Warning: Permanently added '[localhost]:42303' (ECDSA) to the list of known hosts.
2025/09/01 23:35:46 fuzzer started
2025/09/01 23:35:47 dialing manager at localhost:35473
syzkaller login: [   58.593307] cgroup: Unknown subsys name 'net'
[   58.717521] cgroup: Unknown subsys name 'cpuset'
[   58.730559] cgroup: Unknown subsys name 'rlimit'
2025/09/01 23:35:57 syscalls: 2214
2025/09/01 23:35:57 code coverage: enabled
2025/09/01 23:35:57 comparison tracing: enabled
2025/09/01 23:35:57 extra coverage: enabled
2025/09/01 23:35:57 setuid sandbox: enabled
2025/09/01 23:35:57 namespace sandbox: enabled
2025/09/01 23:35:57 Android sandbox: enabled
2025/09/01 23:35:57 fault injection: enabled
2025/09/01 23:35:57 leak checking: enabled
2025/09/01 23:35:57 net packet injection: enabled
2025/09/01 23:35:57 net device setup: enabled
2025/09/01 23:35:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 23:35:57 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 23:35:57 USB emulation: enabled
2025/09/01 23:35:57 hci packet injection: enabled
2025/09/01 23:35:57 wifi device emulation: enabled
2025/09/01 23:35:57 802.15.4 emulation: enabled
2025/09/01 23:35:57 fetching corpus: 50, signal 22290/24083 (executing program)
2025/09/01 23:35:57 fetching corpus: 100, signal 31208/34649 (executing program)
2025/09/01 23:35:57 fetching corpus: 150, signal 38874/43785 (executing program)
2025/09/01 23:35:57 fetching corpus: 200, signal 44871/51177 (executing program)
2025/09/01 23:35:57 fetching corpus: 250, signal 51337/58919 (executing program)
2025/09/01 23:35:57 fetching corpus: 300, signal 55136/64007 (executing program)
2025/09/01 23:35:57 fetching corpus: 350, signal 59374/69429 (executing program)
2025/09/01 23:35:57 fetching corpus: 400, signal 63961/75057 (executing program)
2025/09/01 23:35:58 fetching corpus: 450, signal 66974/79174 (executing program)
2025/09/01 23:35:58 fetching corpus: 500, signal 69807/83064 (executing program)
2025/09/01 23:35:58 fetching corpus: 550, signal 71889/86272 (executing program)
2025/09/01 23:35:58 fetching corpus: 600, signal 75788/91010 (executing program)
2025/09/01 23:35:58 fetching corpus: 650, signal 81328/97100 (executing program)
2025/09/01 23:35:58 fetching corpus: 700, signal 83197/99898 (executing program)
2025/09/01 23:35:58 fetching corpus: 750, signal 84337/102087 (executing program)
2025/09/01 23:35:58 fetching corpus: 800, signal 87938/106292 (executing program)
2025/09/01 23:35:58 fetching corpus: 850, signal 90259/109396 (executing program)
2025/09/01 23:35:58 fetching corpus: 900, signal 92486/112357 (executing program)
2025/09/01 23:35:58 fetching corpus: 950, signal 94724/115318 (executing program)
2025/09/01 23:35:59 fetching corpus: 1000, signal 97217/118424 (executing program)
2025/09/01 23:35:59 fetching corpus: 1050, signal 98391/120429 (executing program)
2025/09/01 23:35:59 fetching corpus: 1100, signal 99322/122214 (executing program)
2025/09/01 23:35:59 fetching corpus: 1150, signal 101107/124646 (executing program)
2025/09/01 23:35:59 fetching corpus: 1200, signal 102291/126585 (executing program)
2025/09/01 23:35:59 fetching corpus: 1250, signal 103379/128428 (executing program)
2025/09/01 23:35:59 fetching corpus: 1300, signal 104843/130532 (executing program)
2025/09/01 23:35:59 fetching corpus: 1350, signal 106046/132421 (executing program)
2025/09/01 23:35:59 fetching corpus: 1400, signal 107407/134411 (executing program)
2025/09/01 23:36:00 fetching corpus: 1450, signal 108680/136310 (executing program)
2025/09/01 23:36:00 fetching corpus: 1500, signal 110093/138246 (executing program)
2025/09/01 23:36:00 fetching corpus: 1550, signal 111433/140132 (executing program)
2025/09/01 23:36:00 fetching corpus: 1600, signal 113294/142280 (executing program)
2025/09/01 23:36:00 fetching corpus: 1650, signal 114541/144038 (executing program)
2025/09/01 23:36:00 fetching corpus: 1700, signal 116303/146143 (executing program)
2025/09/01 23:36:00 fetching corpus: 1750, signal 117763/148020 (executing program)
2025/09/01 23:36:00 fetching corpus: 1800, signal 118313/149273 (executing program)
2025/09/01 23:36:00 fetching corpus: 1850, signal 119196/150677 (executing program)
2025/09/01 23:36:00 fetching corpus: 1900, signal 120497/152402 (executing program)
2025/09/01 23:36:00 fetching corpus: 1950, signal 121647/153959 (executing program)
2025/09/01 23:36:01 fetching corpus: 2000, signal 122762/155538 (executing program)
2025/09/01 23:36:01 fetching corpus: 2050, signal 123776/156971 (executing program)
2025/09/01 23:36:01 fetching corpus: 2100, signal 124427/158194 (executing program)
2025/09/01 23:36:01 fetching corpus: 2150, signal 125533/159620 (executing program)
2025/09/01 23:36:01 fetching corpus: 2200, signal 126115/160753 (executing program)
2025/09/01 23:36:01 fetching corpus: 2250, signal 126772/161858 (executing program)
2025/09/01 23:36:01 fetching corpus: 2300, signal 127800/163165 (executing program)
2025/09/01 23:36:01 fetching corpus: 2350, signal 128570/164346 (executing program)
2025/09/01 23:36:01 fetching corpus: 2400, signal 129194/165450 (executing program)
2025/09/01 23:36:01 fetching corpus: 2450, signal 130014/166625 (executing program)
2025/09/01 23:36:01 fetching corpus: 2500, signal 130774/167818 (executing program)
2025/09/01 23:36:01 fetching corpus: 2550, signal 131692/169083 (executing program)
2025/09/01 23:36:02 fetching corpus: 2600, signal 132613/170254 (executing program)
2025/09/01 23:36:02 fetching corpus: 2650, signal 133111/171207 (executing program)
2025/09/01 23:36:02 fetching corpus: 2700, signal 134197/172451 (executing program)
2025/09/01 23:36:02 fetching corpus: 2750, signal 134922/173582 (executing program)
2025/09/01 23:36:02 fetching corpus: 2800, signal 136153/174849 (executing program)
2025/09/01 23:36:02 fetching corpus: 2850, signal 137026/175936 (executing program)
2025/09/01 23:36:02 fetching corpus: 2900, signal 137576/176895 (executing program)
2025/09/01 23:36:02 fetching corpus: 2950, signal 138305/177868 (executing program)
2025/09/01 23:36:02 fetching corpus: 3000, signal 138653/178628 (executing program)
2025/09/01 23:36:02 fetching corpus: 3050, signal 139159/179512 (executing program)
2025/09/01 23:36:02 fetching corpus: 3100, signal 139764/180416 (executing program)
2025/09/01 23:36:02 fetching corpus: 3150, signal 140125/181226 (executing program)
2025/09/01 23:36:02 fetching corpus: 3200, signal 140739/182155 (executing program)
2025/09/01 23:36:03 fetching corpus: 3250, signal 141639/183090 (executing program)
2025/09/01 23:36:03 fetching corpus: 3300, signal 142252/183949 (executing program)
2025/09/01 23:36:03 fetching corpus: 3350, signal 143119/184866 (executing program)
2025/09/01 23:36:03 fetching corpus: 3400, signal 143635/185690 (executing program)
2025/09/01 23:36:03 fetching corpus: 3450, signal 144533/186627 (executing program)
2025/09/01 23:36:03 fetching corpus: 3500, signal 144887/187407 (executing program)
2025/09/01 23:36:03 fetching corpus: 3550, signal 145384/188157 (executing program)
2025/09/01 23:36:03 fetching corpus: 3600, signal 146084/188982 (executing program)
2025/09/01 23:36:03 fetching corpus: 3650, signal 146888/189865 (executing program)
2025/09/01 23:36:03 fetching corpus: 3700, signal 147457/190639 (executing program)
2025/09/01 23:36:03 fetching corpus: 3750, signal 148526/191506 (executing program)
2025/09/01 23:36:03 fetching corpus: 3800, signal 149149/192252 (executing program)
2025/09/01 23:36:04 fetching corpus: 3850, signal 149667/192938 (executing program)
2025/09/01 23:36:04 fetching corpus: 3900, signal 150259/193635 (executing program)
2025/09/01 23:36:04 fetching corpus: 3950, signal 150756/194332 (executing program)
2025/09/01 23:36:04 fetching corpus: 4000, signal 151143/194994 (executing program)
2025/09/01 23:36:04 fetching corpus: 4050, signal 151623/195640 (executing program)
2025/09/01 23:36:04 fetching corpus: 4100, signal 152155/196260 (executing program)
2025/09/01 23:36:04 fetching corpus: 4150, signal 152482/196828 (executing program)
2025/09/01 23:36:04 fetching corpus: 4200, signal 152963/197443 (executing program)
2025/09/01 23:36:04 fetching corpus: 4250, signal 153403/198086 (executing program)
2025/09/01 23:36:04 fetching corpus: 4300, signal 153860/198684 (executing program)
2025/09/01 23:36:04 fetching corpus: 4350, signal 154463/199341 (executing program)
2025/09/01 23:36:05 fetching corpus: 4400, signal 155198/199997 (executing program)
2025/09/01 23:36:05 fetching corpus: 4450, signal 155646/200605 (executing program)
2025/09/01 23:36:05 fetching corpus: 4500, signal 156131/201174 (executing program)
2025/09/01 23:36:05 fetching corpus: 4550, signal 156470/201747 (executing program)
2025/09/01 23:36:05 fetching corpus: 4600, signal 156966/202317 (executing program)
2025/09/01 23:36:05 fetching corpus: 4650, signal 157317/202864 (executing program)
2025/09/01 23:36:05 fetching corpus: 4700, signal 157818/203430 (executing program)
2025/09/01 23:36:05 fetching corpus: 4750, signal 158372/203977 (executing program)
2025/09/01 23:36:05 fetching corpus: 4800, signal 159013/204545 (executing program)
2025/09/01 23:36:05 fetching corpus: 4850, signal 159424/205041 (executing program)
2025/09/01 23:36:05 fetching corpus: 4900, signal 159881/205514 (executing program)
2025/09/01 23:36:05 fetching corpus: 4950, signal 160294/206038 (executing program)
2025/09/01 23:36:06 fetching corpus: 5000, signal 160667/206490 (executing program)
2025/09/01 23:36:06 fetching corpus: 5050, signal 161177/206961 (executing program)
2025/09/01 23:36:06 fetching corpus: 5100, signal 161752/207420 (executing program)
2025/09/01 23:36:06 fetching corpus: 5150, signal 162204/207771 (executing program)
2025/09/01 23:36:06 fetching corpus: 5200, signal 162734/207777 (executing program)
2025/09/01 23:36:06 fetching corpus: 5250, signal 163287/207778 (executing program)
2025/09/01 23:36:06 fetching corpus: 5300, signal 163592/207785 (executing program)
2025/09/01 23:36:06 fetching corpus: 5350, signal 164130/207788 (executing program)
2025/09/01 23:36:06 fetching corpus: 5400, signal 164617/207795 (executing program)
2025/09/01 23:36:06 fetching corpus: 5450, signal 165258/207806 (executing program)
2025/09/01 23:36:06 fetching corpus: 5500, signal 165608/207810 (executing program)
2025/09/01 23:36:06 fetching corpus: 5550, signal 165989/207811 (executing program)
2025/09/01 23:36:06 fetching corpus: 5600, signal 166446/207813 (executing program)
2025/09/01 23:36:07 fetching corpus: 5650, signal 166791/207817 (executing program)
2025/09/01 23:36:07 fetching corpus: 5700, signal 167253/207820 (executing program)
2025/09/01 23:36:07 fetching corpus: 5750, signal 167557/207820 (executing program)
2025/09/01 23:36:07 fetching corpus: 5800, signal 168059/207831 (executing program)
2025/09/01 23:36:07 fetching corpus: 5850, signal 168436/207833 (executing program)
2025/09/01 23:36:07 fetching corpus: 5900, signal 168846/207878 (executing program)
2025/09/01 23:36:07 fetching corpus: 5950, signal 169166/207907 (executing program)
2025/09/01 23:36:07 fetching corpus: 6000, signal 169548/207953 (executing program)
2025/09/01 23:36:07 fetching corpus: 6050, signal 170011/207960 (executing program)
2025/09/01 23:36:07 fetching corpus: 6100, signal 170418/207962 (executing program)
2025/09/01 23:36:07 fetching corpus: 6150, signal 170833/207964 (executing program)
2025/09/01 23:36:08 fetching corpus: 6200, signal 171207/207966 (executing program)
2025/09/01 23:36:08 fetching corpus: 6250, signal 171502/207980 (executing program)
2025/09/01 23:36:08 fetching corpus: 6300, signal 172241/207981 (executing program)
2025/09/01 23:36:08 fetching corpus: 6350, signal 172696/207990 (executing program)
2025/09/01 23:36:08 fetching corpus: 6400, signal 173180/208041 (executing program)
2025/09/01 23:36:08 fetching corpus: 6450, signal 173658/208060 (executing program)
2025/09/01 23:36:08 fetching corpus: 6500, signal 174092/208063 (executing program)
2025/09/01 23:36:08 fetching corpus: 6550, signal 174442/208064 (executing program)
2025/09/01 23:36:08 fetching corpus: 6600, signal 174886/208091 (executing program)
2025/09/01 23:36:08 fetching corpus: 6650, signal 175128/208091 (executing program)
2025/09/01 23:36:08 fetching corpus: 6700, signal 175330/208104 (executing program)
2025/09/01 23:36:09 fetching corpus: 6750, signal 175806/208105 (executing program)
2025/09/01 23:36:09 fetching corpus: 6800, signal 176041/208114 (executing program)
2025/09/01 23:36:09 fetching corpus: 6850, signal 176363/208123 (executing program)
2025/09/01 23:36:09 fetching corpus: 6900, signal 176657/208128 (executing program)
2025/09/01 23:36:09 fetching corpus: 6950, signal 177006/208128 (executing program)
2025/09/01 23:36:09 fetching corpus: 7000, signal 177370/208146 (executing program)
2025/09/01 23:36:09 fetching corpus: 7050, signal 177750/208148 (executing program)
2025/09/01 23:36:09 fetching corpus: 7100, signal 178122/208150 (executing program)
2025/09/01 23:36:09 fetching corpus: 7150, signal 178394/208154 (executing program)
2025/09/01 23:36:09 fetching corpus: 7200, signal 178660/208176 (executing program)
2025/09/01 23:36:09 fetching corpus: 7250, signal 178863/208177 (executing program)
2025/09/01 23:36:09 fetching corpus: 7300, signal 179446/208177 (executing program)
2025/09/01 23:36:10 fetching corpus: 7350, signal 179722/208190 (executing program)
2025/09/01 23:36:10 fetching corpus: 7400, signal 179961/208195 (executing program)
2025/09/01 23:36:10 fetching corpus: 7450, signal 180287/208198 (executing program)
2025/09/01 23:36:10 fetching corpus: 7500, signal 180628/208243 (executing program)
2025/09/01 23:36:10 fetching corpus: 7550, signal 180907/208253 (executing program)
2025/09/01 23:36:10 fetching corpus: 7600, signal 181161/208257 (executing program)
2025/09/01 23:36:10 fetching corpus: 7650, signal 181384/208260 (executing program)
2025/09/01 23:36:10 fetching corpus: 7700, signal 181585/208263 (executing program)
2025/09/01 23:36:10 fetching corpus: 7750, signal 181876/208271 (executing program)
2025/09/01 23:36:10 fetching corpus: 7800, signal 182187/208291 (executing program)
2025/09/01 23:36:10 fetching corpus: 7850, signal 182411/208299 (executing program)
2025/09/01 23:36:10 fetching corpus: 7900, signal 182628/208319 (executing program)
2025/09/01 23:36:10 fetching corpus: 7950, signal 182918/208325 (executing program)
2025/09/01 23:36:11 fetching corpus: 8000, signal 183152/208344 (executing program)
2025/09/01 23:36:11 fetching corpus: 8050, signal 183356/208346 (executing program)
2025/09/01 23:36:11 fetching corpus: 8100, signal 184176/208356 (executing program)
2025/09/01 23:36:11 fetching corpus: 8150, signal 184583/208362 (executing program)
2025/09/01 23:36:11 fetching corpus: 8200, signal 184849/208364 (executing program)
2025/09/01 23:36:11 fetching corpus: 8250, signal 185175/208372 (executing program)
2025/09/01 23:36:11 fetching corpus: 8300, signal 185390/208392 (executing program)
2025/09/01 23:36:11 fetching corpus: 8350, signal 185619/208392 (executing program)
2025/09/01 23:36:11 fetching corpus: 8400, signal 186215/208400 (executing program)
2025/09/01 23:36:11 fetching corpus: 8450, signal 186502/208417 (executing program)
2025/09/01 23:36:11 fetching corpus: 8500, signal 186794/208433 (executing program)
2025/09/01 23:36:11 fetching corpus: 8550, signal 186980/208434 (executing program)
2025/09/01 23:36:12 fetching corpus: 8600, signal 187220/208438 (executing program)
2025/09/01 23:36:12 fetching corpus: 8650, signal 187653/208453 (executing program)
2025/09/01 23:36:12 fetching corpus: 8700, signal 187845/208453 (executing program)
2025/09/01 23:36:12 fetching corpus: 8750, signal 188163/208455 (executing program)
2025/09/01 23:36:12 fetching corpus: 8800, signal 188394/208458 (executing program)
2025/09/01 23:36:12 fetching corpus: 8850, signal 188649/208462 (executing program)
2025/09/01 23:36:12 fetching corpus: 8900, signal 188792/208465 (executing program)
2025/09/01 23:36:12 fetching corpus: 8950, signal 188967/208493 (executing program)
2025/09/01 23:36:12 fetching corpus: 9000, signal 189126/208493 (executing program)
2025/09/01 23:36:12 fetching corpus: 9050, signal 189481/208522 (executing program)
2025/09/01 23:36:12 fetching corpus: 9100, signal 189701/208526 (executing program)
2025/09/01 23:36:12 fetching corpus: 9150, signal 189896/208528 (executing program)
2025/09/01 23:36:13 fetching corpus: 9200, signal 190153/208565 (executing program)
2025/09/01 23:36:13 fetching corpus: 9250, signal 190371/208574 (executing program)
2025/09/01 23:36:13 fetching corpus: 9300, signal 190691/208581 (executing program)
2025/09/01 23:36:13 fetching corpus: 9350, signal 190933/208581 (executing program)
2025/09/01 23:36:13 fetching corpus: 9400, signal 191136/208607 (executing program)
2025/09/01 23:36:13 fetching corpus: 9450, signal 192717/208607 (executing program)
2025/09/01 23:36:13 fetching corpus: 9500, signal 192983/208611 (executing program)
2025/09/01 23:36:13 fetching corpus: 9550, signal 193205/208615 (executing program)
2025/09/01 23:36:13 fetching corpus: 9600, signal 193520/208625 (executing program)
2025/09/01 23:36:13 fetching corpus: 9650, signal 193722/208637 (executing program)
2025/09/01 23:36:13 fetching corpus: 9700, signal 194010/208640 (executing program)
2025/09/01 23:36:13 fetching corpus: 9750, signal 194274/208640 (executing program)
2025/09/01 23:36:13 fetching corpus: 9800, signal 194568/208644 (executing program)
2025/09/01 23:36:14 fetching corpus: 9850, signal 194715/208653 (executing program)
2025/09/01 23:36:14 fetching corpus: 9900, signal 195023/208660 (executing program)
2025/09/01 23:36:14 fetching corpus: 9950, signal 195263/208662 (executing program)
2025/09/01 23:36:14 fetching corpus: 10000, signal 195490/208662 (executing program)
2025/09/01 23:36:14 fetching corpus: 10050, signal 195675/208669 (executing program)
2025/09/01 23:36:14 fetching corpus: 10100, signal 195887/208671 (executing program)
2025/09/01 23:36:14 fetching corpus: 10150, signal 196162/208676 (executing program)
2025/09/01 23:36:14 fetching corpus: 10200, signal 196400/208678 (executing program)
2025/09/01 23:36:14 fetching corpus: 10250, signal 196680/208681 (executing program)
2025/09/01 23:36:14 fetching corpus: 10300, signal 196976/208682 (executing program)
2025/09/01 23:36:14 fetching corpus: 10310, signal 197022/208682 (executing program)
2025/09/01 23:36:14 fetching corpus: 10310, signal 197022/208682 (executing program)
2025/09/01 23:36:17 starting 8 fuzzer processes
23:36:17 executing program 0:
r0 = open(&(0x7f0000000000)='./file0\x00', 0x80000, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000040)={0x1c})
sendmsg$nl_generic(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)={0x1a0, 0x31, 0x400, 0x70bd28, 0x25dfdbfe, {0x6}, [@nested={0xc, 0x6, 0x0, 0x1, [@typed={0x8, 0x1c, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x42}}]}, @nested={0x171, 0x38, 0x0, 0x1, [@generic="90469b7ba9d23797dcd2d798b6f6da56987f1c740a2bb000db8454858bc8163e7714a240ad58deef9d3db736409138f8749bddce15aa47b04f2247ee0f75c9e24a9709c317f6df2290728f3c9c23949c67515c3d965576aef710f11f6d7d41051eaefd555f5b71dc1230b1ef09c59ee8ae87b7ab18b380a1680d3513d2f7008f5ea80399f4583ae36bc2383089a9ac33364b8357d5a59419a734bd1eccceb36aaa493c8dbfff015d2657ee5d5cc8d8ad9894cbda01ddca791d545cec236cc7eac2627adc612993cc4f952fdfd5ff958f320345e4d7241ebda1714993ec7a610646cf73b66a6081d1d7e67892a550", @generic="0e53b4aeb5941e9c71f1e72872252648a2cf6000024201c493896799e321f30eafcaf18d8a52f21c30480286856ab99260665f0dcf4d0894691548b91d0327f8729cf207e243b9c1ed7b26c19f416377cb2f5658c41b6ae19c7521bcb8f5fbc952bd40abdf868dc48acf61f5b7e7db9af69abdbfb25d43aeb550540a432964"]}, @typed={0x4, 0x1a}, @typed={0x8, 0x41, 0x0, 0x0, @ipv4=@loopback}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x40800}, 0x24000090)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000380), 0x142, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000001700), 0x6, 0x0)
sendmsg$netlink(r0, &(0x7f0000001bc0)={&(0x7f0000000300)=@kern={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001b40)=[{&(0x7f0000000340)={0x20, 0x38, 0x1, 0x70bd28, 0x25dfdbfc, "", [@generic="d9f35b914c80245997e191cea6"]}, 0x20}, {&(0x7f00000003c0)={0x1310, 0x1e, 0x200, 0x70bd2a, 0x25dfdbfb, "", [@nested={0x4d, 0x2c, 0x0, 0x1, [@generic="caa57d7162ae382eab0eaa83f4328fceb002c7a1ac6a4872c2cfa7ec1dac8e30fc4b1d12c87768bd47687acc4db609ed14157c14054a20c70d7d9be20a696526b12331cab4a03ba36b"]}, @typed={0xc, 0x61, 0x0, 0x0, @u64=0x9}, @nested={0x10de, 0x6, 0x0, 0x1, [@generic="3adc", @typed={0x8, 0x5b, 0x0, 0x0, @fd=r0}, @generic="86eef2511f136468b7e62a62af56274cbd418bd7e4d9af53e7668adb0d254b32d7a53dc55bb1f08571d3c0369452f9bb907240d73db91849fe594fe2e6f0b5cc70ad3b6c74a5adc72c58add448c371a6ac2ad2af948c9a86cc538e283d639c07c583cca8b16d8725e84d8ea777dbcbd2d44a33da10371857352b24465ea117c218fe68a60d33b82650005a233035c1283b2947b78d21725e71cd07928d0d2d419edc86391666f3cfc06912f5fd35ed24d6eebc9163f9917e1df4f840", @generic="6e8bfadaa16ab7a2a9331885f732493a32a4e384d9c96628f324f55e3d07d5878d49b5350c555cf164d69392a89ea80bc38aa0e0c1167874367947a1dd4bf3fa20487a1314396e43ce61a6dd6ed6afa6081ffeba21a777d87fd398839f836b0f1c48869448188fb936e0abf05a3d03dd330e729bd8821b644dc91f89118a9f95221f3498f30908ae6bfff7101518697e2f23e5fe3a2694ac45cf4719f486cb9e699a7a4b94680750709f18241750db9ed9f32fa1e742c03064d62dc37323f1661f64ad328d97e85a5f7666220b378c291575cdc7f5a054bda8c5ef344b9ed6518c52e824dff8d90a5b2a61dae185e89f7ac2c2361e1ba8349929aac221f21c9f8d0e747234abbad0964b75f53d8ff3787342662d0c7cc68e85affb5c984c939aa018e1944423940ca66587a4966bb3e331103de7c4da065fb90582fddb1a6078b3b0a84d6ff112c3914841bf099a935c75ed96301d024d83c0e267f1fe35e32d41eb29682048599b094a8739bf43efc1b6a38aea63af2a733099404712e095d4ebb26928067d6c8b17869122c3eea7c017c3987aff5593b0925bf2a7fe1cde26051e15371d4e8afd632cf9a9c84bad185cab25522f6e185a38d62af3323d9b0e767f31f4fc993245a137976357c51dadf791a4857047af3259b8c54908fbed589ac3b13a3b9a4d1cea0172c47c0f107cfdb72497b86b9360d7afb989174421ef64fd8e6be88ca2cd1ce7b75139fcbeef73d7414e826bc31205c270bb54dea6b69172ab0c3b4034ecde85091e8ccd0dbcd5c95f98216696f27e736d1931a499f5810e9776fd2bcdd51f221878fb1108844fa16c39b1688391e0864181c917a801e76fc7389bd4a4f7b7d9685e23486f16d1256f033187714dbfffa8c54194ca7c0b6bd89640bfa08f49c42be8e5bbeb585e8c932a3f7ef2a2055f276e6db7e9c80991d7acb36d9961123938607eadc2e74503d836df952609d0fcaf992c345aca60e2406e6bbf274e3be3c78430351acf1ce81a0a7718fe800ec0c0a8edf65b40cc2b29988e78f51b3150c9db61727a1d7b80c1eb60d04692eb311a674b48ae79167802b800c0bc03fff0d3d0d9f3e3fbe3939e76ada8bc06a449aa2a752a62dd54210acfe66bc623886ce47cf3e008bb2b5f39a0ac8ffddcb2ceb954bd621f9a0ebded3f91fb71f11ddf4e4e9e194313b74445b692a55f67fec9e4396b18b19592c313a0e46c3919dd557c7e11bd901c444e9cd4b4616229a6b23600aab7e2102eb2b9b426c59317b347a33f30f578fc8c48529d71461e5a95cbc1070346349e0807d9021c524184eb461f310901135eb5a0c1f4ae01f05a437a2a379661da04d26f6cf97e3830305458366fdc1bf5106deacda31e953358e77b2bda65c509058286112187e3a416069fe3849795b7720365a529ee2129887624f8c7f73f987f3b91b7de39ebceaabee5dae3b2f8600a243ccb3227181bf4da29e3050e75015a7b15889b0fe0ed5d3e3bac01f092d75a6ff9a77b16959e1fdb4eb5ed78e039a37fdc99753afaace7dd25933663cddf1d513255a6aa255b49a0d6686593c009a81145af2d4234737c4eb51b1d362907256dd412960ca87e3edc4d11d05db773218eef5bd714e94e41afafd1c2cdb873b8da8d4bdb1bbcb8118b2060d5e3c9eafa0a24bf50c83f1c3d7cad44bd180bcb833f75408b6a9fe3220a2dc8e849b202fbcd7dd85dc953f8a733acd84d7f0678ac2942739d80f086ef30fd1d7704a698007c46810d62be257c1c13641196501e689215b0519f7986a9762e0e503b805ec103db12599687823cc1af857675ba27de8314c8977360f59fa66e7e06170cc3c0ec64ab36f14e6756d8a1ae143b28441e42951f00b40e61fc1effe39af84bd3a485999135f40bb0cf70a529165ff2feb42340c8fa45818d9719f88cde7e1147f69653eb556667285a3974a7425976bced3cb0bb5dd6fe3b17c5f8e0914898075c4677a3f802d2cb06abc0ca04b065739f81c88f086712c5011069048e25ed528175c8ccddd68daed5f0d96effee27dda13f50da51f528a61a0761e7afd5c9a05e47531525f7a4b9c07787acd9a6dace46496a518dbe2b7d9e596aac83056117a65ee2f7996313073936d33c4e6d7ca22549cee3f2548019ba48de1a6757caee276f6b18cda3e0fd72f0956018514ede1361c5d0c05a87e1c6b6ebe61cd850bef94eef0d46d0a39049f7dcde5a220d1d30abb908c9cc25a64fd2047b13da452ec6a554b7a7e35824689c01847b30afbdd7092ac280561e9327f4696d2156f8723946db1f01e5142b4c7df3db3ed7de1b6b336185126e825c02841d79b5b85bd03702c44bcb3ec35b7a5272fad12420f27755eef2b98ea0f2a75560ae42e5ea08f27b1a3dca0213faa326a39f685b040aa3b4cb6e770231d64eac593f01c0f8d0eee7ee7d1c8669a4f5d0227f1dd9ddee0d325ae921ce75e3950e8957099119fc5c36a44266760d6c2d4e2b2c7a3b7819f134aabd12561b25925997a920185776ad49091eac3170be95688d9b3373224e2e9cb0f7836c870208a0b97ea9cb5449ac913a229914522e15728f39652250fde73cc18d8d375693c1461454e201bb0e99762cc76a88f1a1c36236151164f8adc0dc55a556216a019b96ab52bffb8e70c1b21b835907d95a55d779dfe2db7dd6f54d0e729262dab3d1bbfbfaf24b9a9f08d0de987761d5d835a43331b5ddfc7a13cd22c400d9a0c07a79360df21cf7c57810e723e7c43f70634d7e770d34e39f2b334414834b90ab139bb2821d79a3fba0f69f21d5df2a8c10c2539c98787ce50c9ea24c531ac2816aedb1b3c8b6e0393585d552ebf49a7c8e56d88e086e04b87d25c5aca9793c0e7d9652b951678dfa8fb9018793a004f1166bc8969748f5f9b5fd235b14d4d78bc5f7503c70fd14819681b1d6ee2725477a8f4c932484999b9317e3c8e1c592f0887f1f123fc73af65bc9335af0a13e90c9958362c15fa3e057675a1e1ceba1aceaa17d9e6cdc53201d2cf42248371fddf230f7c4a40edaa2d28783dcdee0e9a01141bd95b733997724e55b554336f323aaae99561d0068cb4ac2d9a8659c0824aa3920470cfa0cc31f6784caa858fe085d7bfdb23da2dacecfa3d2677a05586664ccba9fcd05a71de5075245fa9777dd280677f15afb950e2e027cb18f573c2d112d3c0854f349b3e8d1ea6e8b17763cd4dde882d7e8a9578e23788fe18be642d1ef041a73f276f734976290afbd73e0342035ba15567230ae5a287889c576529e6fabca579018e3e0a47b40e17e78cc5ce8766e154dec22b3f06bd3a4640abb5604e755243e80f6d13759493eef32bf3eb4ac994db7e02b2a058746b00cc6d1e9613ea47b19d65129618606508da93714773cb1118f2a81bcce23778fcf3a287dabafa18ff95886330da91cf1300ffe13a17a23b8083080b3e672e88c99c9b46abf027c57d80e0142778a4330573ecb87e14e32ab05a8cc9f740ddaeb135a999f08cebdadcb129c80ea272b6e5460ad3ddeab9d7b4adc9d6bf37ae4a8d44a489923006a3cf49b9edf0d9bf413653071d2445ff2e6516d5c810a95ea482cd8f1b60beadb9fcfad216875475f5420fc498f5066124f5791a22a78ace5db4068877be7a35234b85213274d7bfd58b4528615f10c4342d375248283f1cf5aa3ffe3ba0d9c3e24f68722a7894356c73fe098112e92f0c329f7fd1b97e402c27bfdaf55916dfd00dbb270e52b8d1be6b5fddc3db2f7d6ec70128c4f4dbc9adb28186e2e65b3adae2611c1036ea4119eb517b4b7c93ed4252894eb9d16d58be18421987e32b3b9ebf2fe8c4ae640638aca299349ed22c4dbfbb865699c95a62fd103286c0480bb0efe25c6f9949755110af04cca97cd72cc876de52304c7050c57f571effb7463d114c20182c648bd1b9bf8f5f732791e6aa4c0e560b9b500901b8adbaaf28b6cecf2158cc405d53e424635366db4bd277d7a9d7dc53adcc164ad87601649f03318f67477aa7cbea77c531d918df3d8fd4ecac78115a4ff0b5594e263b452fa61378c875ef56cf17de7d1e0d3c0a38f7327ce4e1546201924e2ae81b287164905e23a202b957e2894bf365b32d08b4b8354730c60cb0da416e15d079b4ce87c4e660554f331cb8d9d1854f57557a5d3c9fb9b48c4b16e414976a9706db99f1e6312a51f6623f75f147a1343604c2acc0171cb1e2992d22df16f509b13f487929dddb14ce2c6efa3e633d80918a0a9b5924b3980e2941c0c27254c326df87a385c6c240ea0f2cd20b9361b560813691f2d6c019575e7f5afd456e44f62b4faafd1f678a6025cebfde658cfe712bcf924367195bfb501d1e0c0529de0d53e3b716bf390161e67ec664b16c45bc53fc1e66b7ef594e06a2461667bc79bb6b58e5d14f2e968a78eb19812718506b4a71444e1b2a4e808698b563aaac0c296deaa7e2f42d5f0b68a8e7f6d45def81003ee28985d74dc4ba4416304d428bdd71973dd803ba68633ae470bfdcb33e41d8d582bbf22dc29d677239ae8411837b082f3e4f7c082bef04ef5c509885641829b4b8fe18c0aa23bfe08f9228f77c399f2ba28ccdc233c03551fed13a76d2dd9c5ec5d7e0ef03e9b2f838a7e0e4c47377d545764b85cfa8450382eaadc3d01ea36364e5d850010acb7c758023d57b4d43bc6230a1f6a8edf5c2859399f80789950d7be8bccaede0f9ff2912cb85bf854163cb53235975bb8499927f2cb42e9ab6c0cae3ef360753a222ff173a30b364ac1b425b77f40f616a6b3e17c0274bc93e92eacc7b9b2cfc96044b2292efc60b1a6338031d4c731ad0d3eca9980dff6304a9cd2fca9e052b5f1674fe41acd3f0e59f321418fd2eb86c863e9e057f2b94bcaf2702c4a03279bd8ad526092ad96987088ba624ba93a1f4268a082ba21ebf75312670bc60e9704106719a8b80909c998e551721bad3538b9269cb858ebaa93243e3d7d40e9840710fa36cf70af0879c1423bc48462e36f66bc20a3d203c19edc501d52000121acf39282a4544caaba8a559a6102a46734a316dcd31680b800ff07c895d63e9421b1891ac88a3b936d20e3759c3c1891a4ff42d9c505c17498fdcccf006cb679efd555c04d3efeb0e125a4681a630101680843e8288ff91449b3e0e191b914b6de0c5688386151d7718d9900a33f5fb52cb45d2b0af8150e1caacb6af1c6937d337feefe1c3661b4356bbc07c58dc0febaa158b266a975927fd0405fa03623b256ab29ca64a8f3a96ed928076316b3aab64d70c0c4e598613eadb5696c0734b2a3aa99a24b427db7caa2d241a9e1b6c5229290d55f86b1190cb7c17eaee7f8f9da791d2a71e116c2c40602be7923c61c324e1cf7010254cc96d2ed025ea0ad385a9201a562bb0ab44491c048ded4bef16fa1b89b0afb95cf46051936266ba5e0663c9d396b4bd91aaaba27d4a5b91241ea409f9cc135b71459597e62838c7ab4c02889c1e7124cf9f2ec5431875d663ac92803009d8a3fe8e7187401ed1b73aeb82f6045258043ce4f10d7ea01fc48f41206659027b8daeb28484c24cc521d6e541f4689e366f06925595ffea089224cc6cca7e0ca5f200d20411afafa2602fa20e993cb5671e0bf5433f5f8dfe12c3a59098ca6ccd96586939d86efc015e57d0bfbff9aeec0454908722de63d3439e2c0e17533232a39ad016774cfeb8a336bb78ae275ef2cc6bf7300d9020d80d27fc13d63fe82639a618db6772e097c4b62f5dfa17c89af99ed3d1e8c4f4e08dacd7bc3", @typed={0x14, 0x8a, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}]}, @generic="d4a1dd998dd8569257f56c3ee8f8a4148e3d1952e4776f0d703e31d69c9542e6e570ea1b7d482d93ebd4ebd5430aa732887e122d5baaa854e935f9723cb2d5049283a752cf0c345ca63843cd57d96dc13f91", @nested={0xc, 0x40, 0x0, 0x1, [@typed={0x8, 0x95, 0x0, 0x0, @fd=r1}]}, @typed={0x8, 0x28, 0x0, 0x0, @ipv4=@private=0xa010101}, @generic="0a47af91c4081eb0d6142c9d292f1fca12326826099204ce62f4d3dd1fadd1b16c61aee0916a85df6e19bd6e3a5cab88ed0d0f3c481e65bf4590b45f7a393132282aea07c8a6750d083bb5bdda44bd2702af65a065612211d89bf288f95783ba7e7714667ec6dc3b72a4da98a2adc5b28e5592ac1ae7052e121729a905724acd7b57b7b84937a819ba7341a771c8daab6f676edc797162", @typed={0x8, 0x66, 0x0, 0x0, @uid=0xee00}, @typed={0x4, 0x71}, @generic="7cfe8c72d941aa72e9e3ef09777f36c1e3fef52b7e26d3817baa4637e263d278a6a18a6d4175dc9aa3eaf757e01edb9ecc75bc23b0bdd190cb39251d2a7f5db1f61aa7c69750d0abe19b63a9f83b9e1ed53a4b1f1583f9e8a911ac40b97de209d91f6151697b4d8e1f3179f20a6f836ef3bc54d17da8cf1e7839088eaaf08a9200b033b869605fa6a8d7a1db93bafe24137986ac3e5b656c8c32b691d3a10bfba0a5c2a57ef02a3b32feae008e25a76c194ac8d8c52d90657a"]}, 0x1310}, {&(0x7f0000001740)={0x3f0, 0x31, 0x20, 0x70bd25, 0x25dfdbfe, "", [@nested={0x98, 0x33, 0x0, 0x1, [@typed={0x8, 0x23, 0x0, 0x0, @u32=0x1ff}, @typed={0x7, 0x3a, 0x0, 0x0, @str='}@\x00'}, @generic="c56e464cc8a94a20a75518c5ade2870c77bc459bce75a3ffcbf69a400d63edd35f21b54553a2034e4337cd5326e5c6b5203324ebccf3c67410806355393be3be27e3ce7114b4572432cd7dcb2ad378fdb0a798069f74e2ec2c13b8e05514638f4532da5a1cca2a15e4dd4ab24f5e10fbb5298581af4a0cd5e6e5b53c", @typed={0x8, 0x7f, 0x0, 0x0, @fd=r0}]}, @nested={0x16a, 0x16, 0x0, 0x1, [@typed={0x4, 0x66}, @generic="3c6d9b24b89292f40960ed27e88697dffdc729407eb20f886fa2fb4853052eb4ce3f785581260105f45656726b64e9b86ef379c1825cafbad9455c2ec5b46e1417ec06ef6e4d883ae3eb6c7b896a71b63cd8aef42e685d6b034482071810608777090f72882e51f6bb614a515a8b0f7b5edfc330067d44e82f16417268631bb8d354423b9b27a790770712e22bb0e744b043d343df0d896c0b440a9c69df46b42a97a41e98725ccd3056b0a5a6be759dbd5cedba1e173c6057e0e1", @typed={0x19, 0x47, 0x0, 0x0, @binary="3e2d9571cba0521ec08ee902fbf20d0aa45d4d1782"}, @generic="761a66b1f17c0b24f6a66d8bf1b8e6106a650db5a399d4011462e367a390571b9d81607c7cf97cfb2b02711eac67222bda6ee78e2e271601e8c6b5bfa49156b55736d0b7eb6f3ca2891fd5b3b1b464d55da6e054e83b2526196ddc02b1c7ca5544a0aa0a", @typed={0x8, 0x23, 0x0, 0x0, @fd=r2}, @typed={0x8, 0x65, 0x0, 0x0, @pid=0xffffffffffffffff}, @generic="0ecfdd1798ce527509dfd0d90a179a796ab34e4f8fa001", @generic]}, @typed={0x8, 0x43, 0x0, 0x0, @fd=r0}, @generic="0e9e29137ab96d373ec7fa30ef06eb6a611ba6eed8abc96a54a0fda934193356ed8cdf6023d77c989f41a0aaef2f8ac268e030e4b4036da645a6549f232f17f9d69824c12702f55fd0aef1229dfe3423063162482973eb561c8b5f0e1b0ca5bb420eb6ed41769b47f8a5bbaae2b43bd699c4a71010e0bbd0fbc6322790976d0fde7122d6ceab6afb783c37f6ecfdcd655e6fc9684e793dc9173d2f7e69513e8acb7b4ebe61fbe960e4ba3b08806426a487764abb28c1f3d64a721c16e23953991087fe54", @typed={0x8, 0x4b, 0x0, 0x0, @fd=r0}, @generic="b9f9c0d169e5c33e0fd5d16dee40bddaf2983fcd83d91cd51a6e2894eccec765916a8f446011cb7b29fe14e277e7218f42", @typed={0xe, 0x7f, 0x0, 0x0, @str='$[!.$!\\:\'\x00'}, @generic="3fdfb35814f5ed2bcbb169f85837f6972e1e8e89569772660e248242a368ccc36cd5a684d888c6bc96a780d461b8f9ce1aa9cbb948bbfbd52bbdf7a36597ce990979fbcf35c8805fc979042f3573b062ff7b5fe4c92e199ea2116d2b88a568d842dc09dcb3525c9eef4a70826670d6d96bf5b027a7948b1ef4d75ecc90b1a1c89e7ab80058bd68fce11f2182a24d2c476e5bf8764c8a", @nested={0x2e, 0x4, 0x0, 0x1, [@generic="8fee2e6f12c8b4e531eaf75f58d864968e5767b2bdceff6435ee3e4af1f284a548dd", @typed={0x8, 0xa, 0x0, 0x0, @str='~\xb1f\x00'}]}]}, 0x3f0}], 0x3, &(0x7f0000001b80)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x20, 0x8}, 0x20040095)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000001c00)={{0x1, 0x1, 0x18, <r3=>r0}, './file0\x00'})
ioctl$PTP_EXTTS_REQUEST2(r3, 0x40103d0b, &(0x7f0000001c40)={0x76, 0x4})
ioctl$sock_inet_SIOCRTMSG(r3, 0x890d, &(0x7f0000001cc0)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e24, @private=0xa010102}, 0x101, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001c80)='syzkaller0\x00', 0x3ff, 0x5, 0x5})
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000001d40)=0x200)
ioctl$PTP_EXTTS_REQUEST2(r1, 0x40103d0b, &(0x7f0000001d80)={0x20, 0x5})
ioctl$BTRFS_IOC_DEFRAG(r3, 0x50009402, 0x0)
lseek(r3, 0x0, 0x4)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_ADD(r4, &(0x7f0000001e80)={&(0x7f0000001dc0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001e40)={&(0x7f0000001e00)={0x30, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private0}]}, 0x30}, 0x1, 0x0, 0x0, 0x8045}, 0x4000)
write$binfmt_script(r0, &(0x7f0000001ec0)={'#! ', './file0', [], 0xa, "7aaaf0abab3237f8f3c9acc34d97661aeca0f4b79372dba3f52a1ecbe34f992efb646916b43e49a5d0e2f4dfc6ef06cea51fae2ae501d0926650c3bc8b2ab36c0981a4"}, 0x4e)
readv(r2, &(0x7f0000001fc0)=[{&(0x7f0000001f40)=""/77, 0x4d}], 0x1)
r5 = syz_open_dev$sg(&(0x7f0000002000), 0x200, 0x14200)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000002040)=0x80000000)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0xb9012000)

23:36:17 executing program 4:
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()
rt_sigreturn()

23:36:17 executing program 1:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0x6, 0x6)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)=0x20000)
ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f0000000080))
preadv2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/157, 0x9d}, {&(0x7f0000000180)=""/164, 0xa4}], 0x2, 0xffffffc0, 0x625, 0xe)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={<r0=>0xffffffffffffffff, 0x10000, 0x910d, 0x9})
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f00000002c0)=0x8000)
clone3(&(0x7f0000000540)={0x40000, &(0x7f0000000300), &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000380), {0x2e}, &(0x7f00000003c0)=""/242, 0xf2, &(0x7f00000004c0)=""/20, &(0x7f0000000500)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x4, {r0}}, 0x58)
ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f00000005c0)=r1)
bind$packet(r0, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x3, 0x6, @broadcast}, 0x14)
r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000640), 0x8000, 0x0)
ioctl$AUTOFS_IOC_PROTOVER(r2, 0x80049363, &(0x7f0000000680))
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/cgroup', 0x0, 0x2)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000700)={0x0, 0x4}, 0x4)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000740), &(0x7f0000000780)=0x14)
copy_file_range(r3, 0x0, r0, 0x0, 0x7, 0x0)
r4 = open_tree(r0, &(0x7f00000007c0)='./file0\x00', 0x4001)
ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, &(0x7f0000000800)={0x3, 0x1e, 0x7, 0x1000, "82fd9d44304a7eaaa3ffcb850f564beb29964b3018df1cc4ed89022124eeef6f"})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f0000000840)={{0x1, 0x1, 0x18, r3, {0xfa}}, './file0\x00'})
fsetxattr$trusted_overlay_opaque(r4, &(0x7f0000000880), &(0x7f00000008c0), 0x2, 0x2)
fsetxattr$trusted_overlay_opaque(r3, &(0x7f0000000900), &(0x7f0000000940), 0x2, 0x0)

23:36:17 executing program 2:
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2002000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x40, 0x0, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x10000000)
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r0, 0x404, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4040)
sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, 0x0, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ipvlan1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x890}, 0x800)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r2, 0x300, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8001}, 0x20000040)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000540)={'wpan4\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x34, r0, 0x200, 0x4, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFTYPE={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x80)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x34, 0x0, 0x2, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x40004)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000780), r4)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, r6, 0x20, 0x70bd2a, 0x25dfdbfc, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x400}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400d1}, 0x40004)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f00000008c0), r1)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000900)={'wpan1\x00', <r9=>0x0})
sendmsg$NL802154_CMD_SET_PAN_ID(r7, &(0x7f00000009c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x40, r8, 0x20, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}, @NL802154_ATTR_PAN_ID={0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000000}, 0x44000)
r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000a40), r4)
sendmsg$IEEE802154_ASSOCIATE_REQ(r1, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x3c, r10, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0xfe}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xe}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa3}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x8}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x7}]}, 0x3c}}, 0x0)

23:36:17 executing program 3:
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e24, 0x5, @remote, 0xcafc}, 0x1c)
ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
getsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f00000000c0)=0x1, &(0x7f0000000100)=0x1)
r2 = accept(r0, &(0x7f0000000140)=@pppol2tpin6={0x18, 0x1, {0x0, <r3=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, &(0x7f00000001c0)=0x80)
ioctl$F2FS_IOC_GET_FEATURES(r1, 0x8004f50c, &(0x7f0000000200))
pwrite64(0xffffffffffffffff, &(0x7f0000000240)="40da7a9dc566ced5e8db0140bd1000d09164b01d5094a33253cfe5a488221156b2cc0267d021a7be71c9c147edfaaa95aa404363e027965c63c837746fd58d3a96fecbb50200325c9d932079fc4bcc4d761a34e891bc329ed82046965cf856671e4b7c6d33931751fe72", 0x6a, 0x6)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$INCFS_IOC_FILL_BLOCKS(r4, 0x80106720, &(0x7f00000014c0)={0x3, &(0x7f0000001440)=[{0x304ada39, 0x6b, &(0x7f00000002c0)="d18ecfdf5ba852a926710c7c4d4b0b4c438b95f7c4afdf8d23070c2a09588ed8f466503c1f8a576a90aed26f12d98f8cda46eba470477e3ef8695b2443a3bc55da2cbc9f63be44f92a25f1e1ddbc96f557ac2d56dc517b9147673b256e543842bdca50cdfd111ce0bc6c0e", 0x1, 0x1}, {0x6, 0x1000, &(0x7f0000000340)="19ad0c8ce9d21a7bacd7086d340bdf50bc67a784b6a4fa0d368ce5cf2b3da56b7e952766070575e4888f3c805bfea00fa31dec4bc0bfd9c64edd163ecccb9a3ecf2d8b4199e392e3f9cf0df9977cb3b46124364f45e1182218b6a6ebea2d267ceb0a9326f486f4a08cb29ec3f0e172cd4e154747ebc664ccc243e85356a1bb77955aaa9ee3a7bb90077ae1f8abd7b6d11e35db8ebd5cffdd8f8032b91ea83b24953535cbbdd3c8f85b8f00521380a53a9245f8ee296a17f1fd7c3b413dfa77b3c3753c7eef45ae50478c6241c13f4a78c9705ba94f532dffedd304000321a6b72a1abb14299ea4ab9dce801a4d3e29ec94ae8ae100383f522ae369b56d01fe07941b2b84d7794b564469adbce20e94ad4d92ca1bb4f00c51f06727de544b532d03bfb20c330182dc717831e47c46cebf3818ab49a93a0e931599cc7daa3cb6ed463d4095658c15c95ab4e4e92713c4038210a1ee1e622ecbcb7801783972f75079c8f30c3720e359df29b7767d4edd44cc80aec579c36c9828aec3f475bde3d99d6fbc05b9b587acbabcee7dfe97e41e57bcf00602abdf30ffdc071c8eaaa26cd31f67382c517c79d9da4c802f39dc24b55168d4a4dd195e5553e568705ffc136d265c49ec9b2974835e80dde01878b6aaa9fe81d70067372a320bd87acbaa1b06994fb652a2fc5471f950524b0f6eea43bf1280c3092cc7b2aaf98972dc171e52e4eaaa6b57a3d000fd527b8efd8dd94d7fbf9ccb55b744bf9f8ef05f9e646ed90a322ed9f9e93777e148049aeb40aada30168e5eae92ca44ad9da038b5898c8989e5a85bc61bca0023b9fb0be524b5a5013b7a9b5be0073cc08f1025437dddb08f9d8bc139dddaa2d4e5358318c2b3b7214daab0322e1ae6c5f8e2b422ba5cd9f3e7b5cbefa8f428652f1ff215cc87f68abb7cc5937cd58ad0fbba4898d5b34ce3fd89ea948fd8ff0cd69f98425e04910a6eac1a4473943080c536ae56b5c82e48775c5b987ea510f316d649e22c4a28b56e480f5167ebb86bb2d77f9b900e105447e12893906fb10c2bb6af319cc850e1270d1352808bd4a4b26efa87340320798bcf538c028856b3fc0c0a1816aa634ad314148349a04c3c3e907605b0514e8afeafe17aa6ffd121e1502fa9172ede35b4828207f8d60a7ce24c2641a26ac595443f2d025a3099c5c7eade62a11d3b146ae5e19a1946ae69d826fd0aecb9d0d18512f3e6b12571e97c721fb9f0cb707baa517bcd8acd42cab23a81d646c5736a2e80ab330fa09217aa752983e1f374843c91f0da83bd8ef5e2d95ba90313c4371f2008da5cd78a6eba22ce0d9c58c4edd21cec185f5b5000840f118f92d8cd8416a6cdfd9e53bde7f743858c9a8249dc0ef020c731a754d4e78c932cbccabae5bb28fd97fe21a7a6e9b06e64bae8ca015a498d07c38f4cb928ba61529d70e7b81a535e8fcb59652125e2a8d7abe954884d30ad6dea57db3c1b6d6b062b83d0bf94c0af3df7ccffcd1a1fa9efbc5afa4d0bd5af49b1d131dcf95c1bd9c51dc72deb06247e5b6ad05ace2d5b942ce62ad81508485ac90cda924e39c6f581f40226bed53d846a1a4401e566248be43a38906e5068ab2a71c500d9dc118328c9d6a2aa844a650502af8ace4d25c18120f689f98c2e3efe534d30b7e32ab2106b7d592d97570ca483e147f0eebe805ea814ffb1ba7be9e29997197fdf654cea4de761789355c9f3022f36360828d4434afa1a2ec7d9fb178419b5caab6540e874763092d9e0c8bb5a0c84f4daa160b3b254756280bb7a6c88f2a3613248431806cbc88a45de1cdfc29b2258c0fcc0572e7a56643498d223fbd92b57d3395ea0d932cbe5a8c92b12fb4af2136450985153393f08a3121729b038b1a499ba3afdccaf422e34683fb862dd5c93a98db8a215ffee3bfe58a40a2f0e82c9c9b48f974c5fb6a869944ae220c0d79e5852dca0e43ed53ad2598724b75682925c6cd5dc32c5374050cb0eaafb92a750088528b106fe8a252c8b433c0f7f91d6f48fc82c46b63ac9268e896e9719141a9646ccd04b7fe83f0e32715253edb96eeef8ab392f7a9912a4a12d0f5382148c9e9955175bc892b3f461e09736cde271b7de6e9ab7b4299adafbe89ba99bc32af32f47345df8b3c282b363864a4fee5d4f83a57478e974956a5b1852f7f6acc5303fe49cdcf49ee4775e3d7830c320316a508f9924b391fd32313625e1e2d06edd60d4e0eab641bc0570fad267d0327fa6910c620b38f467063a1038d156216112fd7422c8ce0a8bbb3b2bce051b0516f4fc2b288acd1942998e24fe7050336571a15f79ebd5ade655d67fa2be5ddb440a5f7d6070a4d296e9105054238470a23b4c282fd680d00def9a7cdfdbd78c036ce24a467934ea914aabe6ad0c6a4dbf3289bbae561fcb42128158954929674ee18cc7c0d2723dbe7d929d8b9654d21f9279dce672c0e8ea7a50cb9ed4535cf09d22c21fedfe7316fe5a66e247c09c3097785f8f9041aeb5c918f93ce9d953a755a53fb3b1b6264a1a8f58e6679240dc1cd0e24d88789b2e11543db1e910758c2b7c2a31833d6c3239405240a767f9295a3e94d9943ee259d62e49ba3e97ac7cd41d4848561b491b9cce2b55deebc40c200745beb7809a742280a7982a74b853aa56157bee90584f69d81bee6a2774c613b55359a2e0324edb6bb21fd89ba8079fcf4139acb7ba55af80e97bedb0704095a3b0d099afac76a80039018cd5280a5c754af5df18ae05752e53debd386a369024856045686fe9e9eeb516bc8f331673c220080e0dc735d75d63795621c8c0a0be2cacffa8ac101704b754e219e62f8c67550faba90038b589fac7317ba46576c5d3c81e77239fa142967661d99791bf5fa4a645cb0ad54452879155fdf4eaed21758b329af6347d8be1acd421002ed5c80911c7218a40d03e639034fe9c1426819385fa15f1619419d8880d8ad9b107c9d84b8ebdd9bc54bfcaf35602c2a0ab1c52a64109ddccce005576a4cd491490c57bbea82b1505cf3ad29e8fd73ae8938ff2f16f8c75cfada7504cb18b58de17a24f780d34de657f12919302a90a856773b02cf0ed73bfc6aa53504b1f3017d2a105bb098e17b3b1b9390a58ae373b07d19712c3e9a46a40a1fc58fac34f5f32bb4c0f2e5faa09780ded2567f0f4a5b8d33c0bddbbf31d0b56ff22d63265d3201d1f9d51d23f96206858dbd853bb227bb4972c907cb6efd23169d69fbd7e1048c10b4dfd08086d4a88f0a2e0af98c91a7b0efbc5110e1c569de8d1babd4bd676b5e248fd705873c61a177800a64193a7b2ae7cd1b00c05909bdd38e490ef3a36e8a081836d2cefbbfbfc1f48aaba70296758698c3c73a2d54efbb3ccaaaa1746ebcf045d6754f75b27e6bc08e4aa65e572130436445a265a0cecbcaf05636564bdc1762fdcbfae10ffe8f8b3aab4b31cab7be3b7ef8db493c9cdd02baf25dfa3b0bb06473908108ef1ff323c102c511f1860bd3ca40239335851647e1002e1921d4d86a31c380e435c8f677f6e8962158615efef60ad86742a2dc6c10ff79374fa0de8c29711a39ef4d1ecd34673fa76d0edb94dfd48e7975a69e5b0015e1898c5a976453e812c1d2510260e09f30f35cd2151b56cf2f25cff9eac3214c60c8c3a841c098d46e57aba163ef2827eeb95a361e1f1a9806f787e6ffa92e7d6cdfafdc25925d1e8c18f8a620eb488f665ff0ab0bff9a60dce3152715ef8e03b7ad0ce0d9e349711b8f55cdf50b0c1959739bb76019e539bd1833dd3bbde09137f2eef83db26c0842a65be9d20bb4c1a89e6f842bb8c213e53c8e887f6828c5bbc7cf5f70aa190ace1735dbc24d3ed4fd1fbf556fd102405d710e368a4ff8525bc179bd609e852aad27406f7e13bb8f89571840fbd1218ece6b694a841f2d74ca10464fe2323cec62d9806be2f6fcc955e072426fdd53657d74df2451d0c035e459c7c8cf74764b0f9a0d164c193e73c65ea30d76c60e9a9c2cd1a7d0ae95d6925cb81dc4fb05f756a004925069c26b97edfc84561d8fdab523b79dcec7158559e09b441b2b33040a1d8d059474e4e0a5181922952d5dcc1bbf3f86001cc32993e260b57aec80214585622f5520d91aa55f5decad3af42b46855dd2d990efc980b4d1c047372f6c762ec9ab5d4621f9cbb32dc6b558b32c615c543f782b1aa8650718779c629b810fa4ec507d0a03dfd8523d55f83461533812f6f1089ce7d0595bccbf9b364641c61fff7a07088aaeb0b2f2a9f0c4d427905df60c3a6e79f1e5d5332fa3e99d2c6fce59e8d5ceba78b694c8048b512b08259f665d6e9df94ab390ec32b6d37de47e6c94d24822e38547d5efc39c99c499ee452f235e3d196c9ce8337b67b8899f7ed1e5d82fc7873bf7face170ccb05ee6ea942d10e61593ba2e78edb108f9e9a049470d66af33e452cc6ff76d8eb0fc18d7fb41b60949ac66a2172b086f915608dfe0031e6f0bbf42ce0b485c0c1abaf47058f5ce2766d39d368f7afbd361f6282e226b1c1f1c8ce82dafaffdf61df2663fe05b9448bc38ec96b8f435902774f4559f2851ab0ba810865a2247726c3786424cc02300b0dbb7cd543073931a58cd28de0fc0c14a63153f5132cd980700369f9ed2b37e799c291afab306c5cdd26ddec47c817ef20128055695ee875fd7258fe56d950fe94763075f448aea46bf92f6b6b28aa9d62e66a72f65c03b923db558c931f1240854f56b183405211b461c12eb49d4719cca2b3a5392f4c993757fae81c79f75d4c414c4e3aa04939a768b7ef1535d7fb2abf2c1529eeb863f51c0ee3b8d2b72b2912aef48fbeeb5f361f6b8a860034af1861251d3ef9769583b18d6fa5e0d07cc75e50d50e8970d6c9025f4ba7dfb6b4e1f527dffd5dbd3d00c4963a8fe578d77722af1e1f062b1265d943e103aa3e396c78a6d28e2470b6ce82fe74e002a1ddea4e63691b2d00f75808fdc64411331915a31adac1f0423d6cec022060ca8cebee36f625b56a63f8ece63233a54a7159d15575cf6650892f793e73222bbff332879519a8cd05b183f70d27454ed3e364de6cd87dcbec7d1ff7940c266c73b5826dcc42272291825a0ae9eb4506aa27acef45f2495b7415364944bfb73aef0bb10ba287e6d4ed18e9b5a71654c0f238a1c5f2e61442c6016441dd082e4c73c3c145ee400847e0b226586378a3c600f59aa060f88eb81c48afe914649abde43d5e0bb549589896a2002502836347c5b867b8cf491efc0b4486b527bba22ca6411ff084dca6ab0ddd5bd715690710ead8b72ca3e99e84f7f13ae3e358f7fc644ec8ffd6aa1983151d86175c710eb6c7036dd2073f27feebeebca69f1e7d2336879052e91c027a8f36519fefde38d222cc55ba6101f12594cc431f40d447ecf9c644d8aac10502cf52f06ece9875b73660adb39ffacbcd443c84fc5b31e3577edee1104b422b84f51e22acca11fd1268986bc3c1b15553fc11f25d64e3d8703e91b17f80e59d89c7d0e26d1731078f52ce3bd39bf7e145bd53166c1e956d3e21e0dd280678da5cf17a6d5d61487356e71136a7a06146545b99e601bdf01bb2e8418ada07127bdf1a2e0d11aa331937f4fe09f0cf5a8277e52fd9582feaafed3f12f4a8f51d83cf3544ebff7d16c0d7f4917bcf1caa06855371c277e5f911d9c81601c9cba8695d7047275a4f7ddf082113572a14e3d91309baa137a4bc16ef9743dacc22ec3da16fb2b7bef5eab65cd9eb79957ac9095027cc4726262a5e1e5b0a4388598f20f740b7221", 0x0, 0x1}, {0x8, 0xc2, &(0x7f0000001340)="70905e8ce3b849dfa2186048a97f4942b16142bc7327b1ebefa72c79f5486a2c9e766bfc7f4fed88fa88912f1886316e5404bee12e74a20d0495cb7728555c0fd34c4e707314a138363d4311186cf4a007434b6da1161f16987a4f71c798ef2f9c793d7e6a5a4dfed02f6c5da8520c0dc507dffe4507741d1617e0833b609ac88b63f6f80cee5707e84bb9215e0e8f78f195059c09996c8f7ab63449bb5d75a1f24f1f74779ca35e089bf22df62b662b25a6075a620303bbeea2bb3358f1f0c736d7", 0x1}]})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000001500)={0x10000000})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000001540)={0x4})
setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f0000001580)=@dstopts={0x2f, 0xc, '\x00', [@calipso={0x7, 0x18, {0x2, 0x4, 0x81, 0x8, [0x1, 0x7]}}, @hao={0xc9, 0x10, @dev={0xfe, 0x80, '\x00', 0xf}}, @enc_lim={0x4, 0x1, 0xff}, @hao={0xc9, 0x10, @dev={0xfe, 0x80, '\x00', 0x14}}, @ra={0x5, 0x2, 0x2}, @ra={0x5, 0x2, 0x2}, @calipso={0x7, 0x18, {0x0, 0x4, 0x7, 0x1, [0x8, 0x4]}}]}, 0x70)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r1, &(0x7f0000001600)={0x8})
sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000001700)={&(0x7f0000001640)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000016c0)={&(0x7f0000001680)={0x40, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x4c}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x0)
setsockopt$inet6_mreq(r2, 0x29, 0x1c, &(0x7f0000001740)={@rand_addr=' \x01\x00'}, 0x14)
r5 = accept$unix(r3, 0x0, &(0x7f0000001780))
ioctl$BTRFS_IOC_BALANCE_CTL(r5, 0x40049421, 0x3)
close_range(0xffffffffffffffff, r0, 0x2)

23:36:17 executing program 5:
timer_settime(0x0, 0x1, &(0x7f0000000000)={{0x77359400}}, &(0x7f0000000040))
timer_delete(0x0)
timer_gettime(0x0, &(0x7f0000000080))
timer_create(0x3, &(0x7f00000000c0)={0x0, 0x22, 0x2}, &(0x7f0000000100)=<r0=>0x0)
clock_gettime(0x0, &(0x7f0000000140)={<r1=>0x0, <r2=>0x0})
timer_settime(r0, 0x0, &(0x7f0000000180)={{0x77359400}, {r1, r2+60000000}}, 0x0)
timer_settime(r0, 0x1, &(0x7f00000001c0)={{0x0, 0x3938700}}, &(0x7f0000000200))
timer_gettime(r0, &(0x7f0000000240))
clock_gettime(0x6, &(0x7f0000000280))
timer_create(0x6, &(0x7f0000000400)={0x0, 0xf, 0x2, @thr={&(0x7f00000002c0)="87653a90006661220cd3a2ec9a6aa8b3d6dc99325c835887154d30c6", &(0x7f0000000300)="1e3e164fb5ea204399c43daa35188e7029c3631beffdfc5e025ba9333a416ec182353cd7892d5fe53eea0c9d1a7840f270b4c25954d1bee219871f1d662bc4ba8cf887a85fab0c4f7a4df3ce78f767391a18362d3017e0052ea466edffefca06c02c2f362089de6116c3d579fdeba8897fbf1ac6023fbe6ae40fc60aff7ab1c9a5dcc34f257d4da2fef0d2049b30a5d000c3d7cef5d0e48637132096346bfd58d167b72fdba6673b1ce852f7cd03bae58e3159cd7e5e66e11fe9ca49ed72f7049627f1ea389d1ad7c4c93059dc"}}, &(0x7f0000000440)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000480)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f00000004c0))
clock_gettime(0x0, &(0x7f0000000500)={<r4=>0x0, <r5=>0x0})
timer_settime(r0, 0x0, &(0x7f0000000540)={{r4, r5+10000000}, {0x77359400}}, &(0x7f0000000580))
timer_create(0x6, &(0x7f00000005c0)={0x0, 0x6}, &(0x7f0000000600)=<r6=>0x0)
timer_getoverrun(r6)
timer_settime(r0, 0x0, &(0x7f0000000640)={{}, {0x77359400}}, &(0x7f0000000680))
timer_gettime(r6, &(0x7f00000006c0))
semtimedop(0x0, &(0x7f0000000700)=[{0x1, 0xa402}, {0x2, 0x89}, {0x4, 0x1}, {0x0, 0x4, 0x800}, {0x0, 0x5, 0x800}, {0x3, 0x5, 0x1800}, {0x3, 0x3e}], 0x7, &(0x7f0000000740))
timer_create(0x1, &(0x7f0000000780)={0x0, 0x2d, 0x1, @tid=0xffffffffffffffff}, &(0x7f00000007c0)=<r7=>0x0)
timer_gettime(r7, &(0x7f0000000800))

23:36:17 executing program 7:
chroot(&(0x7f0000000000)='./file0\x00')
mount(&(0x7f0000000040)=@md0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='binder\x00', 0x8001, &(0x7f0000000100)='\x00')
utime(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x4, 0x80000000})
r0 = openat2(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000200)={0x5a0181, 0x110, 0x6}, 0x18)
faccessat(r0, &(0x7f0000000240)='./file0\x00', 0x4)
fspick(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x7977f37e69aca1e8)
lsetxattr$trusted_overlay_origin(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340), 0x2, 0x1)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
linkat(r0, &(0x7f0000000380)='./file0\x00', r1, &(0x7f0000000400)='./file0/../file0\x00', 0x1000)
mount$cgroup(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x20, &(0x7f00000004c0)={[{@subsystem='net_cls'}, {@cpuset_v2_mode}, {@name={'name', 0x3d, 'binder\x00'}}, {@release_agent={'release_agent', 0x3d, './file0'}}], [{@appraise_type}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@smackfsdef={'smackfsdef', 0x3d, 'binder\x00'}}, {@appraise}]})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='task\x00')
statx(r2, &(0x7f0000000580)='./file0/../file0\x00', 0x4000, 0x10, &(0x7f00000005c0))
lsetxattr$security_selinux(&(0x7f00000006c0)='./file0/../file0\x00', &(0x7f0000000700), &(0x7f0000000740)='system_u:object_r:load_policy_exec_t:s0\x00', 0x28, 0x3)
r3 = openat2(r1, &(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0xa0080, 0x0, 0x8}, 0x18)
inotify_add_watch(r3, &(0x7f0000000800)='./file0/../file0\x00', 0x82)
inotify_add_watch(r2, &(0x7f0000000840)='./file0\x00', 0x8)
faccessat2(r0, &(0x7f0000000880)='./file0/../file0\x00', 0x125, 0x1200)
openat2(r2, &(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x2, 0x4c}, 0x18)
r4 = fspick(r1, &(0x7f0000000940)='./file0/file0\x00', 0x0)
read(r4, &(0x7f0000000980)=""/171, 0xab)

23:36:17 executing program 6:
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000001c0)={0x0, <r0=>0x0})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x6}}, './file0\x00'})
r2 = clone3(&(0x7f00000002c0)={0xd8025200, &(0x7f0000000000), &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0, {0xc}, &(0x7f00000000c0)=""/81, 0x51, &(0x7f0000000140)=""/97, &(0x7f0000000240)=[0xffffffffffffffff, 0x0, 0x0, r0, 0xffffffffffffffff], 0x5, {r1}}, 0x58)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r5=>r1, @in_args={0x1}}, './file0\x00'})
r6 = clone3(&(0x7f00000005c0)={0xc0202600, &(0x7f0000000380)=<r7=>0xffffffffffffffff, &(0x7f00000003c0), &(0x7f0000000400)=<r8=>0x0, {0x3}, &(0x7f0000000440)=""/118, 0x76, &(0x7f00000004c0)=""/145, &(0x7f0000000580), 0x0, {r1}}, 0x58)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc018937e, &(0x7f0000000640)={{0x1, 0x1, 0x18, <r9=>r7, @in_args={0x4}}, './file1\x00'})
lsetxattr$trusted_overlay_origin(&(0x7f0000000680)='./file1\x00', &(0x7f00000006c0), &(0x7f0000000700), 0x2, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000740), 0x40000, 0x0)
r10 = clone3(&(0x7f0000000c80)={0x80000, &(0x7f0000000980)=<r11=>0xffffffffffffffff, &(0x7f00000009c0), &(0x7f0000000a00), {0x2a}, &(0x7f0000000a40)=""/233, 0xe9, &(0x7f0000000b40)=""/205, &(0x7f0000000c40)=[r8, r2, r6, r3, r6, r8, r4], 0x7, {r9}}, 0x58)
r12 = getpgrp(r3)
r13 = dup2(r9, r1)
clone3(&(0x7f0000000d40)={0x10004000, &(0x7f0000000780), &(0x7f00000007c0), &(0x7f0000000800), {0x38}, &(0x7f0000000840)=""/56, 0x38, &(0x7f0000000880)=""/253, &(0x7f0000000d00)=[r10, r6, r12, r2, r3], 0x5, {r13}}, 0x58)
r14 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000dc0), 0xc000, 0x0)
write$binfmt_aout(r14, &(0x7f0000000e00)={{0x107, 0x1, 0x1f, 0x281, 0x29e, 0x81, 0x1bd, 0xfffffff9}, "6795b92e3a39ee2b01969ad70ff79c24a6d11b27b1f8fff9a95f5e09b7ea4243c65a529a5a1064a5fc226400662a12bb79fc1994762649c855cac6708cceef76ee7522abb3f69b926005493fa375f62b5a861669ba1637b3fe52b6f563aea6ecdb77f1f6dc1a26781ca8a3cdfd7b85b3d49367ace151d6aba85c8053fc5f0816d722713d2a37dd4aa6f8be64754475805b19c23f9cfaf610599b8b67609e22e0e635f5d797ac16d505e12831b7a1ef951fc495c77488e2d0effaab338e1e2b85eee5f4a2973b6d5da4", ['\x00', '\x00', '\x00']}, 0x3e9)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r13, 0x8008f513, &(0x7f0000001200))
r15 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001280), 0x240000, 0x0)
splice(r11, &(0x7f0000001240)=0x40000000000000, r15, &(0x7f00000012c0)=0x2, 0x80000001, 0x0)
r16 = accept(r5, 0x0, &(0x7f0000001300))
r17 = dup2(r16, r15)
mount$9p_fd(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f0000001380), 0x80000, &(0x7f0000001480)={'trans=fd,', {'rfdno', 0x3d, r17}, 0x2c, {}, 0x2c, {[{@afid={'afid', 0x3d, 0x1ff}}, {@access_user}, {@cache_fscache}, {@version_9p2000}, {@loose}, {@cache_fscache}, {@afid={'afid', 0x3d, 0x1}}, {@version_L}], [{@obj_type={'obj_type', 0x3d, 'N@'}}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@dont_hash}]}})

[   88.399863] audit: type=1400 audit(1756769777.264:7): avc:  denied  { execmem } for  pid=274 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   89.645080] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   89.647472] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   89.650713] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   89.654849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   89.658165] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   89.730065] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   89.732184] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   89.736752] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   89.738404] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   89.741933] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   89.743174] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   89.743923] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   89.746148] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   89.747995] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   89.752610] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   89.756463] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   89.760573] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   89.762976] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   89.764847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   89.768821] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   89.781556] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   89.787545] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   89.791966] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   89.801248] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   89.805313] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   89.807828] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   89.817609] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   89.818660] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   89.820821] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   89.824039] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   89.826595] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   89.829861] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   89.841580] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   89.854010] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   89.855773] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   89.859528] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   89.862473] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   89.878578] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   89.879832] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   89.888954] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   91.741448] Bluetooth: hci0: command tx timeout
[   91.803439] Bluetooth: hci2: command tx timeout
[   91.868327] Bluetooth: hci1: command tx timeout
[   91.870417] Bluetooth: hci3: command tx timeout
[   91.931426] Bluetooth: hci7: command tx timeout
[   91.932641] Bluetooth: hci6: command tx timeout
[   91.932718] Bluetooth: hci5: command tx timeout
[   91.933952] Bluetooth: hci4: command tx timeout
[   93.787859] Bluetooth: hci0: command tx timeout
[   93.852867] Bluetooth: hci2: command tx timeout
[   93.915680] Bluetooth: hci1: command tx timeout
[   93.917321] Bluetooth: hci3: command tx timeout
[   93.979433] Bluetooth: hci5: command tx timeout
[   93.980437] Bluetooth: hci6: command tx timeout
[   93.981349] Bluetooth: hci4: command tx timeout
[   93.982195] Bluetooth: hci7: command tx timeout
[   95.835439] Bluetooth: hci0: command tx timeout
[   95.901270] Bluetooth: hci2: command tx timeout
[   95.963348] Bluetooth: hci1: command tx timeout
[   95.963785] Bluetooth: hci3: command tx timeout
[   96.028115] Bluetooth: hci7: command tx timeout
[   96.028150] Bluetooth: hci6: command tx timeout
[   96.028193] Bluetooth: hci4: command tx timeout
[   96.028967] Bluetooth: hci5: command tx timeout
[   97.885337] Bluetooth: hci0: command tx timeout
[   97.947332] Bluetooth: hci2: command tx timeout
[   98.011339] Bluetooth: hci3: command tx timeout
[   98.012073] Bluetooth: hci1: command tx timeout
[   98.075415] Bluetooth: hci4: command tx timeout
[   98.076172] Bluetooth: hci7: command tx timeout
[   98.076985] Bluetooth: hci6: command tx timeout
[   98.077014] Bluetooth: hci5: command tx timeout
[  127.525856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.526859] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.833809] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.834581] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
23:36:57 executing program 1:
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010600)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d002000200020002000200020002000200020002000200000000000000000bf000000000000bf252f", 0x5a, 0x1}], 0x8000, &(0x7f00000001c0)={[], [{@uid_gt={'uid>', 0xee00}}, {@permit_directio}]})
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000007b00)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000200)={0xa, 0x4e21, 0xbc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[], 0x18}}], 0x2, 0x0)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x8, 0x2)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000007b00)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000200)={0xa, 0x4e21, 0xbc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[], 0x18}}], 0x2, 0x0)
setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000540)=0x5, 0x4)
syz_mount_image$nfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2, 0x4, &(0x7f00000003c0)=[{&(0x7f0000000240)="79a529f510b5306192dc6c73247b539261ca2ca6b44d147dd09957cf33310b250a3bc49418dafaa75b27b72ffec3612ca097f36df6636373060f2dcbf6e68e2ef1061a95aa696604f1c95ef8f4ddae827f9ad70f18f6d75126208b936697abd533e71096f76a0871200f7ce53db77b60085d80eb19bd299d201de6f0710afd4940f05ee14882e2103b6d8986ad7495c8c85fbe53b77af7e4bf19b6bc3739eac37d40f62220a6e7a055911d36aa6891f2ebeacfec20d0b8e5ff86d31161509019a23c6d00eeac5836870e48292515aa69166b6124e0e8a0ff4786b11a23d8f92def29468b4886e0deb233d85bb9b71b57645a35d2e92a75b54592", 0xfa, 0x7}, {&(0x7f00000000c0)="0221ce7824d7ec405906af952233bfe1e964dab4ebd534f8817ee0eb8225339b4605bdf6d59aaf0f153e97b49a568acd4f57", 0x32, 0x4ba}, {&(0x7f0000000140)="2cb5516ab4f8a1f60273d7bb9da964c9cafa4f8357086cc98d087f8564aa8324ad26623a3efb2d05c022bbed2a633c66e2665426c157d5a714b26839d628b3dca2f3ff8b2377ccfbc1b51a9f368ca16d3bdca4b24d7aeff9cb23b049375c3fcd10bb956e3c57f6272e", 0x69, 0x7}, {&(0x7f0000000340)="7257ad20d8df7920fd814817f54d9577190242ba88471f274d552045226d30555ddc95aeb49096ffa8c261c177de82d1b4971ace3d2b94ca646140d70f09f90eee5af7cb335a9109f32ae0aa37432ea6a4e0b2a2957214efad17ffb766b68a63aa0045caf8ca87c0bec77496b5c9742de1a54e832788a84c6d", 0x79, 0x5}], 0x0, &(0x7f0000000440)={[{'iso9660\x00'}, {'iso9660\x00'}, {}, {'iso9660\x00'}, {':'}, {'%*)r*\'\\*@^'}], [{@dont_appraise}, {@seclabel}, {@permit_directio}]})

[  128.491691] iso9660: Unknown parameter 'uid>00000000000000060928'
[  128.523719] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.524340] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
23:36:57 executing program 1:
syz_emit_vhci(0x0, 0x0)
clone(0x2010000, 0x0, &(0x7f0000000080), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x11)

23:36:57 executing program 1:
openat$cdrom(0xffffffffffffff9c, &(0x7f00000018c0), 0x101c01, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xa0103)
r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2})
syz_io_uring_complete(0x0)
ioctl$CDROM_LAST_WRITTEN(r2, 0x5395, 0x0)

[  128.760234] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.762440] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
23:36:57 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x14000, 0x0)
r0 = syz_mount_image$tmpfs(&(0x7f00000001c0), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000200)=ANY=[])
creat(&(0x7f0000000080)='./file0\x00', 0x112)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
chmod(&(0x7f0000000040)='./file0\x00', 0x18)
setuid(r1)
mknodat$loop(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)

23:36:57 executing program 1:
r0 = request_key(&(0x7f0000000040)='logon\x00', &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000000480)='logon\x00', 0x0)
r1 = add_key$keyring(&(0x7f00000004c0), &(0x7f0000000500)={'syz', 0x1}, 0x0, 0x0, r0)
r2 = add_key$keyring(0x0, &(0x7f00000003c0)={'syz', 0x3}, 0x0, 0x0, r1)
mq_notify(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x33, 0x6})
request_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='\\:{:[(^{,@!\x00', 0xfffffffffffffffc)
r3 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000240)=0xe, 0x80000)
io_cancel(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x5, r3, &(0x7f0000000180)="ecb038f47536dbc30c4705a930e158abd91b0369840d7c", 0x17, 0x0, 0x0, 0x1}, &(0x7f0000000200))
add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000340)={0x0, "441316b502153097b4e51a238d2af1dfa12bba7140b62f620a76deb730778cf6d9dad9c1f9a65a5ce56249d0edaff583de41af53fad783bce6411893399b7a90", 0x36}, 0x48, r2)
r4 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x400001, 0x40)
io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000280)=r4, 0x1)
eventfd2(0x5c, 0x0)
io_setup(0x80000000, &(0x7f0000000400)=<r5=>0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x100000001)
io_submit(r5, 0x0, &(0x7f00000016c0))
syz_usb_connect(0x3, 0x36, &(0x7f0000001700)={{0x12, 0x1, 0x110, 0xfd, 0x25, 0x6e, 0x0, 0xaf0, 0xd057, 0x9941, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x5, 0x0, 0x7, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xb3, 0xa6, 0x8b, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x3ff}}, {}]}}]}}]}}, 0x0)
io_setup(0x0, 0x0)

[  129.098082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  129.102479] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  129.152135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.153230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
23:36:58 executing program 4:
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000))
unshare(0x60000000)
unshare(0x6020400)
unshare(0x20080)
unshare(0x20000000)
unshare(0x4a000080)
unshare(0x8000800)

[  129.529661] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.530294] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
23:36:58 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
r2 = dup2(r1, r0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r4=>r2, {0x4}}, './file0\x00'})
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r5, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000007b00)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000200)={0xa, 0x4e21, 0xbc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[], 0x18}}], 0x2, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r6, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000007b00)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000200)={0xa, 0x4e21, 0xbc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[], 0x18}}], 0x2, 0x0)
poll(&(0x7f0000000100)=[{r4, 0x4700}, {r5, 0x4385}, {r0, 0x20}, {r1, 0xe102}, {r2}, {r6, 0x241a}], 0x6, 0x4fe)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000007b00)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000200)={0xa, 0x4e21, 0xbc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[], 0x18}}], 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x1, 0x0, r3, 0x0, 0x0, 0x0, 0x2, 0x1, {0x1}}, 0x0)
write$binfmt_aout(r0, &(0x7f0000000400)={{}, "930592c8c9", ['\x00']}, 0x125)

[  129.607428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  129.608527] misc raw-gadget: fail, usb_gadget_register_driver returned -16
23:36:58 executing program 1:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x400005})
pwritev2(r0, &(0x7f0000000040)=[{&(0x7f00000000c0)="46347e20466967c27e9135b06695244d20c502aab42001da8ed13c85cd5b08564b7dea3e7af20d2fadbd65debba508349b31f2ac20e9696f05bd1ef03d2040f4604128e500a69d49714d7fd5044e0fc0e3c0679cd09425e16b57386088abd0777903f3308f25c62c04126239eba69c8586240ef14b7f0b064ed768452db30e26fe520de3b8a2f9df6a9a1cb97ecc80ec58db5daee1b4b903d68867b0699a949888", 0xa1}], 0x1, 0x8001, 0xfffffffd, 0x1c)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendfile(r2, r3, 0x0, 0xa0103)

[  129.712499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.713137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.817979] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.819289] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.969309] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.969925] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.016172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.017009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.221878] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.222567] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.324529] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.325187] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.973397] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.974020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.002981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.003694] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.407880] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.408558] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.431173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.431794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
23:37:14 executing program 1:
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x6d, 0x2}, 0x7)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r1, 0x4b64, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100)=0x1)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0xcd, &(0x7f0000000000)="92f46193", 0x52)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000240)={0x2, {0x2, 0x8000, 0x1, 0x5, 0x714f, 0xf}})
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000007b00), 0x0, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r3, 0xc010f508, &(0x7f0000000140)={0x1ff})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="002e2f66696c6530005c57b0fffdd4ae7f21bc1ba6f1ae1efa6c58c4e2b120364fd1db01a730fcf366a34334e2ede5b1c64bd859da3285fdecbd30afc9a5ab678b9eb00449a9b6c838e7c470d200910337fa4b7e56188f333565349920ab3b92a97705e0a582b9f24d32697969e741db562b57db2b"])

23:37:14 executing program 2:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1c9e71af, 0x100000001}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000180), 0x400400, 0x0)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000140)=0x101)
setxattr$incfs_size(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600), 0x0, 0x0, 0x0)
mount$cgroup2(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x8000, &(0x7f00000001c0)=ANY=[@ANYBLOB="6d656d6f72795f6c6f63616c6576656e74732c6e7364656c65676174652c6e65745f7072696f2c6d656d6f72795f6c6f63616c6576656e74732c7375626a5f747970653d502c0084326b6de372bb65e28b99eb7f59bfb99c276a8b896633af9924ca6435899e64e1d1bceb5262685d6ce8f19cd887b47126af209b68a9f5984d79544e89c361168e178e161d47"])
lgetxattr(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0)=@known='user.incfs.size\x00', 0x0, 0x0)
openat(r1, &(0x7f0000000100)='./file0\x00', 0x1f3101, 0x10)

23:37:14 executing program 4:
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007b00)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000200)={0xa, 0x4e21, 0xbc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[], 0x18}}], 0x2, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000007b00)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000200)={0xa, 0x4e21, 0xbc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[], 0x18}}], 0x2, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ppoll(&(0x7f0000000140)=[{r0, 0x400}, {r0, 0x30}, {0xffffffffffffffff, 0x4000}, {r1, 0x5120}, {0xffffffffffffffff, 0x100}, {r0, 0x2000}, {r0, 0x8}, {r2, 0x215}], 0x8, &(0x7f0000000180), &(0x7f00000001c0)={[0x7fffffff]}, 0x8)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r3 = creat(&(0x7f0000000000)='./file1\x00', 0x0)
r4 = timerfd_create(0x0, 0x0)
openat(r0, &(0x7f0000000040)='./file1\x00', 0x400, 0x40)
timerfd_settime(r4, 0x3, &(0x7f0000000080)={{}, {0x0, 0x989680}}, 0x0)
timerfd_gettime(r4, 0x0)
dup(0xffffffffffffffff)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

23:37:14 executing program 3:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd", 0xfe1e)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x148)
truncate(&(0x7f0000000100)='./file0\x00', 0x8)
fcntl$setstatus(r0, 0x4, 0x44000)
sendfile(r0, r1, 0x0, 0xfdef)

23:37:14 executing program 7:
chroot(&(0x7f0000000000)='./file0\x00')
mount(&(0x7f0000000040)=@md0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='binder\x00', 0x8001, &(0x7f0000000100)='\x00')
utime(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x4, 0x80000000})
r0 = openat2(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000200)={0x5a0181, 0x110, 0x6}, 0x18)
faccessat(r0, &(0x7f0000000240)='./file0\x00', 0x4)
fspick(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x7977f37e69aca1e8)
lsetxattr$trusted_overlay_origin(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340), 0x2, 0x1)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
linkat(r0, &(0x7f0000000380)='./file0\x00', r1, &(0x7f0000000400)='./file0/../file0\x00', 0x1000)
mount$cgroup(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x20, &(0x7f00000004c0)={[{@subsystem='net_cls'}, {@cpuset_v2_mode}, {@name={'name', 0x3d, 'binder\x00'}}, {@release_agent={'release_agent', 0x3d, './file0'}}], [{@appraise_type}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@smackfsdef={'smackfsdef', 0x3d, 'binder\x00'}}, {@appraise}]})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='task\x00')
statx(r2, &(0x7f0000000580)='./file0/../file0\x00', 0x4000, 0x10, &(0x7f00000005c0))
lsetxattr$security_selinux(&(0x7f00000006c0)='./file0/../file0\x00', &(0x7f0000000700), &(0x7f0000000740)='system_u:object_r:load_policy_exec_t:s0\x00', 0x28, 0x3)
r3 = openat2(r1, &(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0xa0080, 0x0, 0x8}, 0x18)
inotify_add_watch(r3, &(0x7f0000000800)='./file0/../file0\x00', 0x82)
inotify_add_watch(r2, &(0x7f0000000840)='./file0\x00', 0x8)
faccessat2(r0, &(0x7f0000000880)='./file0/../file0\x00', 0x125, 0x1200)
openat2(r2, &(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x2, 0x4c}, 0x18)
r4 = fspick(r1, &(0x7f0000000940)='./file0/file0\x00', 0x0)
read(r4, &(0x7f0000000980)=""/171, 0xab)

23:37:14 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r0, 0x0, 0x1, &(0x7f0000000100)=""/219, &(0x7f0000000000)=0xdb)

23:37:14 executing program 5:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, @perf_bp={&(0x7f00000000c0), 0xa}, 0x0, 0x0, 0x4, 0x0, 0x20, 0xe}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0)
close_range(r0, r0, 0x0)
io_setup(0x8, &(0x7f0000000080))
io_setup(0x5, &(0x7f0000000100)=<r1=>0x0)
io_getevents(r1, 0x6, 0x4, &(0x7f0000000140)=[{}, {}, {}, {}], &(0x7f00000001c0)={0x77359400})

23:37:14 executing program 7:
chroot(&(0x7f0000000000)='./file0\x00')
mount(&(0x7f0000000040)=@md0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='binder\x00', 0x8001, &(0x7f0000000100)='\x00')
utime(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x4, 0x80000000})
r0 = openat2(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000200)={0x5a0181, 0x110, 0x6}, 0x18)
faccessat(r0, &(0x7f0000000240)='./file0\x00', 0x4)
fspick(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x7977f37e69aca1e8)
lsetxattr$trusted_overlay_origin(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340), 0x2, 0x1)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
linkat(r0, &(0x7f0000000380)='./file0\x00', r1, &(0x7f0000000400)='./file0/../file0\x00', 0x1000)
mount$cgroup(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x20, &(0x7f00000004c0)={[{@subsystem='net_cls'}, {@cpuset_v2_mode}, {@name={'name', 0x3d, 'binder\x00'}}, {@release_agent={'release_agent', 0x3d, './file0'}}], [{@appraise_type}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@smackfsdef={'smackfsdef', 0x3d, 'binder\x00'}}, {@appraise}]})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='task\x00')
statx(r2, &(0x7f0000000580)='./file0/../file0\x00', 0x4000, 0x10, &(0x7f00000005c0))
lsetxattr$security_selinux(&(0x7f00000006c0)='./file0/../file0\x00', &(0x7f0000000700), &(0x7f0000000740)='system_u:object_r:load_policy_exec_t:s0\x00', 0x28, 0x3)
r3 = openat2(r1, &(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0xa0080, 0x0, 0x8}, 0x18)
inotify_add_watch(r3, &(0x7f0000000800)='./file0/../file0\x00', 0x82)
inotify_add_watch(r2, &(0x7f0000000840)='./file0\x00', 0x8)
faccessat2(r0, &(0x7f0000000880)='./file0/../file0\x00', 0x125, 0x1200)
openat2(r2, &(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x2, 0x4c}, 0x18)
r4 = fspick(r1, &(0x7f0000000940)='./file0/file0\x00', 0x0)
read(r4, &(0x7f0000000980)=""/171, 0xab)

23:37:14 executing program 3:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd", 0xfe1e)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x148)
truncate(&(0x7f0000000100)='./file0\x00', 0x8)
fcntl$setstatus(r0, 0x4, 0x44000)
sendfile(r0, r1, 0x0, 0xfdef)

[  145.784621] audit: type=1400 audit(1756769834.646:8): avc:  denied  { open } for  pid=3949 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  145.798232] audit: type=1400 audit(1756769834.647:9): avc:  denied  { kernel } for  pid=3949 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
23:37:14 executing program 7:
chroot(&(0x7f0000000000)='./file0\x00')
mount(&(0x7f0000000040)=@md0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='binder\x00', 0x8001, &(0x7f0000000100)='\x00')
utime(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x4, 0x80000000})
r0 = openat2(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000200)={0x5a0181, 0x110, 0x6}, 0x18)
faccessat(r0, &(0x7f0000000240)='./file0\x00', 0x4)
fspick(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x7977f37e69aca1e8)
lsetxattr$trusted_overlay_origin(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340), 0x2, 0x1)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
linkat(r0, &(0x7f0000000380)='./file0\x00', r1, &(0x7f0000000400)='./file0/../file0\x00', 0x1000)
mount$cgroup(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x20, &(0x7f00000004c0)={[{@subsystem='net_cls'}, {@cpuset_v2_mode}, {@name={'name', 0x3d, 'binder\x00'}}, {@release_agent={'release_agent', 0x3d, './file0'}}], [{@appraise_type}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@smackfsdef={'smackfsdef', 0x3d, 'binder\x00'}}, {@appraise}]})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='task\x00')
statx(r2, &(0x7f0000000580)='./file0/../file0\x00', 0x4000, 0x10, &(0x7f00000005c0))
lsetxattr$security_selinux(&(0x7f00000006c0)='./file0/../file0\x00', &(0x7f0000000700), &(0x7f0000000740)='system_u:object_r:load_policy_exec_t:s0\x00', 0x28, 0x3)
r3 = openat2(r1, &(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0xa0080, 0x0, 0x8}, 0x18)
inotify_add_watch(r3, &(0x7f0000000800)='./file0/../file0\x00', 0x82)
inotify_add_watch(r2, &(0x7f0000000840)='./file0\x00', 0x8)
faccessat2(r0, &(0x7f0000000880)='./file0/../file0\x00', 0x125, 0x1200)
openat2(r2, &(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x2, 0x4c}, 0x18)
r4 = fspick(r1, &(0x7f0000000940)='./file0/file0\x00', 0x0)
read(r4, &(0x7f0000000980)=""/171, 0xab)

[  145.813829] audit: type=1400 audit(1756769834.647:10): avc:  denied  { open } for  pid=3950 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
23:37:14 executing program 4:
r0 = socket$inet6(0xa, 0x4, 0x5)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r0, 0x8983, &(0x7f0000000380))
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
memfd_create(0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r3, 0xb341daa0822653b3, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
r4 = pidfd_getfd(0xffffffffffffffff, r1, 0x0)
fstat(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
sendmsg$NL80211_CMD_RADAR_DETECT(r4, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="c4aced8044b6c6f2df255e00000008000300", @ANYRES32=0x0, @ANYBLOB="0500190109000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4048004)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, r2, {<r6=>0x0, 0xee01}}, './file0\x00'})
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x1002082, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_any}, {@cachetag={'cachetag', 0x3d, 'ethtool\x00'}}, {@access_any}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@dfltuid={'dfltuid', 0x3d, r6}}, {@cache_mmap}, {@cache_mmap}], [{@dont_measure}, {@pcr={'pcr', 0x3d, 0x2b}}]}})

[  145.813982] audit: type=1400 audit(1756769834.647:11): avc:  denied  { kernel } for  pid=3950 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  145.814125] audit: type=1400 audit(1756769834.670:12): avc:  denied  { write } for  pid=3949 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
23:37:14 executing program 2:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
ftruncate(r0, 0x100000001)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x10b000, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0xffff, 0x8, 0xe00400})

23:37:14 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0xe, 0x80800)
ioctl$sock_ifreq(r1, 0x8937, &(0x7f0000000280)={'wlan1\x00', @ifru_settings={0x0, 0x0, @fr=0x0}})
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000000c0)=0x14)

23:37:14 executing program 5:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, @perf_bp={&(0x7f00000000c0), 0xa}, 0x0, 0x0, 0x4, 0x0, 0x20, 0xe}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0)
close_range(r0, r0, 0x0)
io_setup(0x8, &(0x7f0000000080))
io_setup(0x5, &(0x7f0000000100)=<r1=>0x0)
io_getevents(r1, 0x6, 0x4, &(0x7f0000000140)=[{}, {}, {}, {}], &(0x7f00000001c0)={0x77359400})

[  146.007398] kmemleak: Found object by alias at 0x607f1a63e134
[  146.007430] CPU: 1 UID: 0 PID: 3965 Comm: syz-executor.7 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  146.007466] Tainted: [W]=WARN
[  146.007473] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  146.007487] Call Trace:
[  146.007494]  <TASK>
[  146.007510]  dump_stack_lvl+0xca/0x120
[  146.007559]  __lookup_object+0x94/0xb0
[  146.007592]  delete_object_full+0x27/0x70
[  146.007626]  free_percpu+0x30/0x1160
[  146.007658]  ? arch_uprobe_clear_state+0x16/0x140
[  146.007698]  futex_hash_free+0x38/0xc0
[  146.007726]  mmput+0x2d3/0x390
[  146.007763]  do_exit+0x79d/0x2970
[  146.007791]  ? signal_wake_up_state+0x85/0x120
[  146.007824]  ? zap_other_threads+0x2b9/0x3a0
[  146.007856]  ? __pfx_do_exit+0x10/0x10
[  146.007883]  ? do_group_exit+0x1c3/0x2a0
[  146.007911]  ? lock_release+0xc8/0x290
[  146.007944]  do_group_exit+0xd3/0x2a0
[  146.007974]  __x64_sys_exit_group+0x3e/0x50
[  146.008003]  x64_sys_call+0x18c5/0x18d0
[  146.008034]  do_syscall_64+0xbf/0x360
[  146.008059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.008083] RIP: 0033:0x7f20e6d3eb19
[  146.008110] Code: Unable to access opcode bytes at 0x7f20e6d3eaef.
[  146.008121] RSP: 002b:00007ffd54d8ec28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  146.008144] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f20e6d3eb19
[  146.008159] RDX: 00007f20e6cf172b RSI: ffffffffffffffbc RDI: 0000000000000000
[  146.008174] RBP: 0000000000000000 R08: 0000001b2d32793c R09: 0000000000000000
[  146.008188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  146.008201] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd54d8ed10
[  146.008232]  </TASK>
[  146.008240] kmemleak: Object (percpu) 0x607f1a63e130 (size 8):
[  146.008254] kmemleak:   comm "syz-executor.5", pid 3976, jiffies 4294812859
[  146.008267] kmemleak:   min_count = 1
[  146.008276] kmemleak:   count = 0
[  146.008283] kmemleak:   flags = 0x21
[  146.008291] kmemleak:   checksum = 0
[  146.008298] kmemleak:   backtrace:
[  146.008305]  pcpu_alloc_noprof+0x87a/0x1170
[  146.008336]  percpu_ref_init+0x37/0x400
[  146.008356]  ioctx_alloc+0x27f/0x1e10
[  146.008381]  __x64_sys_io_setup+0xc8/0x1f0
[  146.008406]  do_syscall_64+0xbf/0x360
[  146.008425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
23:37:23 executing program 1:
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x6d, 0x2}, 0x7)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r1, 0x4b64, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100)=0x1)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0xcd, &(0x7f0000000000)="92f46193", 0x52)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000240)={0x2, {0x2, 0x8000, 0x1, 0x5, 0x714f, 0xf}})
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000007b00), 0x0, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r3, 0xc010f508, &(0x7f0000000140)={0x1ff})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="002e2f66696c6530005c57b0fffdd4ae7f21bc1ba6f1ae1efa6c58c4e2b120364fd1db01a730fcf366a34334e2ede5b1c64bd859da3285fdecbd30afc9a5ab678b9eb00449a9b6c838e7c470d200910337fa4b7e56188f333565349920ab3b92a97705e0a582b9f24d32697969e741db562b57db2b"])

23:37:23 executing program 4:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x0, &(0x7f0000000080)})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000140)={0x6, &(0x7f0000000080)=[{0x5, 0x80, 0x7c, 0x100}, {0x400, 0x2, 0x81, 0x9}, {0x110, 0x5, 0x80, 0x9}, {0x18e8, 0x5, 0x4, 0xfffffff7}, {0xa6c0, 0x5, 0x1, 0x7}, {0x1, 0x0, 0x0, 0x3}]})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40082104, &(0x7f0000000000))

23:37:23 executing program 5:
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000000006c000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000127372219234c15a6cc25c526b2498835e61f26c625d46172d330cf567d8e58f8a8c4d54c1ebf7600b4f685617f70613d85436053f8107538ba05f27e55a69fc73ffd704aa5b6d052a3375a124f654d757ab7a02781aff94a4e3d497c1eb16cb2a89e321234f7c86a03d7e034ae1a891b5c7c96c265fa1b5858bf3c15f667f01fc47712a452b78e54183e7c8"], 0xf8}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000006c0)={0x28, r2, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_RULES={0xc, 0x22, 0x0, 0x1, [{0x3}, {0x4}]}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}]}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x98, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_P2P_OPPPS={0x5}, @crypto_settings=[@NL80211_ATTR_AKM_SUITES={0x14, 0x4c, [0xfac0c, 0xfac01, 0xfac07, 0xfac05]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x4}, @NL80211_ATTR_WPA_VERSIONS={0x8}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x10, 0x49, [0xfac0d, 0x9, 0xfac09]}, @NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x18, 0x49, [0x0, 0xfac09, 0xfac0c, 0xfac02, 0xfac08]}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}], @NL80211_ATTR_P2P_OPPPS={0x5}, @NL80211_ATTR_SSID={0x1a, 0x34, @random="80b4fda080c71557ca390745a2c3fd8e5b961a175ebb"}]}, 0x98}, 0x1, 0x0, 0x0, 0x20000010}, 0x4)

23:37:23 executing program 3:
syz_emit_vhci(&(0x7f0000000700)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x6}, @hci_rp_read_local_pairing_opts={{0x20}, {0x0, 0x3f, 0x7f}}}}, 0x9)
syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x10}, @l2cap_cid_signaling={{0xc}, [@l2cap_conn_rsp={{0x3, 0x6, 0x8}, {0x8, 0x4, 0x7, 0xffff}}]}}, 0x15)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f0a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

23:37:23 executing program 2:
syz_mount_image$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setuid(r0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000000c0)={{{@in6=@private0, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@local}, 0x0, @in6=@loopback}}, &(0x7f00000001c0)=0xe8)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x1100)
setuid(r2)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000200)=<r3=>0x0)
getgroups(0x1, &(0x7f0000000280)=[<r4=>0xffffffffffffffff])
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f0000000380)={{}, {0x1, 0x1}, [{0x2, 0x1, 0xffffffffffffffff}, {0x2, 0x2, r0}, {0x2, 0x7, r1}, {0x2, 0x2, r2}, {0x2, 0x2, r3}, {0x2, 0x2, 0xffffffffffffffff}], {0x4, 0x1}, [{0x8, 0x4, r4}, {0x8, 0x7, 0xee00}], {0x10, 0x3}}, 0x64, 0x1)
lsetxattr$system_posix_acl(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='system.posix_acl_access\x00', &(0x7f00000049c0)=ANY=[@ANYBLOB="020000002000000000000000040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="100006000040000020"], 0x2c, 0x0)

23:37:23 executing program 6:
getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x0, [0xffffffc1, 0x5, 0x7]}, &(0x7f0000000100)=0x44)
r0 = socket$packet(0x11, 0x3, 0x300)
sendmmsg$sock(r0, &(0x7f0000000600)=[{{&(0x7f0000000200)=@phonet={0x23, 0x0, 0x2, 0x5}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000300)="e557ce3bd6d952e732a1369d88a8", 0xe}], 0x1}}], 0x1, 0x0)
bind$packet(r0, &(0x7f0000000000)={0x11, 0x2, 0x0, 0x1, 0x3, 0x6, @random="5f820c1b0601"}, 0x14)

23:37:23 executing program 7:
chroot(&(0x7f0000000000)='./file0\x00')
mount(&(0x7f0000000040)=@md0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='binder\x00', 0x8001, &(0x7f0000000100)='\x00')
utime(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x4, 0x80000000})
r0 = openat2(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000200)={0x5a0181, 0x110, 0x6}, 0x18)
faccessat(r0, &(0x7f0000000240)='./file0\x00', 0x4)
fspick(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x7977f37e69aca1e8)
lsetxattr$trusted_overlay_origin(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340), 0x2, 0x1)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
linkat(r0, &(0x7f0000000380)='./file0\x00', r1, &(0x7f0000000400)='./file0/../file0\x00', 0x1000)
mount$cgroup(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x20, &(0x7f00000004c0)={[{@subsystem='net_cls'}, {@cpuset_v2_mode}, {@name={'name', 0x3d, 'binder\x00'}}, {@release_agent={'release_agent', 0x3d, './file0'}}], [{@appraise_type}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@smackfsdef={'smackfsdef', 0x3d, 'binder\x00'}}, {@appraise}]})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='task\x00')
statx(r2, &(0x7f0000000580)='./file0/../file0\x00', 0x4000, 0x10, &(0x7f00000005c0))
lsetxattr$security_selinux(&(0x7f00000006c0)='./file0/../file0\x00', &(0x7f0000000700), &(0x7f0000000740)='system_u:object_r:load_policy_exec_t:s0\x00', 0x28, 0x3)
r3 = openat2(r1, &(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0xa0080, 0x0, 0x8}, 0x18)
inotify_add_watch(r3, &(0x7f0000000800)='./file0/../file0\x00', 0x82)
inotify_add_watch(r2, &(0x7f0000000840)='./file0\x00', 0x8)
faccessat2(r0, &(0x7f0000000880)='./file0/../file0\x00', 0x125, 0x1200)
openat2(r2, &(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x2, 0x4c}, 0x18)
fspick(r1, &(0x7f0000000940)='./file0/file0\x00', 0x0)

23:37:23 executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0100001a0001000000000000000000fc000000000000000000000000000000ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000002b000000fc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000004c0014007368613235362d67656e6572696300000000000000000000000000000000000000000000000000000000000000000000003bd34538bd086d3d000000ec000000a6670b639618d8ae00"/236], 0x13c}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000140)={'gretap0\x00', &(0x7f0000000100)={'syztnl1\x00', <r2=>0x0, 0x8000, 0x40, 0x9, 0x1ff, {{0x6, 0x4, 0x2, 0x2, 0x18, 0x68, 0x0, 0x0, 0x4, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x3d}, {[@end]}}}}})
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000940)={0x344, 0x0, 0x94df2158d2a2238e, 0x70bd29, 0x25dfdbfd, {}, [{{0x8}, {0x188, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}]}}, {{0x8, 0x1, r2}, {0x198, 0x2, 0x0, 0x1, [{0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x0, 0x5b, 0x5, 0x4}, {0x6, 0x4e, 0xdf, 0x9}, {0x3, 0xff, 0x5, 0x2}, {0x1ff, 0x8, 0x5e, 0x401}, {0xc6, 0x0, 0x5, 0x7}, {0xffff, 0x2, 0x0, 0x80000001}, {0x2, 0x60, 0x40, 0x7}, {0x3ff, 0x5, 0x40, 0x9}]}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}]}, 0x344}, 0x1, 0x0, 0x0, 0x40090}, 0x20004000)

[  154.912173] Bluetooth: Unexpected continuation frame (len 16)
[  154.922622] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.0'.
[  154.932633] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.0'.
23:37:23 executing program 4:
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x6d, 0x2}, 0x7)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r1, 0x4b64, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100)=0x1)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0xcd, &(0x7f0000000000)="92f46193", 0x52)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000240)={0x2, {0x2, 0x8000, 0x1, 0x5, 0x714f, 0xf}})
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000007b00), 0x0, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r3, 0xc010f508, &(0x7f0000000140)={0x1ff})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="002e2f66696c6530005c57b0fffdd4ae7f21bc1ba6f1ae1efa6c58c4e2b120364fd1db01a730fcf366a34334e2ede5b1c64bd859da3285fdecbd30afc9a5ab678b9eb00449a9b6c838e7c470d200910337fa4b7e56188f333565349920ab3b92a97705e0a582b9f24d32697969e741db562b57db2b"])

[  154.939879] kmemleak: Found object by alias at 0x607f1a63e134
[  154.939895] CPU: 0 UID: 0 PID: 3996 Comm: syz-executor.7 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  154.939914] Tainted: [W]=WARN
[  154.939919] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  154.939926] Call Trace:
[  154.939931]  <TASK>
[  154.939936]  dump_stack_lvl+0xca/0x120
[  154.939968]  __lookup_object+0x94/0xb0
[  154.939986]  delete_object_full+0x27/0x70
[  154.940003]  free_percpu+0x30/0x1160
[  154.940021]  ? arch_uprobe_clear_state+0x16/0x140
[  154.940041]  futex_hash_free+0x38/0xc0
[  154.940056]  mmput+0x2d3/0x390
[  154.940076]  do_exit+0x79d/0x2970
[  154.940105]  ? __pfx_do_exit+0x10/0x10
[  154.940120]  ? find_held_lock+0x2b/0x80
[  154.940139]  ? get_signal+0x835/0x2340
[  154.940159]  do_group_exit+0xd3/0x2a0
[  154.940175]  get_signal+0x2315/0x2340
[  154.940193]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  154.940211]  ? __pfx_get_signal+0x10/0x10
[  154.940228]  ? __schedule+0xe91/0x3590
[  154.940253]  arch_do_signal_or_restart+0x80/0x790
[  154.940272]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  154.940289]  ? __x64_sys_futex+0x1c9/0x4d0
[  154.940302]  ? __x64_sys_futex+0x1d2/0x4d0
[  154.940315]  ? user_path_at+0x75/0x90
[  154.940328]  ? __pfx___x64_sys_futex+0x10/0x10
[  154.940341]  ? __x64_sys_fspick+0x1dd/0x380
[  154.940360]  exit_to_user_mode_loop+0x8b/0x110
[  154.940374]  do_syscall_64+0x2f7/0x360
[  154.940387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.940400] RIP: 0033:0x7f20e6d3eb19
[  154.940409] Code: Unable to access opcode bytes at 0x7f20e6d3eaef.
[  154.940414] RSP: 002b:00007f20e42b4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  154.940426] RAX: 0000000000000001 RBX: 00007f20e6e51f68 RCX: 00007f20e6d3eb19
[  154.940434] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f20e6e51f6c
[  154.940442] RBP: 00007f20e6e51f60 R08: 0000000000000014 R09: 0000000000000000
[  154.940449] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f20e6e51f6c
[  154.940457] R13: 00007ffd54d8e9ff R14: 00007f20e42b4300 R15: 0000000000022000
[  154.940473]  </TASK>
[  154.940477] kmemleak: Object (percpu) 0x607f1a63e130 (size 8):
[  154.940484] kmemleak:   comm "syz-executor.1", pid 4007, jiffies 4294821776
[  154.940491] kmemleak:   min_count = 1
[  154.940495] kmemleak:   count = 0
[  154.940499] kmemleak:   flags = 0x21
[  154.940503] kmemleak:   checksum = 0
[  154.940507] kmemleak:   backtrace:
[  154.940511]  pcpu_alloc_noprof+0x87a/0x1170
[  154.940526]  perf_trace_event_init+0x366/0xa10
[  154.940540]  perf_trace_init+0x1a4/0x2f0
[  154.940553]  perf_tp_event_init+0xa6/0x120
[  154.940569]  perf_try_init_event+0x140/0x9f0
[  154.940583]  perf_event_alloc.part.0+0x118e/0x45f0
[  154.940600]  __do_sys_perf_event_open+0x719/0x2c20
[  154.940613]  do_syscall_64+0xbf/0x360
[  154.940623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.970124] kmemleak: Found object by alias at 0x607f1a63e9cc
[  154.970137] CPU: 0 UID: 16877 PID: 3999 Comm: syz-executor.2 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  154.970155] Tainted: [W]=WARN
[  154.970159] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  154.970165] Call Trace:
[  154.970169]  <TASK>
[  154.970173]  dump_stack_lvl+0xca/0x120
[  154.970192]  __lookup_object+0x94/0xb0
[  154.970208]  delete_object_full+0x27/0x70
[  154.970225]  free_percpu+0x30/0x1160
[  154.970240]  ? arch_uprobe_clear_state+0x16/0x140
[  154.970265]  futex_hash_free+0x38/0xc0
[  154.970278]  mmput+0x2d3/0x390
[  154.970296]  do_exit+0x79d/0x2970
[  154.970314]  ? __pfx_do_exit+0x10/0x10
[  154.970329]  ? find_held_lock+0x2b/0x80
[  154.970346]  ? get_signal+0x835/0x2340
[  154.970365]  do_group_exit+0xd3/0x2a0
[  154.970381]  get_signal+0x2315/0x2340
[  154.970397]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  154.970411]  ? __call_rcu_common.constprop.0+0x4c1/0x960
[  154.970430]  ? __pfx_get_signal+0x10/0x10
[  154.970447]  ? __schedule+0xe91/0x3590
[  154.970467]  arch_do_signal_or_restart+0x80/0x790
[  154.970484]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  154.970501]  ? __x64_sys_futex+0x1c9/0x4d0
[  154.970514]  ? __x64_sys_futex+0x1d2/0x4d0
[  154.970527]  ? __fget_files+0x20d/0x3b0
[  154.970541]  ? __pfx___x64_sys_futex+0x10/0x10
[  154.970555]  ? xfd_validate_state+0x55/0x180
[  154.970577]  exit_to_user_mode_loop+0x8b/0x110
[  154.970589]  do_syscall_64+0x2f7/0x360
[  154.970601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.970613] RIP: 0033:0x7ff580336b19
[  154.970622] Code: Unable to access opcode bytes at 0x7ff580336aef.
[  154.970627] RSP: 002b:00007ff57d88b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  154.970638] RAX: 0000000000000001 RBX: 00007ff58044a028 RCX: 00007ff580336b19
[  154.970646] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff58044a02c
[  154.970653] RBP: 00007ff58044a020 R08: 0000000000000016 R09: 0000000000000000
[  154.970660] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007ff58044a02c
[  154.970668] R13: 00007ffd3a86219f R14: 00007ff57d88b300 R15: 0000000000022000
[  154.970684]  </TASK>
[  154.970688] kmemleak: Object (percpu) 0x607f1a63e9c8 (size 8):
[  154.970694] kmemleak:   comm "syz-executor.3", pid 4004, jiffies 4294821780
[  154.970702] kmemleak:   min_count = 1
[  154.970706] kmemleak:   count = 0
[  154.970709] kmemleak:   flags = 0x21
[  154.970713] kmemleak:   checksum = 0
[  154.970717] kmemleak:   backtrace:
[  154.970720]  pcpu_alloc_noprof+0x87a/0x1170
[  154.970736]  alloc_vfsmnt+0x135/0x6e0
[  154.970749]  vfs_create_mount.part.0+0x40/0x440
[  154.970765]  fc_mount_longterm+0x126/0x160
[  154.970780]  mq_init_ns+0x42e/0x630
[  154.970791]  copy_ipcs+0x38d/0x630
[  154.970801]  create_new_namespaces+0x210/0xab0
[  154.970818]  copy_namespaces+0x45c/0x580
[  154.970833]  copy_process+0x2649/0x73c0
[  154.970844]  kernel_clone+0xea/0x7f0
[  154.970854]  __do_sys_clone+0xce/0x120
[  154.970865]  do_syscall_64+0xbf/0x360
[  154.970874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.024717] Bluetooth: Unexpected continuation frame (len 16)
23:37:23 executing program 7:
chroot(&(0x7f0000000000)='./file0\x00')
mount(&(0x7f0000000040)=@md0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='binder\x00', 0x8001, &(0x7f0000000100)='\x00')
utime(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x4, 0x80000000})
r0 = openat2(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000200)={0x5a0181, 0x110, 0x6}, 0x18)
faccessat(r0, &(0x7f0000000240)='./file0\x00', 0x4)
fspick(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x7977f37e69aca1e8)
lsetxattr$trusted_overlay_origin(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340), 0x2, 0x1)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
linkat(r0, &(0x7f0000000380)='./file0\x00', r1, &(0x7f0000000400)='./file0/../file0\x00', 0x1000)
mount$cgroup(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x20, &(0x7f00000004c0)={[{@subsystem='net_cls'}, {@cpuset_v2_mode}, {@name={'name', 0x3d, 'binder\x00'}}, {@release_agent={'release_agent', 0x3d, './file0'}}], [{@appraise_type}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@smackfsdef={'smackfsdef', 0x3d, 'binder\x00'}}, {@appraise}]})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='task\x00')
statx(r2, &(0x7f0000000580)='./file0/../file0\x00', 0x4000, 0x10, &(0x7f00000005c0))
lsetxattr$security_selinux(&(0x7f00000006c0)='./file0/../file0\x00', &(0x7f0000000700), &(0x7f0000000740)='system_u:object_r:load_policy_exec_t:s0\x00', 0x28, 0x3)
r3 = openat2(r1, &(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0xa0080, 0x0, 0x8}, 0x18)
inotify_add_watch(r3, &(0x7f0000000800)='./file0/../file0\x00', 0x82)
inotify_add_watch(r2, &(0x7f0000000840)='./file0\x00', 0x8)
faccessat2(r0, &(0x7f0000000880)='./file0/../file0\x00', 0x125, 0x1200)
openat2(r2, &(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x2, 0x4c}, 0x18)

23:37:23 executing program 0:
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x6d, 0x2}, 0x7)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r1, 0x4b64, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100)=0x1)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0xcd, &(0x7f0000000000)="92f46193", 0x52)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000240)={0x2, {0x2, 0x8000, 0x1, 0x5, 0x714f, 0xf}})
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000007b00), 0x0, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r3, 0xc010f508, &(0x7f0000000140)={0x1ff})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="002e2f66696c6530005c57b0fffdd4ae7f21bc1ba6f1ae1efa6c58c4e2b120364fd1db01a730fcf366a34334e2ede5b1c64bd859da3285fdecbd30afc9a5ab678b9eb00449a9b6c838e7c470d200910337fa4b7e56188f333565349920ab3b92a97705e0a582b9f24d32697969e741db562b57db2b"])

23:37:23 executing program 2:
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x6d, 0x2}, 0x7)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r1, 0x4b64, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100)=0x1)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0xcd, &(0x7f0000000000)="92f46193", 0x52)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000240)={0x2, {0x2, 0x8000, 0x1, 0x5, 0x714f, 0xf}})
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000007b00), 0x0, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r3, 0xc010f508, &(0x7f0000000140)={0x1ff})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="002e2f66696c6530005c57b0fffdd4ae7f21bc1ba6f1ae1efa6c58c4e2b120364fd1db01a730fcf366a34334e2ede5b1c64bd859da3285fdecbd30afc9a5ab678b9eb00449a9b6c838e7c470d200910337fa4b7e56188f333565349920ab3b92a97705e0a582b9f24d32697969e741db562b57db2b"])

[  155.040597] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[  155.041498] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  155.042108] CPU: 0 UID: 0 PID: 4013 Comm: syz-executor.3 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  155.043068] Tainted: [W]=WARN
[  155.043322] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  155.044347] RIP: 0010:perf_tp_event+0x175/0xe70
[  155.045132] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  155.049593] RSP: 0018:ffff88800f267780 EFLAGS: 00010012
[  155.050743] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000261c000
[  155.052359] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  155.053297] RBP: ffff88800f2679f0 R08: ffff88806ce31340 R09: ffffe8ffffc16130
[  155.053873] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  155.054446] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  155.055022] FS:  00007f79d0ee7700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  155.055668] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  155.056145] CR2: 00007fabc1eacd58 CR3: 000000000ca84000 CR4: 0000000000350ef0
[  155.056722] Call Trace:
[  155.056935]  <TASK>
[  155.057120]  ? lock_acquire+0x15e/0x2f0
[  155.057450]  ? __pfx_perf_tp_event+0x10/0x10
[  155.057813]  ? __is_insn_slot_addr+0x140/0x290
[  155.058196]  ? kernel_text_address+0x5b/0xc0
[  155.058560]  ? __kernel_text_address+0xd/0x40
[  155.058931]  ? __lock_acquire+0x694/0x1b70
[  155.059278]  ? __lock_acquire+0x694/0x1b70
[  155.059625]  ? select_task_rq_fair+0x48c/0x38b0
[  155.060006]  ? perf_trace_run_bpf_submit+0xef/0x180
[  155.060425]  ? find_held_lock+0x2b/0x80
[  155.060763]  perf_trace_run_bpf_submit+0xef/0x180
[  155.061165]  perf_trace_preemptirq_template+0x259/0x430
[  155.061602]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  155.062079]  ? __pfx___smp_call_single_queue+0x10/0x10
[  155.062517]  ? find_held_lock+0x2b/0x80
[  155.062853]  ? try_to_wake_up+0x8ae/0x11d0
[  155.063212]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  155.063631]  trace_irq_enable.constprop.0+0xa6/0x100
[  155.064044]  trace_hardirqs_on+0x26/0x40
[  155.064382]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  155.064789]  try_to_wake_up+0x8ae/0x11d0
[  155.065130]  ? __pfx_try_to_wake_up+0x10/0x10
[  155.065510]  ? plist_del+0x122/0x270
[  155.065823]  ? find_held_lock+0x2b/0x80
[  155.066160]  ? futex_wake+0x474/0x540
[  155.066482]  wake_up_q+0xa1/0x130
[  155.066775]  futex_wake+0x47e/0x540
[  155.067083]  ? __pfx_futex_wake+0x10/0x10
[  155.067432]  ? vfs_write+0x169/0x1150
[  155.067752]  do_futex+0x26d/0x370
[  155.068041]  ? __pfx_do_futex+0x10/0x10
[  155.068379]  __x64_sys_futex+0x1c9/0x4d0
[  155.068717]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  155.069194]  ? fput+0x6a/0x100
[  155.069473]  ? __pfx___x64_sys_futex+0x10/0x10
[  155.069848]  ? ksys_write+0x1a3/0x240
[  155.070162]  ? __pfx_ksys_write+0x10/0x10
[  155.070509]  do_syscall_64+0xbf/0x360
[  155.070826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.071249] RIP: 0033:0x7f79d3992b19
[  155.071559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  155.073035] RSP: 002b:00007f79d0ee7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  155.073656] RAX: ffffffffffffffda RBX: 00007f79d3aa6028 RCX: 00007f79d3992b19
[  155.074244] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f79d3aa602c
[  155.074828] RBP: 00007f79d3aa6020 R08: 000000000000000e R09: 0000000000000000
[  155.075404] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f79d3aa602c
[  155.075991] R13: 00007ffc2dd7c7ef R14: 00007f79d0ee7300 R15: 0000000000022000
[  155.076579]  </TASK>
[  155.076777] Modules linked in:
[  155.077046] ---[ end trace 0000000000000000 ]---
[  155.077049] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[  155.077429] RIP: 0010:perf_tp_event+0x175/0xe70
[  155.079333] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  155.079709] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  155.081125] CPU: 1 UID: 0 PID: 3992 Comm: syz-executor.3 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  155.082584] RSP: 0018:ffff88800f267780 EFLAGS: 00010012
[  155.084562] Tainted: [D]=DIE, [W]=WARN
[  155.084964] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000261c000
[  155.085616] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  155.086165] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  155.087502] RIP: 0010:perf_tp_event+0x175/0xe70
[  155.088049] RBP: ffff88800f2679f0 R08: ffff88806ce31340 R09: ffffe8ffffc16130
[  155.088813] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  155.089366] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  155.092339] RSP: 0018:ffff888017f87780 EFLAGS: 00010012
[  155.092892] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  155.092896] 
[  155.092906] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  155.093313] FS:  00007f79d0ee7700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  155.094485] RDX: ffff888009f4b700 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  155.094622] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  155.094632] CR2: 00007fabc1eacd58 CR3: 000000000ca84000 CR4: 0000000000350ef0
[  155.095834] RBP: ffff888017f879f0 R08: ffff88806cf31340 R09: ffffe8ffffd16130
[  155.096467] note: syz-executor.3[4013] exited with irqs disabled
[  155.097653] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  155.102647] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  155.103857] FS:  0000555563007400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  155.105200] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  155.106164] CR2: 000055555f307c98 CR3: 000000000ca84000 CR4: 0000000000350ef0
[  155.107340] Call Trace:
[  155.107793]  <TASK>
[  155.108189]  ? __pfx_perf_tp_event+0x10/0x10
[  155.108941]  ? lock_acquire+0x18c/0x2f0
[  155.109612]  ? lock_release+0x1c7/0x290
[  155.110269]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  155.111244]  ? __pfx___perf_event_task_sched_in+0x10/0x10
[  155.112183]  ? lock_is_held_type+0x9e/0x120
[  155.112921]  ? lock_acquire+0x18c/0x2f0
[  155.113594]  ? xfd_validate_state+0x55/0x180
[  155.114323]  ? finish_task_switch.isra.0+0x206/0x840
[  155.115172]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  155.116047]  ? finish_task_switch.isra.0+0x206/0x840
[  155.116914]  ? css_rstat_updated+0x1b8/0x4d0
[  155.117668]  ? __pfx_css_rstat_updated+0x10/0x10
[  155.118457]  ? __schedule+0xe91/0x3590
[  155.119130]  ? trace_pelt_se_tp+0xdf/0x130
[  155.119843]  ? perf_trace_run_bpf_submit+0xef/0x180
[  155.120697]  ? place_entity+0x300/0x410
[  155.121350]  perf_trace_run_bpf_submit+0xef/0x180
[  155.122181]  perf_trace_preemptirq_template+0x259/0x430
[  155.123108]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  155.124055]  ? check_preempt_wakeup_fair+0x406/0x950
[  155.124892]  ? wakeup_preempt+0x140/0x2a0
[  155.125573]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  155.126416]  trace_irq_enable.constprop.0+0xa6/0x100
[  155.127254]  trace_hardirqs_on+0x26/0x40
[  155.127912]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  155.128732]  try_to_wake_up+0x8ae/0x11d0
[  155.129409]  ? __pfx_try_to_wake_up+0x10/0x10
[  155.130136]  ? plist_del+0x122/0x270
[  155.130747]  ? __futex_unqueue+0xda/0x1c0
[  155.131413]  wake_up_q+0xa1/0x130
[  155.131985]  futex_wake+0x47e/0x540
[  155.132605]  ? __pfx_futex_wake+0x10/0x10
[  155.133273]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  155.134017]  ? lock_release+0xc8/0x290
[  155.134651]  do_futex+0x26d/0x370
[  155.135224]  ? __pfx_do_futex+0x10/0x10
[  155.135860]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  155.136699]  ? read_tsc+0x9/0x20
[  155.137255]  __x64_sys_futex+0x1c9/0x4d0
[  155.137908]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  155.138831]  ? __pfx___x64_sys_futex+0x10/0x10
[  155.139562]  ? xfd_validate_state+0x55/0x180
[  155.140301]  do_syscall_64+0xbf/0x360
[  155.140917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.141747] RIP: 0033:0x7f79d3992b19
[  155.142345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  155.145205] RSP: 002b:00007ffc2dd7c868 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  155.146395] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f79d3992b19
[  155.147522] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f79d3aa5f68
[  155.148652] RBP: 00007f79d3aa5f60 R08: 00007f79d3aaa640 R09: 0000000000000000
[  155.149773] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f79d3aaa6e0
[  155.150890] R13: 00007ffc2dd7c970 R14: 00007f79d3aa5f60 R15: 0000000000025cad
[  155.152016]  </TASK>
[  155.152410] Modules linked in:
[  155.152930] ---[ end trace 0000000000000000 ]---
[  155.152931] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI
[  155.153664] RIP: 0010:perf_tp_event+0x175/0xe70
[  155.154533] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  155.155252] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  155.155846] CPU: 0 UID: 0 PID: 4013 Comm: syz-executor.3 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  155.158656] RSP: 0018:ffff88800f267780 EFLAGS: 00010012
[  155.159583] Tainted: [D]=DIE, [W]=WARN
[  155.159589] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  155.160413] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000261c000
[  155.160713] RIP: 0010:perf_tp_event+0x175/0xe70
[  155.161976] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  155.162573] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  155.163289] RBP: ffff88800f2679f0 R08: ffff88806ce31340 R09: ffffe8ffffc16130
[  155.163872] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[  155.166717] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  155.167273] 
[  155.167279] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  155.168114] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  155.168669] RDX: ffff888017610000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  155.168943] FS:  0000555563007400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  155.169505] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16130
[  155.170623] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  155.171174] R10: 0000000000000000 R11: ffff88800de51c98 R12: dffffc0000000000
[  155.172435] CR2: 000055555f307c98 CR3: 000000000ca84000 CR4: 0000000000350ef0
[  155.172986] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[  155.173900] note: syz-executor.3[3992] exited with irqs disabled
[  155.174457] FS:  00007f79d0ee7700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  155.177444] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  155.177904] CR2: 00007fabc1eacd58 CR3: 000000000ca84000 CR4: 0000000000350ef0
[  155.178475] Call Trace:
[  155.178687]  <IRQ>
[  155.178868]  ? __pfx_perf_tp_event+0x10/0x10
[  155.179231]  ? asym_cpu_capacity_scan+0x731/0x7b0
[  155.179626]  ? update_load_avg+0x17d/0x1ef0
[  155.179977]  ? check_preempt_wakeup_fair+0x6e/0x950
[  155.180385]  ? lock_release+0x1c7/0x290
[  155.180710]  ? lock_release+0x1c7/0x290
[  155.181035]  ? do_raw_spin_unlock+0x53/0x220
[  155.181395]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  155.181812]  ? try_to_wake_up+0x8ae/0x11d0
[  155.182159]  ? do_raw_spin_lock+0x123/0x260
[  155.182510]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  155.182893]  ? perf_trace_run_bpf_submit+0xef/0x180
[  155.183297]  perf_trace_run_bpf_submit+0xef/0x180
[  155.183690]  perf_trace_preemptirq_template+0x259/0x430
[  155.184126]  ? read_tsc+0x9/0x20
[  155.184413]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  155.184882]  ? clockevents_program_event+0x135/0x360
[  155.185295]  ? tick_program_event+0xac/0x140
[  155.185651]  ? handle_softirqs+0x16e/0x770
[  155.186003]  trace_irq_enable.constprop.0+0xa6/0x100
[  155.186412]  trace_hardirqs_on+0x26/0x40
[  155.186741]  handle_softirqs+0x16e/0x770
[  155.187080]  __irq_exit_rcu+0xc4/0x100
[  155.187402]  irq_exit_rcu+0x9/0x20
[  155.187687]  sysvec_apic_timer_interrupt+0x70/0x80
[  155.188093]  </IRQ>
[  155.188279]  <TASK>
[  155.188463]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  155.188886] RIP: 0010:make_task_dead+0xa2/0x3b0
[  155.189261] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 <e8> e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de
[  155.190704] RSP: 0018:ffff88800f267f28 EFLAGS: 00000246
[  155.191129] RAX: 0000000000000001 RBX: ffff888017610000 RCX: ffffffff817c3ab6
[  155.191696] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  155.192267] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  155.192832] R10: ffffffff8643b457 R11: 31303020203a5343 R12: ffff888017610000
[  155.193410] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000
[  155.193976]  ? trace_irq_enable.constprop.0+0x26/0x100
[  155.194397]  ? make_task_dead+0x214/0x3b0
[  155.194738]  ? make_task_dead+0x214/0x3b0
[  155.195075]  ? do_syscall_64+0xbf/0x360
[  155.195397]  rewind_stack_and_make_dead+0x16/0x20
[  155.195791] RIP: 0033:0x7f79d3992b19
[  155.196094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  155.197566] RSP: 002b:00007f79d0ee7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  155.198192] RAX: ffffffffffffffda RBX: 00007f79d3aa6028 RCX: 00007f79d3992b19
[  155.198773] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f79d3aa602c
[  155.199361] RBP: 00007f79d3aa6020 R08: 000000000000000e R09: 0000000000000000
[  155.199945] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f79d3aa602c
[  155.200533] R13: 00007ffc2dd7c7ef R14: 00007f79d0ee7300 R15: 0000000000022000
[  155.201121]  </TASK>
[  155.201319] Modules linked in:
[  155.201590] ---[ end trace 0000000000000000 ]---
[  155.201593] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI
[  155.201977] RIP: 0010:perf_tp_event+0x175/0xe70
[  155.203764] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  155.204139] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  155.205362] CPU: 1 UID: 0 PID: 3992 Comm: syz-executor.3 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  155.206830] RSP: 0018:ffff88800f267780 EFLAGS: 00010012
[  155.208722] Tainted: [D]=DIE, [W]=WARN
[  155.209139] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000261c000
[  155.209751] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  155.210326] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  155.211631] RIP: 0010:perf_tp_event+0x175/0xe70
[  155.212219] RBP: ffff88800f2679f0 R08: ffff88806ce31340 R09: ffffe8ffffc16130
[  155.212949] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  155.213530] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  155.213540] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  155.216396] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[  155.216973] FS:  00007f79d0ee7700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  155.218092] 
[  155.218519] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  155.218529] CR2: 00007fabc1eacd58 CR3: 000000000ca84000 CR4: 0000000000350ef0
[  155.219772] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  155.219916] Kernel panic - not syncing: Fatal exception in interrupt
[  156.266202] Shutting down cpus with NMI
[  156.268381] Kernel Offset: disabled
[  156.268670] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
23:37:24  Registers:
info registers vcpu 0
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88800f267070
R8 =0000000000000000 R9 =ffffed10016e0046 R10=0000000000000030 R11=0000000065646f43
R12=0000000000000030 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f79d0ee7700 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe3d00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fabc1eacd58 CR3=000000000ca84000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f79d3a797c000007f79d3a797c8
XMM02=00007f79d3a797e000007f79d3a797c0 XMM03=00007f79d3a797c800007f79d3a797c0
XMM04=f03291e430bcdec43a04000000060f04 XMM05=0000000000000000000000a3efa34abd
XMM06=edd8cbdc088e06f837f80668f91a7cef XMM07=15ef2db4822e28bae3cd2fd952d45871
XMM08=4aefe77f0b5e15cd1e5f2b2286102ed6 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609
RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff888017f87530
R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620
R12=1ffff11002ff0ea7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff888017f87568
RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555563007400 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe5100000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055555f307c98 CR3=000000000ca84000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000ff00000000000000000000 XMM01=0000ff00000100000000000000000000
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f79d3a797c800007f79d3a797c0
XMM04=f03291e430bcdec43a04000000060f04 XMM05=0000000000000000000000a3efa34abd
XMM06=edd8cbdc088e06f837f80668f91a7cef XMM07=15ef2db4822e28bae3cd2fd952d45871
XMM08=4aefe77f0b5e15cd1e5f2b2286102ed6 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000