Warning: Permanently added '[localhost]:20651' (ECDSA) to the list of known hosts. 2026/01/13 09:43:05 fuzzer started 2026/01/13 09:43:05 dialing manager at localhost:38155 syzkaller login: [ 51.228379] cgroup: Unknown subsys name 'net' [ 51.302172] cgroup: Unknown subsys name 'cpuset' [ 51.323734] cgroup: Unknown subsys name 'rlimit' 2026/01/13 09:43:15 syscalls: 2214 2026/01/13 09:43:15 code coverage: enabled 2026/01/13 09:43:15 comparison tracing: enabled 2026/01/13 09:43:15 extra coverage: enabled 2026/01/13 09:43:15 setuid sandbox: enabled 2026/01/13 09:43:15 namespace sandbox: enabled 2026/01/13 09:43:15 Android sandbox: enabled 2026/01/13 09:43:15 fault injection: enabled 2026/01/13 09:43:15 leak checking: enabled 2026/01/13 09:43:15 net packet injection: enabled 2026/01/13 09:43:15 net device setup: enabled 2026/01/13 09:43:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2026/01/13 09:43:15 devlink PCI setup: PCI device 0000:00:10.0 is not available 2026/01/13 09:43:15 USB emulation: enabled 2026/01/13 09:43:15 hci packet injection: enabled 2026/01/13 09:43:15 wifi device emulation: enabled 2026/01/13 09:43:15 802.15.4 emulation: enabled 2026/01/13 09:43:15 fetching corpus: 0, signal 0/2000 (executing program) 2026/01/13 09:43:15 fetching corpus: 50, signal 28787/32311 (executing program) 2026/01/13 09:43:15 fetching corpus: 100, signal 37381/42414 (executing program) 2026/01/13 09:43:16 fetching corpus: 150, signal 47908/54287 (executing program) 2026/01/13 09:43:16 fetching corpus: 200, signal 53765/61510 (executing program) 2026/01/13 09:43:16 fetching corpus: 250, signal 59344/68322 (executing program) 2026/01/13 09:43:16 fetching corpus: 300, signal 64716/74864 (executing program) 2026/01/13 09:43:16 fetching corpus: 350, signal 68163/79577 (executing program) 2026/01/13 09:43:16 fetching corpus: 400, signal 72800/85236 (executing program) 2026/01/13 09:43:16 fetching corpus: 450, signal 75258/88903 (executing program) 2026/01/13 09:43:16 fetching corpus: 500, signal 79903/94477 (executing program) 2026/01/13 09:43:17 fetching corpus: 550, signal 82867/98421 (executing program) 2026/01/13 09:43:17 fetching corpus: 600, signal 85562/102116 (executing program) 2026/01/13 09:43:17 fetching corpus: 650, signal 87222/104873 (executing program) 2026/01/13 09:43:17 fetching corpus: 700, signal 90453/108952 (executing program) 2026/01/13 09:43:17 fetching corpus: 750, signal 94377/113595 (executing program) 2026/01/13 09:43:17 fetching corpus: 800, signal 95833/116070 (executing program) 2026/01/13 09:43:17 fetching corpus: 850, signal 97499/118693 (executing program) 2026/01/13 09:43:17 fetching corpus: 900, signal 98755/120991 (executing program) 2026/01/13 09:43:17 fetching corpus: 950, signal 101254/124249 (executing program) 2026/01/13 09:43:17 fetching corpus: 1000, signal 102860/126731 (executing program) 2026/01/13 09:43:18 fetching corpus: 1050, signal 104235/129006 (executing program) 2026/01/13 09:43:18 fetching corpus: 1100, signal 106154/131716 (executing program) 2026/01/13 09:43:18 fetching corpus: 1150, signal 107202/133625 (executing program) 2026/01/13 09:43:18 fetching corpus: 1200, signal 108319/135626 (executing program) 2026/01/13 09:43:18 fetching corpus: 1250, signal 110722/138562 (executing program) 2026/01/13 09:43:18 fetching corpus: 1300, signal 112567/141061 (executing program) 2026/01/13 09:43:18 fetching corpus: 1350, signal 113966/143213 (executing program) 2026/01/13 09:43:18 fetching corpus: 1400, signal 115150/145169 (executing program) 2026/01/13 09:43:18 fetching corpus: 1450, signal 117291/147807 (executing program) 2026/01/13 09:43:19 fetching corpus: 1500, signal 118974/150054 (executing program) 2026/01/13 09:43:19 fetching corpus: 1550, signal 120071/151868 (executing program) 2026/01/13 09:43:19 fetching corpus: 1600, signal 121625/153995 (executing program) 2026/01/13 09:43:19 fetching corpus: 1650, signal 122705/155696 (executing program) 2026/01/13 09:43:19 fetching corpus: 1700, signal 123636/157340 (executing program) 2026/01/13 09:43:19 fetching corpus: 1750, signal 125053/159284 (executing program) 2026/01/13 09:43:19 fetching corpus: 1800, signal 126137/160981 (executing program) 2026/01/13 09:43:19 fetching corpus: 1850, signal 128339/163429 (executing program) 2026/01/13 09:43:19 fetching corpus: 1900, signal 130245/165618 (executing program) 2026/01/13 09:43:20 fetching corpus: 1950, signal 131124/167129 (executing program) 2026/01/13 09:43:20 fetching corpus: 2000, signal 132111/168677 (executing program) 2026/01/13 09:43:20 fetching corpus: 2050, signal 133502/170463 (executing program) 2026/01/13 09:43:20 fetching corpus: 2100, signal 135717/172746 (executing program) 2026/01/13 09:43:20 fetching corpus: 2150, signal 136908/174369 (executing program) 2026/01/13 09:43:20 fetching corpus: 2200, signal 138219/176047 (executing program) 2026/01/13 09:43:20 fetching corpus: 2250, signal 139094/177441 (executing program) 2026/01/13 09:43:20 fetching corpus: 2300, signal 139981/178849 (executing program) 2026/01/13 09:43:21 fetching corpus: 2350, signal 140905/180185 (executing program) 2026/01/13 09:43:21 fetching corpus: 2400, signal 141917/181598 (executing program) 2026/01/13 09:43:21 fetching corpus: 2450, signal 142810/182915 (executing program) 2026/01/13 09:43:21 fetching corpus: 2500, signal 143792/184312 (executing program) 2026/01/13 09:43:21 fetching corpus: 2550, signal 144296/185324 (executing program) 2026/01/13 09:43:21 fetching corpus: 2600, signal 145558/186789 (executing program) 2026/01/13 09:43:21 fetching corpus: 2650, signal 146416/188040 (executing program) 2026/01/13 09:43:21 fetching corpus: 2700, signal 147272/189266 (executing program) 2026/01/13 09:43:21 fetching corpus: 2750, signal 147783/190258 (executing program) 2026/01/13 09:43:22 fetching corpus: 2800, signal 148342/191324 (executing program) 2026/01/13 09:43:22 fetching corpus: 2850, signal 149236/192555 (executing program) 2026/01/13 09:43:22 fetching corpus: 2900, signal 149985/193705 (executing program) 2026/01/13 09:43:22 fetching corpus: 2950, signal 150938/194919 (executing program) 2026/01/13 09:43:22 fetching corpus: 3000, signal 151518/195941 (executing program) 2026/01/13 09:43:22 fetching corpus: 3050, signal 152585/197180 (executing program) 2026/01/13 09:43:22 fetching corpus: 3100, signal 153100/198144 (executing program) 2026/01/13 09:43:22 fetching corpus: 3150, signal 154285/199379 (executing program) 2026/01/13 09:43:22 fetching corpus: 3200, signal 155245/200533 (executing program) 2026/01/13 09:43:23 fetching corpus: 3250, signal 156134/201631 (executing program) 2026/01/13 09:43:23 fetching corpus: 3300, signal 157004/202683 (executing program) 2026/01/13 09:43:23 fetching corpus: 3350, signal 157731/203677 (executing program) 2026/01/13 09:43:23 fetching corpus: 3400, signal 158374/204624 (executing program) 2026/01/13 09:43:23 fetching corpus: 3450, signal 158923/205476 (executing program) 2026/01/13 09:43:23 fetching corpus: 3500, signal 159438/206316 (executing program) 2026/01/13 09:43:23 fetching corpus: 3550, signal 160437/207377 (executing program) 2026/01/13 09:43:23 fetching corpus: 3600, signal 160921/208226 (executing program) 2026/01/13 09:43:23 fetching corpus: 3650, signal 161479/209075 (executing program) 2026/01/13 09:43:24 fetching corpus: 3700, signal 161749/209857 (executing program) 2026/01/13 09:43:24 fetching corpus: 3750, signal 162289/210676 (executing program) 2026/01/13 09:43:24 fetching corpus: 3800, signal 163739/211800 (executing program) 2026/01/13 09:43:24 fetching corpus: 3850, signal 164302/212622 (executing program) 2026/01/13 09:43:24 fetching corpus: 3900, signal 165026/213445 (executing program) 2026/01/13 09:43:24 fetching corpus: 3950, signal 165520/214265 (executing program) 2026/01/13 09:43:24 fetching corpus: 4000, signal 166521/215175 (executing program) 2026/01/13 09:43:24 fetching corpus: 4050, signal 167067/215951 (executing program) 2026/01/13 09:43:24 fetching corpus: 4100, signal 167938/216833 (executing program) 2026/01/13 09:43:25 fetching corpus: 4150, signal 168518/217562 (executing program) 2026/01/13 09:43:25 fetching corpus: 4200, signal 169133/218283 (executing program) 2026/01/13 09:43:25 fetching corpus: 4250, signal 169785/219072 (executing program) 2026/01/13 09:43:25 fetching corpus: 4300, signal 170408/219810 (executing program) 2026/01/13 09:43:25 fetching corpus: 4350, signal 170951/220512 (executing program) 2026/01/13 09:43:25 fetching corpus: 4400, signal 171563/221205 (executing program) 2026/01/13 09:43:25 fetching corpus: 4450, signal 171969/221862 (executing program) 2026/01/13 09:43:25 fetching corpus: 4500, signal 172468/222504 (executing program) 2026/01/13 09:43:26 fetching corpus: 4550, signal 172889/223126 (executing program) 2026/01/13 09:43:26 fetching corpus: 4600, signal 173888/223883 (executing program) 2026/01/13 09:43:26 fetching corpus: 4650, signal 174492/224548 (executing program) 2026/01/13 09:43:26 fetching corpus: 4700, signal 175138/225226 (executing program) 2026/01/13 09:43:26 fetching corpus: 4750, signal 175550/225810 (executing program) 2026/01/13 09:43:26 fetching corpus: 4800, signal 175979/226381 (executing program) 2026/01/13 09:43:26 fetching corpus: 4850, signal 176549/226949 (executing program) 2026/01/13 09:43:26 fetching corpus: 4900, signal 177158/227564 (executing program) 2026/01/13 09:43:26 fetching corpus: 4950, signal 177558/228161 (executing program) 2026/01/13 09:43:27 fetching corpus: 5000, signal 178047/228745 (executing program) 2026/01/13 09:43:27 fetching corpus: 5050, signal 178484/229339 (executing program) 2026/01/13 09:43:27 fetching corpus: 5100, signal 179092/229932 (executing program) 2026/01/13 09:43:27 fetching corpus: 5150, signal 179526/230494 (executing program) 2026/01/13 09:43:27 fetching corpus: 5200, signal 179875/231059 (executing program) 2026/01/13 09:43:27 fetching corpus: 5250, signal 180246/231583 (executing program) 2026/01/13 09:43:27 fetching corpus: 5300, signal 181157/232169 (executing program) 2026/01/13 09:43:27 fetching corpus: 5350, signal 181527/232667 (executing program) 2026/01/13 09:43:28 fetching corpus: 5400, signal 182156/233300 (executing program) 2026/01/13 09:43:28 fetching corpus: 5450, signal 182628/233772 (executing program) 2026/01/13 09:43:28 fetching corpus: 5500, signal 183194/234250 (executing program) 2026/01/13 09:43:28 fetching corpus: 5550, signal 183843/234716 (executing program) 2026/01/13 09:43:28 fetching corpus: 5600, signal 184367/235198 (executing program) 2026/01/13 09:43:28 fetching corpus: 5650, signal 184668/235646 (executing program) 2026/01/13 09:43:28 fetching corpus: 5700, signal 185206/236084 (executing program) 2026/01/13 09:43:28 fetching corpus: 5750, signal 185717/236566 (executing program) 2026/01/13 09:43:28 fetching corpus: 5800, signal 186246/237023 (executing program) 2026/01/13 09:43:29 fetching corpus: 5850, signal 186654/237488 (executing program) 2026/01/13 09:43:29 fetching corpus: 5900, signal 186923/237538 (executing program) 2026/01/13 09:43:29 fetching corpus: 5950, signal 187296/237544 (executing program) 2026/01/13 09:43:29 fetching corpus: 6000, signal 187536/237544 (executing program) 2026/01/13 09:43:29 fetching corpus: 6050, signal 187901/237545 (executing program) 2026/01/13 09:43:29 fetching corpus: 6100, signal 188455/237751 (executing program) 2026/01/13 09:43:29 fetching corpus: 6150, signal 188749/237752 (executing program) 2026/01/13 09:43:29 fetching corpus: 6200, signal 189219/237756 (executing program) 2026/01/13 09:43:29 fetching corpus: 6250, signal 189591/237761 (executing program) 2026/01/13 09:43:30 fetching corpus: 6300, signal 190038/237761 (executing program) 2026/01/13 09:43:30 fetching corpus: 6350, signal 190458/237761 (executing program) 2026/01/13 09:43:30 fetching corpus: 6400, signal 190765/237762 (executing program) 2026/01/13 09:43:30 fetching corpus: 6450, signal 191157/237762 (executing program) 2026/01/13 09:43:30 fetching corpus: 6500, signal 191595/237767 (executing program) 2026/01/13 09:43:30 fetching corpus: 6550, signal 191956/237769 (executing program) 2026/01/13 09:43:30 fetching corpus: 6600, signal 192431/237769 (executing program) 2026/01/13 09:43:30 fetching corpus: 6650, signal 192868/237769 (executing program) 2026/01/13 09:43:31 fetching corpus: 6700, signal 193506/237782 (executing program) 2026/01/13 09:43:31 fetching corpus: 6750, signal 193973/237782 (executing program) 2026/01/13 09:43:31 fetching corpus: 6800, signal 194368/237783 (executing program) 2026/01/13 09:43:31 fetching corpus: 6850, signal 194678/237790 (executing program) 2026/01/13 09:43:31 fetching corpus: 6900, signal 195119/237792 (executing program) 2026/01/13 09:43:31 fetching corpus: 6950, signal 195565/237794 (executing program) 2026/01/13 09:43:31 fetching corpus: 7000, signal 195841/237799 (executing program) 2026/01/13 09:43:31 fetching corpus: 7050, signal 196108/237799 (executing program) 2026/01/13 09:43:31 fetching corpus: 7100, signal 196421/237799 (executing program) 2026/01/13 09:43:31 fetching corpus: 7150, signal 196748/237799 (executing program) 2026/01/13 09:43:32 fetching corpus: 7200, signal 197065/237801 (executing program) 2026/01/13 09:43:32 fetching corpus: 7250, signal 197333/237801 (executing program) 2026/01/13 09:43:32 fetching corpus: 7300, signal 197692/237801 (executing program) 2026/01/13 09:43:32 fetching corpus: 7350, signal 197927/237802 (executing program) 2026/01/13 09:43:32 fetching corpus: 7400, signal 198226/237802 (executing program) 2026/01/13 09:43:32 fetching corpus: 7450, signal 198980/237817 (executing program) 2026/01/13 09:43:32 fetching corpus: 7500, signal 199487/237817 (executing program) 2026/01/13 09:43:32 fetching corpus: 7550, signal 199807/237817 (executing program) 2026/01/13 09:43:32 fetching corpus: 7600, signal 200114/237817 (executing program) 2026/01/13 09:43:33 fetching corpus: 7650, signal 200456/237817 (executing program) 2026/01/13 09:43:33 fetching corpus: 7700, signal 200843/237817 (executing program) 2026/01/13 09:43:33 fetching corpus: 7750, signal 201256/237821 (executing program) 2026/01/13 09:43:33 fetching corpus: 7800, signal 201563/237821 (executing program) 2026/01/13 09:43:33 fetching corpus: 7850, signal 201912/237821 (executing program) 2026/01/13 09:43:33 fetching corpus: 7900, signal 202218/237823 (executing program) 2026/01/13 09:43:33 fetching corpus: 7950, signal 202608/237826 (executing program) 2026/01/13 09:43:33 fetching corpus: 8000, signal 202865/237826 (executing program) 2026/01/13 09:43:33 fetching corpus: 8050, signal 203080/237826 (executing program) 2026/01/13 09:43:34 fetching corpus: 8100, signal 203309/237830 (executing program) 2026/01/13 09:43:34 fetching corpus: 8150, signal 203540/237832 (executing program) 2026/01/13 09:43:34 fetching corpus: 8200, signal 203749/237832 (executing program) 2026/01/13 09:43:34 fetching corpus: 8250, signal 204103/237832 (executing program) 2026/01/13 09:43:34 fetching corpus: 8300, signal 204344/237832 (executing program) 2026/01/13 09:43:34 fetching corpus: 8350, signal 204661/237832 (executing program) 2026/01/13 09:43:34 fetching corpus: 8400, signal 205046/237832 (executing program) 2026/01/13 09:43:34 fetching corpus: 8450, signal 205268/237835 (executing program) 2026/01/13 09:43:34 fetching corpus: 8500, signal 205601/237846 (executing program) 2026/01/13 09:43:34 fetching corpus: 8550, signal 205854/237846 (executing program) 2026/01/13 09:43:35 fetching corpus: 8600, signal 206342/237847 (executing program) 2026/01/13 09:43:35 fetching corpus: 8650, signal 206742/237848 (executing program) 2026/01/13 09:43:35 fetching corpus: 8700, signal 207014/237851 (executing program) 2026/01/13 09:43:35 fetching corpus: 8750, signal 207304/237859 (executing program) 2026/01/13 09:43:35 fetching corpus: 8800, signal 207755/237859 (executing program) 2026/01/13 09:43:35 fetching corpus: 8850, signal 207990/237865 (executing program) 2026/01/13 09:43:35 fetching corpus: 8900, signal 208501/237865 (executing program) 2026/01/13 09:43:35 fetching corpus: 8950, signal 208704/237866 (executing program) 2026/01/13 09:43:35 fetching corpus: 9000, signal 208971/237867 (executing program) 2026/01/13 09:43:35 fetching corpus: 9050, signal 209351/237867 (executing program) 2026/01/13 09:43:36 fetching corpus: 9100, signal 209632/237867 (executing program) 2026/01/13 09:43:36 fetching corpus: 9150, signal 209879/237867 (executing program) 2026/01/13 09:43:36 fetching corpus: 9200, signal 210149/237867 (executing program) 2026/01/13 09:43:36 fetching corpus: 9250, signal 210416/237867 (executing program) 2026/01/13 09:43:36 fetching corpus: 9300, signal 210727/237867 (executing program) 2026/01/13 09:43:36 fetching corpus: 9350, signal 211072/237867 (executing program) 2026/01/13 09:43:36 fetching corpus: 9400, signal 211267/237867 (executing program) 2026/01/13 09:43:36 fetching corpus: 9450, signal 211516/237867 (executing program) 2026/01/13 09:43:37 fetching corpus: 9500, signal 211796/237867 (executing program) 2026/01/13 09:43:37 fetching corpus: 9550, signal 212049/237867 (executing program) 2026/01/13 09:43:37 fetching corpus: 9600, signal 212323/237868 (executing program) 2026/01/13 09:43:37 fetching corpus: 9650, signal 212634/237868 (executing program) 2026/01/13 09:43:37 fetching corpus: 9700, signal 213062/237868 (executing program) 2026/01/13 09:43:37 fetching corpus: 9750, signal 213317/237868 (executing program) 2026/01/13 09:43:37 fetching corpus: 9800, signal 213534/237868 (executing program) 2026/01/13 09:43:37 fetching corpus: 9850, signal 213811/237868 (executing program) 2026/01/13 09:43:37 fetching corpus: 9900, signal 214143/237868 (executing program) 2026/01/13 09:43:38 fetching corpus: 9950, signal 214390/237868 (executing program) 2026/01/13 09:43:38 fetching corpus: 10000, signal 215007/237868 (executing program) 2026/01/13 09:43:38 fetching corpus: 10050, signal 215433/237868 (executing program) 2026/01/13 09:43:38 fetching corpus: 10100, signal 215740/237871 (executing program) 2026/01/13 09:43:38 fetching corpus: 10150, signal 215971/237871 (executing program) 2026/01/13 09:43:38 fetching corpus: 10200, signal 216317/237871 (executing program) 2026/01/13 09:43:38 fetching corpus: 10250, signal 216553/237871 (executing program) 2026/01/13 09:43:38 fetching corpus: 10300, signal 216815/237871 (executing program) 2026/01/13 09:43:38 fetching corpus: 10350, signal 216993/237872 (executing program) 2026/01/13 09:43:38 fetching corpus: 10400, signal 217328/237876 (executing program) 2026/01/13 09:43:39 fetching corpus: 10450, signal 217528/237876 (executing program) 2026/01/13 09:43:39 fetching corpus: 10500, signal 217841/237877 (executing program) 2026/01/13 09:43:39 fetching corpus: 10550, signal 218123/237879 (executing program) 2026/01/13 09:43:39 fetching corpus: 10600, signal 218350/237880 (executing program) 2026/01/13 09:43:39 fetching corpus: 10650, signal 218791/237880 (executing program) 2026/01/13 09:43:39 fetching corpus: 10700, signal 218952/237880 (executing program) 2026/01/13 09:43:39 fetching corpus: 10750, signal 219110/237880 (executing program) 2026/01/13 09:43:39 fetching corpus: 10800, signal 219343/237880 (executing program) 2026/01/13 09:43:39 fetching corpus: 10850, signal 219648/237880 (executing program) 2026/01/13 09:43:39 fetching corpus: 10900, signal 219940/237880 (executing program) 2026/01/13 09:43:40 fetching corpus: 10950, signal 220165/237880 (executing program) 2026/01/13 09:43:40 fetching corpus: 11000, signal 220469/237880 (executing program) 2026/01/13 09:43:40 fetching corpus: 11050, signal 220714/237880 (executing program) 2026/01/13 09:43:40 fetching corpus: 11100, signal 220991/237880 (executing program) 2026/01/13 09:43:40 fetching corpus: 11150, signal 221225/237885 (executing program) 2026/01/13 09:43:40 fetching corpus: 11200, signal 221471/237886 (executing program) 2026/01/13 09:43:40 fetching corpus: 11250, signal 221694/237886 (executing program) 2026/01/13 09:43:40 fetching corpus: 11300, signal 221925/237886 (executing program) 2026/01/13 09:43:41 fetching corpus: 11350, signal 222126/237886 (executing program) 2026/01/13 09:43:41 fetching corpus: 11400, signal 222458/237886 (executing program) 2026/01/13 09:43:41 fetching corpus: 11450, signal 222757/237886 (executing program) 2026/01/13 09:43:41 fetching corpus: 11500, signal 223090/237886 (executing program) 2026/01/13 09:43:41 fetching corpus: 11550, signal 223493/237896 (executing program) 2026/01/13 09:43:41 fetching corpus: 11600, signal 223712/237901 (executing program) 2026/01/13 09:43:41 fetching corpus: 11650, signal 223939/237901 (executing program) 2026/01/13 09:43:41 fetching corpus: 11700, signal 224128/237901 (executing program) 2026/01/13 09:43:41 fetching corpus: 11750, signal 224339/237901 (executing program) 2026/01/13 09:43:41 fetching corpus: 11800, signal 224532/237901 (executing program) 2026/01/13 09:43:42 fetching corpus: 11850, signal 224735/237901 (executing program) 2026/01/13 09:43:42 fetching corpus: 11900, signal 224947/237901 (executing program) 2026/01/13 09:43:42 fetching corpus: 11950, signal 225184/237901 (executing program) 2026/01/13 09:43:42 fetching corpus: 12000, signal 225408/237901 (executing program) 2026/01/13 09:43:42 fetching corpus: 12050, signal 225604/237903 (executing program) 2026/01/13 09:43:42 fetching corpus: 12100, signal 225784/237903 (executing program) 2026/01/13 09:43:42 fetching corpus: 12150, signal 226063/237903 (executing program) 2026/01/13 09:43:42 fetching corpus: 12200, signal 226328/237903 (executing program) 2026/01/13 09:43:42 fetching corpus: 12250, signal 226583/237903 (executing program) 2026/01/13 09:43:43 fetching corpus: 12300, signal 226741/237903 (executing program) 2026/01/13 09:43:43 fetching corpus: 12350, signal 227036/237906 (executing program) 2026/01/13 09:43:43 fetching corpus: 12400, signal 227276/237907 (executing program) 2026/01/13 09:43:43 fetching corpus: 12450, signal 227538/237907 (executing program) 2026/01/13 09:43:43 fetching corpus: 12500, signal 227731/237908 (executing program) 2026/01/13 09:43:43 fetching corpus: 12550, signal 227877/237910 (executing program) 2026/01/13 09:43:43 fetching corpus: 12600, signal 228035/237910 (executing program) 2026/01/13 09:43:43 fetching corpus: 12650, signal 228346/237912 (executing program) 2026/01/13 09:43:44 fetching corpus: 12700, signal 228549/237912 (executing program) 2026/01/13 09:43:44 fetching corpus: 12750, signal 228761/237914 (executing program) 2026/01/13 09:43:44 fetching corpus: 12800, signal 228995/237914 (executing program) 2026/01/13 09:43:44 fetching corpus: 12850, signal 229311/237920 (executing program) 2026/01/13 09:43:44 fetching corpus: 12900, signal 229510/237923 (executing program) 2026/01/13 09:43:44 fetching corpus: 12950, signal 229784/237923 (executing program) 2026/01/13 09:43:44 fetching corpus: 13000, signal 229962/237923 (executing program) 2026/01/13 09:43:44 fetching corpus: 13050, signal 230205/237924 (executing program) 2026/01/13 09:43:44 fetching corpus: 13100, signal 230435/237924 (executing program) 2026/01/13 09:43:44 fetching corpus: 13150, signal 230642/237925 (executing program) 2026/01/13 09:43:45 fetching corpus: 13200, signal 230805/237928 (executing program) 2026/01/13 09:43:45 fetching corpus: 13250, signal 231037/237928 (executing program) 2026/01/13 09:43:45 fetching corpus: 13300, signal 231338/237928 (executing program) 2026/01/13 09:43:45 fetching corpus: 13350, signal 231522/237928 (executing program) 2026/01/13 09:43:45 fetching corpus: 13400, signal 231718/237928 (executing program) 2026/01/13 09:43:45 fetching corpus: 13450, signal 232020/237932 (executing program) 2026/01/13 09:43:45 fetching corpus: 13500, signal 232205/237935 (executing program) 2026/01/13 09:43:45 fetching corpus: 13550, signal 232452/237935 (executing program) 2026/01/13 09:43:45 fetching corpus: 13600, signal 232634/237938 (executing program) 2026/01/13 09:43:46 fetching corpus: 13650, signal 232887/237940 (executing program) 2026/01/13 09:43:46 fetching corpus: 13700, signal 233110/237940 (executing program) 2026/01/13 09:43:46 fetching corpus: 13750, signal 233378/237940 (executing program) 2026/01/13 09:43:46 fetching corpus: 13800, signal 233583/237940 (executing program) 2026/01/13 09:43:46 fetching corpus: 13850, signal 233809/237940 (executing program) 2026/01/13 09:43:46 fetching corpus: 13900, signal 233925/237940 (executing program) 2026/01/13 09:43:46 fetching corpus: 13950, signal 234125/237940 (executing program) 2026/01/13 09:43:46 fetching corpus: 14000, signal 234386/237941 (executing program) 2026/01/13 09:43:46 fetching corpus: 14050, signal 234599/237941 (executing program) 2026/01/13 09:43:46 fetching corpus: 14100, signal 234739/237941 (executing program) 2026/01/13 09:43:47 fetching corpus: 14150, signal 234924/237941 (executing program) 2026/01/13 09:43:47 fetching corpus: 14200, signal 235110/237941 (executing program) 2026/01/13 09:43:47 fetching corpus: 14250, signal 235311/237941 (executing program) 2026/01/13 09:43:47 fetching corpus: 14300, signal 235520/237941 (executing program) 2026/01/13 09:43:47 fetching corpus: 14350, signal 235692/237941 (executing program) 2026/01/13 09:43:47 fetching corpus: 14400, signal 235838/237941 (executing program) 2026/01/13 09:43:47 fetching corpus: 14450, signal 236026/237943 (executing program) 2026/01/13 09:43:47 fetching corpus: 14500, signal 236196/237943 (executing program) 2026/01/13 09:43:47 fetching corpus: 14519, signal 236269/237943 (executing program) 2026/01/13 09:43:47 fetching corpus: 14519, signal 236269/237943 (executing program) 2026/01/13 09:43:49 starting 8 fuzzer processes 09:43:49 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="0556f44c399d53688f3867"], 0x1c}}, 0x0) 09:43:49 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, 0x0, &(0x7f0000000040)) 09:43:49 executing program 1: unlinkat(0xffffffffffffff9c, 0x0, 0x2) 09:43:49 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:43:49 executing program 7: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chdir(&(0x7f0000000000)='./file0\x00') r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) setxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@random={'security.', '#! '}, 0x0, 0x0, 0x0) write$binfmt_script(r0, &(0x7f00000001c0)={'#! ', './file0'}, 0xb) 09:43:49 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x4840, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x2203, &(0x7f0000000440)={"b55c3a41609039d40088a81b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 09:43:49 executing program 5: syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) pselect6(0x40, &(0x7f0000000180), &(0x7f00000001c0)={0x8}, 0x0, 0x0, 0x0) 09:43:49 executing program 6: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x101002, 0x0) write$cgroup_pid(r0, &(0x7f0000001240), 0x12) [ 95.094982] audit: type=1400 audit(1768297429.642:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 96.305993] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 96.309388] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.311511] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.313190] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.316347] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.318516] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 96.320995] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 96.322676] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 96.330496] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 96.338578] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 96.388618] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 96.391386] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 96.393241] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 96.397386] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 96.403124] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 96.426795] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.429953] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 96.439241] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 96.439509] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 96.442814] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 96.443879] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 96.446675] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 96.450833] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 96.457555] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 96.458995] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 96.462026] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 96.463908] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 96.466961] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 96.468671] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 96.469943] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 96.471569] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 96.474787] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 96.480081] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 96.481412] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 96.483225] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 96.497211] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 96.498552] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 96.503648] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 96.522554] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 96.527379] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 98.337362] Bluetooth: hci0: command tx timeout [ 98.400532] Bluetooth: hci1: command tx timeout [ 98.528942] Bluetooth: hci3: command tx timeout [ 98.529454] Bluetooth: hci2: command tx timeout [ 98.592389] Bluetooth: hci5: command tx timeout [ 98.592923] Bluetooth: hci6: command tx timeout [ 98.593467] Bluetooth: hci7: command tx timeout [ 98.593518] Bluetooth: hci4: command tx timeout [ 100.384344] Bluetooth: hci0: command tx timeout [ 100.448323] Bluetooth: hci1: command tx timeout [ 100.576759] Bluetooth: hci3: command tx timeout [ 100.577198] Bluetooth: hci2: command tx timeout [ 100.640383] Bluetooth: hci4: command tx timeout [ 100.640791] Bluetooth: hci6: command tx timeout [ 100.641666] Bluetooth: hci5: command tx timeout [ 100.642606] Bluetooth: hci7: command tx timeout [ 102.432349] Bluetooth: hci0: command tx timeout [ 102.496310] Bluetooth: hci1: command tx timeout [ 102.624307] Bluetooth: hci2: command tx timeout [ 102.624570] Bluetooth: hci3: command tx timeout [ 102.688392] Bluetooth: hci7: command tx timeout [ 102.688437] Bluetooth: hci5: command tx timeout [ 102.688802] Bluetooth: hci4: command tx timeout [ 102.689628] Bluetooth: hci6: command tx timeout [ 104.480310] Bluetooth: hci0: command tx timeout [ 104.545290] Bluetooth: hci1: command tx timeout [ 104.672723] Bluetooth: hci2: command tx timeout [ 104.673395] Bluetooth: hci3: command tx timeout [ 104.736310] Bluetooth: hci6: command tx timeout [ 104.736420] Bluetooth: hci7: command tx timeout [ 104.736706] Bluetooth: hci5: command tx timeout [ 104.737491] Bluetooth: hci4: command tx timeout [ 128.134092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.134766] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.393565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.394210] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.564597] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.565237] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.681705] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.683169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.719355] audit: type=1400 audit(1768297463.263:8): avc: denied { open } for pid=3813 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.724504] audit: type=1400 audit(1768297463.263:9): avc: denied { kernel } for pid=3813 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.807611] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.808209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:44:23 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x0, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) [ 128.931291] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.931883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:44:23 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) io_setup(0x200, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000380)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000480)="c9", 0x1}]) io_pgetevents(r1, 0x1, 0x7, &(0x7f0000000180)=[{}, {}, {}, {}, {}, {}, {}], 0x0, 0x0) 09:44:23 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000380)='dns_resolver\x00', 0x0) [ 129.123017] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.123630] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 09:44:23 executing program 4: rseq(&(0x7f0000000040), 0xfffffffffffffe02, 0x0, 0x0) rseq(&(0x7f0000000040), 0xfffffffffffffe02, 0x0, 0x0) [ 129.186980] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 129.187499] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 09:44:23 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe) recvmsg(r0, &(0x7f00000022c0)={0x0, 0x0, 0x0}, 0x10062) [ 129.257231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.269431] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:44:23 executing program 7: r0 = perf_event_open(&(0x7f0000000600)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) 09:44:23 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x161c03, 0x0) ioctl$CDROMREADTOCENTRY(r0, 0x2284, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, @lba}) 09:44:23 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r1 = dup(r0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000000)={0x1, 0x0, 0xa85, "9a"}) [ 129.368342] program syz-executor.7 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 129.376313] program syz-executor.7 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 129.399190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.399789] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.475924] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.476558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.506037] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.506752] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.612863] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.613530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.626238] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 129.639367] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.639954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.660211] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.660821] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.686997] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 129.737024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.737685] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.795421] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.796029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.796045] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.796601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.926566] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 129.958958] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 129.959753] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 129.981196] wlan1: authenticated [ 129.982014] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 129.983161] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 130.035313] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 130.036107] wlan1: associated [ 130.036525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.342724] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.395504] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 09:44:25 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x91, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x502}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 09:44:25 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}, 0x0, 0x0, 0x0, 0x0, "c937724122045ef80a71518e15720171efb0abb81120269656892dd2eff29714f3b162c09f505f2eb1b8a53b35ab5d1b16043f15950358c7f390d64c827fdcefa3e81f4a7c9a7310dfd4089c328164b8"}, 0xd8) 09:44:25 executing program 1: syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f00000016c0)='./file0\x00', &(0x7f0000001700)='./file0\x00', 0x0, 0x909001, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) move_mount(r0, 0x0, 0xffffffffffffff9c, 0x0, 0x66) 09:44:25 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x38, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x38}}, 0x0) 09:44:25 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe) recvmsg(r0, &(0x7f00000022c0)={0x0, 0x0, 0x0}, 0x10062) 09:44:25 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r1 = dup(r0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000000)={0x1, 0x0, 0xa85, "9a"}) 09:44:25 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000000)=0x9) 09:44:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 130.549882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.551463] program syz-executor.7 is using a deprecated SCSI ioctl, please convert it to SG_IO 09:44:25 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe) recvmsg(r0, &(0x7f00000022c0)={0x0, 0x0, 0x0}, 0x10062) 09:44:25 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r1 = dup(r0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000000)={0x1, 0x0, 0xa85, "9a"}) 09:44:25 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 130.606909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 09:44:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:44:25 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:44:25 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe) recvmsg(r0, &(0x7f00000022c0)={0x0, 0x0, 0x0}, 0x10062) [ 130.651679] [ 130.651903] ===================================== [ 130.652359] WARNING: bad unlock balance detected! [ 130.652820] 6.19.0-rc5-next-20260113 #1 Not tainted [ 130.653304] ------------------------------------- [ 130.653791] syz-executor.2/3948 is trying to release lock (rcu_read_lock) at: [ 130.655161] [] __wait_on_freeing_inode+0x105/0x350 [ 130.657031] but there are no more locks to release! [ 130.658576] [ 130.658576] other info that might help us debug this: [ 130.660763] 4 locks held by syz-executor.2/3948: [ 130.662113] #0: ffff88800f84e3f8 (sb_writers#3){.+.+}-{0:0}, at: filename_create+0xf7/0x400 [ 130.663742] #1: ffff888009636cb8 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1b1/0x400 [ 130.664714] #2: ffff88800f882950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe32/0x12d0 [ 130.665595] #3: ffffffff85c16898 (inode_hash_lock){+.+.}-{3:3}, at: insert_inode_locked+0xf9/0x890 [ 130.666499] [ 130.666499] stack backtrace: [ 130.666933] CPU: 0 UID: 0 PID: 3948 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260113 #1 PREEMPT(lazy) [ 130.666950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 130.666959] Call Trace: [ 130.666964] [ 130.666969] dump_stack_lvl+0xca/0x120 [ 130.667004] ? __wait_on_freeing_inode+0x105/0x350 [ 130.667022] print_unlock_imbalance_bug+0x118/0x130 [ 130.667041] ? __wait_on_freeing_inode+0x105/0x350 [ 130.667058] lock_release+0x1ee/0x270 [ 130.667076] __wait_on_freeing_inode+0x10a/0x350 [ 130.667094] ? __pfx___wait_on_freeing_inode+0x10/0x10 [ 130.667113] ? __pfx_var_wake_function+0x10/0x10 [ 130.667134] ? lock_is_held_type+0x9e/0x120 [ 130.667149] insert_inode_locked+0x25f/0x890 [ 130.667169] __ext4_new_inode+0x223d/0x4cd0 [ 130.667191] ? __pfx___ext4_new_inode+0x10/0x10 [ 130.667210] ? __pfx___dquot_initialize+0x10/0x10 [ 130.667235] ? __pfx_avc_has_perm+0x10/0x10 [ 130.667255] ext4_symlink+0x406/0xb40 [ 130.667278] ? __pfx_ext4_symlink+0x10/0x10 [ 130.667297] ? security_inode_permission+0x72/0xe0 [ 130.667313] vfs_symlink+0x44b/0x840 [ 130.667334] do_symlinkat+0x153/0x440 [ 130.667350] ? __pfx_do_symlinkat+0x10/0x10 [ 130.667366] ? strncpy_from_user+0x21b/0x2f0 [ 130.667388] __x64_sys_symlink+0x79/0xa0 [ 130.667404] do_syscall_64+0xbf/0x420 [ 130.667420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.667435] RIP: 0033:0x7f019f19f427 [ 130.667446] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 130.667460] RSP: 002b:00007ffc45bc93d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000058 [ 130.667472] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f019f19f427 [ 130.667481] RDX: 00007ffc45bc94b3 RSI: 00007f019f1fa022 RDI: 00007ffc45bc94a0 [ 130.667490] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffc45bc9270 [ 130.667498] R10: 00007ffc45bc9127 R11: 0000000000000206 R12: 0000000000000001 [ 130.667507] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc45bc94a0 [ 130.667519] [ 130.685921] ------------[ cut here ]------------ [ 130.686419] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x25f/0x5c0, CPU#0: syz-executor.2/3948 [ 130.687484] Modules linked in: [ 130.687834] CPU: 0 UID: 0 PID: 3948 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260113 #1 PREEMPT(lazy) [ 130.688819] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 130.689649] RIP: 0010:__rcu_read_unlock+0x25f/0x5c0 [ 130.690195] Code: f2 02 00 00 c7 43 58 01 00 00 00 bf 09 00 00 00 e8 a6 bb de ff 4d 85 f6 0f 84 73 fe ff ff e8 38 89 20 00 fb e9 68 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 61 f9 73 03 e8 0c 88 56 00 e9 [ 130.691902] RSP: 0018:ffff888049c779a0 EFLAGS: 00010286 [ 130.692458] RAX: 00000000ffffffff RBX: ffff8880195f8000 RCX: ffffffff815664c7 [ 130.693132] RDX: 0000000000000000 RSI: ffffffff815664d0 RDI: ffff8880195f83fc [ 130.694603] RBP: ffff8880195f8000 R08: 0000000000000000 R09: fffffbfff0ba6ff4 [ 130.695970] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880195f8000 [ 130.696701] R13: 0000000000000001 R14: ffffffff85c0e6e0 R15: ffff8880096c1628 [ 130.697426] FS: 0000555566d16400(0000) GS:ffff8880e5342000(0000) knlGS:0000000000000000 [ 130.698192] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.698796] CR2: 00007f019f21f542 CR3: 000000000d49d000 CR4: 0000000000350ef0 [ 130.699524] Call Trace: [ 130.699810] [ 130.700607] __wait_on_freeing_inode+0x10f/0x350 [ 130.701434] ? __pfx___wait_on_freeing_inode+0x10/0x10 [ 130.702675] ? __pfx_var_wake_function+0x10/0x10 [ 130.704079] ? lock_is_held_type+0x9e/0x120 [ 130.705364] insert_inode_locked+0x25f/0x890 [ 130.707177] __ext4_new_inode+0x223d/0x4cd0 [ 130.709987] ? __pfx___ext4_new_inode+0x10/0x10 [ 130.711420] ? __pfx___dquot_initialize+0x10/0x10 [ 130.712316] ? __pfx_avc_has_perm+0x10/0x10 [ 130.714327] ext4_symlink+0x406/0xb40 [ 130.716880] ? __pfx_ext4_symlink+0x10/0x10 [ 130.718142] ? security_inode_permission+0x72/0xe0 [ 130.720011] vfs_symlink+0x44b/0x840 [ 130.721618] do_symlinkat+0x153/0x440 [ 130.722847] ? __pfx_do_symlinkat+0x10/0x10 [ 130.723671] ? strncpy_from_user+0x21b/0x2f0 [ 130.725787] __x64_sys_symlink+0x79/0xa0 [ 130.726630] do_syscall_64+0xbf/0x420 [ 130.727556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.728141] RIP: 0033:0x7f019f19f427 [ 130.728604] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 130.730331] RSP: 002b:00007ffc45bc93d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000058 [ 130.731037] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f019f19f427 [ 130.731754] RDX: 00007ffc45bc94b3 RSI: 00007f019f1fa022 RDI: 00007ffc45bc94a0 [ 130.732470] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffc45bc9270 [ 130.733141] R10: 00007ffc45bc9127 R11: 0000000000000206 R12: 0000000000000001 [ 130.733863] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc45bc94a0 [ 130.736815] [ 130.737046] irq event stamp: 313 [ 130.737408] hardirqs last enabled at (313): [] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 130.738408] hardirqs last disabled at (312): [] _raw_spin_lock_irqsave+0x53/0x60 [ 130.739350] softirqs last enabled at (308): [] kernel_fpu_end+0x59/0x70 [ 130.740182] softirqs last disabled at (306): [] kernel_fpu_begin_mask+0x1bb/0x300 [ 130.741131] ---[ end trace 0000000000000000 ]--- [ 130.756759] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.780691] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.806488] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.827130] program syz-executor.7 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 130.837197] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.839501] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.868686] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.893113] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.893557] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.921916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.945234] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 09:44:25 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x5423, 0x8000000000000) 09:44:25 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:44:25 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:44:25 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r1 = dup(r0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000000)={0x1, 0x0, 0xa85, "9a"}) 09:44:25 executing program 4: move_pages(0x0, 0x0, 0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mincore(&(0x7f0000ffc000/0x2000)=nil, 0x2000, &(0x7f0000000280)=""/4096) 09:44:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:44:25 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000000)=0x9) 09:44:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) [ 131.340720] program syz-executor.7 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 131.348036] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.357762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.359805] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.360127] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.407532] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.420831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.421677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.428549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.468510] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.474668] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.484198] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.489465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 09:44:26 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) fadvise64(r0, 0x0, 0x0, 0x2) 09:44:26 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:44:26 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:44:26 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000000)=0x9) 09:44:26 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:44:26 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 09:44:26 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_HEADER={0x4}, @ETHTOOL_A_WOL_MODES={0x4}]}, 0x1c}}, 0x0) 09:44:26 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x4b, &(0x7f0000000000)={@private2}, 0x14) sendmmsg$inet6(r2, &(0x7f0000003400)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @mcast1={0xff, 0x2}}, 0x1c, 0x0, 0x0, &(0x7f0000001340)=[@pktinfo={{0x24, 0x29, 0x32, {@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, r1}}}], 0x28}}], 0x1, 0x0) [ 131.905626] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.911134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.922069] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.936953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 09:44:26 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GETSTATE(r0, 0x80086601, &(0x7f0000002a00)) 09:44:26 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key(&(0x7f0000000300)='user\x00', &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000380)="f9", 0x1, r0) keyctl$revoke(0x3, r1) [ 131.969100] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.971490] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 09:44:26 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f0000000140)) [ 131.992092] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.006487] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 09:44:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x0, 0x0, {{0x1d}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 09:44:26 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5423, &(0x7f0000000000)=0x9) [ 132.028844] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.029043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.050091] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.062622] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 09:44:26 executing program 4: ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000040)={0x800}) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000000)) 09:44:26 executing program 7: munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x3) 09:44:26 executing program 0: openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) 09:44:26 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat2(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', &(0x7f0000000480)={0x840, 0x0, 0x8}, 0x18) 09:44:26 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000000c0)=0x10) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 09:44:26 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x42}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = epoll_create1(0x0) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x8) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)) epoll_pwait(r1, &(0x7f0000000240)=[{}], 0x1, 0x0, 0x0, 0x0) 09:44:27 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x5, @dev}, 0x10) 09:44:27 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = dup(r0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @broadcast}, 0x10) 09:44:27 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_destroy(0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000002}) 09:44:27 executing program 3: perf_event_open(&(0x7f0000002840)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000300), 0x4) 09:44:27 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)={0x28, 0x30, 0x1, 0x0, 0x0, "", [@nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x1, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}]}, 0x28}], 0x1}, 0x0) 09:44:27 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x5, @dev}, 0x10) 09:44:27 executing program 5: clone3(&(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 09:44:27 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() r2 = pidfd_open(r1, 0x0) pidfd_getfd(r2, r0, 0x0) [ 132.641805] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.7'. 09:44:27 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x5}, 0xc) 09:44:27 executing program 6: prctl$PR_SET_MM_MAP(0x4d, 0xe, &(0x7f0000000040)={&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ff8000/0x5000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, 0x0}, 0x68) [ 132.656780] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.7'. 09:44:27 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x5, @dev}, 0x10) 09:44:27 executing program 5: r0 = eventfd2(0x0, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000200)={0x0, 0x0, 0xfffffffffffffffe}) 09:44:27 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 09:44:27 executing program 0: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) poll(&(0x7f0000000a80)=[{r0}], 0x1, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x7fffffff) 09:44:27 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x5, @dev}, 0x10) 09:44:27 executing program 7: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 09:44:27 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x1, &(0x7f0000000200)=0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000400)=[&(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x2}]) fsync(0xffffffffffffffff) 09:44:27 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000006500)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, 0x1c, &(0x7f00000005c0)=[{&(0x7f0000000080)="96f0faa08f4236b484704cd3ea237416e3c1ea1955a240e0a7a43c191c036c32ffd039b2e6c372db335d676dcdae6905989b4d6652c49e19d941b6dd5c5c949d2f5ca477eb1073e75e072405152526a2c9e975c528b03fc8b673722af52a4b95072a24e8f7a05d36a0e8ee80dd17922a0e55a25b67df3a37db65d024526e7c723af17a1d", 0x84}, {&(0x7f0000000140)="73073242f074af93c8246e13be12d5abb82c8872a181d278107c06bf9f44569e4a18d6ba806ef4c22707c74cf87edb68410773d0636653e79898f8d7209760f967c613aedc56becefb343dd9e2456d928122253c723037a9bc48617203870255a4e5a9868e6511100c6b8403404376164f9693da2a7f5d4a57d171910dc287a82660f405f2d87f72c4a3b7c798b7e4b2109a00b6da4f8e4e0184e9ecae883cfedb41faf64c5bc5035a637a59889e3622c64f219953ab7ddf82b5b87725e5d2918348f39048ee028368096491e5a4e716c14fe06793a9fa1ef6d2283749af73", 0xdf}, {&(0x7f0000000240)="29589d992aa228c8b50df54cf36e1a822bc6509264e899158620cf47127584d514b23d1c89f8e94df8bddf77a9640be6bb96b6f425c9e323a280ac6a6eab94f8e07e598259979360f7513afdfa83bb118c429997f50f8f7063a9ca308afb3a29c5e151396d113802e417bb6f032a8a6c5acd56bed02577de0959a210f81cae1be8ff8f645d981584b220063bb90c84865f0e4d73fdd4831a5cbfa12bb4e5af752ae8eda8eef683a2c2fc325454283665d396f78704949189149b2cd5de607adaa8a489e8bd3bdbca960e4290f9662e4a8483ea754a", 0xd5}, {&(0x7f00000003c0)="f2026920eeab40a3fe0d3d9b32fe85916afcdbe8394c6a6e9bce0702f786195903052027da9b9a319cb451b71d1101b7bc428decef545960124375a1055ca1f90267f4b8becea277e99993fffc69803562ed7293e52b4ec58cf10e99b0272745f270a9f0eb90c3120ac1abdb1bc892cd9868a95ca93762086b0a7384ceee9fbd84e049db5b3123a3000d1fb129201ee413bf10a96ac1d7a0fae933bfb5e04c2a7c02aec94f7731bcaf4a4205529949e6f1c86c78bbb148368d898062dd6d151c4451655cd904255b41e07c413625db4b66543d", 0xd3}, {&(0x7f00000004c0)="ed22458e4f418f868f7c7ae393934ebbee4913afecb656ffc8cf62f7e19a676082a0161bd4c1917a833d3c9a9644e69e4bd8d012e9fc85579ecdd63246e0363e42d47d288c9be68acff62377be62905fac5f748da68774bb2ad1209bbd04d9eb369ae87604df051f96eaa36acbc9ebca9654575f9e3aa45fc01c538a062adb841ec3113c4510df7f1e39ac88d2452569744155d4e0111c19318cd6d7149106acdfa4799e6aa6f9119abb04e2171c0e660d8b6009a49d26f6b754cb792d3c4975b34f6951a0839ac335a405e306231eee97eb523705bdb89e2e45e75b79582e5a5ded52653e67ce35bcec679d32da2350aa29b5e60bda", 0xf6}], 0x5}}, {{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000000840)="88b8fbc856fe91cf077168c61fcfd6aaa9fac8efb9bcbf32ec0bebed9ce8fd519ced1bf897927777ec4f6cb423dc61d0b6e5dfe420b5904b65e8f16c68affe41592f6102555510f9dc1286581534296bdac8992e52ed", 0x56}, {&(0x7f00000008c0)="90033916bfbd8ca2926faaa9fe05daef894f6f199b37567c9c9ff106754300a10def95d793596fc05625b4cf9a957dc38bff4c08f420095d9f6ec34387c3a0b05475c7668c6360bb0bac53d74fcaf4f2f1b309f8fb0cac5f0221e6a77686e91acf7910d82fe2226babe4d6a7354de7d8fbe7f4dcfa1232f13c9e1e26c78f2ae2627bf2e52dc03e59400bbb09e4659de23318f0a5445ee9be01df5b3400f4ea016a3eef4c9db6e34b92c206", 0xab}, {&(0x7f0000000980)="fcd8da633bc6f25daa5ba74ee56cc1c95bbad207bc1e7e6e114f09bae44344c3ea0d7129aefed82d0e301b0b54a51f64bd9c55c3ae0af7bc72eccf166cbbf7ca215211c896e6071aa43b6bc91d07", 0x4e}, {&(0x7f0000000a00)="08421f11b91fd8c691d080edfacc1af3a2214352a3675f412665c714af8c0428f8de203ac150a1f40e1bcae5d9", 0x2d}, {&(0x7f0000000a40)="2efc6adce83dd2c03ef612121c6ccc70a013352901ef00fb03cd6c7b31c2d72380456a27654104d6b181a1ec4708d4916cc011650c8fc2c8ff278b957adec81ca6f3f7c128429d9ffe3989b6ffac3d279eee775194837a448b983cd47d6a9edf7b4d8726d904b3a70f62b1054881436163c8e686ac1115d97b282e724e8acc0774c82fbde5b8b362ff51d70072e042ea612ca0437937511fc53c91", 0x9b}, {&(0x7f0000000b00)="bd8d8bd4e722946052577e3c3c6c0300efb8c02999457f4cb0a41d952c94892c906f4f2c2dd3bd66ce940a21414bfeb2f5ba4ef2f044eeb05da25c3633201b9907749e70093ee18fc982c059c039a9b9fe07", 0x52}, {&(0x7f0000000b80)="e03aa0b8fc2e415e5fa62703f077", 0xe}, {&(0x7f0000000bc0)="17222157d9ee00ea9a6aad54832068d38ce67e2cefa0f867672c66a882276c4b5d2b5adac49cfcbf69e81c82b4847e81e622cea668212c4aea4de2c41bbb2f2b0143e5", 0x43}], 0x8}}, {{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000e40)="75dba23bf6f17ca238f45b3084f2f3fa580d669572710c2742f05407360bc51d05ca14e8c73c6f45b090a54f758e4234648b949f197930b71315f054a8fd9129a4e2f6647cde6f4482bd9c673188b4b1f11adbcdaf01498a67d958979a272b73e766095d9ab501b8d0f6db9837d823e14df9ec782ea0d102fcaf0e498f40c894cb0099d260c650a0b7b197d56e3fea62848b5a094b013324d64a6bfecd9ab45e3710fa35f5a7ee886b1ff5dc26f9f29e7380962fc8c18810a61f55c8e742036d256535116dbc5a690ccc7e44cf1f300f7a34cc730fd1040a689f2f683c586ed81fdaf25690a5ff3748e7efcad9d998a649f8dff4e01ab534b8b2456b7e34af898bda4db2d711c2a24392366b8edc03dbdfed41367f0d149dfa12e25b1b1f5ca14fdc2dcf68fe588a5332904d6f9e382bc588f180332567ca1f752da10edf775eb7180f1220009cfe5d7b361c9e924a74edc09e268f7d225484e85db6f93d46931b1cb0649d0583fbe85cfd47f0ebbc54739a0544dddf6a8e90b3f0381794192e3081eb0166e1dd3671af6bc4d2e4543eca1e176bb1e1800e15934ea6ab56145e495a79331138c90e43e42e937d035a7d791e581bb3333458cbc78350956967703e63885cfc171628bc3da94e0f39aba03e113f4f50f89a90d8b2c96fa5649c47a154c2e8ed80454f248f6c563d58a51da6b48d200cc7f15af093920b6ababf8d68919f0c1c9d69564d442d836efca1549503018ac09079718b5bcdcc6f0de7e87c262855d3bae2a9aa21023c17fe84e8a1b528e41e42a5e344eaeb4e4d0e73929ab12a2aa69e5c59b6cab9b7979a63531d5b10e634094600f36aab6cf87681c05090fb94170b205a48df19e2a8ed379fa082b223d6a92cc6eb3d643452b508c11e8782cd814d251b1f350366c75ac87db9c420047b9798f14b620314c1640df820c0829349202602ccb2fb802f60070578242829355bc230e89c7bc9baa97742e3827bf2d0b5ec044fa760bb28b84bb56a2bdbb6fdce1a12d7cb86388fd7ce76a1d8e39f16a0985242708737ae90c721d3fb5e0dea20a51c998f8e39f1f2b7dc2ea0ea83c8fb505d7ae570b8045d59320efec067cda5ae0f75a20d15c57269c6b9cb156f461af9863e0aa09ceba01c611d489a3727d7c54a49da8a3e9585d6a3c3940bb9891d7aeeca33b5c428e6b5bd8b7aa50a445cd2150cfb3538eb4723ef2d6b0ee8f8f7ab89932ad53949fb5261ad91c67aa22ca91b6c2b3a3401058e877bcd521a222e347ff97c8bd4d28ae1ce490f08b6f3e81745904cd712453eb87f95c9d741041895f66d827ea2a60cd9fbb8bee612106c75aaea2968f5bd75f323222989c62eb956ab8ce5e46cb476fdebdde8c759d23b437cb83fe0784f42e67c36552c4298da048cc2428f591de3159895b843948096aeade69016338ec2ee117c4d2f6f46b32fe900c8220c3d4c6f31fb87bb9db7fc541c25fd3505226cce9795975abd7fe4cd6a4d1ef11c4f7112a7d7f81a6567e1abd1390779450188e7beb6e03187b86d27e9dab531c7973aa37c5750b518817b776a815c3e207fe7741d4e2a87c2a8adb21f59397fa4348c9bb9f32ff5ce78726937e561f7444730e4ce88d6e69a3584d5533d6f67523286ee303ca4b2705dc711786ae4cad8e2461d7c7f7339af544f42cd104a036faca992d6dba6b00c4a4b18896018ef771928cd298bb453fe1e30c6be89030b11e2f51494a6d44d5f6f5b7f42e9f1193622bd381b725fb548a7f85663b1bba6a8d218bfa040575aa8d931cc50eec55651bd2bdc3659174b8db4a7987a60e211459496c86735a57765ca08e317857c91dcb5b58f52b4767a8c53a300a3c485b85ebe6e2138c2714e588b9af6a436d45780f41de8b47fba973106ff33ee42c13f28d5c8aabbb914ed1ba85d89c07869ef22b94f17d11d42d47d13d2d9f24ff115437dd919831b0e92546756bd27c2674f45169d535584089e3ce972f9a74185fde3e464920117220e0d71face1e2dc7aefcd70929b1c4485e3c8ed8b5dbac1fa9f2be9803a8f7257e7e0b27644ec94682eeb6cf98bf41e98ea803f6d5acb4355238736b8a7bba522ff52ac74b33e9c4380d16717c9061f8ef6f8da4db78be74c5ecc1038b822b7b16a930be3ee7af89cdebe78b98556918985ec06f2739d36d67fd5e962694f53f2a5bf9295183a4c8d7cebb88baeb91bf6ba61e21b370fd69e84653b3a06c3b7bd04cc7971fb8e2a5fd08a0a5ea588eefb4e6339026b9e7c62d746309b67d6cc34e18c7b4ad1a7e58f4ceebc3d92609e98334cfd84689899b762d6f29801258d8df8b7968eefeef85f737b04c71af1a76cb113834c10b45b4849eb629452a4e9f6e051d954432afbacaff6ccc2248e149a9c77a99e3a9d45f8f46377b8581027961dfb705423738eb4029da33b552d37ee7262bbd47be8848eab67b52888bee37b7071b6c2eba0dac7a9968573a1251a1ec6479ff1b88a351166b9304a2b93513684d379f1c455d894ca833df800bf6652a6bf8738c4f31b2f87995796173fb1924e3aad9f98751c2e580262bbfb249483e488cc0e8da86b0d9bac3d01c60bfde1edb019e649d6116a00a048bce13ccf1c377451efad174884dcf2060452bb0e8978d17ffe1147e3e17eb9f3f3f1095b75103bf602f0dfc8f9e8965b42b0fcb804e4e3cb2efcc061b782be2fe7c3589d265322e7a0bb284a8e4b5a5d285342168ce57ab2fd9f7e09c3478bc9fddc5e5e6d07405518386f3efe3a0c71688dc5ccf65522404595c12c38149954f4da2c3d6f775b190f792294d2fbd02f4b6d06165d24e7de9e40a26d88e0154cea80d948d73a17914146f3f0b8f5ffdfa59513460ae5e5f481e4950514eee74bdb666029350f625ec7bc965077c0b403788773074e335925dc25595b3a1af492d39a35c8ac228da8086aebda3fa58ecb1a67a04783e680fd8f3d19fbfbdf02c40617e59ae4dac7fdd1723112603620e8f0dfa8ee29af4368405a95a4174345bb9b5af43484758fd3f38b482e53c7682c6d43550bf134a2d11e3d4d6d45e5a111f9fbcce37276d6ff022ec35ee61cbde826ab7b05a1f2cca4e33ee5881b0845a902a1324d64f01e8d2e8c0be0e119781731c498934ff9829b36b02dee8bdce63a13c91c5e003342a6b8ee3f788f0f0721661a57ba36271dda08fe7172085df0a74a4d1472d770b833ef52abeaa77442a99f9f6ac02929136bd46c32a0a0afb2c20433a9bde2729f742f2f2a8e0988569fa3fb8e0637307fc6824b3b4a530563ff5895bf6179b0ff2da1b4b9e7f6a1c02d1b928db1491dd94083a935a383d63af26c4f81bf0ddb7682a609622b52a51f4cef99692c2fc854b9c2375ac5ecf37418f9a035fb84e9367c3d3365b53bb09adbd2cb1c9682cf231f6c78a77676662a242781d7d8e079f0a15eb6a85af8e222a2d805e9aed12290cd38d8403d6f96656ad9537a973d2654ac41fa876a551d1e4a0bbdafcbc636700c9e767ffd5f9b1d7c183b101da37bef858c168917d7122828fb10812142e40e71a3894fe6fb4d2efee4beb78e0d690ece853138ffbd62bb18fa8c6391584233b5c36d5c7f22233e3075fdedc7d7698e2b9443ab20daad211b4fca00a01314c2e519f05b529292dd4b69d038fd8d92598f4fa4d01e363324bf5c6eac1c96619f9d7e441232c80beebaadf4db54eb50bf2a9787a9fe9973b5e0878f959ca4e3c008673b1e870a49f0eab34fb29e2b92172c665887c286a0f6ec907cb7843eee1f02a1968e9fc020437e760883b8b900772b7a4852d72bf521449bd7d96bbf61677fee78b2a439fba628babda0de899910623f69eab073808f564a8231a446709e9506d7ae9ebd9ac8b9a4fff23441460a6397e694d3b4c7c77abf6d370142465d0dc2d973cf0d78242214b803f3a829d3009066d83603a93555aa6fb45980da0de20d6ab95408031bcdca3cc9c89176df5241df4e3d88aa4a70051e812db159f4b4ebb222270dc0e744e46c2800d355cb8bc34968ea61a9c44365c18a6f149b6c528dc116e87c36da6efc60e1738d4e957ee02a2ec9a71ab58e4a18b4f48dfecc9386da385aae5c45ba14314d881f4467ef2791b9180f60d994d63155f9ce9b58996791a2eac7fa905f724fde21352e0bb0b75b7e8531905d6f10f3c9dcd692510ad4bfebd6ad56f79d841d86d73735e41d8950941549494885c223d9c096de42e2998a3fc7a3e7997906707dc68d7cfccbd86c8cda4f58769b74b1967503646576ec3f5d1b39eeebff0c9746178b32f7abc47b247cb1202afc380e66d52638e71be8d0a437dc69141ea91506f17fd5864fec84d50e61264d177b7a08800f11837dc8b1dcadd8a61662bb153c24a9a0ef80db64da093935e9d255759d7ae4e1c76f05133064278098b9022d5f97d81359f183b6b0d45b375fd4fb600249c5b10468ec3c9950ece55b3b7c27e09c5e0c2a60d7220b12f7df67858414d1509cd22971ef72f45bbaecbc43650f2ed38c282aa83e47bfe92dfcb9ecbe2e5c6492c4bb89f4d99e4681204b0b53ec48a53d85cce8927eae855a63478f1d19ba2bcaf73e5b5897e7ae5f4a33fbd574b20552bdfaa93b214cc6689ac429e5bdf4aca49c7fae52570c5d0a82d6eca3f87a5f757a9fdfbf3f1689106b2377c6d5f30588f2b2e614771f5e785748e5b9d8dce06e46ab1685c38117c85bcf5e90eab94d720e7a8d278b1392a929dff2177dae49c609851b546d8581659020d5dfe2267e7af6aeb25a4f33e7715d680e9a59793594c7e267d5ed49341d6cd63328c676d061e605576c4d0ac8d766f51a01b528a3b0a50346483a7a21fb37655049fd5591e652c10623095908d3ef145bf1ac25b4a6686deccb485d56058f301214ff7e437ef87aa86955202c1ff86bb65d9fa1e9b32843abb42393456136ae851418e0c6a3fa2943b2cad95cd1901d6bb05a91c96022e665fd11bfe70f38df1a3d3b7e8090ab57624aee1c14b108ea4679c3ef39dab04d36f9d0dc4dfd57e1e7e06dd540e1d675649fab05c3e007f8a7954dbd3a3b7d003c36b88c68a7b0ed0b09939973ceb12944a0b59b34ff51d4c5df1eb146ca6eda42f9a45562eb2fb544a3bdf2a1be2b80615ab178cf60519f3d7d2609a1b17292632d7ebbe5079c59900cf13e9f7e7be3cb487a2525ad218b8f582fb7f6b5f835e1dc314b7bff248e70840a4527b54412cc0814e842d811aa10757611ff42d5d39c7b0d02824ecdc179c18f271a967dc772fffbbc84e6ae38323f64875656d8ea0e6f2a397b636fdd57166fd9779ab7913fd84d74803abc621abcf4a54ed2ce6af075bdddc12c4925917091ab3eab99a4c5e8e16d7ad3bb7c44296c1f0aa8cb5395aa0ac73a017ae5a864d62871fe964a421098276d6e385345d4290302d6aebf17e34e206027278715c14f79882179d868d41e66dba2dbbcb28fbb98ec31c96a6475fd7c03cfc38bca83c3cb55e34a0d3ca9f6015ff5b20c694d2e0d782c4e0b3f90613a892a83c95603702b92a47458b6ea3cdd243c50821368e9e1acd62992699ed981ed716c801c7a117d2a0530855d7cffd3f495cf16a5ee32540b313a5f67399d965de2f8f77a02abf48ce5f1882debaee483efa6cc5bc33ab4bbd288e5ad50493fc9f1bce150f8b644f93c6c30564b79e300e25889df1c3f039a1c9e0dd96a427f6fb7901cbc0802969b9193d49e09dec6a1b03095174da65651970976601e464772fa03dd9133a7af8e032373bceada36d7226d21433816b", 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000002140)=[{&(0x7f0000001f40)="b5e9", 0x2}], 0x1}}], 0x4, 0x400c000) 09:44:27 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_destroy(0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000002}) 09:44:27 executing program 3: openat$nvram(0xffffffffffffff9c, &(0x7f0000000200), 0x10b381, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) [ 132.920471] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 132.923181] audit: type=1400 audit(1768297467.470:10): avc: denied { read } for pid=4057 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:44:27 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x1f) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x0, 0x0, "28a587ea6b9da511f7ff1315aa908ba6ccc7a9"}) 09:44:27 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getsa={0x34, 0x12, 0x1, 0x0, 0x0, {@in=@multicast1}, [@mark={0xc}]}, 0x34}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0xb, 0x0, &(0x7f00000018c0)) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000040)={@mcast2, @mcast2, @local, 0x8, 0x8, 0x2f, 0x100, 0x4, 0x4100000, r3}) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r4, 0x0) r5 = fork() tkill(r5, 0x0) 09:44:27 executing program 5: personality(0xd400001) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0) 09:44:27 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cc, &(0x7f0000000200)) 09:44:27 executing program 7: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 09:44:27 executing program 1: syz_emit_ethernet(0x36, &(0x7f0000000600)={@remote, @remote, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "78aae4", 0x0, 0x0, 0x0, @mcast2, @private1}}}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000540)={@dev, @broadcast, @val={@void, {0x8100, 0x1}}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x0, @link_local, @private1, @empty, @private0}}}}, 0x0) 09:44:27 executing program 6: openat$dir(0xffffffffffffff9c, &(0x7f0000001240)='./file0\x00', 0xc0, 0x0) mount$9p_rdma(0x0, &(0x7f0000001300)='./file0\x00', &(0x7f0000001340), 0x100a000, &(0x7f0000001380)) 09:44:27 executing program 0: r0 = syz_io_uring_setup(0xb4d, &(0x7f0000000080)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000000000)) r1 = dup(r0) io_uring_enter(r0, 0x6f74, 0x56f4, 0x2, &(0x7f0000000040), 0x8) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x11, &(0x7f00000001c0), 0x2) 09:44:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000500), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {0x0, 0x0, 0x600}], 0x0, &(0x7f0000010d00)) statfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000240)=""/205) 09:44:27 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_destroy(0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000002}) 09:44:27 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x519, 0x4) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendto$packet(r3, &(0x7f0000000380)="cdda7c47556e3e84173484e605a8", 0x1000e, 0x0, &(0x7f0000000180)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendto$packet(r6, &(0x7f0000000380)="cdda7c47556e3e84173484e605a8", 0x1000e, 0x0, &(0x7f0000000180)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$packet(r0, &(0x7f0000000380)="cdda7c47556e3e84173484e605a8", 0x1000e, 0x0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) 09:44:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x4020940d) 09:44:27 executing program 7: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 09:44:27 executing program 6: io_setup(0x5, &(0x7f0000000000)=0x0) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) r2 = socket$inet6_udp(0xa, 0x2, 0x0) io_submit(r0, 0x2, &(0x7f0000000180)=[&(0x7f0000001580)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0xff7ffffeffffeffd}]) 09:44:27 executing program 0: r0 = syz_io_uring_setup(0xb4d, &(0x7f0000000080)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000000000)) r1 = dup(r0) io_uring_enter(r0, 0x6f74, 0x56f4, 0x2, &(0x7f0000000040), 0x8) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x11, &(0x7f00000001c0), 0x2) 09:44:27 executing program 3: r0 = syz_io_uring_setup(0xb4d, &(0x7f0000000080)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000000000)) r1 = dup(r0) io_uring_enter(r0, 0x6f74, 0x56f4, 0x2, &(0x7f0000000040), 0x8) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x11, &(0x7f00000001c0), 0x2) 09:44:27 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) dup2(r1, r0) [ 135.720576] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 135.722156] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 135.730421] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 135.734439] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 135.741384] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 137.760553] Bluetooth: hci2: command tx timeout [ 139.808767] Bluetooth: hci2: command tx timeout VM DIAGNOSIS: 09:44:25 Registers: info registers vcpu 0 RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82977f45 RDI=ffffffff889c1a00 RBP=ffffffff889c19c0 RSP=ffff888049c774a8 R8 =0000000000000000 R9 =ffffed1001729046 R10=0000000000000036 R11=6e6920726568746f R12=0000000000000036 R13=0000000000000010 R14=ffffffff889c19c0 R15=ffffffff82977f30 RIP=ffffffff82977f9d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555566d16400 00000000 00000000 GS =0000 ffff8880e5342000 00000000 00000000 LDT=0000 fffffe3b00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f019f21f542 CR3=000000000d49d000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000003515b82db34ca11 XMM02=0000000000000000333bebdfd0a6a21d XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84d1527e RDX=fffffbfff0b82d11 RSI=0000000000000004 RDI=ffffffff85c16880 RBP=ffffffff85c16880 RSP=ffff888049c5f950 R8 =0000000000000000 R9 =fffffbfff0b82d10 R10=ffffffff85c16883 R11=0000000000000000 R12=1ffff1100938bf2b R13=0000000000000003 R14=fffffbfff0b82d10 R15=ffff888049c5f988 RIP=ffffffff84d15410 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558f253400 00000000 00000000 GS =0000 ffff8880e5442000 00000000 00000000 LDT=0000 fffffe5100000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f07567c8547 CR3=000000000c557000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000003515b82db34ca11 XMM02=0000000000000000333bebdfd0a6a21d XMM03=00000000000000000000000000000000 XMM04=000000ff0000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000