:51 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$bt_hci(r0, 0x0, 0x3, 0x0, &(0x7f0000000240))

11:08:51 executing program 5:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835d6fb6b6d4a6bd2e86e6000000", @ANYRESHEX, @ANYBLOB=',\x00'])
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000001, 0xb6}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0)

11:08:51 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835d6fb6b6d4a6bd2e86e6000000", @ANYRESHEX, @ANYBLOB=',\x00'])
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000001, 0xb6}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0)

11:08:51 executing program 7:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835d6fb6b6d4a6bd2e86e6000000", @ANYRESHEX, @ANYBLOB=',\x00'])
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000001, 0xb6}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0)

11:08:51 executing program 2:
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000400)='./file0\x00', 0x40000020)
mount(&(0x7f0000000180)=ANY=[@ANYBLOB="2f649627b005"], &(0x7f0000000200)='./file1\x00', &(0x7f0000000380)='logfs\x00', 0x0, &(0x7f00000003c0)='/dev/loop')
pwrite64(r0, &(0x7f0000000780), 0x0, 0x8)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYBLOB="f6d7279938cda34fbd3c"])

11:08:51 executing program 0:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835d6fb6b6d4a6bd2e86e6000000", @ANYRESHEX, @ANYBLOB=',\x00'])
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000001, 0xb6}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0)

[  138.349273] 9pnet_fd: Insufficient options for proto=fd
[  138.352723] 9pnet_fd: Insufficient options for proto=fd
[  138.371706] 9pnet_fd: Insufficient options for proto=fd
11:08:51 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$bt_hci(r0, 0x0, 0x3, 0x0, &(0x7f0000000240))

11:08:51 executing program 6:
pkey_alloc(0x0, 0x3)
pkey_alloc(0x0, 0x3)
pkey_mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0)}, 0xcc80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000340))
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x4641, 0x0)
r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000340), &(0x7f0000000000))
syz_io_uring_setup(0x75c8, &(0x7f0000000200)={0x0, 0x18ec, 0x2, 0x1, 0x91, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000400))

[  138.421289] 9pnet_fd: Insufficient options for proto=fd
11:08:51 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$bt_hci(r0, 0x0, 0x3, 0x0, &(0x7f0000000240))

11:08:51 executing program 1:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setstatus(r0, 0x4, 0x42800)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
tee(r0, r2, 0x1, 0x0)

[  138.550460] audit: type=1400 audit(1670324931.750:10): avc:  denied  { write } for  pid=4217 comm="syz-executor.6" name="task" dev="proc" ino=15718 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1
[  138.552321] audit: type=1400 audit(1670324931.753:11): avc:  denied  { add_name } for  pid=4217 comm="syz-executor.6" name="4224" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1
[  138.554850] audit: type=1400 audit(1670324931.755:12): avc:  denied  { create } for  pid=4217 comm="syz-executor.6" name="4224" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:kernel_t:s0 tclass=file permissive=1
11:08:51 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835d6fb6b6d4a6bd2e86e6000000", @ANYRESHEX, @ANYBLOB=',\x00'])
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000001, 0xb6}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0)

11:08:51 executing program 7:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835d6fb6b6d4a6bd2e86e6000000", @ANYRESHEX, @ANYBLOB=',\x00'])
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000001, 0xb6}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0)

11:08:51 executing program 2:
syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='map_files\x00')
r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000380), 0x4080, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000001280)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYRESOCT])
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup3(r3, r2, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8943, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='%\x00'/12]})
openat(r4, &(0x7f0000000000)='./file1\x00', 0x400, 0x20)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
write(r5, &(0x7f0000000080)="01", 0x292e9)

[  138.681215] syz_tun: refused to change device tx_queue_len
[  138.704786] 9pnet_fd: Insufficient options for proto=fd
[  138.742013] 9pnet_fd: Insufficient options for proto=fd
[  139.446078] syz_tun: refused to change device tx_queue_len
11:08:52 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$bt_hci(r0, 0x0, 0x3, 0x0, &(0x7f0000000240))

11:08:52 executing program 0:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835d6fb6b6d4a6bd2e86e6000000", @ANYRESHEX, @ANYBLOB=',\x00'])
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000001, 0xb6}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0)

11:08:52 executing program 5:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835d6fb6b6d4a6bd2e86e6000000", @ANYRESHEX, @ANYBLOB=',\x00'])
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000001, 0xb6}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0)

11:08:52 executing program 1:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000000)={{0x20}})

11:08:52 executing program 7:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766646e6f3d014f29ef99ad8b2ee6ab88d3ddf9f64fb3263bd7d202acf75f549842835d6fb6b6d4a6bd2e86e6000000", @ANYRESHEX, @ANYBLOB=',\x00'])
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000001, 0xb6}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0)

11:08:52 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
VM DIAGNOSIS:
11:08:43  Registers:
info registers vcpu 0
RAX=0000000000000007 RBX=0000000000000046 RCX=0000000000000001 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000000 RBP=ffffffff849ef4e0 RSP=ffff888040a675b0
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=0000000000000000 R13=ffffffff84870240 R14=ffff88800f059ac0 R15=0000000000000170
RIP=ffffffff843fb551 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe6e54fba000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe6e54fb8000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f8009341a20 CR3=000000000e276000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78
XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000000000002b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8248b635 RDI=ffffffff87fb5b60 RBP=ffffffff87fb5b20 RSP=ffff8880408b6ef0
R8 =0000000000000001 R9 =000000000000000a R10=000000000000002b R11=0000000000000001
R12=000000000000002b R13=ffffffff87fb5b20 R14=0000000000000010 R15=ffffffff8248b620
RIP=ffffffff8248b68d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f5c196ef700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe22d8544000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe22d8542000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ff795686d5c CR3=000000003a566000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffff00ffffffffffffffffffffff00ff
XMM02=4c4700362e322e325f4342494c470035 XMM03=00000000000000000000000000470035
XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000