Warning: Permanently added '[localhost]:26256' (ECDSA) to the list of known hosts.
2026/01/14 09:04:20 fuzzer started
2026/01/14 09:04:21 dialing manager at localhost:46753
syzkaller login: [   49.994144] cgroup: Unknown subsys name 'net'
[   50.062182] cgroup: Unknown subsys name 'cpuset'
[   50.077789] cgroup: Unknown subsys name 'rlimit'
2026/01/14 09:04:31 syscalls: 2214
2026/01/14 09:04:31 code coverage: enabled
2026/01/14 09:04:31 comparison tracing: enabled
2026/01/14 09:04:31 extra coverage: enabled
2026/01/14 09:04:31 setuid sandbox: enabled
2026/01/14 09:04:31 namespace sandbox: enabled
2026/01/14 09:04:31 Android sandbox: enabled
2026/01/14 09:04:31 fault injection: enabled
2026/01/14 09:04:31 leak checking: enabled
2026/01/14 09:04:31 net packet injection: enabled
2026/01/14 09:04:31 net device setup: enabled
2026/01/14 09:04:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2026/01/14 09:04:31 devlink PCI setup: PCI device 0000:00:10.0 is not available
2026/01/14 09:04:31 USB emulation: enabled
2026/01/14 09:04:31 hci packet injection: enabled
2026/01/14 09:04:31 wifi device emulation: enabled
2026/01/14 09:04:31 802.15.4 emulation: enabled
2026/01/14 09:04:31 fetching corpus: 0, signal 0/2000 (executing program)
2026/01/14 09:04:31 fetching corpus: 50, signal 24941/28500 (executing program)
2026/01/14 09:04:31 fetching corpus: 100, signal 40764/45662 (executing program)
2026/01/14 09:04:31 fetching corpus: 150, signal 47383/53649 (executing program)
2026/01/14 09:04:31 fetching corpus: 200, signal 56928/64309 (executing program)
2026/01/14 09:04:31 fetching corpus: 250, signal 61969/70551 (executing program)
2026/01/14 09:04:32 fetching corpus: 300, signal 66210/75974 (executing program)
2026/01/14 09:04:32 fetching corpus: 350, signal 70275/81120 (executing program)
2026/01/14 09:04:32 fetching corpus: 400, signal 76776/88454 (executing program)
2026/01/14 09:04:32 fetching corpus: 450, signal 80036/92710 (executing program)
2026/01/14 09:04:32 fetching corpus: 500, signal 82880/96575 (executing program)
2026/01/14 09:04:32 fetching corpus: 550, signal 86482/100965 (executing program)
2026/01/14 09:04:32 fetching corpus: 600, signal 88891/104266 (executing program)
2026/01/14 09:04:33 fetching corpus: 650, signal 91133/107410 (executing program)
2026/01/14 09:04:33 fetching corpus: 700, signal 95131/111982 (executing program)
2026/01/14 09:04:33 fetching corpus: 750, signal 97694/115310 (executing program)
2026/01/14 09:04:33 fetching corpus: 800, signal 101548/119724 (executing program)
2026/01/14 09:04:33 fetching corpus: 850, signal 103586/122498 (executing program)
2026/01/14 09:04:33 fetching corpus: 900, signal 105475/125105 (executing program)
2026/01/14 09:04:33 fetching corpus: 950, signal 108582/128629 (executing program)
2026/01/14 09:04:33 fetching corpus: 1000, signal 110239/130929 (executing program)
2026/01/14 09:04:34 fetching corpus: 1050, signal 112096/133359 (executing program)
2026/01/14 09:04:34 fetching corpus: 1100, signal 113527/135488 (executing program)
2026/01/14 09:04:34 fetching corpus: 1150, signal 115469/137996 (executing program)
2026/01/14 09:04:34 fetching corpus: 1200, signal 117421/140433 (executing program)
2026/01/14 09:04:34 fetching corpus: 1250, signal 119033/142605 (executing program)
2026/01/14 09:04:34 fetching corpus: 1300, signal 120003/144201 (executing program)
2026/01/14 09:04:34 fetching corpus: 1350, signal 121704/146301 (executing program)
2026/01/14 09:04:34 fetching corpus: 1400, signal 123438/148491 (executing program)
2026/01/14 09:04:34 fetching corpus: 1450, signal 125081/150581 (executing program)
2026/01/14 09:04:35 fetching corpus: 1500, signal 126793/152653 (executing program)
2026/01/14 09:04:35 fetching corpus: 1550, signal 128009/154334 (executing program)
2026/01/14 09:04:35 fetching corpus: 1600, signal 128856/155769 (executing program)
2026/01/14 09:04:35 fetching corpus: 1650, signal 129920/157313 (executing program)
2026/01/14 09:04:35 fetching corpus: 1700, signal 131241/159017 (executing program)
2026/01/14 09:04:35 fetching corpus: 1750, signal 132701/160782 (executing program)
2026/01/14 09:04:35 fetching corpus: 1800, signal 133913/162352 (executing program)
2026/01/14 09:04:35 fetching corpus: 1850, signal 135214/163960 (executing program)
2026/01/14 09:04:36 fetching corpus: 1900, signal 136221/165357 (executing program)
2026/01/14 09:04:36 fetching corpus: 1950, signal 138073/167278 (executing program)
2026/01/14 09:04:36 fetching corpus: 2000, signal 138999/168570 (executing program)
2026/01/14 09:04:36 fetching corpus: 2050, signal 139779/169810 (executing program)
2026/01/14 09:04:36 fetching corpus: 2100, signal 140853/171182 (executing program)
2026/01/14 09:04:36 fetching corpus: 2150, signal 141645/172332 (executing program)
2026/01/14 09:04:36 fetching corpus: 2200, signal 142559/173590 (executing program)
2026/01/14 09:04:36 fetching corpus: 2250, signal 143278/174701 (executing program)
2026/01/14 09:04:36 fetching corpus: 2300, signal 144147/175893 (executing program)
2026/01/14 09:04:37 fetching corpus: 2350, signal 144958/177034 (executing program)
2026/01/14 09:04:37 fetching corpus: 2400, signal 145763/178186 (executing program)
2026/01/14 09:04:37 fetching corpus: 2450, signal 146940/179469 (executing program)
2026/01/14 09:04:37 fetching corpus: 2500, signal 148180/180768 (executing program)
2026/01/14 09:04:37 fetching corpus: 2550, signal 149102/181889 (executing program)
2026/01/14 09:04:37 fetching corpus: 2600, signal 150002/182979 (executing program)
2026/01/14 09:04:37 fetching corpus: 2650, signal 150525/183873 (executing program)
2026/01/14 09:04:37 fetching corpus: 2700, signal 151253/184893 (executing program)
2026/01/14 09:04:37 fetching corpus: 2750, signal 151970/185855 (executing program)
2026/01/14 09:04:38 fetching corpus: 2800, signal 153015/186987 (executing program)
2026/01/14 09:04:38 fetching corpus: 2850, signal 154322/188235 (executing program)
2026/01/14 09:04:38 fetching corpus: 2900, signal 154923/189092 (executing program)
2026/01/14 09:04:38 fetching corpus: 2950, signal 155475/189985 (executing program)
2026/01/14 09:04:38 fetching corpus: 3000, signal 155947/190767 (executing program)
2026/01/14 09:04:38 fetching corpus: 3050, signal 156626/191652 (executing program)
2026/01/14 09:04:38 fetching corpus: 3100, signal 157865/192733 (executing program)
2026/01/14 09:04:38 fetching corpus: 3150, signal 158492/193540 (executing program)
2026/01/14 09:04:38 fetching corpus: 3200, signal 159376/194444 (executing program)
2026/01/14 09:04:39 fetching corpus: 3250, signal 159869/195179 (executing program)
2026/01/14 09:04:39 fetching corpus: 3300, signal 160470/196005 (executing program)
2026/01/14 09:04:39 fetching corpus: 3350, signal 161042/196771 (executing program)
2026/01/14 09:04:39 fetching corpus: 3400, signal 161904/197621 (executing program)
2026/01/14 09:04:39 fetching corpus: 3450, signal 162532/198354 (executing program)
2026/01/14 09:04:39 fetching corpus: 3500, signal 163002/199075 (executing program)
2026/01/14 09:04:39 fetching corpus: 3550, signal 163458/199729 (executing program)
2026/01/14 09:04:39 fetching corpus: 3600, signal 164078/200427 (executing program)
2026/01/14 09:04:39 fetching corpus: 3650, signal 164777/201129 (executing program)
2026/01/14 09:04:39 fetching corpus: 3700, signal 165240/201748 (executing program)
2026/01/14 09:04:39 fetching corpus: 3750, signal 165572/202324 (executing program)
2026/01/14 09:04:40 fetching corpus: 3800, signal 166254/203000 (executing program)
2026/01/14 09:04:40 fetching corpus: 3850, signal 166977/203619 (executing program)
2026/01/14 09:04:40 fetching corpus: 3900, signal 167450/204213 (executing program)
2026/01/14 09:04:40 fetching corpus: 3950, signal 168156/204862 (executing program)
2026/01/14 09:04:40 fetching corpus: 4000, signal 168563/205407 (executing program)
2026/01/14 09:04:40 fetching corpus: 4050, signal 169079/205987 (executing program)
2026/01/14 09:04:40 fetching corpus: 4100, signal 169568/206593 (executing program)
2026/01/14 09:04:40 fetching corpus: 4150, signal 169987/207108 (executing program)
2026/01/14 09:04:40 fetching corpus: 4200, signal 170475/207647 (executing program)
2026/01/14 09:04:41 fetching corpus: 4250, signal 170987/208176 (executing program)
2026/01/14 09:04:41 fetching corpus: 4300, signal 171710/208804 (executing program)
2026/01/14 09:04:41 fetching corpus: 4350, signal 172275/209318 (executing program)
2026/01/14 09:04:41 fetching corpus: 4400, signal 172782/209838 (executing program)
2026/01/14 09:04:41 fetching corpus: 4450, signal 173379/210368 (executing program)
2026/01/14 09:04:41 fetching corpus: 4500, signal 174050/210866 (executing program)
2026/01/14 09:04:41 fetching corpus: 4550, signal 174382/211312 (executing program)
2026/01/14 09:04:41 fetching corpus: 4600, signal 174916/211764 (executing program)
2026/01/14 09:04:41 fetching corpus: 4650, signal 175375/212252 (executing program)
2026/01/14 09:04:41 fetching corpus: 4700, signal 175812/212716 (executing program)
2026/01/14 09:04:42 fetching corpus: 4750, signal 176244/213149 (executing program)
2026/01/14 09:04:42 fetching corpus: 4800, signal 176643/213570 (executing program)
2026/01/14 09:04:42 fetching corpus: 4850, signal 177179/214037 (executing program)
2026/01/14 09:04:42 fetching corpus: 4900, signal 177597/214471 (executing program)
2026/01/14 09:04:42 fetching corpus: 4950, signal 178011/214867 (executing program)
2026/01/14 09:04:42 fetching corpus: 5000, signal 178399/215251 (executing program)
2026/01/14 09:04:42 fetching corpus: 5050, signal 178787/215647 (executing program)
2026/01/14 09:04:42 fetching corpus: 5100, signal 179149/216019 (executing program)
2026/01/14 09:04:42 fetching corpus: 5150, signal 179464/216405 (executing program)
2026/01/14 09:04:42 fetching corpus: 5200, signal 179737/216746 (executing program)
2026/01/14 09:04:42 fetching corpus: 5250, signal 180200/217092 (executing program)
2026/01/14 09:04:43 fetching corpus: 5300, signal 180602/217472 (executing program)
2026/01/14 09:04:43 fetching corpus: 5350, signal 181001/217792 (executing program)
2026/01/14 09:04:43 fetching corpus: 5400, signal 181456/218067 (executing program)
2026/01/14 09:04:43 fetching corpus: 5450, signal 181926/218072 (executing program)
2026/01/14 09:04:43 fetching corpus: 5500, signal 182255/218072 (executing program)
2026/01/14 09:04:43 fetching corpus: 5550, signal 182586/218081 (executing program)
2026/01/14 09:04:43 fetching corpus: 5600, signal 182974/218081 (executing program)
2026/01/14 09:04:43 fetching corpus: 5650, signal 183389/218081 (executing program)
2026/01/14 09:04:43 fetching corpus: 5700, signal 183796/218081 (executing program)
2026/01/14 09:04:44 fetching corpus: 5750, signal 184336/218095 (executing program)
2026/01/14 09:04:44 fetching corpus: 5800, signal 184679/218095 (executing program)
2026/01/14 09:04:44 fetching corpus: 5850, signal 185028/218095 (executing program)
2026/01/14 09:04:44 fetching corpus: 5900, signal 185387/218095 (executing program)
2026/01/14 09:04:44 fetching corpus: 5950, signal 185840/218095 (executing program)
2026/01/14 09:04:44 fetching corpus: 6000, signal 186265/218096 (executing program)
2026/01/14 09:04:44 fetching corpus: 6050, signal 186753/218103 (executing program)
2026/01/14 09:04:44 fetching corpus: 6100, signal 187145/218103 (executing program)
2026/01/14 09:04:44 fetching corpus: 6150, signal 187521/218103 (executing program)
2026/01/14 09:04:44 fetching corpus: 6200, signal 187996/218103 (executing program)
2026/01/14 09:04:45 fetching corpus: 6250, signal 188545/218103 (executing program)
2026/01/14 09:04:45 fetching corpus: 6300, signal 188911/218103 (executing program)
2026/01/14 09:04:45 fetching corpus: 6350, signal 189297/218103 (executing program)
2026/01/14 09:04:45 fetching corpus: 6400, signal 189567/218106 (executing program)
2026/01/14 09:04:45 fetching corpus: 6450, signal 190011/218108 (executing program)
2026/01/14 09:04:45 fetching corpus: 6500, signal 190360/218110 (executing program)
2026/01/14 09:04:45 fetching corpus: 6550, signal 190639/218110 (executing program)
2026/01/14 09:04:45 fetching corpus: 6600, signal 190987/218113 (executing program)
2026/01/14 09:04:45 fetching corpus: 6650, signal 191346/218113 (executing program)
2026/01/14 09:04:45 fetching corpus: 6700, signal 191743/218113 (executing program)
2026/01/14 09:04:45 fetching corpus: 6750, signal 192247/218113 (executing program)
2026/01/14 09:04:45 fetching corpus: 6800, signal 192655/218113 (executing program)
2026/01/14 09:04:46 fetching corpus: 6850, signal 192950/218113 (executing program)
2026/01/14 09:04:46 fetching corpus: 6900, signal 193348/218113 (executing program)
2026/01/14 09:04:46 fetching corpus: 6950, signal 193657/218120 (executing program)
2026/01/14 09:04:46 fetching corpus: 7000, signal 194009/218121 (executing program)
2026/01/14 09:04:46 fetching corpus: 7050, signal 194392/218121 (executing program)
2026/01/14 09:04:46 fetching corpus: 7100, signal 194693/218121 (executing program)
2026/01/14 09:04:46 fetching corpus: 7150, signal 194957/218121 (executing program)
2026/01/14 09:04:46 fetching corpus: 7200, signal 195356/218121 (executing program)
2026/01/14 09:04:46 fetching corpus: 7250, signal 195638/218124 (executing program)
2026/01/14 09:04:47 fetching corpus: 7300, signal 196074/218124 (executing program)
2026/01/14 09:04:47 fetching corpus: 7350, signal 196532/218124 (executing program)
2026/01/14 09:04:47 fetching corpus: 7400, signal 196838/218124 (executing program)
2026/01/14 09:04:47 fetching corpus: 7450, signal 197162/218124 (executing program)
2026/01/14 09:04:47 fetching corpus: 7500, signal 197456/218124 (executing program)
2026/01/14 09:04:47 fetching corpus: 7550, signal 197772/218126 (executing program)
2026/01/14 09:04:47 fetching corpus: 7600, signal 198180/218126 (executing program)
2026/01/14 09:04:47 fetching corpus: 7650, signal 198543/218126 (executing program)
2026/01/14 09:04:47 fetching corpus: 7700, signal 199104/218126 (executing program)
2026/01/14 09:04:47 fetching corpus: 7750, signal 199367/218126 (executing program)
2026/01/14 09:04:48 fetching corpus: 7800, signal 199860/218126 (executing program)
2026/01/14 09:04:48 fetching corpus: 7850, signal 200193/218126 (executing program)
2026/01/14 09:04:48 fetching corpus: 7900, signal 200736/218126 (executing program)
2026/01/14 09:04:48 fetching corpus: 7950, signal 201053/218129 (executing program)
2026/01/14 09:04:48 fetching corpus: 8000, signal 201372/218129 (executing program)
2026/01/14 09:04:48 fetching corpus: 8050, signal 201736/218129 (executing program)
2026/01/14 09:04:48 fetching corpus: 8100, signal 201994/218129 (executing program)
2026/01/14 09:04:48 fetching corpus: 8150, signal 202285/218129 (executing program)
2026/01/14 09:04:49 fetching corpus: 8200, signal 202584/218129 (executing program)
2026/01/14 09:04:49 fetching corpus: 8250, signal 202873/218129 (executing program)
2026/01/14 09:04:49 fetching corpus: 8300, signal 203271/218129 (executing program)
2026/01/14 09:04:49 fetching corpus: 8350, signal 203844/218129 (executing program)
2026/01/14 09:04:49 fetching corpus: 8400, signal 204126/218135 (executing program)
2026/01/14 09:04:49 fetching corpus: 8450, signal 204412/218135 (executing program)
2026/01/14 09:04:49 fetching corpus: 8500, signal 204639/218135 (executing program)
2026/01/14 09:04:49 fetching corpus: 8550, signal 204873/218135 (executing program)
2026/01/14 09:04:49 fetching corpus: 8600, signal 205134/218137 (executing program)
2026/01/14 09:04:50 fetching corpus: 8650, signal 205425/218137 (executing program)
2026/01/14 09:04:50 fetching corpus: 8700, signal 205848/218137 (executing program)
2026/01/14 09:04:50 fetching corpus: 8750, signal 206103/218137 (executing program)
2026/01/14 09:04:50 fetching corpus: 8800, signal 206339/218137 (executing program)
2026/01/14 09:04:50 fetching corpus: 8850, signal 206707/218137 (executing program)
2026/01/14 09:04:50 fetching corpus: 8900, signal 206944/218137 (executing program)
2026/01/14 09:04:50 fetching corpus: 8950, signal 207294/218138 (executing program)
2026/01/14 09:04:50 fetching corpus: 9000, signal 207482/218138 (executing program)
2026/01/14 09:04:50 fetching corpus: 9050, signal 207781/218138 (executing program)
2026/01/14 09:04:51 fetching corpus: 9100, signal 208071/218138 (executing program)
2026/01/14 09:04:51 fetching corpus: 9150, signal 208286/218138 (executing program)
2026/01/14 09:04:51 fetching corpus: 9200, signal 208651/218140 (executing program)
2026/01/14 09:04:51 fetching corpus: 9250, signal 208850/218140 (executing program)
2026/01/14 09:04:51 fetching corpus: 9300, signal 209128/218140 (executing program)
2026/01/14 09:04:51 fetching corpus: 9350, signal 209324/218140 (executing program)
2026/01/14 09:04:51 fetching corpus: 9400, signal 209515/218140 (executing program)
2026/01/14 09:04:51 fetching corpus: 9450, signal 209791/218140 (executing program)
2026/01/14 09:04:51 fetching corpus: 9500, signal 210010/218140 (executing program)
2026/01/14 09:04:52 fetching corpus: 9550, signal 210236/218140 (executing program)
2026/01/14 09:04:52 fetching corpus: 9600, signal 210420/218140 (executing program)
2026/01/14 09:04:52 fetching corpus: 9650, signal 210725/218140 (executing program)
2026/01/14 09:04:52 fetching corpus: 9700, signal 211031/218141 (executing program)
2026/01/14 09:04:52 fetching corpus: 9750, signal 211278/218143 (executing program)
2026/01/14 09:04:52 fetching corpus: 9800, signal 211645/218143 (executing program)
2026/01/14 09:04:52 fetching corpus: 9850, signal 211859/218143 (executing program)
2026/01/14 09:04:52 fetching corpus: 9900, signal 212188/218143 (executing program)
2026/01/14 09:04:52 fetching corpus: 9950, signal 212466/218144 (executing program)
2026/01/14 09:04:52 fetching corpus: 10000, signal 212673/218144 (executing program)
2026/01/14 09:04:53 fetching corpus: 10050, signal 212864/218144 (executing program)
2026/01/14 09:04:53 fetching corpus: 10100, signal 213074/218144 (executing program)
2026/01/14 09:04:53 fetching corpus: 10150, signal 213281/218144 (executing program)
2026/01/14 09:04:53 fetching corpus: 10200, signal 213447/218144 (executing program)
2026/01/14 09:04:53 fetching corpus: 10250, signal 213683/218147 (executing program)
2026/01/14 09:04:53 fetching corpus: 10300, signal 214058/218147 (executing program)
2026/01/14 09:04:53 fetching corpus: 10350, signal 214224/218147 (executing program)
2026/01/14 09:04:53 fetching corpus: 10400, signal 214378/218147 (executing program)
2026/01/14 09:04:53 fetching corpus: 10450, signal 214639/218149 (executing program)
2026/01/14 09:04:53 fetching corpus: 10500, signal 214854/218150 (executing program)
2026/01/14 09:04:54 fetching corpus: 10550, signal 215195/218150 (executing program)
2026/01/14 09:04:54 fetching corpus: 10600, signal 215422/218150 (executing program)
2026/01/14 09:04:54 fetching corpus: 10650, signal 215890/218150 (executing program)
2026/01/14 09:04:54 fetching corpus: 10700, signal 216206/218150 (executing program)
2026/01/14 09:04:54 fetching corpus: 10750, signal 216399/218150 (executing program)
2026/01/14 09:04:54 fetching corpus: 10800, signal 216631/218150 (executing program)
2026/01/14 09:04:54 fetching corpus: 10835, signal 216770/218150 (executing program)
2026/01/14 09:04:54 fetching corpus: 10835, signal 216770/218150 (executing program)
2026/01/14 09:04:56 starting 8 fuzzer processes
09:04:56 executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil)

09:04:56 executing program 1:
r0 = eventfd2(0x0, 0x0)
fcntl$lock(r0, 0x6, &(0x7f0000000200)={0x0, 0x0, 0xfffffffffffffffe})

09:04:56 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x24, &(0x7f0000000000)=ANY=[@ANYRES64], 0x90)
syz_emit_ethernet(0x5e, &(0x7f0000000300)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x28, 0x3a, 0x0, @local, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @ipv4}}}}}}, 0x0)

09:04:56 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="2800000031000199c1a7a16839a55500b0dd1573140001"], 0x28}], 0x1}, 0x0)

09:04:56 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
syncfs(r0)

[   85.282366] audit: type=1400 audit(1768381496.707:7): avc:  denied  { execmem } for  pid=274 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:04:56 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x101}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1b, 0x0, 0x0)
io_uring_setup(0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x2}, 0xe)
openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
poll(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

09:04:56 executing program 6:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0x800, 0x4)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000380)="cdda7c47556e3e84173484e688a8", 0xe, 0x0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14)

09:04:56 executing program 7:
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140))

[   86.413169] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.416930] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.419743] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.430653] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.434141] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.568251] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.575518] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.578958] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.586229] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.588750] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.614063] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.618456] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.619987] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.626400] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.628345] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   86.651962] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   86.668077] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   86.669978] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   86.672452] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.674428] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   86.681440] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   86.683489] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   86.684767] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   86.687398] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   86.688791] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   86.693266] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   86.694957] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.696690] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.699218] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   86.700476] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.702279] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   86.712768] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   86.716141] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   86.717403] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   86.734704] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   86.735937] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   86.742787] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   86.754420] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   86.756868] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   86.763378] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   88.446425] Bluetooth: hci0: command tx timeout
[   88.638680] Bluetooth: hci1: command tx timeout
[   88.701563] Bluetooth: hci2: command tx timeout
[   88.765389] Bluetooth: hci5: command tx timeout
[   88.766077] Bluetooth: hci3: command tx timeout
[   88.766597] Bluetooth: hci4: command tx timeout
[   88.829421] Bluetooth: hci7: command tx timeout
[   88.830132] Bluetooth: hci6: command tx timeout
[   90.493967] Bluetooth: hci0: command tx timeout
[   90.686370] Bluetooth: hci1: command tx timeout
[   90.755064] Bluetooth: hci2: command tx timeout
[   90.818396] Bluetooth: hci4: command tx timeout
[   90.818805] Bluetooth: hci3: command tx timeout
[   90.819195] Bluetooth: hci5: command tx timeout
[   90.881830] Bluetooth: hci6: command tx timeout
[   90.882228] Bluetooth: hci7: command tx timeout
[   92.541357] Bluetooth: hci0: command tx timeout
[   92.735059] Bluetooth: hci1: command tx timeout
[   92.797344] Bluetooth: hci2: command tx timeout
[   92.862333] Bluetooth: hci5: command tx timeout
[   92.862745] Bluetooth: hci3: command tx timeout
[   92.863130] Bluetooth: hci4: command tx timeout
[   92.925344] Bluetooth: hci7: command tx timeout
[   92.925759] Bluetooth: hci6: command tx timeout
[   94.590358] Bluetooth: hci0: command tx timeout
[   94.781350] Bluetooth: hci1: command tx timeout
[   94.845637] Bluetooth: hci2: command tx timeout
[   94.910375] Bluetooth: hci4: command tx timeout
[   94.910769] Bluetooth: hci3: command tx timeout
[   94.911144] Bluetooth: hci5: command tx timeout
[   94.975324] Bluetooth: hci6: command tx timeout
[   94.975718] Bluetooth: hci7: command tx timeout
[  120.336408] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.337076] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.445926] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.446565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.517956] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.519674] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.577464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.578061] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.625966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.626839] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.700887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.702247] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.749852] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.750485] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.809374] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.809976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:05:32 executing program 6:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0x800, 0x4)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000380)="cdda7c47556e3e84173484e688a8", 0xe, 0x0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14)

09:05:32 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
syncfs(r0)

[  120.936944] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.937590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.971647] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.974746] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:05:32 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x24, &(0x7f0000000000)=ANY=[@ANYRES64], 0x90)
syz_emit_ethernet(0x5e, &(0x7f0000000300)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x28, 0x3a, 0x0, @local, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @ipv4}}}}}}, 0x0)

09:05:32 executing program 6:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0x800, 0x4)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000380)="cdda7c47556e3e84173484e688a8", 0xe, 0x0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14)

09:05:32 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x24, &(0x7f0000000000)=ANY=[@ANYRES64], 0x90)
syz_emit_ethernet(0x5e, &(0x7f0000000300)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x28, 0x3a, 0x0, @local, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @ipv4}}}}}}, 0x0)

09:05:32 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
syncfs(r0)

[  121.075076] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.075701] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:05:32 executing program 6:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0x800, 0x4)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000380)="cdda7c47556e3e84173484e688a8", 0xe, 0x0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14)

09:05:32 executing program 2:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x24, &(0x7f0000000000)=ANY=[@ANYRES64], 0x90)
syz_emit_ethernet(0x5e, &(0x7f0000000300)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x28, 0x3a, 0x0, @local, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @ipv4}}}}}}, 0x0)

[  121.303708] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.304904] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.363456] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.364794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.416746] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.417919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.480388] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.480966] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.518275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.518892] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.821196] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  121.824776] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  121.886902] audit: type=1400 audit(1768381533.310:8): avc:  denied  { open } for  pid=3913 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  121.889892] audit: type=1400 audit(1768381533.311:9): avc:  denied  { kernel } for  pid=3913 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
09:05:33 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="2800000031000199c1a7a16839a55500b0dd1573140001"], 0x28}], 0x1}, 0x0)

09:05:33 executing program 2:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$sndseq(r0, &(0x7f0000000080)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}], 0x1c)

09:05:33 executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil)

09:05:33 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x101}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1b, 0x0, 0x0)
io_uring_setup(0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x2}, 0xe)
openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
poll(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

09:05:33 executing program 6:
clock_settime(0x3, 0x0)

09:05:33 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
syncfs(r0)

09:05:33 executing program 1:
r0 = eventfd2(0x0, 0x0)
fcntl$lock(r0, 0x6, &(0x7f0000000200)={0x0, 0x0, 0xfffffffffffffffe})

09:05:33 executing program 7:
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140))

09:05:33 executing program 1:
r0 = eventfd2(0x0, 0x0)
fcntl$lock(r0, 0x6, &(0x7f0000000200)={0x0, 0x0, 0xfffffffffffffffe})

[  122.082084] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
09:05:33 executing program 6:
clock_settime(0x3, 0x0)

09:05:33 executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil)

09:05:33 executing program 7:
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140))

09:05:33 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x101}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1b, 0x0, 0x0)
io_uring_setup(0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x2}, 0xe)
openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
poll(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

09:05:33 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="2800000031000199c1a7a16839a55500b0dd1573140001"], 0x28}], 0x1}, 0x0)

09:05:33 executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil)

09:05:33 executing program 6:
clock_settime(0x3, 0x0)

09:05:33 executing program 1:
r0 = eventfd2(0x0, 0x0)
fcntl$lock(r0, 0x6, &(0x7f0000000200)={0x0, 0x0, 0xfffffffffffffffe})

09:05:33 executing program 7:
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x40032, 0xffffffffffffffff, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140))

09:05:33 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x101}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1b, 0x0, 0x0)
io_uring_setup(0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x2}, 0xe)
openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
poll(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

09:05:33 executing program 2:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$sndseq(r0, &(0x7f0000000080)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}], 0x1c)

[  122.322956] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
09:05:33 executing program 7:
syz_mount_image$ext4(&(0x7f00000006c0)='ext4\x00', &(0x7f0000000700)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)={[{@journal_dev}]})

09:05:33 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="2800000031000199c1a7a16839a55500b0dd1573140001"], 0x28}], 0x1}, 0x0)

09:05:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
readv(r0, 0x0, 0x0)

[  122.410486] No source specified
[  122.413106] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  122.415357] No source specified
09:05:33 executing program 7:
syz_mount_image$ext4(&(0x7f00000006c0)='ext4\x00', &(0x7f0000000700)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)={[{@journal_dev}]})

[  122.500597] No source specified
09:05:33 executing program 6:
clock_settime(0x3, 0x0)

09:05:33 executing program 3:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x8)
close(r0)
unlink(&(0x7f0000000340)='./file0\x00')

09:05:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
readv(r0, 0x0, 0x0)

09:05:33 executing program 7:
syz_mount_image$ext4(&(0x7f00000006c0)='ext4\x00', &(0x7f0000000700)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)={[{@journal_dev}]})

09:05:33 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x101}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1b, 0x0, 0x0)
io_uring_setup(0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x2}, 0xe)
openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
poll(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

09:05:33 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x101}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1b, 0x0, 0x0)
io_uring_setup(0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x2}, 0xe)
openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
poll(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

09:05:33 executing program 2:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$sndseq(r0, &(0x7f0000000080)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}], 0x1c)

[  122.583496] No source specified
09:05:34 executing program 1:
r0 = syz_io_uring_setup(0x56a8, &(0x7f0000000080)={0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000180))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x21, &(0x7f0000000580)=[{0x0}], 0x1)

[  122.623102] 
[  122.623438] =====================================
[  122.624075] WARNING: bad unlock balance detected!
[  122.624704] 6.19.0-rc5-next-20260114 #1 Not tainted
[  122.625361] -------------------------------------
[  122.625980] syz-executor.5/3977 is trying to release lock (rcu_read_lock) at:
[  122.628743] [<ffffffff81c1cd75>] __wait_on_freeing_inode+0x105/0x350
[  122.630413] but there are no more locks to release!
[  122.632677] 
[  122.632677] other info that might help us debug this:
[  122.635108] 4 locks held by syz-executor.5/3977:
[  122.635734]  #0: ffff88800f8183f8 (sb_writers#3){.+.+}-{0:0}, at: filename_create+0xf7/0x400
[  122.636885]  #1: ffff88804f1116f0 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1b1/0x400
[  122.638190]  #2: ffff88800f81c950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe32/0x12d0
[  122.639356]  #3: ffffffff85c16898 (inode_hash_lock){+.+.}-{3:3}, at: insert_inode_locked+0xf9/0x890
[  122.640565] 
[  122.640565] stack backtrace:
[  122.641150] CPU: 1 UID: 0 PID: 3977 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260114 #1 PREEMPT(lazy) 
[  122.641173] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  122.641185] Call Trace:
[  122.641191]  <TASK>
[  122.641198]  dump_stack_lvl+0xca/0x120
[  122.641238]  ? __wait_on_freeing_inode+0x105/0x350
[  122.641262]  print_unlock_imbalance_bug+0x118/0x130
[  122.641286]  ? __wait_on_freeing_inode+0x105/0x350
[  122.641310]  lock_release+0x1ee/0x270
[  122.641336]  __wait_on_freeing_inode+0x10a/0x350
[  122.641361]  ? __pfx___wait_on_freeing_inode+0x10/0x10
[  122.641387]  ? __pfx_var_wake_function+0x10/0x10
[  122.641417]  ? lock_is_held_type+0x9e/0x120
[  122.641449]  insert_inode_locked+0x25f/0x890
[  122.641479]  __ext4_new_inode+0x223d/0x4cd0
[  122.641510]  ? __pfx___ext4_new_inode+0x10/0x10
[  122.641534]  ? __pfx___dquot_initialize+0x10/0x10
[  122.641564]  ? __pfx_avc_has_perm+0x10/0x10
[  122.641592]  ext4_symlink+0x623/0xb40
[  122.641625]  ? __pfx_ext4_symlink+0x10/0x10
[  122.641652]  ? security_inode_permission+0x72/0xe0
[  122.641675]  vfs_symlink+0x44b/0x840
[  122.641703]  do_symlinkat+0x153/0x440
[  122.641727]  ? __pfx_do_symlinkat+0x10/0x10
[  122.641749]  ? strncpy_from_user+0x21b/0x2f0
[  122.641778]  __x64_sys_symlink+0x79/0xa0
[  122.641801]  do_syscall_64+0xbf/0x420
[  122.641822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.641842] RIP: 0033:0x7f9d5985a427
[  122.641857] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  122.641875] RSP: 002b:00007ffc3f8892f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000058
[  122.641893] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9d5985a427
[  122.641905] RDX: 00007ffc3f8893d7 RSI: 00007f9d598b5019 RDI: 00007ffc3f8893c0
[  122.641918] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffc3f889190
[  122.641929] R10: 00007ffc3f889047 R11: 0000000000000202 R12: 0000000000000001
[  122.641941] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc3f8893c0
[  122.641961]  </TASK>
[  122.666920] ------------[ cut here ]------------
[  122.667637] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x25f/0x5c0, CPU#1: syz-executor.5/3977
[  122.669185] Modules linked in:
[  122.669690] CPU: 1 UID: 0 PID: 3977 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260114 #1 PREEMPT(lazy) 
[  122.671047] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  122.672189] RIP: 0010:__rcu_read_unlock+0x25f/0x5c0
[  122.673014] Code: f2 02 00 00 c7 43 58 01 00 00 00 bf 09 00 00 00 e8 16 c0 de ff 4d 85 f6 0f 84 73 fe ff ff e8 38 8a 20 00 fb e9 68 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 81 24 74 03 e8 bc 5c 56 00 e9
[  122.675400] RSP: 0018:ffff8880495cf9a0 EFLAGS: 00010286
[  122.676100] RAX: 00000000ffffffff RBX: ffff88800f491b80 RCX: ffffffff81565a27
[  122.677085] RDX: 0000000000000000 RSI: ffffffff81565a30 RDI: ffff88800f491f7c
[  122.678077] RBP: ffff88800f491b80 R08: 0000000000000000 R09: fffffbfff0ba6ffc
[  122.681987] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800f491b80
[  122.685151] R13: 0000000000000001 R14: ffffffff85c0de70 R15: ffff88804f15c5d0
[  122.686291] FS:  000055557376d400(0000) GS:ffff8880e5443000(0000) knlGS:0000000000000000
[  122.687454] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  122.688210] CR2: 0000000000000000 CR3: 000000004c2d7000 CR4: 0000000000350ef0
[  122.689190] Call Trace:
[  122.689651]  <TASK>
[  122.690765]  __wait_on_freeing_inode+0x10f/0x350
[  122.691914]  ? __pfx___wait_on_freeing_inode+0x10/0x10
[  122.693739]  ? __pfx_var_wake_function+0x10/0x10
[  122.695796]  ? lock_is_held_type+0x9e/0x120
[  122.697648]  insert_inode_locked+0x25f/0x890
[  122.700424]  __ext4_new_inode+0x223d/0x4cd0
[  122.704473]  ? __pfx___ext4_new_inode+0x10/0x10
[  122.706480]  ? __pfx___dquot_initialize+0x10/0x10
[  122.707718]  ? __pfx_avc_has_perm+0x10/0x10
[  122.710624]  ext4_symlink+0x623/0xb40
[  122.714258]  ? __pfx_ext4_symlink+0x10/0x10
[  122.715945]  ? security_inode_permission+0x72/0xe0
[  122.718637]  vfs_symlink+0x44b/0x840
[  122.720732]  do_symlinkat+0x153/0x440
[  122.722514]  ? __pfx_do_symlinkat+0x10/0x10
[  122.723680]  ? strncpy_from_user+0x21b/0x2f0
[  122.726737]  __x64_sys_symlink+0x79/0xa0
[  122.727925]  do_syscall_64+0xbf/0x420
[  122.729222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.730089] RIP: 0033:0x7f9d5985a427
[  122.730729] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  122.733062] RSP: 002b:00007ffc3f8892f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000058
[  122.734081] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9d5985a427
[  122.735043] RDX: 00007ffc3f8893d7 RSI: 00007f9d598b5019 RDI: 00007ffc3f8893c0
[  122.736029] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffc3f889190
[  122.736989] R10: 00007ffc3f889047 R11: 0000000000000202 R12: 0000000000000001
[  122.737950] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc3f8893c0
[  122.742124]  </TASK>
[  122.742496] irq event stamp: 191
[  122.742919] hardirqs last  enabled at (191): [<ffffffff84d16a9c>] _raw_spin_unlock_irqrestore+0x2c/0x50
[  122.744251] hardirqs last disabled at (190): [<ffffffff84d167f3>] _raw_spin_lock_irqsave+0x53/0x60
[  122.745587] softirqs last  enabled at (186): [<ffffffff813c2868>] do_softirq+0x48/0x80
[  122.746732] softirqs last disabled at (165): [<ffffffff813c2868>] do_softirq+0x48/0x80
[  122.747878] ---[ end trace 0000000000000000 ]---
09:05:34 executing program 7:
syz_mount_image$ext4(&(0x7f00000006c0)='ext4\x00', &(0x7f0000000700)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)={[{@journal_dev}]})

09:05:34 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
readv(r0, 0x0, 0x0)

09:05:34 executing program 6:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000180)=[{{&(0x7f0000000000)={0x2, 0x4e22, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x8}}], 0x18}}], 0x1, 0x0)

[  122.805242] No source specified
09:05:34 executing program 2:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$sndseq(r0, &(0x7f0000000080)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}], 0x1c)

09:05:34 executing program 1:
r0 = syz_io_uring_setup(0x56a8, &(0x7f0000000080)={0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000180))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x21, &(0x7f0000000580)=[{0x0}], 0x1)

09:05:34 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
readv(r0, 0x0, 0x0)

09:05:34 executing program 6:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000180)=[{{&(0x7f0000000000)={0x2, 0x4e22, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x8}}], 0x18}}], 0x1, 0x0)

09:05:34 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c)

09:05:34 executing program 1:
r0 = syz_io_uring_setup(0x56a8, &(0x7f0000000080)={0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000180))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x21, &(0x7f0000000580)=[{0x0}], 0x1)

09:05:34 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x1c, r1, 0xb341daa0822653b3, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x8, 0x2, 0x0, 0x1, [{0xffffffffffffffb1}]}]}, 0x1c}}, 0x0)

09:05:34 executing program 3:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x8)
close(r0)
unlink(&(0x7f0000000340)='./file0\x00')

09:05:34 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x8)
close(r0)
unlink(&(0x7f0000000340)='./file0\x00')

09:05:34 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x101}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1b, 0x0, 0x0)
io_uring_setup(0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x2}, 0xe)
openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
poll(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

[  123.020669] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.7'.
09:05:34 executing program 6:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000180)=[{{&(0x7f0000000000)={0x2, 0x4e22, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x8}}], 0x18}}], 0x1, 0x0)

09:05:34 executing program 1:
r0 = syz_io_uring_setup(0x56a8, &(0x7f0000000080)={0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000180))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x21, &(0x7f0000000580)=[{0x0}], 0x1)

09:05:34 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x8)
close(r0)
unlink(&(0x7f0000000340)='./file0\x00')

09:05:34 executing program 0:
r0 = io_uring_setup(0x5053, &(0x7f0000000140))
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_FILES(r0, 0x1c, &(0x7f00000002c0)=[0xffffffffffffffff], 0x1)

09:05:34 executing program 3:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x8)
close(r0)
unlink(&(0x7f0000000340)='./file0\x00')

[  123.096680] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.7'.

VM DIAGNOSIS:
09:05:34  Registers:
info registers vcpu 0
RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84d172ee RDX=fffffbfff0b82d11
RSI=0000000000000004 RDI=ffffffff85c16880 RBP=ffffffff85c16880 RSP=ffff8880476d7b50
R8 =0000000000000000 R9 =fffffbfff0b82d10 R10=ffffffff85c16883 R11=0000000000000000
R12=1ffff11008edaf6b R13=0000000000000003 R14=fffffbfff0b82d10 R15=ffff8880476d7b88
RIP=ffffffff84d17480 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fc1b294a700 00000000 00000000
GS =0000 ffff8880e5343000 00000000 00000000
LDT=0000 fffffe2300000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055557a6ffc98 CR3=000000004e73d000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff82973870 RDI=ffffffff889c0960 RBP=ffffffff889c0920 RSP=ffff8880495cf410
R8 =0000000000000000 R9 =ffffed10015b8046 R10=00000000000fe503 R11=6e6920726568746f
R12=0000000000000823 R13=0000000000000060 R14=fffffbfff113817e R15=dffffc0000000000
RIP=ffffffff829738c5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055557376d400 00000000 00000000
GS =0000 ffff8880e5443000 00000000 00000000
LDT=0000 fffffe5800000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000000000 CR3=000000004c2d7000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000003515b82db34ca11
XMM02=0000000000000000333bebdfd0a6a21d XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000