Debian GNU/Linux 11 syzkaller ttyS0

Warning: Permanently added '[localhost]:26691' (ECDSA) to the list of known hosts.
2025/09/01 18:22:50 fuzzer started
2025/09/01 18:22:51 dialing manager at localhost:35473
syzkaller login: [   43.698721] cgroup: Unknown subsys name 'net'
[   43.741002] cgroup: Unknown subsys name 'cpuset'
[   43.750343] cgroup: Unknown subsys name 'rlimit'
2025/09/01 18:23:00 syscalls: 2214
2025/09/01 18:23:00 code coverage: enabled
2025/09/01 18:23:00 comparison tracing: enabled
2025/09/01 18:23:00 extra coverage: enabled
2025/09/01 18:23:00 setuid sandbox: enabled
2025/09/01 18:23:00 namespace sandbox: enabled
2025/09/01 18:23:00 Android sandbox: enabled
2025/09/01 18:23:00 fault injection: enabled
2025/09/01 18:23:00 leak checking: enabled
2025/09/01 18:23:00 net packet injection: enabled
2025/09/01 18:23:00 net device setup: enabled
2025/09/01 18:23:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 18:23:00 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 18:23:00 USB emulation: enabled
2025/09/01 18:23:00 hci packet injection: enabled
2025/09/01 18:23:00 wifi device emulation: enabled
2025/09/01 18:23:00 802.15.4 emulation: enabled
2025/09/01 18:23:01 fetching corpus: 50, signal 20645/22476 (executing program)
2025/09/01 18:23:01 fetching corpus: 100, signal 36088/39362 (executing program)
2025/09/01 18:23:01 fetching corpus: 150, signal 44757/49452 (executing program)
2025/09/01 18:23:01 fetching corpus: 200, signal 50764/56762 (executing program)
2025/09/01 18:23:01 fetching corpus: 250, signal 55638/62909 (executing program)
2025/09/01 18:23:01 fetching corpus: 300, signal 58725/67253 (executing program)
2025/09/01 18:23:01 fetching corpus: 350, signal 62112/71824 (executing program)
2025/09/01 18:23:01 fetching corpus: 400, signal 64541/75501 (executing program)
2025/09/01 18:23:01 fetching corpus: 450, signal 68969/80877 (executing program)
2025/09/01 18:23:01 fetching corpus: 500, signal 72604/85475 (executing program)
2025/09/01 18:23:01 fetching corpus: 550, signal 76337/90076 (executing program)
2025/09/01 18:23:02 fetching corpus: 600, signal 78158/92977 (executing program)
2025/09/01 18:23:02 fetching corpus: 650, signal 80467/96211 (executing program)
2025/09/01 18:23:02 fetching corpus: 700, signal 82285/99013 (executing program)
2025/09/01 18:23:02 fetching corpus: 750, signal 85415/102867 (executing program)
2025/09/01 18:23:02 fetching corpus: 800, signal 87487/105766 (executing program)
2025/09/01 18:23:02 fetching corpus: 850, signal 89382/108459 (executing program)
2025/09/01 18:23:02 fetching corpus: 900, signal 91000/110907 (executing program)
2025/09/01 18:23:02 fetching corpus: 950, signal 92551/113278 (executing program)
2025/09/01 18:23:02 fetching corpus: 1000, signal 94771/116143 (executing program)
2025/09/01 18:23:02 fetching corpus: 1050, signal 97064/119027 (executing program)
2025/09/01 18:23:02 fetching corpus: 1100, signal 98561/121245 (executing program)
2025/09/01 18:23:03 fetching corpus: 1150, signal 99600/123069 (executing program)
2025/09/01 18:23:03 fetching corpus: 1200, signal 101716/125730 (executing program)
2025/09/01 18:23:03 fetching corpus: 1250, signal 103406/127984 (executing program)
2025/09/01 18:23:03 fetching corpus: 1300, signal 104570/129842 (executing program)
2025/09/01 18:23:03 fetching corpus: 1350, signal 105980/131820 (executing program)
2025/09/01 18:23:03 fetching corpus: 1400, signal 107270/133737 (executing program)
2025/09/01 18:23:03 fetching corpus: 1450, signal 110317/136903 (executing program)
2025/09/01 18:23:03 fetching corpus: 1500, signal 112230/139176 (executing program)
2025/09/01 18:23:03 fetching corpus: 1550, signal 113146/140721 (executing program)
2025/09/01 18:23:03 fetching corpus: 1600, signal 114575/142565 (executing program)
2025/09/01 18:23:03 fetching corpus: 1650, signal 116115/144449 (executing program)
2025/09/01 18:23:04 fetching corpus: 1700, signal 117661/146316 (executing program)
2025/09/01 18:23:04 fetching corpus: 1750, signal 118677/147850 (executing program)
2025/09/01 18:23:04 fetching corpus: 1800, signal 119515/149263 (executing program)
2025/09/01 18:23:04 fetching corpus: 1850, signal 120409/150607 (executing program)
2025/09/01 18:23:04 fetching corpus: 1900, signal 120927/151764 (executing program)
2025/09/01 18:23:04 fetching corpus: 1950, signal 122058/153326 (executing program)
2025/09/01 18:23:04 fetching corpus: 2000, signal 123723/155148 (executing program)
2025/09/01 18:23:04 fetching corpus: 2050, signal 124518/156422 (executing program)
2025/09/01 18:23:04 fetching corpus: 2100, signal 126116/158139 (executing program)
2025/09/01 18:23:04 fetching corpus: 2150, signal 126982/159378 (executing program)
2025/09/01 18:23:04 fetching corpus: 2200, signal 128430/160924 (executing program)
2025/09/01 18:23:04 fetching corpus: 2250, signal 129140/162032 (executing program)
2025/09/01 18:23:05 fetching corpus: 2300, signal 130006/163232 (executing program)
2025/09/01 18:23:05 fetching corpus: 2350, signal 131063/164640 (executing program)
2025/09/01 18:23:05 fetching corpus: 2400, signal 131847/165774 (executing program)
2025/09/01 18:23:05 fetching corpus: 2450, signal 132756/166996 (executing program)
2025/09/01 18:23:05 fetching corpus: 2500, signal 133473/168078 (executing program)
2025/09/01 18:23:05 fetching corpus: 2550, signal 134059/169073 (executing program)
2025/09/01 18:23:05 fetching corpus: 2600, signal 134924/170146 (executing program)
2025/09/01 18:23:05 fetching corpus: 2650, signal 135562/171159 (executing program)
2025/09/01 18:23:05 fetching corpus: 2700, signal 136271/172215 (executing program)
2025/09/01 18:23:05 fetching corpus: 2750, signal 136792/173128 (executing program)
2025/09/01 18:23:05 fetching corpus: 2800, signal 137522/174104 (executing program)
2025/09/01 18:23:06 fetching corpus: 2850, signal 138326/175112 (executing program)
2025/09/01 18:23:06 fetching corpus: 2900, signal 139400/176278 (executing program)
2025/09/01 18:23:06 fetching corpus: 2950, signal 140149/177229 (executing program)
2025/09/01 18:23:06 fetching corpus: 3000, signal 140866/178154 (executing program)
2025/09/01 18:23:06 fetching corpus: 3050, signal 141522/179040 (executing program)
2025/09/01 18:23:06 fetching corpus: 3100, signal 142005/179842 (executing program)
2025/09/01 18:23:06 fetching corpus: 3150, signal 143281/180917 (executing program)
2025/09/01 18:23:06 fetching corpus: 3200, signal 143911/181769 (executing program)
2025/09/01 18:23:06 fetching corpus: 3250, signal 144585/182628 (executing program)
2025/09/01 18:23:06 fetching corpus: 3300, signal 145169/183463 (executing program)
2025/09/01 18:23:06 fetching corpus: 3350, signal 145705/184291 (executing program)
2025/09/01 18:23:07 fetching corpus: 3400, signal 146320/185070 (executing program)
2025/09/01 18:23:07 fetching corpus: 3450, signal 146712/185724 (executing program)
2025/09/01 18:23:07 fetching corpus: 3500, signal 147200/186476 (executing program)
2025/09/01 18:23:07 fetching corpus: 3550, signal 148145/187286 (executing program)
2025/09/01 18:23:07 fetching corpus: 3600, signal 148727/188029 (executing program)
2025/09/01 18:23:07 fetching corpus: 3650, signal 149367/188744 (executing program)
2025/09/01 18:23:07 fetching corpus: 3700, signal 149722/189367 (executing program)
2025/09/01 18:23:07 fetching corpus: 3750, signal 150123/189995 (executing program)
2025/09/01 18:23:07 fetching corpus: 3800, signal 150618/190645 (executing program)
2025/09/01 18:23:07 fetching corpus: 3850, signal 151066/191261 (executing program)
2025/09/01 18:23:08 fetching corpus: 3900, signal 151517/191891 (executing program)
2025/09/01 18:23:08 fetching corpus: 3950, signal 152084/192579 (executing program)
2025/09/01 18:23:08 fetching corpus: 4000, signal 152694/193219 (executing program)
2025/09/01 18:23:08 fetching corpus: 4050, signal 153498/193935 (executing program)
2025/09/01 18:23:08 fetching corpus: 4100, signal 153934/194532 (executing program)
2025/09/01 18:23:08 fetching corpus: 4150, signal 154388/195102 (executing program)
2025/09/01 18:23:08 fetching corpus: 4200, signal 154840/195752 (executing program)
2025/09/01 18:23:08 fetching corpus: 4250, signal 155445/196348 (executing program)
2025/09/01 18:23:08 fetching corpus: 4300, signal 155927/196948 (executing program)
2025/09/01 18:23:08 fetching corpus: 4350, signal 156365/197469 (executing program)
2025/09/01 18:23:08 fetching corpus: 4400, signal 156686/198030 (executing program)
2025/09/01 18:23:09 fetching corpus: 4450, signal 156992/198532 (executing program)
2025/09/01 18:23:09 fetching corpus: 4500, signal 157461/199091 (executing program)
2025/09/01 18:23:09 fetching corpus: 4550, signal 157794/199566 (executing program)
2025/09/01 18:23:09 fetching corpus: 4600, signal 158427/200119 (executing program)
2025/09/01 18:23:09 fetching corpus: 4650, signal 158932/200619 (executing program)
2025/09/01 18:23:09 fetching corpus: 4700, signal 159346/201114 (executing program)
2025/09/01 18:23:09 fetching corpus: 4750, signal 159750/201592 (executing program)
2025/09/01 18:23:09 fetching corpus: 4800, signal 160225/202045 (executing program)
2025/09/01 18:23:09 fetching corpus: 4850, signal 160825/202490 (executing program)
2025/09/01 18:23:09 fetching corpus: 4900, signal 161216/202942 (executing program)
2025/09/01 18:23:09 fetching corpus: 4950, signal 161747/203378 (executing program)
2025/09/01 18:23:09 fetching corpus: 5000, signal 162196/203783 (executing program)
2025/09/01 18:23:10 fetching corpus: 5050, signal 162533/204157 (executing program)
2025/09/01 18:23:10 fetching corpus: 5100, signal 162877/204162 (executing program)
2025/09/01 18:23:10 fetching corpus: 5150, signal 163214/204164 (executing program)
2025/09/01 18:23:10 fetching corpus: 5200, signal 163624/204166 (executing program)
2025/09/01 18:23:10 fetching corpus: 5250, signal 164054/204184 (executing program)
2025/09/01 18:23:10 fetching corpus: 5300, signal 164473/204184 (executing program)
2025/09/01 18:23:10 fetching corpus: 5350, signal 164730/204211 (executing program)
2025/09/01 18:23:10 fetching corpus: 5400, signal 165217/204218 (executing program)
2025/09/01 18:23:10 fetching corpus: 5450, signal 165572/204219 (executing program)
2025/09/01 18:23:10 fetching corpus: 5500, signal 166081/204220 (executing program)
2025/09/01 18:23:10 fetching corpus: 5550, signal 166415/204226 (executing program)
2025/09/01 18:23:11 fetching corpus: 5600, signal 166947/204280 (executing program)
2025/09/01 18:23:11 fetching corpus: 5650, signal 167298/204294 (executing program)
2025/09/01 18:23:11 fetching corpus: 5700, signal 167554/204306 (executing program)
2025/09/01 18:23:11 fetching corpus: 5750, signal 167871/204311 (executing program)
2025/09/01 18:23:11 fetching corpus: 5800, signal 168149/204314 (executing program)
2025/09/01 18:23:11 fetching corpus: 5850, signal 168514/204352 (executing program)
2025/09/01 18:23:11 fetching corpus: 5900, signal 169090/204375 (executing program)
2025/09/01 18:23:11 fetching corpus: 5950, signal 169393/204396 (executing program)
2025/09/01 18:23:11 fetching corpus: 6000, signal 169696/204397 (executing program)
2025/09/01 18:23:11 fetching corpus: 6050, signal 169926/204397 (executing program)
2025/09/01 18:23:11 fetching corpus: 6100, signal 170489/204405 (executing program)
2025/09/01 18:23:11 fetching corpus: 6150, signal 170702/204412 (executing program)
2025/09/01 18:23:12 fetching corpus: 6200, signal 170969/204414 (executing program)
2025/09/01 18:23:12 fetching corpus: 6250, signal 171309/204424 (executing program)
2025/09/01 18:23:12 fetching corpus: 6300, signal 171650/204521 (executing program)
2025/09/01 18:23:12 fetching corpus: 6350, signal 172088/204522 (executing program)
2025/09/01 18:23:12 fetching corpus: 6400, signal 172595/204525 (executing program)
2025/09/01 18:23:12 fetching corpus: 6450, signal 172926/204526 (executing program)
2025/09/01 18:23:12 fetching corpus: 6500, signal 173291/204529 (executing program)
2025/09/01 18:23:12 fetching corpus: 6550, signal 173881/204539 (executing program)
2025/09/01 18:23:12 fetching corpus: 6600, signal 174114/204550 (executing program)
2025/09/01 18:23:12 fetching corpus: 6650, signal 174322/204555 (executing program)
2025/09/01 18:23:12 fetching corpus: 6700, signal 174602/204565 (executing program)
2025/09/01 18:23:13 fetching corpus: 6750, signal 175031/204579 (executing program)
2025/09/01 18:23:13 fetching corpus: 6800, signal 175238/204584 (executing program)
2025/09/01 18:23:13 fetching corpus: 6850, signal 175462/204584 (executing program)
2025/09/01 18:23:13 fetching corpus: 6900, signal 175755/204595 (executing program)
2025/09/01 18:23:13 fetching corpus: 6950, signal 176109/204598 (executing program)
2025/09/01 18:23:13 fetching corpus: 7000, signal 176549/204666 (executing program)
2025/09/01 18:23:13 fetching corpus: 7050, signal 176777/204668 (executing program)
2025/09/01 18:23:13 fetching corpus: 7100, signal 177010/204669 (executing program)
2025/09/01 18:23:13 fetching corpus: 7150, signal 177327/204679 (executing program)
2025/09/01 18:23:13 fetching corpus: 7200, signal 177511/204685 (executing program)
2025/09/01 18:23:13 fetching corpus: 7250, signal 177781/204699 (executing program)
2025/09/01 18:23:13 fetching corpus: 7300, signal 178154/204710 (executing program)
2025/09/01 18:23:14 fetching corpus: 7350, signal 178442/204724 (executing program)
2025/09/01 18:23:14 fetching corpus: 7400, signal 179064/204728 (executing program)
2025/09/01 18:23:14 fetching corpus: 7450, signal 179424/204735 (executing program)
2025/09/01 18:23:14 fetching corpus: 7500, signal 179748/204740 (executing program)
2025/09/01 18:23:14 fetching corpus: 7550, signal 179994/204747 (executing program)
2025/09/01 18:23:14 fetching corpus: 7600, signal 180314/204761 (executing program)
2025/09/01 18:23:14 fetching corpus: 7650, signal 180505/204762 (executing program)
2025/09/01 18:23:14 fetching corpus: 7700, signal 180991/204764 (executing program)
2025/09/01 18:23:14 fetching corpus: 7750, signal 181279/204775 (executing program)
2025/09/01 18:23:14 fetching corpus: 7800, signal 181597/204779 (executing program)
2025/09/01 18:23:14 fetching corpus: 7850, signal 181795/204780 (executing program)
2025/09/01 18:23:14 fetching corpus: 7900, signal 182117/204782 (executing program)
2025/09/01 18:23:15 fetching corpus: 7950, signal 182383/204788 (executing program)
2025/09/01 18:23:15 fetching corpus: 8000, signal 182639/204802 (executing program)
2025/09/01 18:23:15 fetching corpus: 8050, signal 182883/204804 (executing program)
2025/09/01 18:23:15 fetching corpus: 8100, signal 183197/204807 (executing program)
2025/09/01 18:23:15 fetching corpus: 8150, signal 183434/204816 (executing program)
2025/09/01 18:23:15 fetching corpus: 8200, signal 183821/204846 (executing program)
2025/09/01 18:23:15 fetching corpus: 8250, signal 184159/204865 (executing program)
2025/09/01 18:23:15 fetching corpus: 8300, signal 184435/204873 (executing program)
2025/09/01 18:23:15 fetching corpus: 8350, signal 184638/204875 (executing program)
2025/09/01 18:23:15 fetching corpus: 8400, signal 185030/204882 (executing program)
2025/09/01 18:23:15 fetching corpus: 8450, signal 185258/204895 (executing program)
2025/09/01 18:23:15 fetching corpus: 8500, signal 185661/204901 (executing program)
2025/09/01 18:23:16 fetching corpus: 8550, signal 186016/204902 (executing program)
2025/09/01 18:23:16 fetching corpus: 8600, signal 186356/204905 (executing program)
2025/09/01 18:23:16 fetching corpus: 8650, signal 186562/204910 (executing program)
2025/09/01 18:23:16 fetching corpus: 8700, signal 186805/204913 (executing program)
2025/09/01 18:23:16 fetching corpus: 8750, signal 188315/204913 (executing program)
2025/09/01 18:23:16 fetching corpus: 8800, signal 188523/204918 (executing program)
2025/09/01 18:23:16 fetching corpus: 8850, signal 188759/204921 (executing program)
2025/09/01 18:23:16 fetching corpus: 8900, signal 189047/204972 (executing program)
2025/09/01 18:23:16 fetching corpus: 8950, signal 189210/204973 (executing program)
2025/09/01 18:23:16 fetching corpus: 9000, signal 189462/204975 (executing program)
2025/09/01 18:23:16 fetching corpus: 9050, signal 189671/204976 (executing program)
2025/09/01 18:23:16 fetching corpus: 9100, signal 190330/204981 (executing program)
2025/09/01 18:23:16 fetching corpus: 9150, signal 190842/204982 (executing program)
2025/09/01 18:23:17 fetching corpus: 9200, signal 191334/204986 (executing program)
2025/09/01 18:23:17 fetching corpus: 9250, signal 191557/204998 (executing program)
2025/09/01 18:23:17 fetching corpus: 9300, signal 191790/204999 (executing program)
2025/09/01 18:23:17 fetching corpus: 9350, signal 191979/205001 (executing program)
2025/09/01 18:23:17 fetching corpus: 9400, signal 192218/205003 (executing program)
2025/09/01 18:23:17 fetching corpus: 9450, signal 192568/205006 (executing program)
2025/09/01 18:23:17 fetching corpus: 9500, signal 192788/205018 (executing program)
2025/09/01 18:23:17 fetching corpus: 9550, signal 193166/205020 (executing program)
2025/09/01 18:23:17 fetching corpus: 9600, signal 193476/205068 (executing program)
2025/09/01 18:23:17 fetching corpus: 9650, signal 193741/205081 (executing program)
2025/09/01 18:23:17 fetching corpus: 9700, signal 193970/205081 (executing program)
2025/09/01 18:23:17 fetching corpus: 9750, signal 194485/205133 (executing program)
2025/09/01 18:23:18 fetching corpus: 9800, signal 194669/205137 (executing program)
2025/09/01 18:23:18 fetching corpus: 9850, signal 195067/205144 (executing program)
2025/09/01 18:23:18 fetching corpus: 9900, signal 195305/205150 (executing program)
2025/09/01 18:23:18 fetching corpus: 9950, signal 195715/205151 (executing program)
2025/09/01 18:23:18 fetching corpus: 10000, signal 196001/205156 (executing program)
2025/09/01 18:23:18 fetching corpus: 10050, signal 196263/205162 (executing program)
2025/09/01 18:23:18 fetching corpus: 10063, signal 196297/205162 (executing program)
2025/09/01 18:23:18 fetching corpus: 10063, signal 196297/205162 (executing program)
2025/09/01 18:23:20 starting 8 fuzzer processes
18:23:20 executing program 0:
r0 = fork()
ptrace(0x4208, r0)
ptrace(0x10, r0)
r1 = fork()
ptrace(0x7, r0)
r2 = getpgid(r0)
ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000000000)=""/211, 0xd3})
wait4(r2, &(0x7f0000000140), 0x2, &(0x7f0000000180))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000240)=<r3=>0x0)
wait4(r3, &(0x7f0000000280), 0x40000000, &(0x7f00000002c0))
wait4(r2, &(0x7f0000000380), 0x80000000, &(0x7f00000003c0))
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000480)=<r4=>0x0)
ioprio_get$pid(0x1, r4)
process_vm_readv(r3, &(0x7f00000005c0)=[{&(0x7f00000004c0)=""/204, 0xcc}], 0x1, &(0x7f00000006c0)=[{&(0x7f0000000600)=""/132, 0x84}], 0x1, 0x0)
ptrace(0x11, 0x0)
wait4(r1, &(0x7f0000000700), 0x1, &(0x7f0000000740))
r5 = fork()
ptrace(0x4208, r5)
ptrace(0x10, r0)
wait4(0x0, 0x0, 0x80000000, &(0x7f0000000840))

18:23:20 executing program 1:
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(0xffffffffffffffff, 0x5386, &(0x7f0000000000))
ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5)
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000040))
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000080))
r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x2, 0x400)
ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380)
r1 = fsmount(0xffffffffffffffff, 0x0, 0x9c)
r2 = openat$incfs(r1, &(0x7f0000000100)='.log\x00', 0x121281, 0xc)
ioctl$SG_GET_TIMEOUT(r2, 0x2202, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000140)={r0, 0xffffffffffffff80, 0x6, 0x4})
getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
bind$packet(r1, &(0x7f0000000200)={0x11, 0x983a2b8c52a946c7, 0x0, 0x1, 0x67, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x30}}, 0x14)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000240), 0x82000, 0x0)
write$binfmt_elf64(r3, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0xff, 0x9, 0x5, 0x3f, 0x40, 0x2, 0x3, 0xfb4f, 0x42, 0x40, 0xc2, 0x0, 0x8000, 0x38, 0x2, 0x600, 0x3, 0x3}, [{0x3, 0x7, 0xfffffffffffffff9, 0x3, 0x0, 0xfffffffffffffffa, 0x8, 0x2}], "61728cdcd99b4ccc8facff3cdf547201cf22f0abba387fa3e6465a3016f43afc4442c125e977bd1110071f1dc6b88e8e2c0ab0ed66d30f351f88e1a6ddeb861c2b4a2b94603a2130cf0273033c76b26a83430b8e9971b409e6f75c87c7a162332e1bb3546ea131fd771ef1a7415f54", ['\x00', '\x00', '\x00', '\x00']}, 0x4e7)
r4 = syz_open_dev$vcsn(&(0x7f0000000780), 0x7fff, 0x80d00)
ioctl$SG_GET_SG_TABLESIZE(r4, 0x227f, &(0x7f00000007c0))
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x40040, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r5, 0x40089413, &(0x7f0000000840)=0x6)
pipe(&(0x7f0000000880)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000008c0)={{0x1, 0x1, 0x18, r6, {0x4}}, './file0\x00'})

18:23:20 executing program 5:
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)=0x2000000)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='rdma.current\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000080)={{0x3, 0x2, 0x5, 0x2, 0x3}})
r1 = eventfd2(0x2, 0x1)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x80049367, &(0x7f00000000c0))
r2 = syz_open_dev$hiddev(&(0x7f0000000100), 0x6, 0x581140)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000140)=0x40)
close(0xffffffffffffffff)
read$eventfd(r0, &(0x7f0000000180), 0x8)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
ioctl$TIOCGPKT(r3, 0x80045438, &(0x7f0000000200))
r4 = fsmount(r0, 0x1, 0x5)
write$eventfd(r4, &(0x7f0000000240)=0x1, 0x8)
r5 = openat$cgroup_freezer_state(r4, &(0x7f0000000280), 0x2, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x6, &(0x7f0000000300)={0x9, 0x0, &(0x7f00000002c0)=[0xffffffffffffffff, r5, r3, 0xffffffffffffffff, r3]}, 0x5)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000340), &(0x7f0000000380)=0x14)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x80080, 0x0)
r6 = openat$cgroup_devices(r0, &(0x7f0000000400)='devices.allow\x00', 0x2, 0x0)
ioctl$FICLONE(r5, 0x40049409, r6)

18:23:20 executing program 2:
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40000)
r0 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1000)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x1}}, './file0\x00'})
ioctl$TIOCSRS485(r1, 0x542f, &(0x7f0000000080)={0x4, 0x2, 0x3})
lsetxattr$security_ima(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), &(0x7f0000000140)=@ng={0x4, 0xa, "bf827ff70da3e1c23a85"}, 0xc, 0x2)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000180)=0xbce)
pwritev2(r0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="cfe4be9b8326b8e1a0730d9009a4bdc52091c3bcbd2d5bb75660a293e075ad35c572512593e518b2a8d6e98dd83cd2f5be8096adc0f684d75117ef363224ac46fdd66d528e8d7c64ea1a0a185acd391e0f9e6cd3c61a316ff79569affbee921a8d7d99dc2a5cc97fb669355ae9c5a098a6539b4ca4673a15c13cc012fac528889f78d860569dacc3bd0628280de70b9c338a0e48a50cca087be7c6285ab2cb0692af8ddf88ebc9be0a7885ef899ea3e98ff2c2", 0xb3}, {&(0x7f0000000280)}], 0x2, 0x8, 0x4, 0x8)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f0000000340)={'ip6_vti0\x00', <r3=>0x0, 0x4, 0x9, 0x0, 0x2, 0xa, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, 0x3562687bf15482cb, 0x8000, 0xbf9, 0x6}})
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000400)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4e21, 0x0, 0x4e21, 0x2, 0x2, 0x90, 0x100, 0x2c, r3}, {0x234, 0x3, 0x600, 0x80000000, 0x2, 0x3, 0x4, 0x7}, {0x3e77, 0x200, 0x5, 0x636}, 0x7, 0x6e6bbf, 0x2, 0x0, 0x1, 0x2}, {{@in=@local, 0x4d4, 0x3c}, 0x2, @in6=@local, 0x3501, 0x3, 0x2, 0xb2, 0x1, 0x7fff, 0x1}}, 0xe8)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000500)=0xa00200)
open_by_handle_at(r2, &(0x7f0000000540)=@isofs={0x14, 0x1, {0x0, 0x7, 0x1000, 0xfff, 0x1ff, 0x18000000}}, 0x20000)
connect$unix(r0, &(0x7f0000000580)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000600))
setxattr$incfs_id(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680), &(0x7f00000006c0)={'0000000000000000000000000000000', 0x33}, 0x20, 0x1)
accept4$packet(0xffffffffffffffff, &(0x7f0000000740)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000780)=0x14, 0x80000)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000840)={'syztnl2\x00', &(0x7f00000007c0)={'ip6tnl0\x00', r4, 0x2f, 0x6, 0x8, 0x5, 0x10, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x20, 0x10, 0x1, 0x3}})
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000008c0)={{{@in=@empty, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in6=@local}}, &(0x7f00000009c0)=0xe8)
sendmsg$nl_xfrm(r2, &(0x7f0000001b80)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001b40)={&(0x7f0000000a00)=@delsa={0x1110, 0x11, 0x200, 0x70bd2b, 0x25dfdbfc, {@in6=@loopback, 0x4d5, 0xa, 0xff}, [@policy_type={0xa}, @encap={0x1c, 0x4, {0xfffffffffffffffe, 0x4e24, 0x4e24, @in=@remote}}, @algo_aead={0x5e, 0x12, {{'ccm_base(xts-camellia-aesni,sha3-384-generic)\x00'}, 0x90, 0x60, "797b9084d37d210b5c9a1611ae4d17873a6f"}}, @algo_comp={0x1048, 0x3, {{'lzjh\x00'}, 0x8000, "ad6bc2dda05489ad9ded5c346df7b4ee376435c24ff61225d14757c43a96dee3c9441c5fe97c353b42d33fd13a7e878952b6568db54d97ce1c816d761d75c5ba809a1c0cdff38107e6080611e7e754080e06a7adc2c4f863ef8aed3e71b48a0a4c7b8c255dce4dc9f3b9845341133a4b81e42a77bf480bf6df5b094ee7f06edbd26dc923f13fbc3411086b8629a6079f4aed38438bd16d5dfe98edd4f6e5b9536ceec90f74231be16089e07cb58df039b9045a4b12a2c442e9e530d8e2824aa9bd0c82a732fb904d7061929f66f031facc58a8fe1cda8277b4b55ef50d1675b6515bf4902c6282cb7599ca321219da146f59216cba428ffd82ed9e1f8f302b2b2f71d6e761011e043ec70708b484cc50d4cc9fabbbafad6f0fc8a9a65714fe47356334c06b35759bc84d6e66ed1eb906ef839261c68511cd6996d67ce71434eecd86a9085575b8a7cf16854be530012e55357a8a06b5478c18d19a3bdde81f8a91ba2c4d86391ce30c9349ec98cb43ff4baa1718204170db33ee1350d346b37de6537cefc1c8f0ed3b6796453e1b7e61156703922fa35569906bd50cd99d46b7f821bc170c2ece0730a14a951078b539c6a3f8007392e19b2cf68211a2c1f393008a4edaeb702fab8399be27399d73c981beda84f2dea88a983cc358ed323ba06c3677aef4537b6792b97b01bc69b1446307c8b3f9fc4a231a3816b89bb6728c8585bc32384f972ab392f15a462a6c2115c0520e43043fc3242cad513278fcc82e9bc4d30f41e73aa216da7ce90c73a98285e8bc88f485c503a004d59b5c7f2afd56d1db09d8ff8d5eee69539ef271cf05de35f620ddb0285870162dfa59d7ae9a18121bde8f62e4797506073391d757eec77c7c43985fee2a6358838276af0c44680a0095567db2ae72c04ecf5bcf06333ce1323d58970d6fa9deb3bb03d5fffb3173e386b0ab3b72967cbdf32ea555be9fce7fdc0591bd921de0bc499b8302b453c856cfc05cd455b049c325dd0d74772b020e22f6660e078ce8a518a87946374be1ccc3ae13ba9303c2edfff4d2858da57a028062b179ff808d72e676bc1e322d173cd714deaaadfab4cc458bf02c91e0d1cfd5fd918110e46ad4dd91d4292e9868840ad351af25b7cb13416372c920d699e1ad92b99cef000be8935fc3c4047615141e0bc0fb5fced316ef7571ee841ec38b1d99d6817afc0df984ca1ea140dbc696f73ee2eeef5f78cbb2c7a9ab7a39c3ceca8bff72ad221b5d1b32d80cba2287e7b2b833273b99c946a13b7c9e8fd7cad086a723e64985eea86204499c8cdc4537a7f5ff6723f4f5c4e3bc312a3476bb7a98ce3cc30d0cd25aa613b83610eaed55b9f9e89e51db0a78888c9acfaccc6ce9973f9b8fc369011d09d95af3c8f31ac3d713e4a2769dd226c0970a8ead3ade106f1817a32568109c8a45abcaa74abd87314e69e11b4a159eea9caf83c22b2d8acfb8b00aa12f0c568d381ef0b6dfbabc3f04a9141bcf0ca471515a56e7081c5a63b35eeaebe90fb9467c04dfff98858e3528f94c556b02c85144a327cccd2a0e11692edb3376866fcd6202f7744151fcdab4c389146c575424f0ec346192ea099a3702061a9db1aa43af8fd8473f0cd210b2c5a188879e05698edb5a91a2de10dc377e36c8406f64a321667af560b2d3a9853482d4b3d98c9ad4d34e7bc2d36515571e57d73922ef1dba6acb4247919a0afbb2b639131305ec7d6aa7fd8c6630ed18e71301a95f8dee3798df38b7cc013f14f24a0184b7d078d9df8e30aa25581b6e20534c54518d29969606c0201e65c11b548a39a22604ca309b6a6a75c99a8cc30bfbfffb065f3a6e9e64d78b82fc4b2b8c06bbebf332349aad961cb9eeddb3a613b0a10375244cea9791a2c9d4df09766ef2eeaed60fae18029184799b05f1e6a2f8cce3dde83e0e63d554e40a0123ef13dcd5e742cbfbbd8e93d7451026fa6c35d46e7e4134e5f8191accc917f5ddece728bde6b0f20eb678b0aee121ba64c94eb5a2937032642d53e0d1a6b7fd1b9d32de049c575eda1410ea99b8eccf6c7f07af7fe1ac5d56b975132a4158cba4f7460db74f05d4b6c766e50506165b25096d5fd854702e37c48925c9857418e9213f23accbf001c96bd528b6028752a863fb3bd0f02c1ad4c2756c6b75e1cd4d1bd54448411935495bc0ca7c7b9bb733fedf61960cfdcc188267ab5457ca839375615dd709748eecd53d4b304375193ce7bb506fbc08fd0b8f8e7589367dc5f09749894e732936bb567844cc80da44f82119935afe4a61555ae2a9dc4101cc545ac7bd43e181c885ee922501816fd9b9d3f9b40be23ed00419ad457391024f2ba38150a37a22b2863f4f0123e8247ba93bd7d211cda0f66f12957748337057e35d15a320a45bc276075420adfbb5c8664a7865548b0b24c0dd0c842beab5c78430091b1cd635d04e42edd7a6144af302a7fd61aa69fa4883469fae2511d9260debabf6e77759dabd131f1bc7a8955150685808631b3093222fe6cb8868d631d8dde5cfefa97dc7eea811f02e3edaf6256b73ac7e6a3036f0b42703120d16a5b2e6b41875a911e94983296438bb88b89b7b886307379662c585b47502fd44b42e2e31bdd4268d81d6eb1dbe1faf8f983411eb95dd9f0053cc515c3865ebe59b604cab533680031591f0c44c1fa6dc8e8f6056c7b84941bb36245269b1837eba0546dab49ffe14736bb1afcafe626fb5f63e542253189e6f9d1dd1f1cbf8c82df1172dc581e7dc4e0f72a41af1e339613d8556e187fe8d9ad0dadda804b7fdd8b879264e4d975606e14f71e3ca3b10af33b904789a5d0b1ac9685dbaa1be0a27e0e9cfbb485b5b08fffbf64e9047cc3df05ba04e8a57a9be0710f3f1c27fa5b1ef82465da4ba7a0ba8331a7f83753842b1df8c64b19c07d48163bc3b3287097fee6b792bfc833fe7fe56992d0a28683baf20458d6de6d849aed3a8f3eaadd472d9db9f352ef7385fce9bad6a778a50ed182a6a02ad014062444c588934017ddcb4095534d7f6d54aaf8d1cd9b400a2199a3fae415f334d1c97f89c18a4ea296f03f1bd2ed12dd72d90746f83ac269dbba1c0974971a8fc2002fa2739017b275f4d3fc7a3957d4f5ac616619e71a53cc04f0bab88c4cc4931a8f11b805cf3b08dbc054299c308c7138963ffde2a7391b7acb12e32308c685b208f94e575cc8b3b52b40aa8f2bc10915a186a80a2c539b363b7bce089e852cb1a94733f82009eaf9b06ffc1f3e61920c55b30a0ed77480bfb68e89be8afdf3be8b4b74669393cbc73bbfaa83be76c55176f3a63507c7b0c26eccd2394f6cbc32d9e05bf3ee34f76275b172d05c7c0955dceee709b7fff24da31e302515e8a5b8fb46636d34dbc28cafdfa5aab2bc82f0a553d87c70ff7a24827b6d39e082dc5fed7912ee6cba655ff4e5723ea711c979fc15dd5d42da2c5eb8c54c465678f9db345e97281f1dacce9d37e6b70fe2ad20b1fb846e990145b7139d5a54396d01bac234fc78957419c0cfa5ee109c8e1da226c3e3b26388140ed13cdfbe305c4fe37dbcdb062a92d97fe8666ce3144ffd30cd0599347e4828179a7d75ec1912cadae2c0a35786bf32bca917d3ec86636613dbeaf6523bb62db34f2e887c08180eafaa2043558ea4f008522b636333fb5c08a5a9882817ae8707677339405460236be7429db225ba45cf6f5a7157ff0ffcbbf24ec95060b213fd2c7a9a185af85c8a550bfb1ef4130eea7218e88bdcc6a338ea933eaab0c906d075762abf6b3ff4992c7916f0ed18ee60ec252b357deef2c1b98049b564f06567644dcc40ac3bbcb6a47b54783a89f7ca18ac282bb9ec75e3860b061fdd1dff3f654d52b6db1606e1e64a9ed48676dc865c76dac9c18e17fa8c8fc04c82b70dbdcba3bbe1457e479d3bf85e32550a88532aa419e28ba325572a75f79d7ff64cf5795cfd7762d6501cd33095a0e6e44d0c1414a6ddb10ebf2c410ca7cdab52b4236751a410a1198df53593f0b58d3491ee1778bab908894094efa812ea8eaa2fcb2b454e7c39b9ad6501f3f0d4f0db63b25811f255115d85c4f28f5cca15c0e0714b2d531fed1bb1a5f32636e95a4babc45d2899c879fcf4a24d6f1ac28374d2c5790bd77379c0852e746f09c23e8c9032802ff9e92630916b8cd2ae2eb8addb4d2dce6e7a923a11dca2157437ea6c62db18d72e18bca58189959b751c782cd7aae848d14e146fa57129e9683aeb9faaaf1f0ae815635e06bc45beb70fc4009b5f01b9b0cb4cadddf5739f7e2cf6f816f2933de262f31ee833b30955910c8159312866fa706b857e59a5b19e06bb1cb4da2d50140d6a0007021867af3eb23cab50996e68d03ac2b981514d854d31b52373d95572409ececba4b92946544da143631ae726eb05486cbe51babe3d7d681a0821882862cc36ea6a6aab286f1d28f30e2fce0e0b67dc38789595d6e379587d99991f09e973432f9d80f98862af880efae2d594a1d088acaed280b4a977838d24e0ec7f0b6ed5d93ac80c871160b58407a5b9605e59499c78be2a94c3d8fe6d3a979f265d7a9ee6042b7b65d4e9fe598f55b2ff7901093fe69580aa792f771759b3d0c4ae04b7a8801458942903f270201539ca434567f733255cafa428a26187843cef2eaa4f6f9775bd54e32d6c5f7b405f8e8eaebfd58cbf0781802af45b61dd4092b46cd1690464abc17b24aa5c2a278016ef1370f1ed4cb73c25a58ec2f7d764382a6e42cd4601218a08044f62ef279536c7bed65bf7ad175bab6ec5f46e1734c9b29e3aaf872459582e33ba6d93652f0f9b391c53cdab005c1f536a250712d69bbf0a270889854d6382362d7be4eb4d2fbaf2f148653181bf15a731661663ad9e9d2b112d8c56e56b4343974ea86a3f58a8b50c3aeb2ec8d177fcc467ec19a81e71bbdf1e9f080ae4aa84b97fa867fabf03693c34e93a5264c01095c2a6a7ff7b697605bb7d45b0533dfdf23c80659b444e7e89e62cef1e2ac2a59424f0401f12e073d6c38405d38b684203ef8f55e2a78158cc2c11acf9e54f4f803768526e783b3420496b283413f9bd02af33babe8ea724025282fddce6bd0acf496b350f958a4d2a2d37ac03b7002640edc4b1882f84c83c4830e58f5e70f01b32062d0a0839d6971a1f00f2a8682cb7f71cc511b525381c945538c250034af8949ae3792c699b402e7c254a3f0e5bfecabe657bb6d681c3a859c70a8a954769a1553a5d8dce79bea5f18e77e5fcb6faa4810d9a98a3e587df7f470522e8ab5daf6030929224efaf7695865727fe90efc297aa17b3765df457b424deee6e03024318c771d4225698d9b5d2c2c504481f80b58c4ca15bf212b49e0e0a59dab17b172d7ce496b32457b4be29763f9b88399bdab9a06d6c3a005f71ae9a975466bf4e872e7c4022104ed0478d12cecf3d990f9d1b41e779446416defbd2ad4370c46c63148f6c936ecc8266eb81f5eaaf7aef6e94ff42eae2445d52944ba7efb287d86201a0b6c9d437d3cdee3a627bed5f968265ab98a6f9ac23c9168272d36c7829d46d67d61206a120f9010a3d74bd9712bc1b0a684fea9d2d7b23616fe48d1ef692129da615294f09b98b41028ed4aa48c8ea71153ca4d5b64308ea1344b2ab58cbb5c74d36de851ef3d89f3356a308e1049f402ddb31336d1195d2667b58c5e6e56e45d6cdad567ddcf19861248b8ee73e55f72cd7239efe0b4781d87c45be35f4531ad9cc7d1faf0b73694dad720023815cc59d5bbf5f32e376fafe2"}}, @XFRMA_IF_ID={0x8, 0x1f, r5}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x23d6}, @etimer_thresh={0x8, 0xc, 0x80000000}]}, 0x1110}, 0x1, 0x0, 0x0, 0x5}, 0x20000400)
openat$full(0xffffffffffffff9c, &(0x7f0000001bc0), 0x410000, 0x0)

18:23:20 executing program 7:
r0 = socket(0x1, 0x6, 0x9e5)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x3b, @broadcast, 0x4e22, 0x1, 'sh\x00', 0x38, 0xa1, 0x1e}, {@broadcast, 0x4e24, 0x10000, 0x1, 0x7b5, 0x7a2}}, 0x44)
fadvise64(r0, 0x3fc00, 0x6, 0x3)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000080)={0x7, 'gre0\x00', {0x9}, 0x9})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000010c0)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000000c0)="e395d7bf402fee2d1bf30c4b494eaf6cce719be3a7e6341ca3e34ad253081528c06d623bc8ad829d140479e737911f6787ba5b8f4bcfcfff47e8414ad03d6a1507ffd2c8b26eedbd05ab3b51856e6a89f9f6c4f921a9682d7551eb4c3877bcb81cd02ca40e2336db17d97c04d9753e904c405e1080511b0b0cbb6215746719523ed22fec17e58a5d0dec0e28c0b737ad7580329fa4312a8f9859e1b687a4101721d1f605240ed4b52dd15ac687aeb8bf649ec1e8f9b2535f03df0c2ff7a0a2fb4797a5e3d5e8787957e4482990050ef9aaa689b03ecacfa9967eb605ef4c75ab434b5b4f836b93a10432de0f63fedb955ed2fb99259cdd698beff1a35d6e5648d2e79640efc54291f48cd6e61de3a0dac6365e6c07af574503b500324fa14fecf6b6d0f5508a0742c164b62e812b1f3238a2162b7dd2308cf5112847d7f6b7702b40816755d41332f0da78696834d3a0f5317ab859da7b2f3a0c9ca8f4b33c6da2d972304c24a29adb0a9c4b667681fd5c1fe16573961ab64dad8600f3757abe1f8505ed8bc2a4af19af25478c8a2f9decc731b644ac2ea82c1e17c685673ef3fa456e679376271c243e964c2bc4a80be51c07b55863c29ab30a650f3438ab064cd358a496ff64a620fc3f7242c68ab866efb46795b36c49f0b74cffbfc38698015421a980a2599ff2f85c651cddc07e81ba8641dc1f527c8ee17eac16c131f4d465d90ffb1c03c4f2a11a3b5372efbdd3124edd4cc20a2cab7961c76e0d99c1fc8ebf75a5af0584fe4f7e78b22f91c5fb30c4f58d4d9a4631f5e2e1635858c337da6dab39e69f86aec5c0a8aa9ad7b86a83cd40a7fef11c515d2b23957f0fb635ccf1bbe7470797234757e6f6a31f0bdf3dbd19178140467d26dcef547c9f426bbe5baa12f6332ebac695be9212dd02797b1551bd5ac2eb975bfaf584f69f379cbf8fe32531693453686f9c35f0f037e9bf3f9011fca49d6d108acfc3e77dc4db12c116d88e3eda73300e3e8472c9f846aae4d8f6b20a70628312b3d95c18c98a96dccc4c20117a36fee00cb7f771fc1934f3c5dbab31f1f9d3aee30a2df4e14f77bfaa4fb1d5804ee9a8055acf809692954ed3c14e7c06a4ffd012dcf66e365578f523c6c53c6111f4a3f2cc7d064467863efe3f75599b03b4546ec427dbd410567f486121ef9f79100445e03fedb7953374924816502b75a0691e1701e2aaa000c4bc06e98fe6a927444906365ad5ed9339f86b3e8d0b4c237aa688469015c1b0330da31fc301ab34545e1a74aed7e481ead87c43822840e30e6cb449830842fae26b25d08db2c610c4622a579695691778e8bda161a440f010644f725d92115cf08bb4b3967fa7095cf14545e4d9e3bd7734acf3448b87fa3002b3ff31e87e4c976f9b9a61232087ca9e3d09f90590bc4d20797bc83d994dc56674f6ea6c41879c873b02c756308f1fd9a8b239dafe572d180d124c898ab4f8dc3e06d6cd6aeb3ae5d226f59c03e37113d867afd5260adf8bd6330f2c195ef363b552150899882fbfa099144b945f1a714c85a55d8e97985c68b39e7d80f7bc1b071233c11d6f4270af4bdb43cc90dcbc9106bfb5bceedd117f10163b600beeb256a0f75764ad09dea870c38c5acb9c2cd6190b8b4586a6c15b3d65f5f78d16b8b67337e6b2512d24bf1cc931ee018cb9068b02ed8c0f3b896917edde10f1335ae1390ecb615ad25f30c43884eb97d707076f7d3dd0ce75080cf5fa13a684f9b06de5874f983f688a2be021ff511db8c2159002aa63939e54ca5d85f87f1a7c4e95dd4096c4209f7252e3af1ca508eafb56642ed42c8118ad83df9f3567bb5fe3c1257615edbf6d05a64bedbfb999f27d4f07fe1d774ec33097dd96571f15974b6ff1313a6b02d72cabe7ad452bfa6bab5a274f2f3c8c4e0a6ad28b0d1f4243249e4066f4d54e41e80d3d34ec6629fd16eb88a8c5576b4304bf2b527f439da2b8b3ff3c142eb211a3d6bb71273003fdbb2f5de55fdda3ab4953010bc640af3a6153b2ed1ce2c5ce07e24adcdf06fbd3f6f7a42acd1927e4763a10473fd15720a4bae835a2ed50cc4172f9fe9606543a3a903c0ffc5f9b533e9ebecf85a8653e604d97843fed04dc1927d0f7a548fae214241cbd6bd18317e4cdae0862e260896c0c989944a545ffc42557104c08437ca6a62b72a9ad3d085c13b387f00db66c3a6db4f73f311d0ccd61195f473fc3aca529a5ff5ad264f41af8ebd674b9e99ba67c80f07c690fbe5ecaf801b6deeab3d55568f6c2f6b82350a774244693f060dfa1459491b7d814890d3128bb9d3f1cebd6d71b654b02664efb59c7bea05e063b1dc15512b09250152ab4c85563b4b07b1f63d4631f0d3de7d6e5e88b862366b30e45657ee80c624ce2684d9f265b2086e6f8107bb37b2136bb80c75dd7c217db082a65473c5c9793c1155413cfad14b1aa799ef291ca614c5188355ea1f40791da889373a9697afcae624a2a51449115795923c9c593c537578cc6ee335eb399875b036fbdffa7d70197dff7646f198ff80f852654e0cf68db1336203d3c9e5ee0b5f7d404809c39214c387288e5bd74a9ebf1c80ea62519c35b2d06cb38731a8ab0f597993bef1ffa1aea289172acb1377e2b5310086488bc50f180d15b3949b396ffbbe2962b75335791ca4f7decb643cf1ac012cf859769ad678f76fc23de104ded0825b9080d99e819805893db56431bdecc6174c2e8f2c10be86bfb001f6c519d4065f639e9ce842b1485f1cec0da5d75a20b3617cc1e6d766de2697fbfc64dede5c9f5632f74ef6d2e87d5d90263b1f0bdb37f6056bf149597b07166c7b1e78ecca4a26e3807c3b065619fb037efc0e8701755b2cdfdba298ad98ba5e4c86776068f939aa781336cccea0655aa3db2291d96a175e2e848d6b04e8413d3782eb2737721214162d9a93c7578762f9bf0b1576f58bf3bf7f1d2e0d7c6450b0c2e2adecceac04ceaba017501ae4c9836471cc61bb120bdcd037dcd881bdeb849d1c3d0990fcc89e0cc9cfac34e02df742540adf8ebf23f29bb479f80bcb8596b3b0e4bdd1e9de7b0c9f4a65322a14c830fa8bf6d1ad401f8705dd36af33a58d7339748db1fd38de0f378ead21ed05688621394f98947e15ef3cbbe05e5d070056eee2c7b1fc024fe472813acff555697e2b239e730435e893bae0e8c8d11f6c3b9c3a14f04958b0a8769f84c60ec862a864aaddae28a451df04e3688c752be7d553ed07d79a194364b5a4fe5f9118cddd8e22a81b0ca56274991438f02e25ed5a3f965792d3537f73c5ba55e6236be4d1620433ed96d73ca97384b317c0a51b72e645bc0e9546d9e411b232569dcbf6530f7f072912217d9b1a934d4b447d3f439b6d9c6c2892155adfae13da2aad7c7cff818b06878a89c16ecda3662ade3956cfa442e9524148c612ed0843d3162445c031df203386042decfbfdec73c2cfd79a741fa5d39ce1be398ef4516a572d70287a7503fa88fddd27349450b6783ec871df52a24ff7b38efbd1a3cf19c143f202f00fb01b62ad165d79f10cfdd65a384ebd8f2ef3ddd46a2bb06a168e35412a286251612ec884c166fd4f44d8059d7c8c6b0a414cc59c94804d42857882c1bf2f749079445c002acb83cb865b9d8d9cabeac1fe5df3e45957718196904450fc561ade5da84f44b8dd40c17c42ae7a5dbe3c5e6ac1175377afc99eae1b4fa11a09f7bb172b75128c7ccf4afcb4da426dc3786840c39a34b457d943b295e85851d574d7b3ca471692b5e4966507523057a426f39d2aada8246526252ac9148d347c46a9cedd11c065e410597ca493d906f3bcf08b24f231a4453d06e2b5f73731940c2f31a1a07d299b1210a24cfee449bd220b71cc9885b7acc379748ebdca92c3416e01d6428367f8e3dd7f44b074f4e6b0d1f99e867f3c60b2ac1b21c61754c4459f2c7f0364ea37625fadcc1ba88aaea6244e99fcd7cc40042f3c4a308bbea5cbf39ebf52a4d94070abaf8c78e9b0a1e7268c8b943072bc0653c0dbb50bb8c03a6dd63436879f3a304a62a60c8ffd367b1b17b658f7cb586206d044a556df088bea770f12f6685b185613d9f314f4f711cf45307ee9d8216b2eec1572a7d0906b8374e6261eddd890d961d8733297f83d07bb0739caec5d1bcab9d0ec23a26bd8048a7467471ba9283de5dfe497637a38454f05a6f5e2182666f7389ae6e885fad612aca28d4c4792884b5fe54ad2af306857c3c70b5cd7beec3b5fb97be3cb383892fc4669f4854039a442b8049a47162ab0532f08a644f127b08568f64536b5e1058f92a45c286eaf2fedf19da1d8e3fb62c960c19e692bb3c9f4f98bc10513aa2ed797da0f00d454d5b489090d9df87e439662d190aaf43fb560d07aeca0a1a731ff28ba9decad13519735fd4a664f6951a418a0b35f9456c8a7e726a85f87dc39e03b1a5eb8a7a6ded5d211d33a02cd273cabb786a5ad9dde969bb23479978b13a13099a55becf18a79930f53bb5269d168da8f664f5a2779b6397f98a2c68aaffa5bf2982d1e980d584b49e1eeba32d5a1c7dee6e537d6492570fe916b354f70c4282362b163231bd18af8ba50fe3ba9ace156e5258b451e33b847104786f4229eea59b1316e23f39d8011100aced56330947acf2aaa7af2c8dfec80d0f0e4f7c22384fcb6ae6dcc546e6ff9f2273105f7b146f9993f415517252331adf815ad13468a6ca089ce00b8d94338f3009576b76d5f86c28a58d3838f2bcc5efc0a449629cada8488638465e5d551ad82ab35b86e551b5098c83517be9ab18ff57bd86508f2e815bf3212d44071d55e73d67636c8075a52d7e3f10f6190b7af3da18c79e174f7f7414d2a57805c542b902406a7e1a345bbbfbddd3f854bdf8e1928ae17f079b99699cccd764626a613bdee30f8e2175afa33fedcb2bf1a527dc93141f8a8203a0f3b5ba04c4a65f5a32a7a8fefadf054ddd05f389e795b8915e46321dfcbbf2f85fefd2d9166404f4d4f320b6c59d6a6dcfc17f4efc1228ce81f5949ca77b013f758905ae7504366b9263ffaaeb8059d132d95a6674b46e5f4c849eda884fd8e8c118aa14a61f7d262165fe9641e93521b9cc52dba34bd0e713ba381cd2151e4c6fc2eab9b982972e279bc6d63aec00fdbbc48e8ed6c2b0c078e882ac86cca8d79ffb8a626a55063957b68353936a76c03d979271c601176f8f892ae1e10c7083eb7bda87a087f3eb02d8147ef4b722ffc3706bdfac26d0d05c2d2133f527f9fe2cf0145133ccfb21ee77adcc6b8a3c95ded5264b4acee763dfff7de7c1340d002a102c4bec49254554ae07dfda02ed5d79d19f23bfe7eef9d3e4e1bb089535c31df5ad8cbaddd16eb8fc5dbfc5f220e89bd68a367010ee315d7ff3c576ef1f3c56509703039a301472ae4fb01996e955bcda1c5cbe5f1ae9c08a6f422d22ab700464967215ff5a7d43061f6cf0f7a1319d13fbe5991723f696648eed3bddfc4b04f8052addb44c7dd46aed42637f07c9f41fee77b78190a63c7717e80e89b76be49889d475d561d3348847fdc1f6663ccbb54dfdb59e70e6bbb188b7bb3a347e5d1da32005fa914878e7f5a0b6d978992979b4137a5d4ce3aca722761aa25f6a85fbb6c93c0140a8fa1089a81947dc028bb041903adee5fb79abfefd5b990c978900036b526723cfa04663e96737d93b7f69212365f8c319206c76a5f62a8262714b7617298429a8fb144e5fd63df0f0befac9a5e177d5b20143dddcc6618c898468aeee98db712a1041", 0x1000, r0}, 0x68)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f50b, &(0x7f0000001140)={0x1, 0x1000, 0x6})
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000001180)={0x23, 0x37, 0x2, {0x1, 0x200, 0x8, 0xffffffffffffffff, 0x5, 'gre0\x00'}}, 0x23)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f00000011c0))
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001240), r0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001400)={&(0x7f0000001280)={0x158, r1, 0x10, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x43}}}}, [@NL80211_ATTR_IFTYPE={0x8}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_IFTYPE={0x8}, @NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b358ca2744f5d8bbc5b759f1c2ab58e4c6f234ea6b5d1929"}, @NL80211_ATTR_MNTR_FLAGS={0x2c, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x20, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "acac7a7e4f2513d95f4edbb113fde46277b4763f54c7efcb"}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x14, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "4b13c84a5627d3ee3ab3bbcc9c50b866d33c77c4feb24f9b"}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x158}, 0x1, 0x0, 0x0, 0x4c000}, 0x24000081)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000001480)={{0x1, 0x1, 0x18, <r2=>r0, {<r3=>r0}}, './file0\x00'})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001500), r3)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001540)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000001640)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001600)={&(0x7f0000001580)={0x78, r4, 0x800, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x9, 0x31}}}}, [@NL80211_ATTR_TID_CONFIG={0x50, 0x11d, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xdf}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x40}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x72}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xe3}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x2c}]}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x5}, 0x48c0)
r6 = fsmount(r2, 0x0, 0x70)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r6, 0x8983, &(0x7f0000001680))
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000016c0)={{0x1, 0x1, 0x18, <r7=>r2, {0x2}}, './file0\x00'})
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r7, &(0x7f0000001880)={&(0x7f0000001700)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001840)={&(0x7f0000001740)={0xcc, 0x0, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_ADDR={0x38, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1e}}]}, @MPTCP_PM_ATTR_ADDR={0x60, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}]}, 0xcc}, 0x1, 0x0, 0x0, 0x20008000}, 0x40000)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000018c0)={{0x1, 0x1, 0x18, r7, {0x1, 0x7}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000001900)={{0x1, 0x1, 0x18, r7}, './file0\x00'})

18:23:20 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xbd1355f056b3d41, 0x2)
sendmsg$NL80211_CMD_SET_KEY(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x0, 0x10, 0x70bd26, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6}}}}, [@NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "2504445e86"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "63b4874f5fee4ba873b11131c7"}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x40800}, 0x22000004)
syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f0000000580)={0x93, 0xc, &(0x7f0000000180)})
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc080661a, &(0x7f00000005c0)={@desc={0x1, 0x0, @desc2}})
ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0xca289435, &(0x7f0000000640)={0x0, 0xa2ed, @status={[0x7, 0x401, 0x5, 0xffffffffffffff00, 0x6f6, 0x1]}, [0xffff, 0x1, 0x415, 0x4, 0x9, 0x1, 0x1, 0x6b2, 0x8000, 0x1, 0x3, 0x200, 0x80000001, 0x4495, 0x100000001, 0x1, 0x9, 0x1fb, 0x4, 0x0, 0x3, 0x6, 0x5, 0x718, 0x6, 0x2, 0x8001, 0xfbf, 0x3, 0xf1d8, 0x8001, 0x1, 0xd03, 0x7b85, 0x5, 0xa1, 0x6, 0x7f80000000, 0x0, 0x4, 0x42a9, 0x3, 0x6f9, 0x0, 0x7, 0x6, 0x35, 0x1, 0x9, 0x10000, 0x2, 0x5, 0x1ff, 0xffffffffffff8000, 0x8, 0x3, 0x0, 0x7fffffff, 0x4, 0x7f, 0x2a, 0x400, 0x80000001, 0x30000000000]})
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001080), 0x8200, 0x0)
ioctl$VT_GETMODE(r1, 0x5601, &(0x7f00000010c0))
pread64(r0, &(0x7f0000001100)=""/253, 0xfd, 0x3)
ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000001200)={0x3, 0x0, 0x9})
ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000001240)=""/199)
ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000001380)={0xa, &(0x7f0000001340)=[{0x0, 0x8000}, {0x4, 0x100}, {0x6, 0x6}, {0xad, 0x9f}, {0x8, 0x100}, {0x8000, 0x7}, {0x401, 0xa0c}, {0xf2c7, 0x69c}, {0xffff, 0x6}, {0x3, 0x1}]})
ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f00000013c0))
ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x541c, &(0x7f00000023c0))
r2 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r2, 0xf50f, 0x0)
r3 = ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0)
fgetxattr(r3, &(0x7f0000002400)=@known='trusted.overlay.opaque\x00', &(0x7f0000002440)=""/92, 0x5c)
dup3(r3, r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000002500)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x5, 0x0, 0xfffffffe, 0x3, &(0x7f00000024c0), 0x1}, 0xffffffff)

18:23:20 executing program 3:
ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000000)=0x20)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_TESTMODE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000100)={0x288, r0, 0x10, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TESTDATA={0xf1, 0x45, "cdd5eabbcf8aa8d8790cfa49fb53a192af54eaa83eddff6836adbe0c5abbd0619423a4c06dd670c038278b93af6a61583cea307c1d5f360c79187001e7dfe2cce2948ddf666df3e1f10b34ace42ad0b482d1c2a4190907791dbed51deff1b75b99677eb8d6ee5ee1362d2d7191e70f470ad76ac48e477ac08607384cc98ea92d96eef1755900832b9a7be42255f5ca653e0bbb7658bc7227c2ffb31505a6be7e8ce0d4509ed49d2721027ec722a9302a57abaab8220b09bac8aa152da0b59e7f62129f88902acefaf6d0b9b49e902696b48b3df1d0f89734b5631271335c72470a53fff7d9d67b959c6bfe5d68"}, @NL80211_ATTR_TESTDATA={0xa6, 0x45, "3b14e9bb6e2120e6f0d8662091edb235660eb2668b1af17d0827552707040e871ac186f7018028dfa1a33f49ecb03822050446c204ce67bf3712e5f942a494198d336416b1f38b0ed893eab285d54a14a0abf46dc4bea06ef90361585ea7fe53c975eada3c61c1a5e8af32e34486cdfa8712d888c6f0e65934a498b80a661d4fbb9828ac8738ac694ffebd33795845f1a7cabe3fd523db4a8a35fc738b6ef4bce70a"}, @NL80211_ATTR_TESTDATA={0x7b, 0x45, "a4abd16919d1079dbf900dba1a065a71de796a2a09630f083d927cc9190619e84c7a7b16c824d61712a8adc7b96ebd1882a8523474511d31ddf1f9fda12edddb7576c2490cbfcfd1acc3f1f6cef42abb058a19ab9ade6f64019871d7a299c1d44d576fa245d99e702abdc2b8e546a13200df247f9e9b92"}, @NL80211_ATTR_TESTDATA={0x52, 0x45, "2f5c9ff62dd58cfaa9a420d3b227358ae9446400f24c22fdb037159abfcd85fc554e1bb7cf96b859811499bfea07cc85588bd6ac4f0705a40cb1271c421c9430384650b8e1154f263492b922531d"}]}, 0x288}, 0x1, 0x0, 0x0, 0x4000}, 0x40001)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000480)={0x538, r0, 0x300, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x7ff}, @NL80211_ATTR_BSS_BASIC_RATES={0x1c, 0x24, [{0x6}, {0x12}, {0x48, 0x1}, {0x24}, {0x30, 0x1}, {0x3, 0x1}, {0x6}, {0x16, 0x1}, {0x4}, {0xc, 0x1}, {0x1b}, {0xc}, {0x5}, {0x9}, {0x4}, {0x16}, {0xc, 0x1}, {0xc, 0x1}, {0x30, 0x1}, {0x48}, {0x1}, {0x48}, {0x18}, {0x60}]}, @NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_CONFIRM_TIMEOUT={0x6, 0x2, 0x21}, @NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8}, @NL80211_MESHCONF_TTL={0x5, 0x6, 0xf}, @NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0x20}, @NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0x1}]}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_MESH_SETUP={0x8, 0x70, [@NL80211_MESH_SETUP_USERSPACE_AUTH={0x4}]}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x5}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_TX_RATES={0x4a8, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0xc0, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x4, 0xfffb, 0x27, 0xffff, 0x102, 0x7, 0x38]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x47, 0x2, [{0x3, 0x9}, {0x7, 0x7}, {0x6, 0x7}, {0x1, 0x7}, {0x2, 0x7}, {0x1, 0x5}, {0x7, 0xa}, {0x6, 0x6}, {0x0, 0x8}, {0x2, 0x2}, {0x1, 0x8}, {0x5, 0x6}, {0x7, 0x5}, {0x4, 0x1}, {0x4, 0x5}, {0x0, 0x1}, {0x0, 0x8}, {0x6, 0x4}, {0x0, 0x5}, {0x5, 0x6}, {0x3, 0x5}, {0x1, 0x9}, {0x7, 0x9}, {0x3, 0x9}, {0x7, 0xa}, {0x0, 0x1}, {0x5, 0x5}, {0x5, 0x5}, {0x1, 0xa}, {0x3, 0x4}, {0x7, 0x2}, {0x5, 0x7}, {0x5, 0x6}, {0x3, 0x3}, {0x3, 0x2}, {0x0, 0x3}, {0x2, 0x4}, {0x4, 0x6}, {0x5}, {0x1}, {0x0, 0x6}, {0x1, 0x5}, {0x5, 0xa}, {0x4, 0x5}, {0x3, 0x3}, {0x5, 0x7}, {0x0, 0x4}, {0x7, 0xa}, {0x6, 0x8}, {0x5, 0x8}, {0x3, 0x8}, {0x5, 0x3}, {0x2, 0x3}, {0x4}, {0x5, 0x9}, {0x6}, {0x5, 0x4}, {0x3, 0x8}, {0x1, 0x6}, {0x1, 0x4}, {0x0, 0x4}, {0x1, 0x7}, {0x0, 0x7}, {0x0, 0x1}, {0x5}, {0x1, 0x9}, {0x0, 0x2}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x96f1, 0x7, 0x7, 0x0, 0xcf, 0x7, 0xff]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x0, 0xfffc, 0x3, 0x5, 0x7ff]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xe14, 0x2, 0x400, 0x8000, 0x1, 0x4, 0x2, 0x81]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x8000, 0x20, 0x8000, 0x9, 0x1, 0x6, 0x800]}}]}, @NL80211_BAND_6GHZ={0x114, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x81, 0x1, 0x5, 0x2, 0x40, 0x200, 0x1ff]}}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x2, 0x60, 0x36, 0x0, 0x5, 0x1b, 0x4, 0x5]}, @NL80211_TXRATE_HT={0x3a, 0x2, [{0x5, 0x5}, {0x0, 0x1}, {0x5, 0x1}, {0x6, 0x2}, {0x5, 0x9}, {}, {0x7, 0x4}, {0x5, 0x2}, {0x5}, {0x1, 0x6}, {0x0, 0x6}, {0x4, 0x1}, {0x4, 0x4}, {0x4}, {0x3}, {0x4, 0x7}, {0x7}, {0x7, 0x8}, {0x5, 0x5}, {0x0, 0x9}, {0x7, 0x5}, {0x3, 0x3}, {0x6, 0x7}, {0x0, 0x4}, {0x1, 0x1}, {0x3, 0x1}, {0x1}, {0x3, 0x9}, {0x5, 0x5}, {0x2, 0x9}, {0x0, 0x4}, {0x6, 0xa}, {0x4, 0x5}, {0x6, 0x1}, {0x5, 0x4}, {0x1, 0x5}, {0x3, 0x2}, {0x7, 0x4}, {0x2, 0x5}, {0x2, 0x8}, {0x2, 0x9}, {0x1, 0x9}, {0x2, 0x5}, {0x4, 0x4}, {0x0, 0x2}, {0x0, 0xa}, {0x1, 0x6}, {0x0, 0x7}, {0x6, 0x8}, {0x5, 0x7}, {0x6, 0x5}, {0x0, 0x8}, {0x4, 0x2}, {0x7, 0x4}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x6, 0x8d2, 0x6, 0x800, 0x7ff]}}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x0, 0x2}, {0x1, 0x1}, {}, {0x7, 0x9}, {0x3, 0x8}, {0x3, 0x6}, {0x4, 0xa}, {0x4}, {}, {0x3, 0xa}, {0x1, 0x5}, {0x1, 0x4}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x11, 0x2, [{0x3, 0x2}, {0x5, 0x1}, {0x1, 0x6}, {0x3, 0x4}, {0x2, 0x6}, {0x5}, {0x3, 0x4}, {0x0, 0x2}, {0x0, 0x1}, {0x1, 0x3}, {0x4, 0x8}, {0x6, 0x3}, {0x5, 0x6}]}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x24, 0x6c, 0x4, 0x4, 0x3, 0x60, 0x36, 0x9, 0x5, 0x60, 0x4, 0x24, 0x1, 0x12, 0x32, 0x6]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x3000, 0x8, 0x200, 0x80, 0x6, 0x1f, 0x2]}}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x0, 0x9}, {0x5, 0x5}, {0x4, 0xa}, {0x7, 0x1}, {0x1, 0x7}, {0x0, 0xa}, {0x0, 0x1}, {0x7, 0x1}, {0x0, 0x5}, {0x2, 0x7}, {0x2, 0x8}, {0x1, 0x4}, {0x2, 0x8}, {0x0, 0x8}, {0x0, 0x7}, {0x4, 0x6}, {0x4, 0x8}, {0x1, 0x5}, {0x1, 0x2}, {0x2, 0x4}, {0x4}, {0x2, 0x7}, {0x2, 0x3}, {0x2, 0xa}, {0x1, 0x1}, {0x4, 0xa}, {0x1, 0x4}, {0x5, 0x8}, {0x6, 0x2}, {0x4, 0x8}, {0x3, 0x7}, {0x0, 0x8}, {0x1, 0x4}, {0x3, 0x5}, {0x1, 0x3}, {0x4, 0xa}, {0x4, 0x8}, {0x4}, {}, {0x1, 0x4}, {0x3, 0x8}, {0x3, 0x3}, {0x3, 0x5}, {0x4, 0x8}, {0x1, 0x4}, {0x0, 0x5}, {0x6, 0x5}, {0x0, 0x3}, {0x1, 0xa}, {0x1, 0x3}, {0x2, 0x1}, {0x1, 0x4}, {0x3, 0x3}, {0x3, 0x6}, {0x3, 0x7}, {0x3, 0x4}, {0x5, 0x4}, {0x1}, {0x4, 0xa}, {0x6, 0x9}, {0x7, 0x4}, {0x2, 0x6}, {0x1, 0xa}, {0x7, 0x3}, {0x4, 0x1}, {0x1, 0x7}, {0x6, 0x8}, {0x0, 0x7}, {0x4, 0x9}, {0x7, 0x2}]}]}, @NL80211_BAND_5GHZ={0x7c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x48, 0x2, [{0x6, 0x5}, {0x2, 0x8}, {0x7, 0x2}, {0x7, 0x4}, {0x3, 0x1}, {0x0, 0x2}, {0x1, 0x4}, {0x0, 0x7}, {0x7, 0x1}, {0x0, 0x6}, {0x0, 0x4}, {0x4, 0x4}, {0x6, 0x2}, {0x0, 0xa}, {0x1, 0x9}, {0x1, 0x4}, {0x0, 0x5}, {0x1, 0x1}, {0x2}, {0x4, 0x4}, {0x2, 0x8}, {0x1, 0x6}, {0x2, 0x6}, {0x2, 0xa}, {0x2, 0xa}, {0x6, 0x8}, {0x7, 0x8}, {0x3, 0x9}, {0x6, 0x8}, {0x1, 0x8}, {0x4, 0x5}, {0x2, 0x5}, {0x6, 0x9}, {0x6, 0x5}, {0x0, 0xa}, {0x5, 0x2}, {0x3, 0xa}, {0x5, 0x3}, {0x6}, {0x7, 0xa}, {0x7, 0x9}, {0x6, 0x5}, {0x3, 0x5}, {0x1, 0x8}, {0x4, 0x4}, {0x0, 0x3}, {0x1, 0x9}, {0x0, 0x3}, {0x0, 0x2}, {0x2, 0x6}, {0x0, 0x3}, {0x1, 0x4}, {0x2, 0x9}, {0x4, 0x5}, {0x3, 0x8}, {0x0, 0x8}, {0x4, 0xa}, {0x7, 0x4}, {0x3, 0x6}, {0x2, 0x6}, {0x7, 0x4}, {0x3, 0x7}, {0x3, 0xa}, {0x6, 0x5}, {0x3, 0x2}, {0x7}, {0x7, 0xa}, {0x1, 0x9}]}, @NL80211_TXRATE_HT={0x1e, 0x2, [{0x0, 0x3}, {0x0, 0x7}, {0x1}, {0x5, 0x2}, {0x0, 0xa}, {0x3, 0x6}, {0x1, 0x8}, {0x0, 0x6}, {0x0, 0x1}, {0x7, 0x1}, {0x6, 0x1}, {0x4, 0x8}, {0x1, 0x8}, {0x2}, {0x6, 0x7}, {0x0, 0x2}, {0x1, 0x7}, {0x7, 0x7}, {0x2, 0x4}, {0x7, 0x5}, {0x3, 0xa}, {0x6}, {0x4, 0x4}, {0x0, 0x7}, {0x7, 0x9}, {0x6, 0x3}]}]}, @NL80211_BAND_6GHZ={0x4c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x17, 0x1, [0x30, 0x18, 0x60, 0x4, 0x60, 0xb, 0x18, 0x0, 0x9, 0x24, 0x5, 0x12, 0x1, 0x60, 0x6, 0xc, 0x1b, 0x6c, 0x10]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x2, 0x7, 0xae5, 0x4, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9e3, 0x8001, 0x4, 0x2, 0x1e11, 0x4, 0x3, 0x200]}}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x7c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1c, 0x1, [0x12, 0x5, 0x1, 0x9, 0x30, 0x24, 0xb, 0x3, 0x18, 0xb, 0xb, 0x2, 0x3, 0x24, 0xc, 0x6c, 0x5, 0x4, 0x5, 0x48, 0x12, 0x1b, 0x6c, 0x0]}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x5, 0x0, 0xb, 0x30, 0xb, 0x60, 0x6c, 0x30, 0x16, 0x24, 0x2, 0x18, 0x36, 0x6, 0x6c, 0xc, 0x30, 0xb, 0x3, 0x1, 0xc, 0x16, 0x12]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x0, 0x8000, 0x8000, 0x1, 0x400, 0x1, 0xa489]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x122, 0xf000, 0x3, 0x6, 0x4, 0x9, 0x7]}}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x1b, 0x0, 0x12, 0x5, 0x3, 0x60, 0x30, 0x16, 0x6c, 0x6, 0x36, 0xc, 0x16, 0x60, 0x18, 0x1b, 0x1]}]}, @NL80211_BAND_5GHZ={0xa8, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x16, 0x1, [0x5, 0x6, 0x5, 0x6, 0x30, 0xc, 0x16, 0x24, 0x2, 0x9, 0x1, 0xc, 0x6c, 0x12, 0x18, 0x1, 0x18, 0xb]}, @NL80211_TXRATE_HT={0x50, 0x2, [{0x7, 0x8}, {0x1, 0x6}, {0x6, 0xa}, {0x6, 0x1}, {0x7, 0x1}, {0x0, 0x9}, {0x0, 0x1}, {0x5, 0x9}, {0x1, 0x7}, {0x2, 0x2}, {0x5, 0x5}, {0x3, 0x3}, {0x7, 0x8}, {0x5, 0x1}, {0x0, 0x5}, {0x4, 0x8}, {0x2, 0x5}, {0x7, 0x3}, {0x1, 0x6}, {0x4, 0xa}, {0x3, 0x8}, {0x0, 0x4}, {0x4, 0xa}, {0x6, 0xa}, {0x1, 0x9}, {0x0, 0x8}, {0x3, 0x4}, {0x1, 0x8}, {0x3, 0x5}, {0x2}, {0x6, 0x8}, {0x3, 0x2}, {0x1, 0x2}, {0x1, 0x3}, {0x1, 0x1}, {0x4, 0x9}, {0x1, 0x6}, {0x5}, {0x5, 0x3}, {0x3, 0x7}, {0x3, 0x5}, {0x1, 0xa}, {0x7, 0x8}, {0x2, 0xa}, {0x0, 0x5}, {0x2, 0x1}, {0x1}, {0x2, 0x2}, {0x4, 0x1}, {0x2, 0xa}, {0x1, 0x1}, {}, {0x0, 0x8}, {0x6, 0x5}, {0x6, 0x2}, {0x4, 0x4}, {0x2, 0x3}, {0x3, 0x4}, {0x5, 0x2}, {0x2, 0x2}, {0x2, 0x9}, {0x3, 0x2}, {0x7, 0x6}, {0x1, 0x9}, {0x4, 0x5}, {0x3, 0x4}, {0x1, 0x6}, {0x0, 0x2}, {0x4, 0x6}, {0x1, 0x3}, {0x0, 0xa}, {0x5, 0x6}, {0x0, 0x5}, {0x4}, {0x0, 0x8}, {0x3}]}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x6, 0x16, 0x4, 0x24]}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x3, 0x48, 0x6, 0x3c, 0x16, 0x0, 0x6c, 0x2f, 0x1b, 0x1, 0x24, 0xc, 0x48, 0x1b, 0x48, 0x8c41a2b455cf881e, 0x18, 0x16, 0xb, 0x6c, 0x12, 0x30, 0x6, 0x18, 0x18]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x7f, 0xb705, 0x800, 0x2, 0x1f, 0x9, 0x1]}}]}, @NL80211_BAND_60GHZ={0x68, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x4, 0x3ff, 0x1, 0x6, 0x8, 0xfff, 0x6]}}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0x6c, 0x12, 0x6, 0xb, 0x1, 0x6]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x101, 0x47, 0x6, 0x2, 0xfc01, 0x6, 0x2]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x12, 0x2, [{0x1, 0x3}, {0x7, 0x1}, {0x2, 0x7}, {0x0, 0x6}, {0x0, 0x2}, {0x6, 0x1}, {0x2, 0x2}, {0x3, 0x1}, {0x1, 0x9}, {0x6}, {0x3, 0x3}, {0x0, 0xa}, {0x0, 0x9}, {0x7, 0x7}]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x9, 0x12, 0x16, 0x4, 0x1, 0x1b, 0x4, 0x36, 0x30, 0x18, 0x6, 0x24, 0x30]}]}, @NL80211_BAND_60GHZ={0x18, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x60, 0xff, 0x7, 0x9d59, 0x52, 0x0, 0x6]}}]}, @NL80211_BAND_6GHZ={0x60, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x18, 0x1, [0x1, 0x60, 0x9, 0x30, 0x3, 0x12, 0x4, 0x30, 0x6c, 0x6, 0xc, 0x7b, 0x25, 0xb, 0xc, 0x36, 0x4, 0xc, 0x30, 0x1]}, @NL80211_TXRATE_LEGACY={0xb, 0x1, [0x6, 0x60, 0x12, 0x48, 0x1b, 0x28, 0x16]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x0, 0x5, 0x0, 0x3, 0x0, 0x80, 0x7]}}, @NL80211_TXRATE_HT={0x21, 0x2, [{0x5, 0x6}, {0x0, 0x2}, {0x6, 0x3}, {0x3, 0x4}, {0x4, 0xa}, {0x1, 0x5}, {0x6, 0x3}, {0x3, 0x7}, {0x5, 0x3}, {0x4, 0x5}, {0x4, 0x9}, {0x2, 0x1}, {0x2, 0x3}, {0x5, 0x5}, {0x2, 0x5}, {0x5, 0x8}, {0x0, 0x9}, {0x3, 0x7}, {0x3, 0x4}, {0x3, 0x8}, {0x6, 0x3}, {0x7, 0x2}, {0x6}, {0x5, 0x1}, {0x2, 0x5}, {0x1}, {0x1, 0x5}, {0x2, 0x6}, {0x5, 0x5}]}]}, @NL80211_BAND_2GHZ={0x4}]}]}, 0x538}}, 0x4800)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000a40)='/proc/consoles\x00', 0x0, 0x0)
sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r2, &(0x7f0000000b40)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x20, r0, 0x20, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xe9c, 0x34}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40440c1}, 0x4000000)
pipe(&(0x7f0000000b80)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x4c, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x20}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40080}, 0x4)
r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000022c0), 0xa0040, 0x0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r5, &(0x7f0000002400)={&(0x7f0000002300)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002340)={0x7c, r0, 0x2, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3, 0x67}}}}, [@NL80211_ATTR_QOS_MAP={0x20, 0xc7, {[{0x1, 0x1}, {0xff, 0x6}, {0x40, 0x3}, {0x5, 0x6}, {0x4, 0x4}, {0x4}, {0x6, 0x7}, {0x1, 0x2}, {0x1, 0x4}, {0x8, 0x3}], "14dcbcf6c71edf62"}}, @NL80211_ATTR_QOS_MAP={0x22, 0xc7, {[{0x6, 0x2}, {0x7e, 0x7}, {0x3f}, {0x1, 0x4}, {0x81, 0x5}, {0x7, 0x6}, {0x7, 0x4}, {0x5, 0x5}, {0x1f, 0x7}, {0x7, 0x4}, {0xa8, 0x2}], "538353dc850d503e"}}, @NL80211_ATTR_QOS_MAP={0x18, 0xc7, {[{0x78, 0x3}, {0x7}, {0x6, 0x1}, {0x7, 0x2}, {0x8, 0x4}, {0x83, 0x2}], "0f5ca3cb25ab141e"}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8890)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000002480), r4)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r3, &(0x7f0000002640)={&(0x7f0000002440), 0xc, &(0x7f0000002600)={&(0x7f00000024c0)={0x124, r6, 0x100, 0x70bd26, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0x200}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x6db}, {0x6, 0x11, 0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x8001}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x7fff}, {0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0xfffffff9}, {0x6, 0x11, 0x7ff}}]}, 0x124}}, 0x8000)
r7 = syz_open_dev$vcsa(&(0x7f0000002680), 0x6, 0x2)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r7, &(0x7f00000027c0)={&(0x7f00000026c0), 0xc, &(0x7f0000002780)={&(0x7f0000002700)={0x64, 0x0, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x10000)
r8 = openat2(0xffffffffffffffff, &(0x7f0000002800)='./file0\x00', &(0x7f0000002840)={0x8800, 0x25, 0x7}, 0x18)
sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r8, &(0x7f0000002e40)={&(0x7f0000002880)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000002e00)={&(0x7f00000028c0)={0x530, r0, 0x2, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IE={0xc, 0x2a, [@ssid={0x0, 0x6, @default_ap_ssid}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x1}, @NL80211_ATTR_FILS_ERP_REALM={0x7e, 0xfa, "fd7b44a4bdee6f0c35c30e5ecab293edcd0462bc56a54943ec4cbf2dff028d7f94fa01a52a215c47ab7fd458a70239a06bd9df7080df981feee4a0b259dfc4bf546ab2410c139267f89e24d752b4f99829e6660236392498f42ab649be2e41cf426a73d940ed43635eda41d47b3b249da0c72812ac48605629c2"}, @NL80211_ATTR_FILS_ERP_RRK={0x2a, 0xfc, "228d8c578e49d2050b86cacf98c5953a308cab1c74df65eba95a6e9818211e39e844ce8d04fd"}, @NL80211_ATTR_FILS_ERP_RRK={0xc9, 0xfc, "a937881aa3aed6bfb37e5340d9c80465bb7885117af8bd78e8608f59d79c20d9359a5632c10d244a40ff23e85ca1b7f20793c27219b6d0f183747bf87514cc00064ded32b5257a89eb2bfeddc07d6deaa138b4d33323f886a0605f589fe9179211e47abed45f1df7cc211ec06574390536df570955c81f9d9c4272209d97c336e7dd4b2122a4ea5af46c45ef85fa1df8cc93aad0c53fc6aa3857b3b97524f21a21742f9866744c6ad5036551a7ddf6619f4d0b709f0fc4a04d96e99e614fd24ed9780fe696"}], @NL80211_ATTR_IE={0xf8, 0x2a, [@supported_rates={0x1, 0x6, [{0x3c, 0x1}, {0x16}, {0x36}, {0x4, 0x1}, {0xb}, {0x18, 0x1}]}, @measure_req={0x26, 0x81, {0x20, 0x8, 0x3, "c0f8690506a95525872f8d88607cca75b73f65db72425d6063b329bafca3f77da21533999b75577e44f9311e542e59ad7615f1f412f862fa624e2ff2ce735fcd21fbe8de840d94f41d69d29501823059e46eac7eab598758d317f617f22bab532170d0394ebbadb89e7f84ba8812ed4bc68f8a26c9e6f353198901dacd3a"}}, @ssid={0x0, 0x6, @default_ap_ssid}, @tim={0x5, 0x3f, {0x94, 0xa1, 0x4, "109a14b63cc013323ad97402cc1b4597d9d6ea207dd25066f8a4e098a4c4626f27d431ed116f6fb2acb633915c1dd3267c2c4b72211299e3f67954c7"}}, @peer_mgmt={0x75, 0x14, {0x0, 0x100, @void, @void, @val="554d39a2c07ec2eba0e054ed96083a42"}}, @supported_rates={0x1, 0x8, [{0x6}, {0x2, 0x1}, {0x5, 0x1}, {0x7, 0x1}, {0x6c, 0x1}, {0x18}, {0xc}, {0x1, 0x1}]}]}, @NL80211_ATTR_IE={0x190, 0x2a, [@perr={0x84, 0x115, {0x3, 0x11, [@not_ext={{}, @device_a, 0x1471, "", 0x8}, @ext={{}, @broadcast, 0x6b, @device_b, 0x3a}, @ext={{}, @broadcast, 0x6, @broadcast, 0x12}, @ext={{}, @device_a, 0x0, @broadcast, 0x38}, @not_ext={{}, @device_a, 0x9, "", 0x2}, @not_ext={{}, @device_b, 0x2, "", 0x3b}, @ext={{}, @device_a, 0x1, @device_a, 0xa}, @ext={{}, @device_a, 0xe48b, @broadcast, 0x40}, @not_ext={{}, @device_b, 0xad12, "", 0x35}, @ext={{}, @device_b, 0x3f, @device_b, 0x5}, @not_ext={{}, @device_a, 0x5, "", 0x41}, @ext={{}, @device_b, 0x7fffffff, @device_b, 0xe}, @not_ext={{}, @device_a, 0x7, "", 0x39}, @ext={{}, @broadcast, 0xffffffe1, @device_b, 0xb}, @not_ext={{}, @broadcast, 0x1, "", 0x15}, @ext={{}, @device_b, 0x9, @device_b, 0xd}, @not_ext={{}, @device_a, 0x8, "", 0x3a}]}}, @preq={0x82, 0x5c, @not_ext={{}, 0x5, 0x4, 0x0, @device_a, 0x20, "", 0x6, 0xff, 0x6, [{{0x0, 0x0, 0x1}, @device_a, 0x6}, {{0x1, 0x0, 0x1}, @broadcast, 0x3f}, {{0x1}, @device_a, 0x100}, {{0x0, 0x0, 0x1}, @device_b, 0x7ff}, {{0x1, 0x0, 0x1}, @device_b, 0x3}, {{0x0, 0x0, 0x1}, @device_a, 0x7}]}}, @rann={0x7e, 0x15, {{0x0, 0x7}, 0x1, 0x4, @device_a, 0x6, 0x1, 0x7}}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x75d3}, @NL80211_ATTR_FILS_ERP_USERNAME={0x11, 0xf9, "73cd0970a1e7152056dceaf220"}, @NL80211_ATTR_FILS_ERP_RRK={0x44, 0xfc, "8720c58d0ed71d535bead2472f75e3e481baf971bfc4a0daa6d5b52f217d14885372b1bc74b5b4473477302a0ea34e27a1a3f9591b96e04d932695940b1f1516"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x4}, @NL80211_ATTR_FILS_ERP_USERNAME={0x14, 0xf9, "c329f1fe6e46e63ed4541fbd1cb7cfa6"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x12, 0xf9, "2baf7b8eb64dcab494e0a4da0da3"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x4e6}, @NL80211_ATTR_FILS_ERP_USERNAME={0xe, 0xf9, "6d6f130e5ac21e595599"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x9, 0xf9, "f15f10011a"}, @NL80211_ATTR_FILS_ERP_RRK={0x4e, 0xfc, "670af32b8b9aada9f938cc88c0ca6ad96552a66252c5cd99c840cf133983c1acecd70364c41bc8d1f965a13c507c56c0c14fe6912caad2c14f316c47e149ccc3fc0d0ecd53ad88d93d42"}]]}, 0x530}, 0x1, 0x0, 0x0, 0x14044841}, 0x1)
sendmsg$NFNL_MSG_ACCT_DEL(r3, &(0x7f0000002f80)={&(0x7f0000002e80)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000002f40)={&(0x7f0000002ec0)={0x7c, 0x3, 0x7, 0x101, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_FLAGS={0x8}, @NFACCT_FILTER={0x3c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x100}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3c46}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x1}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x40}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x4f02}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x101}]}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x3}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4884}, 0x0)
r9 = pidfd_getfd(r7, r2, 0x0)
sendmsg$NL80211_CMD_GET_STATION(r9, &(0x7f0000003180)={&(0x7f0000002fc0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000003140)={&(0x7f0000003080)={0x8c, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x27}}}}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0x53, 0xac, "b68321ee1ba9c1601e0f691ac7ea2e65f69725a642c065a310f3be0158a2af66e9c12d4ea4737f30683997d84fefe0e1b1b973b098d046abf7b682cee443201d373ec72bef73d29e6f593f55e9b62c"}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x6}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x9}]}, 0x8c}, 0x1, 0x0, 0x0, 0x80}, 0x20008004)

18:23:20 executing program 4:
setxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)={'L-', 0x4}, 0x16, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
lsetxattr$security_selinux(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), &(0x7f0000000180)='system_u:object_r:audit_spool_t:s0\x00', 0x23, 0x2)
ioctl$int_in(r0, 0x5421, &(0x7f00000001c0)=0x80000001)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
fcntl$addseals(r1, 0x409, 0x2)
quotactl(0xc9f, &(0x7f0000000200)='./file0\x00', 0xee00, &(0x7f0000000240)="fc811cea7629dfd92676e83e50838473d7f217f2fb1d4d7e1c5999132401d5204658f9e7573e31")
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000280), 0x400400, 0x0)
recvmmsg(r2, &(0x7f0000005800)=[{{&(0x7f00000002c0)=@nfc, 0x80, &(0x7f0000000700)=[{&(0x7f0000000340)=""/171, 0xab}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/159, 0x9f}, {&(0x7f0000000540)=""/184, 0xb8}, {&(0x7f0000000600)=""/8, 0x8}, {&(0x7f0000000640)=""/55, 0x37}, {&(0x7f0000000680)=""/86, 0x56}], 0x7, &(0x7f0000000780)=""/238, 0xee}, 0x2}, {{&(0x7f0000000880)=@vsock, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000900)=""/242, 0xf2}, {&(0x7f0000000a00)=""/136, 0x88}, {&(0x7f0000000ac0)=""/117, 0x75}, {&(0x7f0000000b40)=""/154, 0x9a}, {&(0x7f0000000c00)=""/146, 0x92}, {&(0x7f0000000cc0)=""/208, 0xd0}, {&(0x7f0000000dc0)=""/9, 0x9}, {&(0x7f0000000e00)=""/69, 0x45}, {&(0x7f0000000e80)=""/111, 0x6f}], 0x9, &(0x7f0000000fc0)=""/148, 0x94}, 0x1000000}, {{&(0x7f0000001080)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f00000025c0)=[{&(0x7f0000001100)=""/29, 0x1d}, {&(0x7f0000001140)=""/40, 0x28}, {&(0x7f0000001180)=""/4096, 0x1000}, {&(0x7f0000002180)=""/132, 0x84}, {&(0x7f0000002240)=""/195, 0xc3}, {&(0x7f0000002340)=""/181, 0xb5}, {&(0x7f0000002400)=""/149, 0x95}, {&(0x7f00000024c0)=""/214, 0xd6}], 0x8, &(0x7f0000002640)=""/180, 0xb4}, 0x7}, {{&(0x7f0000002700)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f0000002d40)=[{&(0x7f0000002780)=""/249, 0xf9}, {&(0x7f0000002880)=""/229, 0xe5}, {&(0x7f0000002980)=""/97, 0x61}, {&(0x7f0000002a00)=""/247, 0xf7}, {&(0x7f0000002b00)=""/253, 0xfd}, {&(0x7f0000002c00)=""/159, 0x9f}, {&(0x7f0000002cc0)=""/78, 0x4e}], 0x7, &(0x7f0000002dc0)=""/175, 0xaf}, 0x8}, {{&(0x7f0000002e80)=@tipc=@id, 0x80, &(0x7f0000003040)=[{&(0x7f0000002f00)=""/48, 0x30}, {&(0x7f0000002f40)=""/200, 0xc8}], 0x2, &(0x7f0000003080)=""/112, 0x70}, 0x5}, {{&(0x7f0000003100)=@caif=@dbg, 0x80, &(0x7f0000005300)=[{&(0x7f0000003180)=""/4096, 0x1000}, {&(0x7f0000004180)=""/80, 0x50}, {&(0x7f0000004200)=""/151, 0x97}, {&(0x7f00000042c0)=""/4096, 0x1000}, {&(0x7f00000052c0)}], 0x5, &(0x7f0000005380)=""/64, 0x40}}, {{&(0x7f00000053c0)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000005600)=[{&(0x7f0000005440)=""/78, 0x4e}, {&(0x7f00000054c0)=""/130, 0x82}, {&(0x7f0000005580)=""/103, 0x67}], 0x3}, 0x8c}, {{0x0, 0x0, &(0x7f0000005740)=[{&(0x7f0000005640)=""/4, 0x4}, {&(0x7f0000005680)=""/153, 0x99}], 0x2, &(0x7f0000005780)=""/88, 0x58}, 0x4}], 0x8, 0xc0000102, 0x0)
r3 = openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000005a00), 0x2, 0x0)
r4 = syz_open_dev$rtc(&(0x7f0000005a40), 0x40, 0x258080)
poll(&(0x7f0000005a80)=[{r3, 0x2400}, {r1, 0xa0}, {r4, 0x2161}, {r2, 0x2440}], 0x4, 0x7)
r5 = syz_io_uring_complete(0x0)
getsockname$unix(r5, &(0x7f0000005ac0)=@abs, &(0x7f0000005b40)=0x6e)
getpeername(r0, &(0x7f0000005b80)=@pppol2tp={0x18, 0x1, {0x0, <r6=>0xffffffffffffffff}}, &(0x7f0000005c00)=0x80)
close(r6)
fcntl$setstatus(r1, 0x4, 0x800)
bind$unix(r2, &(0x7f0000005c40)=@file={0x0, './file0\x00'}, 0x6e)
r7 = pidfd_getfd(r0, r6, 0x0)
sendfile(r2, r7, &(0x7f0000005cc0)=0x1, 0x0)

[   72.863597] audit: type=1400 audit(1756751000.598:7): avc:  denied  { execmem } for  pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   74.040804] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   74.042992] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   74.047258] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   74.048721] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   74.051707] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   74.053086] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   74.060372] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   74.062714] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   74.065619] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   74.067333] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   74.249772] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   74.251650] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   74.254267] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   74.256445] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   74.257582] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   74.259737] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   74.261425] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   74.262643] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   74.264660] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   74.269224] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   74.270346] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   74.275339] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   74.276737] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   74.296392] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   74.322179] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   74.322314] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   74.326766] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   74.329187] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   74.331709] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   74.334065] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   74.337039] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   74.338552] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   74.340306] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   74.344015] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   74.345411] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   74.353786] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   74.355759] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   74.358175] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   74.360794] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   74.384041] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   76.135089] Bluetooth: hci0: command tx timeout
[   76.135753] Bluetooth: hci1: command tx timeout
[   76.325027] Bluetooth: hci4: command tx timeout
[   76.390130] Bluetooth: hci6: command tx timeout
[   76.453017] Bluetooth: hci7: command tx timeout
[   76.453057] Bluetooth: hci3: command tx timeout
[   76.517006] Bluetooth: hci2: command tx timeout
[   76.581949] Bluetooth: hci5: command tx timeout
[   78.181065] Bluetooth: hci0: command tx timeout
[   78.183016] Bluetooth: hci1: command tx timeout
[   78.373951] Bluetooth: hci4: command tx timeout
[   78.439931] Bluetooth: hci6: command tx timeout
[   78.501136] Bluetooth: hci3: command tx timeout
[   78.502970] Bluetooth: hci7: command tx timeout
[   78.564927] Bluetooth: hci2: command tx timeout
[   78.628917] Bluetooth: hci5: command tx timeout
[   80.229000] Bluetooth: hci1: command tx timeout
[   80.229062] Bluetooth: hci0: command tx timeout
[   80.421149] Bluetooth: hci4: command tx timeout
[   80.485085] Bluetooth: hci6: command tx timeout
[   80.549015] Bluetooth: hci7: command tx timeout
[   80.549239] Bluetooth: hci3: command tx timeout
[   80.612993] Bluetooth: hci2: command tx timeout
[   80.677018] Bluetooth: hci5: command tx timeout
[   82.277029] Bluetooth: hci1: command tx timeout
[   82.277989] Bluetooth: hci0: command tx timeout
[   82.468958] Bluetooth: hci4: command tx timeout
[   82.533009] Bluetooth: hci6: command tx timeout
[   82.596958] Bluetooth: hci7: command tx timeout
[   82.598068] Bluetooth: hci3: command tx timeout
[   82.662596] Bluetooth: hci2: command tx timeout
[   82.725566] Bluetooth: hci5: command tx timeout
[  112.827061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.827724] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.962385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.962996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.111105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.111701] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.241161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.241787] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.661972] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.662600] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.943292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.944650] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
18:24:01 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/zoneinfo\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000000040)=""/170, 0xaa, 0x4)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000180)={0x5, 0x80, 0x7f, 0x40, 0x7f, 0x2, 0x0, 0x6, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf8, 0x2, @perf_bp={&(0x7f0000000140), 0x7}, 0x10001, 0xfffffffffffffffc, 0xa23, 0x3d4b6b3d4bc8584b, 0x3, 0x1, 0x5, 0x0, 0x5296, 0x0, 0xffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/wmi', 0x200000, 0x2)
ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000100)=""/50)
syncfs(r2)

[  113.993596] audit: type=1400 audit(1756751041.728:8): avc:  denied  { open } for  pid=3821 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  114.002027] audit: type=1400 audit(1756751041.728:9): avc:  denied  { kernel } for  pid=3821 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
18:24:01 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/zoneinfo\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000000040)=""/170, 0xaa, 0x4)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000180)={0x5, 0x80, 0x7f, 0x40, 0x7f, 0x2, 0x0, 0x6, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf8, 0x2, @perf_bp={&(0x7f0000000140), 0x7}, 0x10001, 0xfffffffffffffffc, 0xa23, 0x3d4b6b3d4bc8584b, 0x3, 0x1, 0x5, 0x0, 0x5296, 0x0, 0xffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/wmi', 0x200000, 0x2)
ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000100)=""/50)
syncfs(r2)

18:24:02 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/zoneinfo\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000000040)=""/170, 0xaa, 0x4)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000180)={0x5, 0x80, 0x7f, 0x40, 0x7f, 0x2, 0x0, 0x6, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf8, 0x2, @perf_bp={&(0x7f0000000140), 0x7}, 0x10001, 0xfffffffffffffffc, 0xa23, 0x3d4b6b3d4bc8584b, 0x3, 0x1, 0x5, 0x0, 0x5296, 0x0, 0xffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/wmi', 0x200000, 0x2)
ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000100)=""/50)
syncfs(r2)

[  114.367186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.367812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
18:24:02 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/zoneinfo\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000000040)=""/170, 0xaa, 0x4)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000180)={0x5, 0x80, 0x7f, 0x40, 0x7f, 0x2, 0x0, 0x6, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf8, 0x2, @perf_bp={&(0x7f0000000140), 0x7}, 0x10001, 0xfffffffffffffffc, 0xa23, 0x3d4b6b3d4bc8584b, 0x3, 0x1, 0x5, 0x0, 0x5296, 0x0, 0xffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/wmi', 0x200000, 0x2)
ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000100)=""/50)
syncfs(r2)

18:24:02 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/zoneinfo\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000000040)=""/170, 0xaa, 0x4)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000180)={0x5, 0x80, 0x7f, 0x40, 0x7f, 0x2, 0x0, 0x6, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf8, 0x2, @perf_bp={&(0x7f0000000140), 0x7}, 0x10001, 0xfffffffffffffffc, 0xa23, 0x3d4b6b3d4bc8584b, 0x3, 0x1, 0x5, 0x0, 0x5296, 0x0, 0xffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/wmi', 0x200000, 0x2)
ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000100)=""/50)
syncfs(r2)

18:24:02 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/zoneinfo\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000000040)=""/170, 0xaa, 0x4)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000180)={0x5, 0x80, 0x7f, 0x40, 0x7f, 0x2, 0x0, 0x6, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf8, 0x2, @perf_bp={&(0x7f0000000140), 0x7}, 0x10001, 0xfffffffffffffffc, 0xa23, 0x3d4b6b3d4bc8584b, 0x3, 0x1, 0x5, 0x0, 0x5296, 0x0, 0xffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/wmi', 0x200000, 0x2)
ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000100)=""/50)
syncfs(r2)

18:24:02 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/zoneinfo\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000000040)=""/170, 0xaa, 0x4)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000180)={0x5, 0x80, 0x7f, 0x40, 0x7f, 0x2, 0x0, 0x6, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf8, 0x2, @perf_bp={&(0x7f0000000140), 0x7}, 0x10001, 0xfffffffffffffffc, 0xa23, 0x3d4b6b3d4bc8584b, 0x3, 0x1, 0x5, 0x0, 0x5296, 0x0, 0xffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/wmi', 0x200000, 0x2)
syncfs(r2)

[  114.649963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.651069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
18:24:02 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/zoneinfo\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000000040)=""/170, 0xaa, 0x4)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000180)={0x5, 0x80, 0x7f, 0x40, 0x7f, 0x2, 0x0, 0x6, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf8, 0x2, @perf_bp={&(0x7f0000000140), 0x7}, 0x10001, 0xfffffffffffffffc, 0xa23, 0x3d4b6b3d4bc8584b, 0x3, 0x1, 0x5, 0x0, 0x5296, 0x0, 0xffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/wmi', 0x200000, 0x2)
ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000100)=""/50)
syncfs(r2)

[  114.946992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.947629] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.028536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.030636] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.225204] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.225821] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.306927] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.307551] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.400922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.401546] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.412539] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.413491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.510531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.511258] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.527170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.527733] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
18:24:18 executing program 0:
r0 = fork()
ptrace(0x4208, r0)
ptrace(0x10, r0)
r1 = fork()
ptrace(0x7, r0)
r2 = getpgid(r0)
ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000000000)=""/211, 0xd3})
wait4(r2, &(0x7f0000000140), 0x2, &(0x7f0000000180))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000240)=<r3=>0x0)
wait4(r3, &(0x7f0000000280), 0x40000000, &(0x7f00000002c0))
wait4(r2, &(0x7f0000000380), 0x80000000, &(0x7f00000003c0))
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000480)=<r4=>0x0)
ioprio_get$pid(0x1, r4)
process_vm_readv(r3, &(0x7f00000005c0)=[{&(0x7f00000004c0)=""/204, 0xcc}], 0x1, &(0x7f00000006c0)=[{&(0x7f0000000600)=""/132, 0x84}], 0x1, 0x0)
ptrace(0x11, 0x0)
wait4(r1, &(0x7f0000000700), 0x1, &(0x7f0000000740))
r5 = fork()
ptrace(0x4208, r5)
ptrace(0x10, r0)
wait4(0x0, 0x0, 0x80000000, &(0x7f0000000840))

18:24:18 executing program 6:
r0 = shmget$private(0x0, 0x5000, 0x1, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x6000)
shmat(r0, &(0x7f0000ffd000/0x1000)=nil, 0x2000)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
dup3(r1, r2, 0x0)
recvmmsg$unix(r1, &(0x7f0000002e40)=[{{0x0, 0x0, 0x0}}], 0x50a, 0x0, 0x0)

18:24:18 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/zoneinfo\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000000040)=""/170, 0xaa, 0x4)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000180)={0x5, 0x80, 0x7f, 0x40, 0x7f, 0x2, 0x0, 0x6, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf8, 0x2, @perf_bp={&(0x7f0000000140), 0x7}, 0x10001, 0xfffffffffffffffc, 0xa23, 0x3d4b6b3d4bc8584b, 0x3, 0x1, 0x5, 0x0, 0x5296, 0x0, 0xffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0)
syncfs(0xffffffffffffffff)

18:24:18 executing program 5:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/zoneinfo\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x4)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0xb0, 0x0, 0x300, 0x70bd26, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0xd}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5, 0x83, 0x1}}]}, 0xb0}, 0x1, 0x0, 0x0, 0x400c0}, 0x2000c011)
syz_io_uring_setup(0x7fffffff, &(0x7f0000000780)={0x0, 0x0, 0x10, 0xfffffffe}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000800), &(0x7f0000000840))

18:24:18 executing program 3:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x1d}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)
flistxattr(r0, &(0x7f0000000080)=""/182, 0xb6)

18:24:18 executing program 4:
io_setup(0x572, &(0x7f0000000140))

18:24:18 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='gid_map\x00')
ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000280)=""/254)
preadv(r0, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/142, 0x8e}], 0x1, 0x1000, 0x0)

18:24:18 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/zoneinfo\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000000040)=""/170, 0xaa, 0x4)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000180)={0x5, 0x80, 0x7f, 0x40, 0x7f, 0x2, 0x0, 0x6, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf8, 0x2, @perf_bp={&(0x7f0000000140), 0x7}, 0x10001, 0xfffffffffffffffc, 0xa23, 0x3d4b6b3d4bc8584b, 0x3, 0x1, 0x5, 0x0, 0x5296, 0x0, 0xffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/wmi', 0x200000, 0x2)
ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000100)=""/50)
syncfs(r2)

[  130.471481] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[  130.472525] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  130.473304] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.2 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  130.474361] Tainted: [W]=WARN
[  130.474645] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  130.476633] RIP: 0010:perf_tp_event+0x175/0xe70
[  130.477627] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  130.481601] RSP: 0018:ffff8880168d7600 EFLAGS: 00010212
[  130.482662] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  130.483738] RDX: ffff888015c23700 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[  130.484367] RBP: ffff8880168d7870 R08: ffff88806cf31340 R09: ffffe8ffffd15e00
[  130.484984] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  130.485619] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[  130.486240] FS:  00005555810ea400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  130.486939] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  130.487452] CR2: 00007fe8999e8004 CR3: 00000000454dc000 CR4: 0000000000350ef0
[  130.488077] Call Trace:
[  130.488310]  <TASK>
[  130.488521]  ? __pfx_perf_tp_event+0x10/0x10
[  130.488930]  ? __lock_acquire+0x694/0x1b70
[  130.489324]  ? __lock_acquire+0x694/0x1b70
[  130.489708]  ? lock_acquire+0x15e/0x2f0
[  130.490067]  ? __is_insn_slot_addr+0x2e/0x290
[  130.490473]  ? __lock_acquire+0x694/0x1b70
[  130.490855]  ? perf_trace_run_bpf_submit+0xef/0x180
[  130.491299]  perf_trace_run_bpf_submit+0xef/0x180
[  130.491735]  perf_trace_lock+0x337/0x5d0
[  130.492104]  ? __pfx_perf_trace_lock+0x10/0x10
[  130.492512]  ? lock_acquire+0x15e/0x2f0
[  130.492865]  ? futex_ref_get+0x48/0x300
[  130.493230]  ? futex_ref_get+0x114/0x300
[  130.493588]  ? futex_hash+0x15c/0x390
[  130.493925]  lock_release+0x1ab/0x290
[  130.494263]  ? futex_hash+0x15c/0x390
[  130.494602]  futex_ref_get+0x119/0x300
[  130.494945]  ? futex_hash+0x15c/0x390
[  130.495279]  futex_hash+0x70/0x390
[  130.495594]  futex_wait_setup+0xae/0x550
[  130.495965]  __futex_wait+0x151/0x300
[  130.496312]  ? __pfx___futex_wait+0x10/0x10
[  130.496694]  ? perf_trace_lock+0xb5/0x5d0
[  130.497066]  ? __pfx_futex_wake_mark+0x10/0x10
[  130.497484]  ? __hrtimer_setup+0x1a4/0x2c0
[  130.497866]  ? ktime_add_safe+0x5f/0x70
[  130.498218]  futex_wait+0xde/0x380
[  130.498538]  ? __pfx_futex_wait+0x10/0x10
[  130.498911]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  130.499316]  ? __pfx_perf_trace_lock+0x10/0x10
[  130.499729]  do_futex+0x2ee/0x370
[  130.500045]  ? __pfx_do_futex+0x10/0x10
[  130.500396]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  130.500855]  ? read_tsc+0x9/0x20
[  130.501174]  __x64_sys_futex+0x1c9/0x4d0
[  130.501535]  ? __pfx___x64_sys_futex+0x10/0x10
[  130.501937]  ? lock_release+0xc8/0x290
[  130.502275]  ? xfd_validate_state+0x55/0x180
[  130.502675]  do_syscall_64+0xbf/0x360
[  130.503021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.503470] RIP: 0033:0x7f9b10c06b19
[  130.503796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  130.505341] RSP: 002b:00007ffe55b1ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  130.505999] RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 00007f9b10c06b19
[  130.506610] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9b10d19f6c
[  130.507215] RBP: 00007f9b10d19f6c R08: 00007f9b10cf6000 R09: 0000000000000000
[  130.507819] R10: 00007ffe55b20070 R11: 0000000000000246 R12: 000000000001fd33
[  130.508431] R13: 00000000000003e8 R14: 00007f9b10d19f60 R15: 000000000001fd2d
[  130.509049]  </TASK>
[  130.509264] Modules linked in:
[  130.509552] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[  130.511449] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  130.512716] CPU: 0 UID: 0 PID: 3955 Comm: syz-executor.4 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  130.514710] Tainted: [D]=DIE, [W]=WARN
[  130.515356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  130.516720] RIP: 0010:perf_tp_event+0x175/0xe70
[  130.517537] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  130.520533] RSP: 0018:ffff8880460a7600 EFLAGS: 00010212
[  130.521442] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900059e8000
[  130.522619] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  130.523811] RBP: ffff8880460a7870 R08: ffff88806ce31340 R09: ffffe8ffffc15e00
[  130.524993] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  130.526192] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  130.527373] FS:  00007f8d631a0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  130.528711] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  130.529802] CR2: 00007f8d65c3f8e0 CR3: 000000001bd1e000 CR4: 0000000000350ef0
[  130.531048] Call Trace:
[  130.531501]  <TASK>
[  130.531946]  ? __pfx_perf_tp_event+0x10/0x10
[  130.532803]  ? perf_trace_run_bpf_submit+0xef/0x180
[  130.533711]  perf_trace_run_bpf_submit+0xef/0x180
[  130.534387]  perf_trace_lock+0x337/0x5d0
[  130.534940]  ? __pfx_perf_trace_lock+0x10/0x10
[  130.535554]  ? perf_trace_lock+0xb5/0x5d0
[  130.536114]  ? get_futex_key+0x592/0x14a0
[  130.536670]  ? futex_ref_get+0x114/0x300
[  130.537222]  ? futex_hash+0x15c/0x390
[  130.537735]  lock_release+0x1ab/0x290
[  130.538252]  ? futex_hash+0x15c/0x390
[  130.538768]  futex_ref_get+0x119/0x300
[  130.539298]  ? futex_hash+0x15c/0x390
[  130.539828]  futex_hash+0x70/0x390
[  130.540335]  futex_wait_setup+0xae/0x550
[  130.540896]  __futex_wait+0x151/0x300
[  130.541432]  ? __pfx___futex_wait+0x10/0x10
[  130.542032]  ? __pfx_futex_wake_mark+0x10/0x10
[  130.542662]  ? __pfx_perf_trace_lock+0x10/0x10
[  130.543284]  ? __pfx_filemap_map_pages+0x10/0x10
[  130.543977]  futex_wait+0xde/0x380
[  130.544469]  ? __pfx_futex_wait+0x10/0x10
[  130.545038]  ? __handle_mm_fault+0x753/0x3260
[  130.545659]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  130.546358]  ? do_vfs_ioctl+0x125/0x1470
[  130.546926]  do_futex+0x2ee/0x370
[  130.547412]  ? __pfx_do_futex+0x10/0x10
[  130.547959]  ? do_raw_spin_lock+0x123/0x260
[  130.548548]  __x64_sys_futex+0x1c9/0x4d0
[  130.549104]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  130.549818]  ? __pfx___x64_sys_futex+0x10/0x10
[  130.550436]  ? kcov_ioctl+0x386/0x6c0
[  130.550956]  ? fput+0x6a/0x100
[  130.551411]  do_syscall_64+0xbf/0x360
[  130.551933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.552618] RIP: 0033:0x7f8d65c2ab19
[  130.553126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  130.555517] RSP: 002b:00007f8d631a0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  130.556517] RAX: ffffffffffffffda RBX: 00007f8d65d3df68 RCX: 00007f8d65c2ab19
[  130.557465] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8d65d3df68
[  130.558421] RBP: 00007f8d65d3df60 R08: 00007f8d631a0700 R09: 0000000000000000
[  130.559386] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d65d3df6c
[  130.560350] R13: 00007ffcf8a9d54f R14: 00007f8d631a0300 R15: 0000000000022000
[  130.561337]  </TASK>
[  130.561661] Modules linked in:
[  130.562106] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[  130.563041] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  130.563758] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.2 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  130.564752] Tainted: [D]=DIE, [W]=WARN
[  130.565077] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  130.565769] RIP: 0010:perf_tp_event+0x175/0xe70
[  130.566171] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  130.567676] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012
[  130.568123] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  130.568707] RDX: ffff888015c23700 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[  130.569298] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd15e00
[  130.569875] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000
[  130.570462] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000
[  130.571049] FS:  00005555810ea400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  130.571713] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  130.572192] CR2: 00007fe8999e8004 CR3: 00000000454dc000 CR4: 0000000000350ef0
[  130.572778] Call Trace:
[  130.572996]  <IRQ>
[  130.573199]  ? __pfx_perf_tp_event+0x10/0x10
[  130.573581]  ? __lock_acquire+0x694/0x1b70
[  130.573940]  ? sched_balance_rq+0x391/0x29a0
[  130.574315]  ? lock_release+0xc8/0x290
[  130.574645]  ? perf_trace_run_bpf_submit+0xef/0x180
[  130.575066]  perf_trace_run_bpf_submit+0xef/0x180
[  130.575472]  perf_trace_lock+0x337/0x5d0
[  130.575809]  ? place_entity+0x1c/0x410
[  130.576130]  ? kvm_sched_clock_read+0x16/0x30
[  130.576512]  ? __pfx_perf_trace_lock+0x10/0x10
[  130.576900]  ? check_preempt_wakeup_fair+0x6e/0x950
[  130.577328]  ? sched_ttwu_pending+0x2e0/0x4a0
[  130.577713]  lock_release+0x1ab/0x290
[  130.578032]  ? ttwu_do_activate+0x1a4/0x8a0
[  130.578396]  _raw_spin_unlock+0x16/0x40
[  130.578725]  sched_ttwu_pending+0x2e0/0x4a0
[  130.579084]  ? __pfx_sched_balance_domains+0x10/0x10
[  130.579503]  ? __pfx_sched_ttwu_pending+0x10/0x10
[  130.579908]  __flush_smp_call_function_queue+0x434/0x740
[  130.580359]  __sysvec_call_function_single+0x6d/0x370
[  130.580794]  sysvec_call_function_single+0xa1/0xc0
[  130.581217]  </IRQ>
[  130.581407]  <TASK>
[  130.581598]  asm_sysvec_call_function_single+0x1a/0x20
[  130.582032] RIP: 0010:oops_exit+0x0/0x50
[  130.582380] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57
[  130.583905] RSP: 0018:ffff8880168d7490 EFLAGS: 00000202
[  130.584359] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f
[  130.584956] RDX: ffff888015c23700 RSI: ffffffff812a3dca RDI: 0000000000000007
[  130.585567] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690
[  130.586166] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880168d7558
[  130.586767] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[  130.587378]  ? add_taint+0x5f/0xd0
[  130.587690]  ? oops_end+0x4a/0xe0
[  130.588005]  oops_end+0x65/0xe0
[  130.588294]  exc_general_protection+0x1a2/0x330
[  130.588696]  asm_exc_general_protection+0x26/0x30
[  130.589105] RIP: 0010:perf_tp_event+0x175/0xe70
[  130.589516] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  130.591047] RSP: 0018:ffff8880168d7600 EFLAGS: 00010212
[  130.591496] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  130.592096] RDX: ffff888015c23700 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[  130.592704] RBP: ffff8880168d7870 R08: ffff88806cf31340 R09: ffffe8ffffd15e00
[  130.593308] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  130.593908] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[  130.594515]  ? perf_tp_event+0x167/0xe70
[  130.594868]  ? __pfx_perf_tp_event+0x10/0x10
[  130.595248]  ? __lock_acquire+0x694/0x1b70
[  130.595615]  ? __lock_acquire+0x694/0x1b70
[  130.595989]  ? lock_acquire+0x15e/0x2f0
[  130.596325]  ? __is_insn_slot_addr+0x2e/0x290
[  130.596721]  ? __lock_acquire+0x694/0x1b70
[  130.597089]  ? perf_trace_run_bpf_submit+0xef/0x180
[  130.597524]  perf_trace_run_bpf_submit+0xef/0x180
[  130.597938]  perf_trace_lock+0x337/0x5d0
[  130.598289]  ? __pfx_perf_trace_lock+0x10/0x10
[  130.598676]  ? lock_acquire+0x15e/0x2f0
[  130.599021]  ? futex_ref_get+0x48/0x300
[  130.599358]  ? futex_ref_get+0x114/0x300
[  130.599703]  ? futex_hash+0x15c/0x390
[  130.600027]  lock_release+0x1ab/0x290
[  130.600353]  ? futex_hash+0x15c/0x390
[  130.600675]  futex_ref_get+0x119/0x300
[  130.601005]  ? futex_hash+0x15c/0x390
[  130.601338]  futex_hash+0x70/0x390
[  130.601645]  futex_wait_setup+0xae/0x550
[  130.601998]  __futex_wait+0x151/0x300
[  130.602327]  ? __pfx___futex_wait+0x10/0x10
[  130.602695]  ? perf_trace_lock+0xb5/0x5d0
[  130.603053]  ? __pfx_futex_wake_mark+0x10/0x10
[  130.603450]  ? __hrtimer_setup+0x1a4/0x2c0
[  130.603818]  ? ktime_add_safe+0x5f/0x70
[  130.604159]  futex_wait+0xde/0x380
[  130.604464]  ? __pfx_futex_wait+0x10/0x10
[  130.604823]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  130.605218]  ? __pfx_perf_trace_lock+0x10/0x10
[  130.605614]  do_futex+0x2ee/0x370
[  130.605912]  ? __pfx_do_futex+0x10/0x10
[  130.606249]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  130.606693]  ? read_tsc+0x9/0x20
[  130.606989]  __x64_sys_futex+0x1c9/0x4d0
[  130.607344]  ? __pfx___x64_sys_futex+0x10/0x10
[  130.607734]  ? lock_release+0xc8/0x290
[  130.608067]  ? xfd_validate_state+0x55/0x180
[  130.608451]  do_syscall_64+0xbf/0x360
[  130.608772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.609219] RIP: 0033:0x7f9b10c06b19
[  130.609533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  130.611051] RSP: 002b:00007ffe55b1ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  130.611689] RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 00007f9b10c06b19
[  130.612289] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9b10d19f6c
[  130.612883] RBP: 00007f9b10d19f6c R08: 00007f9b10cf6000 R09: 0000000000000000
[  130.613485] R10: 00007ffe55b20070 R11: 0000000000000246 R12: 000000000001fd33
[  130.614083] R13: 00000000000003e8 R14: 00007f9b10d19f60 R15: 000000000001fd2d
[  130.614688]  </TASK>
[  130.614886] Modules linked in:
[  130.615162] ---[ end trace 0000000000000000 ]---
[  130.615164] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI
[  130.615556] RIP: 0010:perf_tp_event+0x175/0xe70
[  130.617130] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  130.617518] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  130.618585] CPU: 0 UID: 0 PID: 3955 Comm: syz-executor.4 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  130.620048] RSP: 0018:ffff8880168d7600 EFLAGS: 00010212
[  130.621788] Tainted: [D]=DIE, [W]=WARN
[  130.622225] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  130.622802] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  130.623388] RDX: ffff888015c23700 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[  130.624607] RIP: 0010:perf_tp_event+0x175/0xe70
[  130.625200] RBP: ffff8880168d7870 R08: ffff88806cf31340 R09: ffffe8ffffd15e00
[  130.625899] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  130.626479] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  130.629194] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[  130.629767] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[  130.629771] 
[  130.629779] FS:  00005555810ea400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  130.630572] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  130.631164] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  130.631423] RDX: ffff888013bd8000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  130.632070] CR2: 00007fe8999e8004 CR3: 00000000454dc000 CR4: 0000000000350ef0
[  130.633131] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15e00
[  130.633602] Kernel panic - not syncing: Fatal exception in interrupt
[  131.675543] Shutting down cpus with NMI
[  131.677829] Kernel Offset: disabled
[  131.678116] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
18:24:18  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=ffffea0000a945c0 RCX=ffffffff81a28f51 RDX=ffff888015c21b80
RSI=ffffffff81a28f71 RDI=0000000000000007 RBP=ffffea0000a945c0 RSP=ffff88804774fac0
R8 =00007f5192d6b000 R9 =fffff940001528b8 R10=0000000000000000 R11=0000000000000000
R12=0000000000000001 R13=ffffea0000a945c0 R14=ffffea0000a945d8 R15=ffffea0000a945f0
RIP=ffffffff8173f6b0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055555c2e6400 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe4900000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f5192d69000 CR3=000000000d935000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880168d6f70
R8 =0000000000000000 R9 =ffffed10016e4046 R10=000000000000005b R11=3030303030302052
R12=000000000000005b R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00005555810ea400 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe5a00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fe8999e8004 CR3=00000000454dc000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff000000000000000000000000000000 XMM01=010000000000000000000000ffffffff
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f9b10ced7c800007f9b10ced7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000