Warning: Permanently added '[localhost]:46383' (ECDSA) to the list of known hosts.
2025/08/29 13:39:19 fuzzer started
2025/08/29 13:39:20 dialing manager at localhost:43077
syzkaller login: [   50.724727] cgroup: Unknown subsys name 'net'
[   50.781398] cgroup: Unknown subsys name 'cpuset'
[   50.797119] cgroup: Unknown subsys name 'rlimit'
2025/08/29 13:39:31 syscalls: 2214
2025/08/29 13:39:31 code coverage: enabled
2025/08/29 13:39:31 comparison tracing: enabled
2025/08/29 13:39:31 extra coverage: enabled
2025/08/29 13:39:31 setuid sandbox: enabled
2025/08/29 13:39:31 namespace sandbox: enabled
2025/08/29 13:39:31 Android sandbox: enabled
2025/08/29 13:39:31 fault injection: enabled
2025/08/29 13:39:31 leak checking: enabled
2025/08/29 13:39:31 net packet injection: enabled
2025/08/29 13:39:31 net device setup: enabled
2025/08/29 13:39:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 13:39:31 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 13:39:31 USB emulation: enabled
2025/08/29 13:39:31 hci packet injection: enabled
2025/08/29 13:39:31 wifi device emulation: enabled
2025/08/29 13:39:31 802.15.4 emulation: enabled
2025/08/29 13:39:31 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 13:39:31 fetching corpus: 47, signal 15578/19270 (executing program)
2025/08/29 13:39:31 fetching corpus: 97, signal 28344/33521 (executing program)
2025/08/29 13:39:31 fetching corpus: 147, signal 42720/49042 (executing program)
2025/08/29 13:39:31 fetching corpus: 197, signal 50405/57960 (executing program)
2025/08/29 13:39:32 fetching corpus: 247, signal 56162/64890 (executing program)
2025/08/29 13:39:32 fetching corpus: 297, signal 60029/69939 (executing program)
2025/08/29 13:39:32 fetching corpus: 347, signal 63568/74615 (executing program)
2025/08/29 13:39:32 fetching corpus: 393, signal 68486/80487 (executing program)
2025/08/29 13:39:32 fetching corpus: 443, signal 71392/84446 (executing program)
2025/08/29 13:39:32 fetching corpus: 493, signal 74447/88525 (executing program)
2025/08/29 13:39:32 fetching corpus: 543, signal 77085/92098 (executing program)
2025/08/29 13:39:32 fetching corpus: 593, signal 78983/95063 (executing program)
2025/08/29 13:39:32 fetching corpus: 643, signal 82383/99190 (executing program)
2025/08/29 13:39:32 fetching corpus: 692, signal 84062/101769 (executing program)
2025/08/29 13:39:32 fetching corpus: 742, signal 87117/105513 (executing program)
2025/08/29 13:39:32 fetching corpus: 792, signal 89772/108923 (executing program)
2025/08/29 13:39:33 fetching corpus: 842, signal 92171/112064 (executing program)
2025/08/29 13:39:33 fetching corpus: 892, signal 94550/115064 (executing program)
2025/08/29 13:39:33 fetching corpus: 942, signal 97133/118194 (executing program)
2025/08/29 13:39:33 fetching corpus: 992, signal 98243/120166 (executing program)
2025/08/29 13:39:33 fetching corpus: 1042, signal 100609/123038 (executing program)
2025/08/29 13:39:33 fetching corpus: 1092, signal 101337/124612 (executing program)
2025/08/29 13:39:33 fetching corpus: 1142, signal 102539/126549 (executing program)
2025/08/29 13:39:33 fetching corpus: 1192, signal 103613/128325 (executing program)
2025/08/29 13:39:33 fetching corpus: 1242, signal 105449/130691 (executing program)
2025/08/29 13:39:33 fetching corpus: 1292, signal 107430/133101 (executing program)
2025/08/29 13:39:33 fetching corpus: 1342, signal 108748/135060 (executing program)
2025/08/29 13:39:34 fetching corpus: 1390, signal 112968/139041 (executing program)
2025/08/29 13:39:34 fetching corpus: 1440, signal 114667/141117 (executing program)
2025/08/29 13:39:34 fetching corpus: 1490, signal 116332/143182 (executing program)
2025/08/29 13:39:34 fetching corpus: 1540, signal 117693/144933 (executing program)
2025/08/29 13:39:34 fetching corpus: 1590, signal 118559/146421 (executing program)
2025/08/29 13:39:34 fetching corpus: 1640, signal 119345/147816 (executing program)
2025/08/29 13:39:34 fetching corpus: 1689, signal 120341/149362 (executing program)
2025/08/29 13:39:34 fetching corpus: 1739, signal 121197/150755 (executing program)
2025/08/29 13:39:34 fetching corpus: 1789, signal 122408/152296 (executing program)
2025/08/29 13:39:34 fetching corpus: 1839, signal 123461/153734 (executing program)
2025/08/29 13:39:34 fetching corpus: 1889, signal 124771/155329 (executing program)
2025/08/29 13:39:35 fetching corpus: 1939, signal 125943/156868 (executing program)
2025/08/29 13:39:35 fetching corpus: 1989, signal 126725/158113 (executing program)
2025/08/29 13:39:35 fetching corpus: 2039, signal 127487/159309 (executing program)
2025/08/29 13:39:35 fetching corpus: 2089, signal 128660/160735 (executing program)
2025/08/29 13:39:35 fetching corpus: 2139, signal 129699/162081 (executing program)
2025/08/29 13:39:35 fetching corpus: 2189, signal 130455/163295 (executing program)
2025/08/29 13:39:35 fetching corpus: 2239, signal 131130/164400 (executing program)
2025/08/29 13:39:35 fetching corpus: 2289, signal 132117/165682 (executing program)
2025/08/29 13:39:35 fetching corpus: 2338, signal 132648/166686 (executing program)
2025/08/29 13:39:35 fetching corpus: 2388, signal 133557/167843 (executing program)
2025/08/29 13:39:35 fetching corpus: 2438, signal 134556/169076 (executing program)
2025/08/29 13:39:35 fetching corpus: 2488, signal 135262/170123 (executing program)
2025/08/29 13:39:35 fetching corpus: 2538, signal 136217/171273 (executing program)
2025/08/29 13:39:36 fetching corpus: 2588, signal 136933/172282 (executing program)
2025/08/29 13:39:36 fetching corpus: 2638, signal 138015/173506 (executing program)
2025/08/29 13:39:36 fetching corpus: 2688, signal 138696/174497 (executing program)
2025/08/29 13:39:36 fetching corpus: 2736, signal 139336/175415 (executing program)
2025/08/29 13:39:36 fetching corpus: 2786, signal 140517/176555 (executing program)
2025/08/29 13:39:36 fetching corpus: 2836, signal 141727/177700 (executing program)
2025/08/29 13:39:36 fetching corpus: 2886, signal 142425/178617 (executing program)
2025/08/29 13:39:36 fetching corpus: 2936, signal 143090/179507 (executing program)
2025/08/29 13:39:36 fetching corpus: 2986, signal 143642/180370 (executing program)
2025/08/29 13:39:36 fetching corpus: 3036, signal 144014/181144 (executing program)
2025/08/29 13:39:37 fetching corpus: 3086, signal 144655/181976 (executing program)
2025/08/29 13:39:37 fetching corpus: 3136, signal 145404/182820 (executing program)
2025/08/29 13:39:37 fetching corpus: 3186, signal 145915/183603 (executing program)
2025/08/29 13:39:37 fetching corpus: 3236, signal 146395/184370 (executing program)
2025/08/29 13:39:37 fetching corpus: 3285, signal 146896/185114 (executing program)
2025/08/29 13:39:37 fetching corpus: 3335, signal 147356/185810 (executing program)
2025/08/29 13:39:37 fetching corpus: 3385, signal 147974/186620 (executing program)
2025/08/29 13:39:37 fetching corpus: 3435, signal 148631/187363 (executing program)
2025/08/29 13:39:37 fetching corpus: 3485, signal 149269/188106 (executing program)
2025/08/29 13:39:37 fetching corpus: 3535, signal 149845/188875 (executing program)
2025/08/29 13:39:37 fetching corpus: 3585, signal 150622/189611 (executing program)
2025/08/29 13:39:38 fetching corpus: 3635, signal 151091/190269 (executing program)
2025/08/29 13:39:38 fetching corpus: 3685, signal 151618/190905 (executing program)
2025/08/29 13:39:38 fetching corpus: 3735, signal 152358/191604 (executing program)
2025/08/29 13:39:38 fetching corpus: 3785, signal 152782/192224 (executing program)
2025/08/29 13:39:38 fetching corpus: 3835, signal 153138/192821 (executing program)
2025/08/29 13:39:38 fetching corpus: 3885, signal 153640/193443 (executing program)
2025/08/29 13:39:38 fetching corpus: 3935, signal 154218/194123 (executing program)
2025/08/29 13:39:38 fetching corpus: 3985, signal 154809/194772 (executing program)
2025/08/29 13:39:38 fetching corpus: 4035, signal 155591/195386 (executing program)
2025/08/29 13:39:38 fetching corpus: 4085, signal 156177/196000 (executing program)
2025/08/29 13:39:39 fetching corpus: 4135, signal 156545/196541 (executing program)
2025/08/29 13:39:39 fetching corpus: 4185, signal 157122/197253 (executing program)
2025/08/29 13:39:39 fetching corpus: 4235, signal 157608/197818 (executing program)
2025/08/29 13:39:39 fetching corpus: 4285, signal 158116/198344 (executing program)
2025/08/29 13:39:39 fetching corpus: 4335, signal 158642/198862 (executing program)
2025/08/29 13:39:39 fetching corpus: 4385, signal 159074/199454 (executing program)
2025/08/29 13:39:39 fetching corpus: 4435, signal 159490/199965 (executing program)
2025/08/29 13:39:39 fetching corpus: 4485, signal 159915/200463 (executing program)
2025/08/29 13:39:39 fetching corpus: 4534, signal 160372/200994 (executing program)
2025/08/29 13:39:39 fetching corpus: 4584, signal 160870/201480 (executing program)
2025/08/29 13:39:39 fetching corpus: 4633, signal 161257/201949 (executing program)
2025/08/29 13:39:39 fetching corpus: 4683, signal 161758/202425 (executing program)
2025/08/29 13:39:40 fetching corpus: 4733, signal 162194/202861 (executing program)
2025/08/29 13:39:40 fetching corpus: 4782, signal 162609/203354 (executing program)
2025/08/29 13:39:40 fetching corpus: 4832, signal 162916/203772 (executing program)
2025/08/29 13:39:40 fetching corpus: 4882, signal 163189/204206 (executing program)
2025/08/29 13:39:40 fetching corpus: 4932, signal 163517/204441 (executing program)
2025/08/29 13:39:40 fetching corpus: 4982, signal 164013/204449 (executing program)
2025/08/29 13:39:40 fetching corpus: 5032, signal 164326/204473 (executing program)
2025/08/29 13:39:40 fetching corpus: 5081, signal 164680/204488 (executing program)
2025/08/29 13:39:40 fetching corpus: 5131, signal 165158/204496 (executing program)
2025/08/29 13:39:40 fetching corpus: 5181, signal 165747/204609 (executing program)
2025/08/29 13:39:40 fetching corpus: 5231, signal 166210/204613 (executing program)
2025/08/29 13:39:41 fetching corpus: 5281, signal 166475/204624 (executing program)
2025/08/29 13:39:41 fetching corpus: 5331, signal 166837/204646 (executing program)
2025/08/29 13:39:41 fetching corpus: 5381, signal 167237/204662 (executing program)
2025/08/29 13:39:41 fetching corpus: 5431, signal 167554/204663 (executing program)
2025/08/29 13:39:41 fetching corpus: 5480, signal 167937/204664 (executing program)
2025/08/29 13:39:41 fetching corpus: 5530, signal 168481/204665 (executing program)
2025/08/29 13:39:41 fetching corpus: 5580, signal 169071/204671 (executing program)
2025/08/29 13:39:41 fetching corpus: 5630, signal 169447/204692 (executing program)
2025/08/29 13:39:41 fetching corpus: 5680, signal 169818/204748 (executing program)
2025/08/29 13:39:41 fetching corpus: 5730, signal 170229/204757 (executing program)
2025/08/29 13:39:41 fetching corpus: 5780, signal 170634/204781 (executing program)
2025/08/29 13:39:42 fetching corpus: 5830, signal 170952/204801 (executing program)
2025/08/29 13:39:42 fetching corpus: 5880, signal 171436/204836 (executing program)
2025/08/29 13:39:42 fetching corpus: 5929, signal 171720/204846 (executing program)
2025/08/29 13:39:42 fetching corpus: 5979, signal 172064/204849 (executing program)
2025/08/29 13:39:42 fetching corpus: 6029, signal 172425/204858 (executing program)
2025/08/29 13:39:42 fetching corpus: 6079, signal 172738/204866 (executing program)
2025/08/29 13:39:42 fetching corpus: 6129, signal 172998/204866 (executing program)
2025/08/29 13:39:42 fetching corpus: 6179, signal 173521/204893 (executing program)
2025/08/29 13:39:42 fetching corpus: 6229, signal 173860/204901 (executing program)
2025/08/29 13:39:42 fetching corpus: 6279, signal 174146/204903 (executing program)
2025/08/29 13:39:42 fetching corpus: 6328, signal 174566/204952 (executing program)
2025/08/29 13:39:43 fetching corpus: 6378, signal 174909/204955 (executing program)
2025/08/29 13:39:43 fetching corpus: 6428, signal 175137/204957 (executing program)
2025/08/29 13:39:43 fetching corpus: 6478, signal 175482/204957 (executing program)
2025/08/29 13:39:43 fetching corpus: 6528, signal 175882/204963 (executing program)
2025/08/29 13:39:43 fetching corpus: 6578, signal 176219/204965 (executing program)
2025/08/29 13:39:43 fetching corpus: 6628, signal 176445/204968 (executing program)
2025/08/29 13:39:43 fetching corpus: 6678, signal 176672/204982 (executing program)
2025/08/29 13:39:43 fetching corpus: 6727, signal 177154/204985 (executing program)
2025/08/29 13:39:43 fetching corpus: 6777, signal 177590/204999 (executing program)
2025/08/29 13:39:43 fetching corpus: 6827, signal 177821/205000 (executing program)
2025/08/29 13:39:43 fetching corpus: 6877, signal 178244/205003 (executing program)
2025/08/29 13:39:44 fetching corpus: 6927, signal 178702/205011 (executing program)
2025/08/29 13:39:44 fetching corpus: 6977, signal 178921/205014 (executing program)
2025/08/29 13:39:44 fetching corpus: 7027, signal 179246/205017 (executing program)
2025/08/29 13:39:44 fetching corpus: 7077, signal 179615/205035 (executing program)
2025/08/29 13:39:44 fetching corpus: 7127, signal 179792/205041 (executing program)
2025/08/29 13:39:44 fetching corpus: 7176, signal 180231/205043 (executing program)
2025/08/29 13:39:44 fetching corpus: 7226, signal 180527/205051 (executing program)
2025/08/29 13:39:45 fetching corpus: 7276, signal 180847/205051 (executing program)
2025/08/29 13:39:45 fetching corpus: 7326, signal 181117/205058 (executing program)
2025/08/29 13:39:45 fetching corpus: 7376, signal 181419/205062 (executing program)
2025/08/29 13:39:45 fetching corpus: 7426, signal 181722/205064 (executing program)
2025/08/29 13:39:45 fetching corpus: 7476, signal 182131/205082 (executing program)
2025/08/29 13:39:45 fetching corpus: 7526, signal 182561/205084 (executing program)
2025/08/29 13:39:45 fetching corpus: 7576, signal 182887/205107 (executing program)
2025/08/29 13:39:45 fetching corpus: 7626, signal 183101/205107 (executing program)
2025/08/29 13:39:45 fetching corpus: 7675, signal 183379/205113 (executing program)
2025/08/29 13:39:45 fetching corpus: 7725, signal 183761/205121 (executing program)
2025/08/29 13:39:45 fetching corpus: 7775, signal 184194/205130 (executing program)
2025/08/29 13:39:46 fetching corpus: 7825, signal 184633/205133 (executing program)
2025/08/29 13:39:46 fetching corpus: 7875, signal 184896/205153 (executing program)
2025/08/29 13:39:46 fetching corpus: 7925, signal 185418/205154 (executing program)
2025/08/29 13:39:46 fetching corpus: 7975, signal 185695/205159 (executing program)
2025/08/29 13:39:46 fetching corpus: 8025, signal 185913/205164 (executing program)
2025/08/29 13:39:46 fetching corpus: 8075, signal 186165/205191 (executing program)
2025/08/29 13:39:46 fetching corpus: 8125, signal 186394/205192 (executing program)
2025/08/29 13:39:46 fetching corpus: 8175, signal 186615/205194 (executing program)
2025/08/29 13:39:46 fetching corpus: 8225, signal 186981/205206 (executing program)
2025/08/29 13:39:46 fetching corpus: 8275, signal 187268/205215 (executing program)
2025/08/29 13:39:46 fetching corpus: 8325, signal 187565/205215 (executing program)
2025/08/29 13:39:46 fetching corpus: 8375, signal 187797/205218 (executing program)
2025/08/29 13:39:47 fetching corpus: 8425, signal 188056/205218 (executing program)
2025/08/29 13:39:47 fetching corpus: 8475, signal 188343/205221 (executing program)
2025/08/29 13:39:47 fetching corpus: 8525, signal 188626/205243 (executing program)
2025/08/29 13:39:47 fetching corpus: 8575, signal 188897/205243 (executing program)
2025/08/29 13:39:47 fetching corpus: 8625, signal 189110/205260 (executing program)
2025/08/29 13:39:47 fetching corpus: 8675, signal 189442/205264 (executing program)
2025/08/29 13:39:47 fetching corpus: 8725, signal 189697/205264 (executing program)
2025/08/29 13:39:47 fetching corpus: 8775, signal 189879/205282 (executing program)
2025/08/29 13:39:47 fetching corpus: 8825, signal 190140/205285 (executing program)
2025/08/29 13:39:47 fetching corpus: 8875, signal 190401/205289 (executing program)
2025/08/29 13:39:47 fetching corpus: 8925, signal 190690/205335 (executing program)
2025/08/29 13:39:47 fetching corpus: 8975, signal 190862/205354 (executing program)
2025/08/29 13:39:48 fetching corpus: 9025, signal 191049/205363 (executing program)
2025/08/29 13:39:48 fetching corpus: 9075, signal 191220/205364 (executing program)
2025/08/29 13:39:48 fetching corpus: 9125, signal 191405/205374 (executing program)
2025/08/29 13:39:48 fetching corpus: 9175, signal 191690/205393 (executing program)
2025/08/29 13:39:48 fetching corpus: 9225, signal 192414/205469 (executing program)
2025/08/29 13:39:48 fetching corpus: 9275, signal 192745/205476 (executing program)
2025/08/29 13:39:48 fetching corpus: 9325, signal 192979/205478 (executing program)
2025/08/29 13:39:48 fetching corpus: 9375, signal 193196/205492 (executing program)
2025/08/29 13:39:48 fetching corpus: 9425, signal 193768/205498 (executing program)
2025/08/29 13:39:48 fetching corpus: 9475, signal 194058/205501 (executing program)
2025/08/29 13:39:49 fetching corpus: 9525, signal 194364/205504 (executing program)
2025/08/29 13:39:49 fetching corpus: 9575, signal 194543/205507 (executing program)
2025/08/29 13:39:49 fetching corpus: 9625, signal 194770/205507 (executing program)
2025/08/29 13:39:49 fetching corpus: 9675, signal 194987/205507 (executing program)
2025/08/29 13:39:49 fetching corpus: 9725, signal 195245/205514 (executing program)
2025/08/29 13:39:49 fetching corpus: 9775, signal 195547/205514 (executing program)
2025/08/29 13:39:49 fetching corpus: 9825, signal 195772/205518 (executing program)
2025/08/29 13:39:49 fetching corpus: 9875, signal 196079/205543 (executing program)
2025/08/29 13:39:49 fetching corpus: 9925, signal 196304/205549 (executing program)
2025/08/29 13:39:49 fetching corpus: 9975, signal 196487/205551 (executing program)
2025/08/29 13:39:49 fetching corpus: 10025, signal 196776/205558 (executing program)
2025/08/29 13:39:50 fetching corpus: 10075, signal 196964/205570 (executing program)
2025/08/29 13:39:50 fetching corpus: 10125, signal 197168/205572 (executing program)
2025/08/29 13:39:50 fetching corpus: 10175, signal 197345/205573 (executing program)
2025/08/29 13:39:50 fetching corpus: 10225, signal 197588/205575 (executing program)
2025/08/29 13:39:50 fetching corpus: 10275, signal 197854/205580 (executing program)
2025/08/29 13:39:50 fetching corpus: 10325, signal 198103/205582 (executing program)
2025/08/29 13:39:50 fetching corpus: 10375, signal 198342/205585 (executing program)
2025/08/29 13:39:50 fetching corpus: 10425, signal 198527/205592 (executing program)
2025/08/29 13:39:50 fetching corpus: 10475, signal 198711/205606 (executing program)
2025/08/29 13:39:50 fetching corpus: 10525, signal 198962/205607 (executing program)
2025/08/29 13:39:50 fetching corpus: 10575, signal 199123/205611 (executing program)
2025/08/29 13:39:51 fetching corpus: 10625, signal 199327/205612 (executing program)
2025/08/29 13:39:51 fetching corpus: 10675, signal 199621/205613 (executing program)
2025/08/29 13:39:51 fetching corpus: 10725, signal 199797/205630 (executing program)
2025/08/29 13:39:51 fetching corpus: 10774, signal 200091/205639 (executing program)
2025/08/29 13:39:51 fetching corpus: 10824, signal 200317/205642 (executing program)
2025/08/29 13:39:51 fetching corpus: 10874, signal 200483/205646 (executing program)
2025/08/29 13:39:51 fetching corpus: 10924, signal 200688/205650 (executing program)
2025/08/29 13:39:51 fetching corpus: 10974, signal 201001/205650 (executing program)
2025/08/29 13:39:51 fetching corpus: 11024, signal 201163/205657 (executing program)
2025/08/29 13:39:51 fetching corpus: 11074, signal 201412/205663 (executing program)
2025/08/29 13:39:51 fetching corpus: 11098, signal 201552/205665 (executing program)
2025/08/29 13:39:51 fetching corpus: 11098, signal 201552/205665 (executing program)
2025/08/29 13:39:54 starting 8 fuzzer processes
13:39:54 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f0000000300)=0xffff7fff, 0x4)

13:39:54 executing program 3:
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)

13:39:54 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000100))

13:39:54 executing program 2:
r0 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0)
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000140)={0x1f00, 0x0, 0x0})

[   84.726751] audit: type=1400 audit(1756474794.401:7): avc:  denied  { execmem } for  pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
13:39:54 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc02c5341, &(0x7f0000000100)={{}, 'port1\x00'})

13:39:54 executing program 6:
clone3(&(0x7f0000000a00)={0x2040000, 0x0, 0x0, &(0x7f0000000880), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

13:39:54 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'bind', '', @val={0x3a, [0x36, 0x39]}}}}]})

13:39:54 executing program 7:
r0 = epoll_create1(0x0)
clock_gettime(0x0, &(0x7f0000000440)={0x0, <r1=>0x0})
epoll_pwait2(r0, &(0x7f0000000400)=[{}], 0x1, &(0x7f0000000480)={0x0, r1+60000000}, 0x0, 0x0)

[   85.914783] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   85.920373] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   85.925128] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   85.928733] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   85.931426] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   85.989978] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   85.995965] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   85.998759] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.003906] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.006432] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.030480] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.035548] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.038442] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.043507] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.048714] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   86.177294] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.179078] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   86.181510] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.186919] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   86.188530] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   86.214893] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   86.232085] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   86.235915] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   86.238561] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   86.239944] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   86.243338] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   86.246159] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   86.247822] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.250404] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   86.266196] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   86.274747] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   86.275861] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.275999] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   86.290169] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   86.291827] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   86.305873] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   86.325845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   86.343819] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   86.354785] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   86.376576] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   87.943106] Bluetooth: hci0: command tx timeout
[   88.071671] Bluetooth: hci2: command tx timeout
[   88.072336] Bluetooth: hci1: command tx timeout
[   88.262864] Bluetooth: hci7: command tx timeout
[   88.327364] Bluetooth: hci3: command tx timeout
[   88.329135] Bluetooth: hci4: command tx timeout
[   88.390729] Bluetooth: hci5: command tx timeout
[   88.454682] Bluetooth: hci6: command tx timeout
[   89.991584] Bluetooth: hci0: command tx timeout
[   90.119124] Bluetooth: hci2: command tx timeout
[   90.120690] Bluetooth: hci1: command tx timeout
[   90.311622] Bluetooth: hci7: command tx timeout
[   90.374676] Bluetooth: hci3: command tx timeout
[   90.375174] Bluetooth: hci4: command tx timeout
[   90.438829] Bluetooth: hci5: command tx timeout
[   90.505701] Bluetooth: hci6: command tx timeout
[   92.038828] Bluetooth: hci0: command tx timeout
[   92.167757] Bluetooth: hci2: command tx timeout
[   92.168197] Bluetooth: hci1: command tx timeout
[   92.359715] Bluetooth: hci7: command tx timeout
[   92.423750] Bluetooth: hci4: command tx timeout
[   92.424158] Bluetooth: hci3: command tx timeout
[   92.487660] Bluetooth: hci5: command tx timeout
[   92.553671] Bluetooth: hci6: command tx timeout
[   94.086690] Bluetooth: hci0: command tx timeout
[   94.215666] Bluetooth: hci1: command tx timeout
[   94.216110] Bluetooth: hci2: command tx timeout
[   94.406671] Bluetooth: hci7: command tx timeout
[   94.470650] Bluetooth: hci3: command tx timeout
[   94.471060] Bluetooth: hci4: command tx timeout
[   94.535640] Bluetooth: hci5: command tx timeout
[   94.598645] Bluetooth: hci6: command tx timeout
[  124.112041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.112774] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.298192] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.299300] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.371140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.371925] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.501821] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.502410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.690214] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.691449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:40:34 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/dev\x00')
pread64(r0, &(0x7f0000000200)=""/4096, 0x1000, 0x8)

13:40:34 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
close(0xffffffffffffffff)
epoll_create1(0x0)
r0 = fork()
ptrace(0x10, r0)
ptrace$setregs(0xe, r0, 0x0, &(0x7f00000009c0))

13:40:34 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/dev\x00')
pread64(r0, &(0x7f0000000200)=""/4096, 0x1000, 0x8)

[  124.857023] audit: type=1400 audit(1756474834.531:8): avc:  denied  { open } for  pid=3779 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  124.869251] audit: type=1400 audit(1756474834.531:9): avc:  denied  { kernel } for  pid=3779 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  124.869487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.871650] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:40:34 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/dev\x00')
pread64(r0, &(0x7f0000000200)=""/4096, 0x1000, 0x8)

13:40:34 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
close(0xffffffffffffffff)
epoll_create1(0x0)
r0 = fork()
ptrace(0x10, r0)
ptrace$setregs(0xe, r0, 0x0, &(0x7f00000009c0))

13:40:34 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/dev\x00')
pread64(r0, &(0x7f0000000200)=""/4096, 0x1000, 0x8)

13:40:34 executing program 2:
add_key(&(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc)

13:40:34 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
close(0xffffffffffffffff)
epoll_create1(0x0)
r0 = fork()
ptrace(0x10, r0)
ptrace$setregs(0xe, r0, 0x0, &(0x7f00000009c0))

[  125.210290] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.210904] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.334644] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.335276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.604028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.604985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.638120] tmpfs: Bad value for 'mpol'
[  125.645085] tmpfs: Bad value for 'mpol'
[  125.693172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.693785] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.028671] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.029286] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.084915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.085479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.673004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.674112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.730781] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.731413] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.780022] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.781313] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.853219] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.853241] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:40:36 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f0000000300)=0xffff7fff, 0x4)

13:40:36 executing program 7:
r0 = epoll_create1(0x0)
clock_gettime(0x0, &(0x7f0000000440)={0x0, <r1=>0x0})
epoll_pwait2(r0, &(0x7f0000000400)=[{}], 0x1, &(0x7f0000000480)={0x0, r1+60000000}, 0x0, 0x0)

13:40:36 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc02c5341, &(0x7f0000000100)={{}, 'port1\x00'})

13:40:36 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000080)=0x1, 0x4)
sendmmsg$inet6(r0, &(0x7f0000001440)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0)

13:40:36 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r0], 0x18}, 0x0)
recvmsg$unix(r0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x2)

13:40:36 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
close(0xffffffffffffffff)
epoll_create1(0x0)
r0 = fork()
ptrace(0x10, r0)
ptrace$setregs(0xe, r0, 0x0, &(0x7f00000009c0))

13:40:36 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000040)={0x1, 0x0, 0x1e, 0x1a, 0x12d, &(0x7f0000001980)})
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)

13:40:36 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'bind', '', @val={0x3a, [0x36, 0x39]}}}}]})

[  127.059677] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
13:40:36 executing program 1:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x89e1, 0x0)

[  127.136138] tmpfs: Bad value for 'mpol'
13:40:36 executing program 3:
syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @local}, @echo_reply={0x12}}}}}, 0x0)

13:40:37 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f0000000300)=0xffff7fff, 0x4)

13:40:37 executing program 3:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000180)=0x5, 0x4)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f00000004c0)=0x16, 0x4)

13:40:37 executing program 1:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f00000002c0)={{0x2, 0x1, 0x18}, './file0\x00'})

13:40:37 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'bind', '', @val={0x3a, [0x36, 0x39]}}}}]})

13:40:37 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc02c5341, &(0x7f0000000100)={{}, 'port1\x00'})

13:40:37 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001580)='/sys/power/pm_wakeup_irq', 0x0, 0x0)
pread64(r0, &(0x7f0000001500)=""/52, 0x34, 0x4)

13:40:37 executing program 7:
r0 = epoll_create1(0x0)
clock_gettime(0x0, &(0x7f0000000440)={0x0, <r1=>0x0})
epoll_pwait2(r0, &(0x7f0000000400)=[{}], 0x1, &(0x7f0000000480)={0x0, r1+60000000}, 0x0, 0x0)

13:40:37 executing program 6:
r0 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "e43f2d131b94ae0d2fe6c5c3b21ec8918191464d57f3472232f91d5e299e6c313580d031d9222701da218e70f620dd63eafc0c1f2d4a0722b2cc54b37cea0fb8"}, 0x48, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)

13:40:37 executing program 3:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000180)=0x5, 0x4)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f00000004c0)=0x16, 0x4)

[  128.020186] autofs4:pid:3954:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(2.1), cmd(0xc0189372)
[  128.022396] autofs4:pid:3954:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189372)
[  128.043546] autofs4:pid:3954:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(2.1), cmd(0xc0189372)
[  128.045708] autofs4:pid:3954:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189372)
[  128.053451] tmpfs: Bad value for 'mpol'
13:40:37 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f0000000300)=0xffff7fff, 0x4)

13:40:37 executing program 3:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000180)=0x5, 0x4)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f00000004c0)=0x16, 0x4)

13:40:37 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'bind', '', @val={0x3a, [0x36, 0x39]}}}}]})

13:40:37 executing program 2:
prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0)

13:40:37 executing program 6:
r0 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "e43f2d131b94ae0d2fe6c5c3b21ec8918191464d57f3472232f91d5e299e6c313580d031d9222701da218e70f620dd63eafc0c1f2d4a0722b2cc54b37cea0fb8"}, 0x48, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)

13:40:37 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc02c5341, &(0x7f0000000100)={{}, 'port1\x00'})

13:40:37 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmmsg$inet(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="9f", 0x1}], 0x1, &(0x7f0000000140)=[@ip_ttl={{0x14}}, @ip_ttl={{0x14}}], 0x30}}, {{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0xfffffffffffffd68, 0x0}}], 0x2, 0x0)

13:40:37 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in={{0x2, 0x0, @multicast1}}, 0x0, 0x0, 0x13, 0x0, "fbe4c38fab9581c35914da678464e30e7b94913fcc961721ebef9195a339256e176a8a7369aea56f32cb8e41049c555c8a6fad19a9a551e70a4d64a88d249735ca34d3f4ad120552d0448eed2f9701d2"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @broadcast}}, 0x0, 0x0, 0x46, 0x0, "697a6a8df98794657aa342de5165a671ae6ef576992b6c9452b1bc2d8191697abe68c70b61bcf3b11789f7221809b4d497aa4a83b6e9801e3f6d83a30cba71318adfcd06f5b1c829c71bc870d18c33c3"}, 0xd8)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x4840, 0x0)
dup3(r1, r0, 0x0)

13:40:37 executing program 3:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000180)=0x5, 0x4)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f00000004c0)=0x16, 0x4)

13:40:37 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x12, &(0x7f0000000080)=0xfffffffc, 0x4)

13:40:37 executing program 6:
r0 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "e43f2d131b94ae0d2fe6c5c3b21ec8918191464d57f3472232f91d5e299e6c313580d031d9222701da218e70f620dd63eafc0c1f2d4a0722b2cc54b37cea0fb8"}, 0x48, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)

[  128.280280] tmpfs: Bad value for 'mpol'
13:40:37 executing program 1:
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0))

13:40:38 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000000)='bdev\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
dup2(r1, r0)

13:40:38 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00')
utimensat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x100)

13:40:38 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in={{0x2, 0x0, @multicast1}}, 0x0, 0x0, 0x13, 0x0, "fbe4c38fab9581c35914da678464e30e7b94913fcc961721ebef9195a339256e176a8a7369aea56f32cb8e41049c555c8a6fad19a9a551e70a4d64a88d249735ca34d3f4ad120552d0448eed2f9701d2"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @broadcast}}, 0x0, 0x0, 0x46, 0x0, "697a6a8df98794657aa342de5165a671ae6ef576992b6c9452b1bc2d8191697abe68c70b61bcf3b11789f7221809b4d497aa4a83b6e9801e3f6d83a30cba71318adfcd06f5b1c829c71bc870d18c33c3"}, 0xd8)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x4840, 0x0)
dup3(r1, r0, 0x0)

13:40:38 executing program 5:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@delsa={0x28, 0x11, 0x101, 0x0, 0x0, {@in, 0x0, 0x0, 0x32}}, 0x28}}, 0x0)

13:40:38 executing program 1:
perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff81202c51}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

13:40:38 executing program 7:
r0 = epoll_create1(0x0)
clock_gettime(0x0, &(0x7f0000000440)={0x0, <r1=>0x0})
epoll_pwait2(r0, &(0x7f0000000400)=[{}], 0x1, &(0x7f0000000480)={0x0, r1+60000000}, 0x0, 0x0)

13:40:38 executing program 4:
r0 = socket$unix(0x1, 0x2, 0x0)
write(r0, 0x0, 0x33fe0)

13:40:38 executing program 6:
r0 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "e43f2d131b94ae0d2fe6c5c3b21ec8918191464d57f3472232f91d5e299e6c313580d031d9222701da218e70f620dd63eafc0c1f2d4a0722b2cc54b37cea0fb8"}, 0x48, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)

13:40:38 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000000)='bdev\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
dup2(r1, r0)

13:40:38 executing program 5:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@delsa={0x28, 0x11, 0x101, 0x0, 0x0, {@in, 0x0, 0x0, 0x32}}, 0x28}}, 0x0)

13:40:38 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp6\x00')
perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x3)
dup2(r0, r1)
pipe2(0x0, 0x0)

13:40:38 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000000)='bdev\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
dup2(r1, r0)

13:40:38 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in={{0x2, 0x0, @multicast1}}, 0x0, 0x0, 0x13, 0x0, "fbe4c38fab9581c35914da678464e30e7b94913fcc961721ebef9195a339256e176a8a7369aea56f32cb8e41049c555c8a6fad19a9a551e70a4d64a88d249735ca34d3f4ad120552d0448eed2f9701d2"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @broadcast}}, 0x0, 0x0, 0x46, 0x0, "697a6a8df98794657aa342de5165a671ae6ef576992b6c9452b1bc2d8191697abe68c70b61bcf3b11789f7221809b4d497aa4a83b6e9801e3f6d83a30cba71318adfcd06f5b1c829c71bc870d18c33c3"}, 0xd8)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x4840, 0x0)
dup3(r1, r0, 0x0)

13:40:38 executing program 1:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$PTP_PEROUT_REQUEST(r0, 0x40603d07, 0x0)

13:40:38 executing program 6:
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x8, 0x0, 0x0, @local, @mcast2, {[], "d827c871e0866d27"}}}}}, 0x0)

13:40:38 executing program 5:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@delsa={0x28, 0x11, 0x101, 0x0, 0x0, {@in, 0x0, 0x0, 0x32}}, 0x28}}, 0x0)

13:40:39 executing program 2:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
io_setup(0x8, &(0x7f0000000080)=<r1=>0x0)
io_submit(r1, 0x3, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000)="fa", 0x1}])

13:40:39 executing program 5:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@delsa={0x28, 0x11, 0x101, 0x0, 0x0, {@in, 0x0, 0x0, 0x32}}, 0x28}}, 0x0)

13:40:39 executing program 6:
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x8, 0x0, 0x0, @local, @mcast2, {[], "d827c871e0866d27"}}}}}, 0x0)

13:40:39 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0)
fchdir(r0)

13:40:39 executing program 1:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$PTP_PEROUT_REQUEST(r0, 0x40603d07, 0x0)

13:40:39 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000000)='bdev\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x8, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
dup2(r1, r0)

13:40:39 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in={{0x2, 0x0, @multicast1}}, 0x0, 0x0, 0x13, 0x0, "fbe4c38fab9581c35914da678464e30e7b94913fcc961721ebef9195a339256e176a8a7369aea56f32cb8e41049c555c8a6fad19a9a551e70a4d64a88d249735ca34d3f4ad120552d0448eed2f9701d2"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @broadcast}}, 0x0, 0x0, 0x46, 0x0, "697a6a8df98794657aa342de5165a671ae6ef576992b6c9452b1bc2d8191697abe68c70b61bcf3b11789f7221809b4d497aa4a83b6e9801e3f6d83a30cba71318adfcd06f5b1c829c71bc870d18c33c3"}, 0xd8)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x4840, 0x0)
dup3(r1, r0, 0x0)

13:40:39 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xefffffffffffffff, 0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RLINK(r0, &(0x7f00000000c0)={0x7}, 0x7)
write$P9_RLERRORu(r0, &(0x7f0000000100)={0x10, 0x7, 0x0, {{0x3, '$)}'}}}, 0xfdef)

[  129.840307] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  129.840877] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
13:40:39 executing program 1:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$PTP_PEROUT_REQUEST(r0, 0x40603d07, 0x0)

13:40:39 executing program 4:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000040)={0x8000})

13:40:39 executing program 6:
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x8, 0x0, 0x0, @local, @mcast2, {[], "d827c871e0866d27"}}}}}, 0x0)

[  129.914039] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  129.914836] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  129.943485] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 32768 (only 16 groups)
[  130.077458] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
13:40:39 executing program 2:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
io_setup(0x8, &(0x7f0000000080)=<r1=>0x0)
io_submit(r1, 0x3, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000)="fa", 0x1}])

13:40:39 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="2000000019000100000000000000000002"], 0x20}], 0x1}, 0x0)

13:40:39 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x7fffdf001000, 0x0, 0x11, r0, 0x0)

13:40:39 executing program 4:
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000000)={0x0, 0x1, 0x0, 'queue0\x00'})
r0 = io_uring_setup(0x5053, &(0x7f0000000140))
io_uring_register$IORING_REGISTER_FILES(r0, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)

13:40:39 executing program 0:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0)
r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500)

13:40:39 executing program 1:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$PTP_PEROUT_REQUEST(r0, 0x40603d07, 0x0)

13:40:39 executing program 6:
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x8, 0x0, 0x0, @local, @mcast2, {[], "d827c871e0866d27"}}}}}, 0x0)

[  130.086118] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
13:40:39 executing program 3:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000000c0), 0x8)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ppoll(&(0x7f0000002540)=[{r0}], 0x1, &(0x7f0000002580)={0x0, 0x989680}, 0x0, 0x0)

[  130.138469] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  130.139153] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
13:40:39 executing program 4:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
writev(r1, &(0x7f00000001c0)=[{&(0x7f00000003c0)="8c3a", 0x2}], 0x1)
splice(r0, 0x0, r2, 0x0, 0x1, 0x0)

13:40:39 executing program 5:
r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
read(r0, 0x0, 0x0)

13:40:39 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0)
add_key$keyring(&(0x7f0000000500), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)

13:40:39 executing program 1:
msgctl$IPC_INFO(0x0, 0x3, 0x0)

13:40:39 executing program 2:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
io_setup(0x8, &(0x7f0000000080)=<r1=>0x0)
io_submit(r1, 0x3, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000)="fa", 0x1}])

13:40:39 executing program 4:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
writev(r1, &(0x7f00000001c0)=[{&(0x7f00000003c0)="8c3a", 0x2}], 0x1)
splice(r0, 0x0, r2, 0x0, 0x1, 0x0)

13:40:39 executing program 5:
r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
read(r0, 0x0, 0x0)

13:40:39 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x5, 0x0, "5c0db8e701e6c8970aa9f4e1cb2c6c4654c3c25e1a6d5b8b2a94471b247fe8a645e74208caba52a88598b8601feb018f2cecf9ef28ab23d69e3c6ef4affd9a10eb50ffa96b11b678c84f3d3920b82548"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x2, 0x0, "6c7abb3e9a9a691096b5eb47d00faa3f87c4977f0e265c767b95baf2e31dd631e7b9d3f684a50d0b1e7c136a28dfcd2b47d688f255b9df442a8090a173937522cbeb7c2948aede525200"}, 0xd8)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080), 0x4)

13:40:39 executing program 0:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0)
r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500)

13:40:39 executing program 6:
getpid()
ptrace$peeksig(0x4209, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff)

[  130.340293] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  130.341129] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
13:40:40 executing program 4:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
writev(r1, &(0x7f00000001c0)=[{&(0x7f00000003c0)="8c3a", 0x2}], 0x1)
splice(r0, 0x0, r2, 0x0, 0x1, 0x0)

13:40:40 executing program 5:
r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
read(r0, 0x0, 0x0)

13:40:40 executing program 1:
msgctl$IPC_INFO(0x0, 0x3, 0x0)

13:40:40 executing program 6:
syz_mount_image$vfat(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xfffffffffffffeb6, 0x0, 0x0, 0x0)
creat(&(0x7f0000000080)='./file0/file0\x00', 0x0)
rename(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000400)='./file0\x00')

13:40:40 executing program 7:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x30, 0xffffffffffffffff, 0x10000000)

13:40:40 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x3)

13:40:40 executing program 0:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0)
r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500)

13:40:40 executing program 2:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
io_setup(0x8, &(0x7f0000000080)=<r1=>0x0)
io_submit(r1, 0x3, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000)="fa", 0x1}])

13:40:40 executing program 6:
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security', 0x0, 0x0)
lseek(r0, 0x6, 0x0)
lseek(r0, 0x0, 0x0)

[  130.528415] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  130.528925] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
13:40:54 executing program 7:
statx(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x6000, &(0x7f0000000100))

13:40:54 executing program 6:
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security', 0x0, 0x0)
lseek(r0, 0x6, 0x0)
lseek(r0, 0x0, 0x0)

13:40:54 executing program 1:
msgctl$IPC_INFO(0x0, 0x3, 0x0)

13:40:54 executing program 0:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000003a00), &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0)
r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500)

13:40:54 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x3)

13:40:54 executing program 4:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
writev(r1, &(0x7f00000001c0)=[{&(0x7f00000003c0)="8c3a", 0x2}], 0x1)
splice(r0, 0x0, r2, 0x0, 0x1, 0x0)

13:40:54 executing program 2:
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security', 0x0, 0x0)
lseek(r0, 0x6, 0x0)
lseek(r0, 0x0, 0x0)

13:40:54 executing program 5:
r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
read(r0, 0x0, 0x0)

13:40:54 executing program 1:
msgctl$IPC_INFO(0x0, 0x3, 0x0)

13:40:54 executing program 7:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0)
lseek(r0, 0x2, 0x0)

13:40:54 executing program 2:
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security', 0x0, 0x0)
lseek(r0, 0x6, 0x0)
lseek(r0, 0x0, 0x0)

13:40:55 executing program 6:
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security', 0x0, 0x0)
lseek(r0, 0x6, 0x0)
lseek(r0, 0x0, 0x0)

13:40:55 executing program 5:
setresuid(0x0, 0xee01, 0x0)
timerfd_create(0x8, 0x0)

13:40:55 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001340)={<r2=>0xffffffffffffffff})
clock_gettime(0x0, &(0x7f00000013c0))
ppoll(&(0x7f0000001380)=[{r1}, {r2}], 0x2, 0x0, 0x0, 0x0)

13:40:55 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x3)

13:40:55 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fchdir(r0)

13:40:55 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security', 0x0, 0x0)
lseek(r0, 0x4, 0x0)
lseek(r0, 0x0, 0x0)

13:40:55 executing program 2:
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security', 0x0, 0x0)
lseek(r0, 0x6, 0x0)
lseek(r0, 0x0, 0x0)

13:40:55 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000011c0), 0x993a563b59436840, 0x0)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, &(0x7f0000001200)={0x6, 0x7fffffff, 0x0, 0xb2, 0x0, [0x5, 0xffffffff, 0x6, 0x4]})
syz_mount_image$tmpfs(0x0, 0x0, 0x3145514e, 0x4, &(0x7f0000001140)=[{&(0x7f0000000000)="d855da02fd4b995f53f1", 0xa, 0x9}, {&(0x7f0000000040)="9f832b975105e58d14278f7b2ac9ef040cb915da5a26bc086481e503a58d780461013d7681dab87ef7b458cbdfcfe703d3c3f9d1c14066e5953ee36d084c0df9198241f74760768de5a893045b4e5e5ab466fc28bdcc1bc461f3935dfad4d27fe808f630fb5855ad5de57502fdbbeb5c4fa89ae7", 0x74, 0x6}, {&(0x7f00000000c0)="7bd5dcca5274aeb76861e4873c07a5a4618fff48aadfdf73bb3a960fde3422288868acfe902b8dbdbf637b027588192e27b2303ab18889e99e53044fe13ca5b4a2b11f42823feea1b808832af4a665cc115fe479c2ce7f8a035b3156f5763c36f3cf2bfb187eac3e8b6ea4193d38707a67add8ccefd1bdc02c0dfc6e05aa62d1bdc3d78ed9410a9783ae8140906df90eb4d9dd301e7605059669392edaf9c043170086b9be77d069c1490ee0fc837a7f6e903764aea791a015168e14d12adc219fdb98b73df5679de73160f8a1e07c8cf9b221f1bcccc4aa565dc579234698cfbacfcd74040d031139051442f4d7c0a9e0c3e94113d5258cc9d959be5a612a0410507b191d566727fae3f6fd53974c0226a6937f611ee49a3003cae32424d74b33ced784aba6d8f01e130d5dd611660cfaa2c5d6dc4652f0136fee919bce2664c3ef683d3578e4da42b02d5f89ad6755cd3d9ff20120eeff0ba802f818a20faadc3fb7ef6685902ca3bb649cba688740936841bad26fb5df5792aac819100275dc50c2de0216bd412603d2a8dd70ff7312e6fb539c0f77907a1f29b665c85630ef37ebf47d19eb2fd8582eb99c882934b979ca7ea2e7748da268c485c3813ffb2b36295e1e4b2c9b7e2f91bd015c4c018e6ce5700c18f865e88191b4eaa8b956bc7e90959140f75bfb5c42538d4bd614fa83bed181bd22dd6c5fc21da676bdc34e6d3beda215139b0ea391d8b60fbaf5e3df377eece14f39e93b49dc93917bb90a72b48c98e360dce1907a57c9ccb7dca6812c323812a201adeb2fd2bfcaa4c407ce7445bee43d82ec6cc49cee804328627edac58ddd12ccef5b193704a8bfe32baa08f167b0d75661ef2f3e00be477039dc8761cf46f84c663acb42d1dd900fa93f66d2e5602c7443d2942051333e29280d8a74668c005c952a52b4e48325a12532297d928bb12f99fd491e5dcb95688fd3b0aec3fca4ef8b0aae242fd9bf1c03e574e2fd4e2500fb478101be33fba6a804021930dc0c58a97b9d9667642e09c565fbbeb117af7b1369c12221e3b66e309aafaf0b97458dc5348a1d4d4e8fed14813c7d495127e4277a3fbea121f62b5486d2ea9533b528b29db7620392305ad07b977574547e376b4934ebbc0f1e746c2b6471585c8db739a6099e9e619b71ab74f5313f3b24db06c22e23a97f738588f00f871be371065b452a1ffe18845479dd98f81bf5050db0e6596cce51abe58abe2969104c4a085a2bd35362d80a7a3e11603307a836175f7498a15337ea8ab16f154218385040e331642fee77980219904bc0ec4a66430cc289dc614cd8f2dfc4242a9d808abdd89cf662c16c7672a747c31633532848abefa7698db71a5285459f4751b22e7c92a60f9b12c1a9d8f66be20530ee1d325b7b237b0767d841efc0b998ce29a82a9b3d2027ea7814a5a51b8f2cc8f7c61de5f3ed27a576824867de00df64bedfca4ceb000240e01c21617ee5f036c1cf3457435ab9be4f94bfc6b5eca38d6cba67b8fcfd1e937666daf3fdc1f5b150b889137bf997e9747596f56a4677ef6219903bc9e0d59a6743c2f3c4deb29d2e7f7faaed1ee02eb80e6834b15c85da6b2eee48fac2ecfd490bb5583f4bc14d71282c98d4839c1f1ab4b1fc6b439945a9a9e4028f46576cf8fcf25926b4d32655bb3dada8ce52b0319ffb81f456d89dfe17569f25fa8e852030039ce7b68cdb75d7ecad07daf62008dcb04e2ea8925d2b9f8f82763278471ec6c391ec1785a87e26724f27c660cf50ebd1e581df4991314ab25dae2f07fe2c08fd73183d4c2380584228e45c7ef27fe0a37855c952286de7522894181d016493862edcc1fd2e89beda11ceedbf353b86c526649816cc431a78aff5d9c11eed585a25c2749ebb3de8ced1791e1f024ae49775a2accd8cf6dd7dbd9e9946e678628a1732e78fc81646400b7a8781f690929848c5ae74e65256311d624f21735f12dfe3cb26d0d959a299387ce57ffc1bbe77e1bcb0a41ddb2861d2a27222fdbb8c6025f29d82d56985b0a730b3f0d6df7e84e269aecfb7985b1682d8c7cc6b358519d819ed72cea30cc73df891c8e03005bac2c551c7d8257d3117805b3dce2b831bc1ae61b03a9342ff031a1886b032a97832a72e2fbdf9bf0aa4b356b5d7675305623141cc94f8755775e78b9154d71fe7c29843dbcdae3d30de1e471dea68f188eb3b6cfca651b59242cffea5d41bb718cbcd2413af5d0651812069ff80df147d30096ac904ea7676f4d270e128f72e481bde5a43c76368830bf1a0099816f08ab204ce75c45314c271abc53ebc69c1ca6917124b4ea7e1932b0c7dc76112b2f4172db6e536b586ae75771c0e70081ed995cf6fb43d94c05b96359a78f563f6b275a2b161f4d5643cddcc3a5c97735281cb6b698ce5eefac07987054d571aa17149c11c4bfd37170604a1b8f585799db9ca359ec7ddfc9154c1ffe48f12ebe55ef90d879f38005115069b1c7b5783dc7f870447a65ae378448e4a72847fac24029ee67b558478366db2720607e67762d4f9b809dfcbab4f147d6f7610b184dabbcf78241e50a49aea38b9156826c7183fb694cec92745e13809754845c39bde4804e353cc92d6cf5578488139506cb0faff0f52fbfa4f9cd32423da6f0e31f5a161582b7ec320a59068686f938879ba69df7c57f7e2aca53c5789c8c6a34feff0a72b1540d50d82f26219cbb303e8d7d859af438328502d35a34f393afbc963449c096d2af1256291d4b4559cc3dafa6c5421703e58d15322da761220d5f9fd69b4b2fb31a32c2e053b0009fbddeab2ea37f835029d5369356953c22c5598588185f10577208096c9d0a67fe1abd163c71aaab2a47a616124b879bd1a36e3e4017124871d10e0931f75413b4964fd31076c4db532ede08fb845793f713d6c913bede62ad782d7738c0c0e385740b73e9d812140fc44cdd6b26b93f6e493a9e3daee1844085d6a45e45321fbf8786c1310f0331210c552e07309cffd59a0a471122b41dbe6f470a612bbb0b52e462d19b73aa534f82c015183aeaf865afc7a01a5a54c78fd49983fe80c552f9ce25a68bbbdcb3ec49edb5e0413cc194c92186608e1c378486d9ec62108143062312a127e23f74d358d5aa86d8375bdeeb3b364ac70239634916c94c4ce9fb5cf8996c46781c6fe4ad984c05a11b9c86b0e8fdec918eedd6bb82402deac856233357472ed51f4a6420be1db2cff6b1f7444a283d86acc0ba77adf9d3ff0f3d5548e8965af6ddbb06c0b0aa00ca77a8f9263066f7bc88898b26a05e69359fe6ec4eada265c708bae08d4132b348cf09e4a42261538ab08c078fc96e3dc4d880e4e676f296ade36bf9fecd5aed42fc5a67aa59c6fb2f76b899689fbbf92e60fd7e4d102786bca3520a6924384238132c066b321e9e8305ec4849dc7ec893dc317ac2115bab8397315a0432ad0485d549bf337c0a36d9e1097d19b6d31d74c95056ab84212661734bf73970a72eb45e3833e9327cb74d74e75105532ea10d6f20846676d1d4429c81b79e137a9ec4e9666581f79866b929606d4575b762274dd6ccb53e66837795c7106bce65aa52de5c05efd98b80ef7bf1e98686e72b0e15408e24f3e0ed7fada0a6378cd0177b50313aa4e8cf21962690d53983a10dc0db0766d7c15f0a673fd8b3606d33a4fe71c2ac45d435cab4d7503cf896bddfcdb0bd24a1ba6ee30e25dad3ada5ebb9c550ba345324c709a8e6653cf7f80f524166a0e0a78d7a3dcffac9d777718b4040b25801451623e6552f50da37e05d09032ba89011ef2be6b09705a08517379571c33a7aa5605efa8d07e7c730a890f246a594c13604bd193a0b0215d237be13aa74aeea50e2a543ea7f31bb3e33e1d2e9bfa12ca6cadde05190b46a212a6b699bf5c4d05c16812c290a1c664112020b5417d3348b388354436d05ba4afb6608aee8e2affe3baee4afaf2a4dfa5820763ba5e48f2880f17db0644f4acf211dcf5269e43bb96b4eb7ffb900f9cd00d92cf176ad39d4112f374df60b3e6d758942295d51b85fc5bdf08945169435a08b2e7d5494f6038cf30ad9ff3b80fb06597dc67fa8016ec9f7f58fcee042819779dac8f2a5f31ce97fcde763ed25fda208d9c9ea5fd7110e7526b65985f077d5dac0e027aea6bef77beaef100fee2b7a9395c81d104cc28342a6974cae9579f354fc6e02b820f197f6fcedf901d6948b95d3fe911d4f2afcffec8fe2947aa59e20ec84a7e2ebfa887951f73c89aadf768629f605c61c5eb55960e64dd8fe369fe2ff35dd7096f1a7b214b36a6420a8fe2697d09dd706b0956f5d355cea2f612e18dac1ff4f8e342f620067eba653cea186d4d463d9cdc195484ef297c5549dfdc21b2e82fe5aa28b3f814471609f0d479f9e0667ec3f317c87d850ae6340b424e7b09ff02a16f6b659258650657252ab4aedfcd95a74df9f0de276cbe8b217d2216783170ddd055fa77793206527df61bef53afa2d5adbdc1b15e4783926b99eafc9a4d15127987008dc569f0ce66dbb8ad942b2d3e47af4b230c24f5cf874d94a51468531b207316640dc62104c3b65bd1a4d18371b45c8a1afd3432609de93edd73a9f81b4cc953acfe759ca1bec30de71aedcb928022e6ece714806b18b3c7f89459ea5d80b7a9c0a07fbfe6e156e2564c27058160740924f1cab3194d939f06d4d656f1d1b6dbe99584772cc572f41c35f70e9a070d9634c8fa996d497b0746094858080989f7599dfa701e67ef9575e10f3634a6133b7689b60d7b1b11f42e3b5e99c6767b4c0db456668be4c1a2d96a972a0185295aaf8d4a0ae5fda83217683d1587305d10cbe46c606a7e3259183c17742b7384407a720a42a3228b89eb07be834017c0b13591bffb696ac42e0c9170689a0fd567092216d334286f8d9f82de7a8d7617dff9c300dd0480ede5710d0fe96907c0f26f60fccb4a1e3b530760cf31b43f4c5868903c06923abe76db7c18a66a2b331bbf1196d5a41e1c6f1cea94d73681f7e095dee8126323c2ed247a665eb686b4e212356a69168616a5a93678a9159adfe3d70382e81c6206f0deefe5aa48a1a1b5a3e8bfcc2185a881bc66b326cd428ea3b6a890944764b1dda6a765aa1ef35e1f06be7b8a5388651e89d3b818a54e213487ac2ff8170bfd7a723819ce04d0cd70206383f85d9ec64f4ff85e900d437b4a612d48b047cf15157f5ea6daf1a084e1fff560c1a9495a540c016bfc1f54277d55c1891432789b85695185817657e03e364078f406acb83f370c9311d8067468bf6f286ef85edd1d6d6c1885c88767f60765818cfe82a2035ea37decb9bf02376ca2674e4841392ba6b603a4df7201feb7b013ce722c25ba1128912a20f22cc1e12902643c7fd6ca034717d31fe5cd1becb9d3b79ab0b767018dcd817e299c18f0d9576f2ccce1e74a7bb9e95d7124fae10c36e28505a0e46388e801f711f44db31984608be4938f9baa3145a6ef297b8aca29fcadfa2caa720091c22ad59d1fc0867d616baa6bbb6bb1d8397919584626515f4946abab034f488e0aa0bbabb706a5dab0bed093e2844606f8971bdab0135bc7b5fac2d75c1fc8b7aee37a97de7efa657f2899dfd0351b379fa2328f9e060bcf052f446ccac1c7eb4cf8f1a4edf38da703d9c84f91aacf369596026123f60a790e6ba190f585ab819fb6259732da73c6eb0a30dcbb407517a8603dff7caa77e40a70d3ca2532643943bb9f23378f76ab7d38365a324c81912c3af55936e4f7", 0x1000, 0x2}, {&(0x7f00000010c0)="e1c2a54a37c5c6deed96d83788952974117637893f1c0b78eca4a18d6820e84819ac6e29aaca8d8b1e12c91d447c7b607c2e522d2b2db35e4aef287ea854b07a308268c79ed0be5972dd8c1f6f", 0x4d, 0xd14a}], 0x202000, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r1}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r1, &(0x7f0000000100)="83", 0x1)
ioctl$TIOCMBIC(r1, 0x5417, &(0x7f0000001240))

[  145.657146] loop5: detected capacity change from 0 to 264192
13:41:06 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x3)

13:41:06 executing program 6:
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security', 0x0, 0x0)
lseek(r0, 0x6, 0x0)
lseek(r0, 0x0, 0x0)

13:41:06 executing program 4:
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
getsockopt$inet6_buf(r0, 0x29, 0x15, &(0x7f0000000500)=""/4096, &(0x7f0000000040)=0x1000)
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="6d5db40407a23c706f6c3d7072656637698255742877763d7265006174bfb2342bb9b732"])
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x5, &(0x7f0000000100)=[{0x4, 0x6, 0x1b, 0x10000}, {0x45e, 0x96, 0x81, 0xffffffc1}, {0x4, 0x4, 0x1, 0x3}, {0x7, 0x8, 0xfd, 0x7000000}, {0x6, 0x7, 0x6, 0x6cd00000}]}, 0x10)

13:41:06 executing program 5:
r0 = syz_usb_connect$printer(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xf4, 0x40, 0x6, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x7, 0x1, 0x3, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x81, 0x0, 0x1c}}, [{{0x9, 0x5, 0x82, 0x2, 0x0, 0x8e, 0x0, 0x1}}]}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0xc0, 0x0, 0x1, 0xbf}, 0x31, &(0x7f0000000080)={0x5, 0xf, 0x31, 0x5, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "80f72c54b90f1d67e2bef492cf025893"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x2, 0x12, 0x0, 0x20, 0x9, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0xe, 0x9, 0x5}]}, 0x4, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x180c}}, {0x5f, &(0x7f0000000100)=@string={0x5f, 0x3, "d0e1dd16794e6e50ae020eba6e34b0c9e3265b370826f32247c66b6693a2ee68496e488994585143775f9678ac61e2c83c13ef3fbeecf519c2edcc8dd3ff3f5231e5db97f11788b7b243c5efadc00a1e57b755271c4233636f68c2567c"}}, {0xf2, &(0x7f0000000180)=@string={0xf2, 0x3, "2db45967e5c0509c3db969d4780e8f350c789d1b12fc67cd649c7850510e5da59a8ed78455d984c452ad00a7f8fbd7c871f52a4f97ac7e0452aff9f7916d18c8ef65db02049a465335883bdc22dbdadd129cb64964d1d3dc7d51c4079c62b508975c831375d7c03ec0c16e1865f20beb1bf299bc0b3e4707df3d3d768d5525d6754074f9a7f3fbefdf47d1ea86e02f26cf979bc4bf25f2d5f181789f746014b51dfe74d217c88050f5c4546c8a4b36e34814eae16a6eded02156c942c4d471862403095baf829037ae0a926af8c12d4623efc261afea3bafe8ad89a17619705e7c3c40407134dad76b6bca21fad3f1bd"}}, {0xa1, &(0x7f0000000280)=@string={0xa1, 0x3, "312a12ac56b2d24635b1695cd117cbb0c928d98d27863b0d4bf1080f27b2f69806bb4c07490c94c67e9e1f50381c1edf6436152e74646aa8e6804c004690f51d6c5fbd2a426fbc6f83635bb6fe528d08279b9766c4c972d797741a6f1633c7743edab4509be63d5a9c3a1b98a754309489dc67a3685db208a7ec8b46c1aeae7d1af9433a95a28deca0e4b60db351d2a6d3568b97099e1a163bda59bef537a1"}}]})
syz_usb_control_io$printer(r0, &(0x7f00000004c0)={0x14, &(0x7f00000003c0)={0x0, 0x2, 0x30, {0x30, 0x7, "ff0c84a45280794091fe1d988159cceb372cc68b01bcdc873b394efeb0d5563ee3d7d712e8df9f5cf258f372134a"}}, &(0x7f0000000400)={0x0, 0x3, 0xb6, @string={0xb6, 0x3, "02fe1685542a368aaac4b5a3a81635eba0f75ac7fdccbec43a8d40dfb8bfea2c0ab7a3b1cab4cfd3ae96b655fc3338cc1a8a639b2a5c0ca064f80bedf78f934021c975a457ba3a91a47f033a0f6552c5b4abee5c03918d5e0f251238a15102a30173a3bdd9cb5be3f15d19acd0af25add7027adac73ab882d24186f177905eeee24f15646242a1cec87d1987c5db176eb96f5f4be9d1469436c3662dfc5641041bb9aec1664c861a1d45048702df4cf03a3d9b89"}}}, &(0x7f0000000680)={0x34, &(0x7f0000000500)={0x40, 0x3, 0xf, "0130872f04c9be9af83b3b94b438a1"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x80}, &(0x7f0000000580)={0x0, 0x8, 0x1}, &(0x7f00000005c0)={0x20, 0x0, 0x39, {0x37, "2f48285aa0abf7318d29f8ed34a367afe872572be8bbbc139d46c31414897634c5326898686cbb3e06a72b2275ed85f6b47bfacd266f83"}}, &(0x7f0000000600)={0x20, 0x1, 0x1, 0x3}, &(0x7f0000000640)={0x20, 0x0, 0x1, 0xfb}})
prctl$PR_CAP_AMBIENT(0x2f, 0x2, 0x0)
prctl$PR_CAP_AMBIENT(0x2f, 0x6, 0x23)

13:41:06 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security', 0x0, 0x0)
lseek(r0, 0x4, 0x0)
lseek(r0, 0x0, 0x0)

13:41:06 executing program 0:
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
acct(&(0x7f0000000040)='./file1\x00')
linkat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x400)

13:41:06 executing program 2:
syz_emit_ethernet(0xc0, &(0x7f0000000080)={@broadcast, @remote, @void, {@x25={0x805, {0x3, 0x80, 0x1, "a51ebb74909a37a69ccfec1624acbc07c22adc926060032c46b526b06df748e9eab7dd8668f0bf9ff9c55537a66c1c985e2c23a55c5331929677494ffbf7fbc1a095c8cea0f6584098d7d19e38caa147b3ac7c8cda7fa3c26acf7eb0bbb41a2c4578e73548b4bf8be734272c653f437ae74891235e9b4e0461dae2e938d0cd84f522975d0a68148a2cc3455b675212c315103f01e69cba39a9e356e3370f117a1580f2169f87f4548ea96ff49742f8"}}}}, 0x0)

13:41:06 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000423bec45764f0d2a00000600"/32])

[  157.087854] tmpfs: Unknown parameter 'm]´¢<pol'
[  157.096915] tmpfs: Unknown parameter 'm]´¢<pol'
13:41:06 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', <r2=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r2, 0x1, 0x6, @local}, 0x10)

[  157.137527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.144396] Process accounting resumed
[  157.153113] misc raw-gadget: fail, usb_gadget_register_driver returned -16
13:41:06 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r1}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r1, &(0x7f0000000100)="83", 0x1)
faccessat2(r1, &(0x7f0000000040)='./file0\x00', 0x1, 0x1100)

13:41:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0, 0x2f, 0x9d, 0x1, 0x2, 0x9, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x10, 0x700, 0x1ff, 0xe1}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000001c0)={'gre0\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB='s\x00'/13, @ANYRES32=r4, @ANYBLOB="0010004000000088000000014a7b00e800650000b8299078ffffffffe00000028927cfe0000002e0000002ac1e0101ac1e000164010100ac1414aae000000264010101ac1e000144343151e000000100000362000000000000a221ffffffff16af86bc0000000080000001ac1414aa00000002ffffffff00000000831f06e0000001ac1414aaffffffffe0000002ac1e0001e000000200000000442474830a010102000002007f00000100000006e0000001ffffffff0a010102002800004410402000000004ffffffff00000002830f0aac1414240a010100ac1414aa890be2ffffffffe0000001940401008604ec6401000000"]})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1008820}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xfc, r1, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="06000000f4de837f2564a0b187d2b91cc737c5fc7daa0c39ab95c94ea0e5842454885d90deb8fcef555d2c21e05ae6076452253235e2efa097fc076c3cb3579a7c5ede6c88f809e01343e6d852a9be03f0139c37f490577af5e4d26c3b32b7bd7c3e0f53823c52d2c6399ef649506f0503ea09bd3a6f254f44e37ba515634392bcd4bd334a2215ac14062c0b653a03168f2a289495640eeae238a4216c2967b459b531915a00000000000000009b24daa2ecc33a1bbe67b49da097349286518c00000000000000000009540916620f99068170ab7f1e218a8144ec91949f609b241bac78ab508eff9c492f140d57c7fb2ce73a87a535c752b08172eeade798e76eb5722c9d66da76512a4f383465b72c6a593c6a43a81aae485d1d2c6d514ba06f3fc1", @ANYRES16=r1, @ANYBLOB="b353000000000000000001000000040002800c00018008000100000000000c0001800800010004000000"], 0x30}}, 0x0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r5)

[  157.174898] lo: entered promiscuous mode
[  157.179431] lo: left promiscuous mode
[  157.188898] lo: entered promiscuous mode
[  157.189848] lo: left promiscuous mode
13:41:06 executing program 2:
r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x10001)
r1 = socket$inet(0x2, 0x3, 0x5)
r2 = memfd_secret(0x80000)
getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, &(0x7f0000001180)={'nat\x00', 0x0, 0x0, 0x0, [0x40, 0x1000000008000, 0x0, 0x7, 0x8, 0x8271]}, &(0x7f00000010c0)=0x78)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'lo\x00'})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, &(0x7f0000001200)={{r1}, 0x0, 0x14, @unused=[0x1, 0x4, 0x4, 0x2000000000003ff], @devid})
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000001140))
socketpair(0x0, 0x80e, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$inet6_IPV6_ADDRFORM(r3, 0x29, 0x1, &(0x7f0000001100), 0x4)

13:41:06 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security', 0x0, 0x0)
lseek(r0, 0x4, 0x0)
lseek(r0, 0x0, 0x0)

[  157.309683] loop7: detected capacity change from 0 to 9
[  157.353956] FAT-fs (loop7): FAT read failed (blocknr 32)
[  157.661351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.664043] misc raw-gadget: fail, usb_gadget_register_driver returned -16
13:41:16 executing program 3:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001880)='/proc/locks\x00', 0x0, 0x0)
flock(r0, 0x2)

13:41:16 executing program 6:
r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x10001)
r1 = socket$inet(0x2, 0x3, 0x5)
r2 = memfd_secret(0x80000)
getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, &(0x7f0000001180)={'nat\x00', 0x0, 0x0, 0x0, [0x40, 0x1000000008000, 0x0, 0x7, 0x8, 0x8271]}, &(0x7f00000010c0)=0x78)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'lo\x00'})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, &(0x7f0000001200)={{r1}, 0x0, 0x14, @unused=[0x1, 0x4, 0x4, 0x2000000000003ff], @devid})
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000001140))
socketpair(0x0, 0x80e, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$inet6_IPV6_ADDRFORM(r3, 0x29, 0x1, &(0x7f0000001100), 0x4)

13:41:16 executing program 5:
r0 = syz_usb_connect$printer(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xf4, 0x40, 0x6, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x7, 0x1, 0x3, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x81, 0x0, 0x1c}}, [{{0x9, 0x5, 0x82, 0x2, 0x0, 0x8e, 0x0, 0x1}}]}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0xc0, 0x0, 0x1, 0xbf}, 0x31, &(0x7f0000000080)={0x5, 0xf, 0x31, 0x5, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "80f72c54b90f1d67e2bef492cf025893"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x2, 0x12, 0x0, 0x20, 0x9, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0xe, 0x9, 0x5}]}, 0x4, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x180c}}, {0x5f, &(0x7f0000000100)=@string={0x5f, 0x3, "d0e1dd16794e6e50ae020eba6e34b0c9e3265b370826f32247c66b6693a2ee68496e488994585143775f9678ac61e2c83c13ef3fbeecf519c2edcc8dd3ff3f5231e5db97f11788b7b243c5efadc00a1e57b755271c4233636f68c2567c"}}, {0xf2, &(0x7f0000000180)=@string={0xf2, 0x3, "2db45967e5c0509c3db969d4780e8f350c789d1b12fc67cd649c7850510e5da59a8ed78455d984c452ad00a7f8fbd7c871f52a4f97ac7e0452aff9f7916d18c8ef65db02049a465335883bdc22dbdadd129cb64964d1d3dc7d51c4079c62b508975c831375d7c03ec0c16e1865f20beb1bf299bc0b3e4707df3d3d768d5525d6754074f9a7f3fbefdf47d1ea86e02f26cf979bc4bf25f2d5f181789f746014b51dfe74d217c88050f5c4546c8a4b36e34814eae16a6eded02156c942c4d471862403095baf829037ae0a926af8c12d4623efc261afea3bafe8ad89a17619705e7c3c40407134dad76b6bca21fad3f1bd"}}, {0xa1, &(0x7f0000000280)=@string={0xa1, 0x3, "312a12ac56b2d24635b1695cd117cbb0c928d98d27863b0d4bf1080f27b2f69806bb4c07490c94c67e9e1f50381c1edf6436152e74646aa8e6804c004690f51d6c5fbd2a426fbc6f83635bb6fe528d08279b9766c4c972d797741a6f1633c7743edab4509be63d5a9c3a1b98a754309489dc67a3685db208a7ec8b46c1aeae7d1af9433a95a28deca0e4b60db351d2a6d3568b97099e1a163bda59bef537a1"}}]})
syz_usb_control_io$printer(r0, &(0x7f00000004c0)={0x14, &(0x7f00000003c0)={0x0, 0x2, 0x30, {0x30, 0x7, "ff0c84a45280794091fe1d988159cceb372cc68b01bcdc873b394efeb0d5563ee3d7d712e8df9f5cf258f372134a"}}, &(0x7f0000000400)={0x0, 0x3, 0xb6, @string={0xb6, 0x3, "02fe1685542a368aaac4b5a3a81635eba0f75ac7fdccbec43a8d40dfb8bfea2c0ab7a3b1cab4cfd3ae96b655fc3338cc1a8a639b2a5c0ca064f80bedf78f934021c975a457ba3a91a47f033a0f6552c5b4abee5c03918d5e0f251238a15102a30173a3bdd9cb5be3f15d19acd0af25add7027adac73ab882d24186f177905eeee24f15646242a1cec87d1987c5db176eb96f5f4be9d1469436c3662dfc5641041bb9aec1664c861a1d45048702df4cf03a3d9b89"}}}, &(0x7f0000000680)={0x34, &(0x7f0000000500)={0x40, 0x3, 0xf, "0130872f04c9be9af83b3b94b438a1"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x80}, &(0x7f0000000580)={0x0, 0x8, 0x1}, &(0x7f00000005c0)={0x20, 0x0, 0x39, {0x37, "2f48285aa0abf7318d29f8ed34a367afe872572be8bbbc139d46c31414897634c5326898686cbb3e06a72b2275ed85f6b47bfacd266f83"}}, &(0x7f0000000600)={0x20, 0x1, 0x1, 0x3}, &(0x7f0000000640)={0x20, 0x0, 0x1, 0xfb}})
prctl$PR_CAP_AMBIENT(0x2f, 0x2, 0x0)
prctl$PR_CAP_AMBIENT(0x2f, 0x6, 0x23)

13:41:16 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r1}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r1, &(0x7f0000000100)="83", 0x1)
faccessat2(r1, &(0x7f0000000040)='./file0\x00', 0x1, 0x1100)

13:41:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0, 0x2f, 0x9d, 0x1, 0x2, 0x9, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x10, 0x700, 0x1ff, 0xe1}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000001c0)={'gre0\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB='s\x00'/13, @ANYRES32=r4, @ANYBLOB="0010004000000088000000014a7b00e800650000b8299078ffffffffe00000028927cfe0000002e0000002ac1e0101ac1e000164010100ac1414aae000000264010101ac1e000144343151e000000100000362000000000000a221ffffffff16af86bc0000000080000001ac1414aa00000002ffffffff00000000831f06e0000001ac1414aaffffffffe0000002ac1e0001e000000200000000442474830a010102000002007f00000100000006e0000001ffffffff0a010102002800004410402000000004ffffffff00000002830f0aac1414240a010100ac1414aa890be2ffffffffe0000001940401008604ec6401000000"]})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1008820}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xfc, r1, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="06000000f4de837f2564a0b187d2b91cc737c5fc7daa0c39ab95c94ea0e5842454885d90deb8fcef555d2c21e05ae6076452253235e2efa097fc076c3cb3579a7c5ede6c88f809e01343e6d852a9be03f0139c37f490577af5e4d26c3b32b7bd7c3e0f53823c52d2c6399ef649506f0503ea09bd3a6f254f44e37ba515634392bcd4bd334a2215ac14062c0b653a03168f2a289495640eeae238a4216c2967b459b531915a00000000000000009b24daa2ecc33a1bbe67b49da097349286518c00000000000000000009540916620f99068170ab7f1e218a8144ec91949f609b241bac78ab508eff9c492f140d57c7fb2ce73a87a535c752b08172eeade798e76eb5722c9d66da76512a4f383465b72c6a593c6a43a81aae485d1d2c6d514ba06f3fc1", @ANYRES16=r1, @ANYBLOB="b353000000000000000001000000040002800c00018008000100000000000c0001800800010004000000"], 0x30}}, 0x0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r5)

13:41:16 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security', 0x0, 0x0)
lseek(r0, 0x4, 0x0)
lseek(r0, 0x0, 0x0)

13:41:16 executing program 2:
r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x10001)
r1 = socket$inet(0x2, 0x3, 0x5)
r2 = memfd_secret(0x80000)
getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, &(0x7f0000001180)={'nat\x00', 0x0, 0x0, 0x0, [0x40, 0x1000000008000, 0x0, 0x7, 0x8, 0x8271]}, &(0x7f00000010c0)=0x78)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'lo\x00'})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, &(0x7f0000001200)={{r1}, 0x0, 0x14, @unused=[0x1, 0x4, 0x4, 0x2000000000003ff], @devid})
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000001140))
socketpair(0x0, 0x80e, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$inet6_IPV6_ADDRFORM(r3, 0x29, 0x1, &(0x7f0000001100), 0x4)

13:41:16 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r2=>0x0})
sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x34, r1, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x20000006)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

[  167.201494] loop7: detected capacity change from 0 to 9
[  167.223661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  167.241317] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  167.246536] FAT-fs (loop7): FAT read failed (blocknr 32)
13:41:16 executing program 2:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)

13:41:16 executing program 4:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x7}}, './file0\x00'})
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)

13:41:16 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
gettid()
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000000)=""/190, &(0x7f0000000100)=0xbe)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

13:41:17 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r1}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r1, &(0x7f0000000100)="83", 0x1)
faccessat2(r1, &(0x7f0000000040)='./file0\x00', 0x1, 0x1100)

13:41:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0, 0x2f, 0x9d, 0x1, 0x2, 0x9, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x10, 0x700, 0x1ff, 0xe1}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000001c0)={'gre0\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB='s\x00'/13, @ANYRES32=r4, @ANYBLOB="0010004000000088000000014a7b00e800650000b8299078ffffffffe00000028927cfe0000002e0000002ac1e0101ac1e000164010100ac1414aae000000264010101ac1e000144343151e000000100000362000000000000a221ffffffff16af86bc0000000080000001ac1414aa00000002ffffffff00000000831f06e0000001ac1414aaffffffffe0000002ac1e0001e000000200000000442474830a010102000002007f00000100000006e0000001ffffffff0a010102002800004410402000000004ffffffff00000002830f0aac1414240a010100ac1414aa890be2ffffffffe0000001940401008604ec6401000000"]})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1008820}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xfc, r1, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="06000000f4de837f2564a0b187d2b91cc737c5fc7daa0c39ab95c94ea0e5842454885d90deb8fcef555d2c21e05ae6076452253235e2efa097fc076c3cb3579a7c5ede6c88f809e01343e6d852a9be03f0139c37f490577af5e4d26c3b32b7bd7c3e0f53823c52d2c6399ef649506f0503ea09bd3a6f254f44e37ba515634392bcd4bd334a2215ac14062c0b653a03168f2a289495640eeae238a4216c2967b459b531915a00000000000000009b24daa2ecc33a1bbe67b49da097349286518c00000000000000000009540916620f99068170ab7f1e218a8144ec91949f609b241bac78ab508eff9c492f140d57c7fb2ce73a87a535c752b08172eeade798e76eb5722c9d66da76512a4f383465b72c6a593c6a43a81aae485d1d2c6d514ba06f3fc1", @ANYRES16=r1, @ANYBLOB="b353000000000000000001000000040002800c00018008000100000000000c0001800800010004000000"], 0x30}}, 0x0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r5)

13:41:17 executing program 1:
r0 = perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf71, 0x0, 0x0, 0x401, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write(r0, &(0x7f0000000180)="351f8678f0dc51682933b3766f0b442e40f75d662825d176222ece84c4cfaeca844d514d07f7e8bd36fa532b9e9710675c777141a9a6cb69c625d37a35e86355beb14c8116c7b223736e38c6b4a748bfdd5839a03caf9476f017eab2dc97a79f70cfa22aed2a3c4fa155c81a79e72b339538a6a3f98dbab5e7179f81d04862a44818addf1fac41808e74f00c6c11e95102bc9cf87ae3f42994f204422e7b2faf28419107c7d3ebf0ac68bd68c1a0010b3344f9111841da744ead90edc46212b89e644661da8f3054c0aba02e13460b893b720e6a57c6f49c27ffed71d1f22ba8661c49effc555beabe2e9e", 0xeb)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000000)="a20e73f1b1812c8df6", 0x9}], 0x1)

[  167.410242] audit: type=1326 audit(1756474877.085:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4230 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
13:41:17 executing program 6:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0)=<r6=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={<r7=>0xffffffffffffffff})
r8 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000040)={'lo\x00'})
r9 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r9, 0x8914, &(0x7f0000000040)={'lo\x00'})
sendmsg$unix(r2, &(0x7f00000005c0)={&(0x7f0000000400)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000240)="bf0cedeeec1ac206f0f9135a380842c9b12f72f1d847330cac63ebadf656", 0x1e}], 0x1, &(0x7f0000000540)=[@cred={{0x1c, 0x1, 0x2, {r6, r4, r5}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r4, r5}}}, @rights={{0x28, 0x1, 0x1, [r3, r7, r0, r1, r8, r9]}}], 0x68, 0x28040000}, 0x4000)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

[  167.432310] loop7: detected capacity change from 0 to 9
[  167.442626] FAT-fs (loop7): FAT read failed (blocknr 32)
[  167.478615] audit: type=1400 audit(1756474877.153:11): avc:  denied  { write } for  pid=4229 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  167.580575] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  168.348676] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
13:41:28 executing program 6:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0)=<r6=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={<r7=>0xffffffffffffffff})
r8 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000040)={'lo\x00'})
r9 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r9, 0x8914, &(0x7f0000000040)={'lo\x00'})
sendmsg$unix(r2, &(0x7f00000005c0)={&(0x7f0000000400)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000240)="bf0cedeeec1ac206f0f9135a380842c9b12f72f1d847330cac63ebadf656", 0x1e}], 0x1, &(0x7f0000000540)=[@cred={{0x1c, 0x1, 0x2, {r6, r4, r5}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r4, r5}}}, @rights={{0x28, 0x1, 0x1, [r3, r7, r0, r1, r8, r9]}}], 0x68, 0x28040000}, 0x4000)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

13:41:28 executing program 5:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)

13:41:28 executing program 1:
r0 = perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf71, 0x0, 0x0, 0x401, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write(r0, &(0x7f0000000180)="351f8678f0dc51682933b3766f0b442e40f75d662825d176222ece84c4cfaeca844d514d07f7e8bd36fa532b9e9710675c777141a9a6cb69c625d37a35e86355beb14c8116c7b223736e38c6b4a748bfdd5839a03caf9476f017eab2dc97a79f70cfa22aed2a3c4fa155c81a79e72b339538a6a3f98dbab5e7179f81d04862a44818addf1fac41808e74f00c6c11e95102bc9cf87ae3f42994f204422e7b2faf28419107c7d3ebf0ac68bd68c1a0010b3344f9111841da744ead90edc46212b89e644661da8f3054c0aba02e13460b893b720e6a57c6f49c27ffed71d1f22ba8661c49effc555beabe2e9e", 0xeb)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000000)="a20e73f1b1812c8df6", 0x9}], 0x1)

13:41:28 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0, 0x2f, 0x9d, 0x1, 0x2, 0x9, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x10, 0x700, 0x1ff, 0xe1}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000001c0)={'gre0\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB='s\x00'/13, @ANYRES32=r4, @ANYBLOB="0010004000000088000000014a7b00e800650000b8299078ffffffffe00000028927cfe0000002e0000002ac1e0101ac1e000164010100ac1414aae000000264010101ac1e000144343151e000000100000362000000000000a221ffffffff16af86bc0000000080000001ac1414aa00000002ffffffff00000000831f06e0000001ac1414aaffffffffe0000002ac1e0001e000000200000000442474830a010102000002007f00000100000006e0000001ffffffff0a010102002800004410402000000004ffffffff00000002830f0aac1414240a010100ac1414aa890be2ffffffffe0000001940401008604ec6401000000"]})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1008820}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xfc, r1, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="06000000f4de837f2564a0b187d2b91cc737c5fc7daa0c39ab95c94ea0e5842454885d90deb8fcef555d2c21e05ae6076452253235e2efa097fc076c3cb3579a7c5ede6c88f809e01343e6d852a9be03f0139c37f490577af5e4d26c3b32b7bd7c3e0f53823c52d2c6399ef649506f0503ea09bd3a6f254f44e37ba515634392bcd4bd334a2215ac14062c0b653a03168f2a289495640eeae238a4216c2967b459b531915a00000000000000009b24daa2ecc33a1bbe67b49da097349286518c00000000000000000009540916620f99068170ab7f1e218a8144ec91949f609b241bac78ab508eff9c492f140d57c7fb2ce73a87a535c752b08172eeade798e76eb5722c9d66da76512a4f383465b72c6a593c6a43a81aae485d1d2c6d514ba06f3fc1", @ANYRES16=r1, @ANYBLOB="b353000000000000000001000000040002800c00018008000100000000000c0001800800010004000000"], 0x30}}, 0x0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r5)

13:41:28 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
gettid()
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000000)=""/190, &(0x7f0000000100)=0xbe)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

13:41:28 executing program 4:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x7}}, './file0\x00'})
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)

13:41:28 executing program 2:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)

13:41:28 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r1}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r1, &(0x7f0000000100)="83", 0x1)
faccessat2(r1, &(0x7f0000000040)='./file0\x00', 0x1, 0x1100)

[  179.135055] audit: type=1326 audit(1756474888.803:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4262 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
[  179.204966] loop7: detected capacity change from 0 to 9
13:41:28 executing program 4:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)

13:41:28 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
gettid()
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000000)=""/190, &(0x7f0000000100)=0xbe)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

13:41:28 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0, 0x2f, 0x9d, 0x1, 0x2, 0x9, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x10, 0x700, 0x1ff, 0xe1}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000001c0)={'gre0\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB='s\x00'/13, @ANYRES32=r4, @ANYBLOB="0010004000000088000000014a7b00e800650000b8299078ffffffffe00000028927cfe0000002e0000002ac1e0101ac1e000164010100ac1414aae000000264010101ac1e000144343151e000000100000362000000000000a221ffffffff16af86bc0000000080000001ac1414aa00000002ffffffff00000000831f06e0000001ac1414aaffffffffe0000002ac1e0001e000000200000000442474830a010102000002007f00000100000006e0000001ffffffff0a010102002800004410402000000004ffffffff00000002830f0aac1414240a010100ac1414aa890be2ffffffffe0000001940401008604ec6401000000"]})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1008820}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xfc, r1, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="06000000f4de837f2564a0b187d2b91cc737c5fc7daa0c39ab95c94ea0e5842454885d90deb8fcef555d2c21e05ae6076452253235e2efa097fc076c3cb3579a7c5ede6c88f809e01343e6d852a9be03f0139c37f490577af5e4d26c3b32b7bd7c3e0f53823c52d2c6399ef649506f0503ea09bd3a6f254f44e37ba515634392bcd4bd334a2215ac14062c0b653a03168f2a289495640eeae238a4216c2967b459b531915a00000000000000009b24daa2ecc33a1bbe67b49da097349286518c00000000000000000009540916620f99068170ab7f1e218a8144ec91949f609b241bac78ab508eff9c492f140d57c7fb2ce73a87a535c752b08172eeade798e76eb5722c9d66da76512a4f383465b72c6a593c6a43a81aae485d1d2c6d514ba06f3fc1", @ANYRES16=r1, @ANYBLOB="b353000000000000000001000000040002800c00018008000100000000000c0001800800010004000000"], 0x30}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)

[  179.270910] FAT-fs (loop7): FAT read failed (blocknr 32)
[  179.273866] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  179.294013] audit: type=1326 audit(1756474888.963:13): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4277 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
13:41:28 executing program 1:
r0 = perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf71, 0x0, 0x0, 0x401, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write(r0, &(0x7f0000000180)="351f8678f0dc51682933b3766f0b442e40f75d662825d176222ece84c4cfaeca844d514d07f7e8bd36fa532b9e9710675c777141a9a6cb69c625d37a35e86355beb14c8116c7b223736e38c6b4a748bfdd5839a03caf9476f017eab2dc97a79f70cfa22aed2a3c4fa155c81a79e72b339538a6a3f98dbab5e7179f81d04862a44818addf1fac41808e74f00c6c11e95102bc9cf87ae3f42994f204422e7b2faf28419107c7d3ebf0ac68bd68c1a0010b3344f9111841da744ead90edc46212b89e644661da8f3054c0aba02e13460b893b720e6a57c6f49c27ffed71d1f22ba8661c49effc555beabe2e9e", 0xeb)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000000)="a20e73f1b1812c8df6", 0x9}], 0x1)

13:41:28 executing program 5:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)

13:41:29 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
gettid()
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000000)=""/190, &(0x7f0000000100)=0xbe)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

13:41:29 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r1}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r1, &(0x7f0000000100)="83", 0x1)

13:41:29 executing program 4:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)

[  179.448001] audit: type=1326 audit(1756474889.119:14): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4286 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
[  179.490285] loop7: detected capacity change from 0 to 9
[  179.517552] kmemleak: Found object by alias at 0x607f1a639234
[  179.517570] CPU: 1 UID: 0 PID: 4280 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  179.517593] Tainted: [W]=WARN
[  179.517596] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  179.517604] Call Trace:
[  179.517608]  <TASK>
[  179.517613]  dump_stack_lvl+0xca/0x120
[  179.517637]  __lookup_object+0x94/0xb0
[  179.517654]  delete_object_full+0x27/0x70
[  179.517670]  free_percpu+0x30/0x1160
[  179.517686]  ? arch_uprobe_clear_state+0x16/0x140
[  179.517707]  futex_hash_free+0x38/0xc0
[  179.517721]  mmput+0x2d3/0x390
[  179.517740]  do_exit+0x79d/0x2970
[  179.517754]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  179.517775]  ? zap_other_threads+0x2b9/0x3a0
[  179.517793]  ? __pfx_do_exit+0x10/0x10
[  179.517806]  ? do_group_exit+0x1c3/0x2a0
[  179.517821]  ? _raw_spin_unlock_irq+0x23/0x40
[  179.517839]  do_group_exit+0xd3/0x2a0
[  179.517854]  __x64_sys_exit_group+0x3e/0x50
[  179.517867]  x64_sys_call+0x18c5/0x18d0
[  179.517883]  do_syscall_64+0xbf/0x360
[  179.517896]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.517907] RIP: 0033:0x7f07daa49b19
[  179.517916] Code: Unable to access opcode bytes at 0x7f07daa49aef.
[  179.517921] RSP: 002b:00007fff601643a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  179.517932] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f07daa49b19
[  179.517940] RDX: 00007f07da9fc72b RSI: ffffffffffffffbc RDI: 0000000000000000
[  179.517947] RBP: 0000000000000000 R08: 0000001b2d32f40c R09: 0000000000000000
[  179.517954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.517960] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff60164490
[  179.517977]  </TASK>
[  179.517981] kmemleak: Object (percpu) 0x607f1a639230 (size 8):
[  179.517988] kmemleak:   comm "syz-executor.4", pid 4289, jiffies 4294846068
[  179.517995] kmemleak:   min_count = 1
[  179.517998] kmemleak:   count = 0
[  179.518002] kmemleak:   flags = 0x21
[  179.518006] kmemleak:   checksum = 0
[  179.518010] kmemleak:   backtrace:
[  179.518013]  pcpu_alloc_noprof+0x87a/0x1170
[  179.518028]  percpu_ref_init+0x37/0x400
[  179.518046]  ioctx_alloc+0x368/0x1e10
[  179.518058]  __x64_sys_io_setup+0xc8/0x1f0
[  179.518071]  do_syscall_64+0xbf/0x360
[  179.518081]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.530356] FAT-fs (loop7): FAT read failed (blocknr 32)
13:41:38 executing program 5:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r1}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r1, &(0x7f0000000100)="83", 0x1)

13:41:38 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0, 0x2f, 0x9d, 0x1, 0x2, 0x9, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x10, 0x700, 0x1ff, 0xe1}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000001c0)={'gre0\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB='s\x00'/13, @ANYRES32=r4, @ANYBLOB="0010004000000088000000014a7b00e800650000b8299078ffffffffe00000028927cfe0000002e0000002ac1e0101ac1e000164010100ac1414aae000000264010101ac1e000144343151e000000100000362000000000000a221ffffffff16af86bc0000000080000001ac1414aa00000002ffffffff00000000831f06e0000001ac1414aaffffffffe0000002ac1e0001e000000200000000442474830a010102000002007f00000100000006e0000001ffffffff0a010102002800004410402000000004ffffffff00000002830f0aac1414240a010100ac1414aa890be2ffffffffe0000001940401008604ec6401000000"]})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1008820}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xfc, r1, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="06000000f4de837f2564a0b187d2b91cc737c5fc7daa0c39ab95c94ea0e5842454885d90deb8fcef555d2c21e05ae6076452253235e2efa097fc076c3cb3579a7c5ede6c88f809e01343e6d852a9be03f0139c37f490577af5e4d26c3b32b7bd7c3e0f53823c52d2c6399ef649506f0503ea09bd3a6f254f44e37ba515634392bcd4bd334a2215ac14062c0b653a03168f2a289495640eeae238a4216c2967b459b531915a00000000000000009b24daa2ecc33a1bbe67b49da097349286518c00000000000000000009540916620f99068170ab7f1e218a8144ec91949f609b241bac78ab508eff9c492f140d57c7fb2ce73a87a535c752b08172eeade798e76eb5722c9d66da76512a4f383465b72c6a593c6a43a81aae485d1d2c6d514ba06f3fc1", @ANYRES16=r1, @ANYBLOB="b353000000000000000001000000040002800c00018008000100000000000c0001800800010004000000"], 0x30}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)

13:41:38 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), r0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x2c, r3, 0x5, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r4}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}]]}, 0x2c}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x1a0, r1, 0xd0c859201709cb56, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x83bf, 0x56}}}}, [@NL80211_ATTR_TX_RATES={0x158, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x50, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xb3f2, 0x0, 0x7, 0x6, 0x8, 0x2, 0xfffd, 0x5]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x2, 0x0, 0x6, 0x80, 0x1, 0x200, 0x3c5]}}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x36, 0x30, 0x60, 0x14, 0x12, 0x1b, 0x2, 0x9, 0x16, 0x1b, 0x16, 0x9, 0x3, 0xb, 0x1, 0x75, 0x12]}]}, @NL80211_BAND_2GHZ={0x3c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x24, 0x1, [0xc, 0x12, 0x9, 0x9, 0x7, 0x4, 0x3, 0x48, 0x12, 0x60, 0x60, 0x1b, 0xb, 0x16, 0x16, 0x32, 0x1b, 0x0, 0x12, 0x6c, 0x9, 0x30, 0x24, 0x6, 0x6, 0x6, 0x3, 0x6, 0x4, 0x16, 0x30, 0x48]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0xb, 0x3, 0x6, 0x36, 0x68, 0x48, 0x30, 0x4, 0x24, 0xc, 0x4d, 0x36, 0x18]}]}, @NL80211_BAND_6GHZ={0x14, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x7, 0x1, [0x1, 0x3, 0x24]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_60GHZ={0x9c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xb, 0x1, [0x9, 0xcb, 0x1, 0x6c, 0x2, 0x24, 0x4]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x18, 0x6c, 0x1b, 0xb, 0x6]}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x12, 0x3, 0x6c, 0x9, 0x6c, 0x9, 0x36, 0x18, 0x1, 0x2, 0x18, 0x16, 0x12, 0x6]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x1000, 0x2, 0x400, 0x3, 0x1, 0x101, 0x7e]}}, @NL80211_TXRATE_HT={0x46, 0x2, [{0x4, 0x8}, {0x1, 0x9}, {0x4, 0xa}, {0x4, 0x6}, {0x3, 0x3}, {0x1, 0x10}, {0x1, 0x6}, {0x3, 0x6}, {0x0, 0x4}, {0x6, 0x2}, {0x3, 0x1}, {0x5, 0x3}, {0x5, 0x4}, {0x6, 0xa}, {0x2, 0x8}, {0x0, 0x5}, {0x7, 0x2}, {0x2, 0x9}, {0x6, 0x1}, {0x7, 0x9}, {0x5, 0x9}, {}, {0x6, 0x2}, {0x4, 0x7}, {0x2, 0x2}, {0x7, 0xa}, {0x1, 0x5}, {0x0, 0x4}, {}, {0x1, 0x7}, {0x0, 0x4}, {0x0, 0x1}, {0x3, 0x6}, {0x0, 0x7}, {0x2, 0x6}, {0x1, 0x4}, {0x5, 0x1}, {0x5, 0x8}, {0x7, 0x8}, {}, {0x1, 0x4}, {0x2, 0x3}, {0x1, 0x5}, {0x4, 0x2}, {0x6, 0x4}, {0x0, 0x8}, {0x2, 0x6}, {0x1, 0x8}, {0x0, 0x4}, {0x6, 0x2}, {0x5, 0x9}, {0x4, 0x7}, {0x1, 0xa}, {0x1, 0x3}, {0x7, 0x9}, {0x1, 0x8}, {}, {0x4, 0xa}, {0x3, 0x9}, {0x5, 0x1}, {0x4, 0x6}, {0x2, 0x6}, {0x5}, {0x6, 0x8}, {0x7, 0x4}, {0x6, 0x5}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_MESH_CONFIG={0x1c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_CONFIRM_TIMEOUT={0x6, 0x2, 0xd3}, @NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6, 0xd, 0x40}, @NL80211_MESHCONF_GATE_ANNOUNCEMENTS={0x5, 0x11, 0x1}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x4000000002, 0x7})
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfff})
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0)
pwritev(r5, &(0x7f0000000100)=[{&(0x7f0000000440)="85", 0x1}], 0x1, 0xffff, 0x0)

13:41:38 executing program 1:
r0 = perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf71, 0x0, 0x0, 0x401, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write(r0, &(0x7f0000000180)="351f8678f0dc51682933b3766f0b442e40f75d662825d176222ece84c4cfaeca844d514d07f7e8bd36fa532b9e9710675c777141a9a6cb69c625d37a35e86355beb14c8116c7b223736e38c6b4a748bfdd5839a03caf9476f017eab2dc97a79f70cfa22aed2a3c4fa155c81a79e72b339538a6a3f98dbab5e7179f81d04862a44818addf1fac41808e74f00c6c11e95102bc9cf87ae3f42994f204422e7b2faf28419107c7d3ebf0ac68bd68c1a0010b3344f9111841da744ead90edc46212b89e644661da8f3054c0aba02e13460b893b720e6a57c6f49c27ffed71d1f22ba8661c49effc555beabe2e9e", 0xeb)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000000)="a20e73f1b1812c8df6", 0x9}], 0x1)

13:41:38 executing program 6:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0)=<r6=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={<r7=>0xffffffffffffffff})
r8 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000040)={'lo\x00'})
r9 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r9, 0x8914, &(0x7f0000000040)={'lo\x00'})
sendmsg$unix(r2, &(0x7f00000005c0)={&(0x7f0000000400)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000240)="bf0cedeeec1ac206f0f9135a380842c9b12f72f1d847330cac63ebadf656", 0x1e}], 0x1, &(0x7f0000000540)=[@cred={{0x1c, 0x1, 0x2, {r6, r4, r5}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r4, r5}}}, @rights={{0x28, 0x1, 0x1, [r3, r7, r0, r1, r8, r9]}}], 0x68, 0x28040000}, 0x4000)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

13:41:38 executing program 4:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0)

13:41:38 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
write$snapshot(r1, &(0x7f0000000100)="83", 0x1)

13:41:38 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
gettid()
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

[  188.531270] loop5: detected capacity change from 0 to 9
[  188.543532] loop7: detected capacity change from 0 to 9
[  188.555513] audit: type=1326 audit(1756474898.225:15): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4306 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
[  188.581732] FAT-fs (loop5): FAT read failed (blocknr 32)
[  188.588819] FAT-fs (loop7): FAT read failed (blocknr 32)
[  188.628059] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
13:41:38 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0, 0x2f, 0x9d, 0x1, 0x2, 0x9, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x10, 0x700, 0x1ff, 0xe1}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000001c0)={'gre0\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB='s\x00'/13, @ANYRES32=r4, @ANYBLOB="0010004000000088000000014a7b00e800650000b8299078ffffffffe00000028927cfe0000002e0000002ac1e0101ac1e000164010100ac1414aae000000264010101ac1e000144343151e000000100000362000000000000a221ffffffff16af86bc0000000080000001ac1414aa00000002ffffffff00000000831f06e0000001ac1414aaffffffffe0000002ac1e0001e000000200000000442474830a010102000002007f00000100000006e0000001ffffffff0a010102002800004410402000000004ffffffff00000002830f0aac1414240a010100ac1414aa890be2ffffffffe0000001940401008604ec6401000000"]})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1008820}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xfc, r1, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="06000000f4de837f2564a0b187d2b91cc737c5fc7daa0c39ab95c94ea0e5842454885d90deb8fcef555d2c21e05ae6076452253235e2efa097fc076c3cb3579a7c5ede6c88f809e01343e6d852a9be03f0139c37f490577af5e4d26c3b32b7bd7c3e0f53823c52d2c6399ef649506f0503ea09bd3a6f254f44e37ba515634392bcd4bd334a2215ac14062c0b653a03168f2a289495640eeae238a4216c2967b459b531915a00000000000000009b24daa2ecc33a1bbe67b49da097349286518c00000000000000000009540916620f99068170ab7f1e218a8144ec91949f609b241bac78ab508eff9c492f140d57c7fb2ce73a87a535c752b08172eeade798e76eb5722c9d66da76512a4f383465b72c6a593c6a43a81aae485d1d2c6d514ba06f3fc1", @ANYRES16=r1, @ANYBLOB="b353000000000000000001000000040002800c00018008000100000000000c0001800800010004000000"], 0x30}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)

13:41:38 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
r0 = perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xf}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

[  188.675412] kmemleak: Found object by alias at 0x607f1a639234
[  188.675439] CPU: 1 UID: 0 PID: 4310 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  188.675472] Tainted: [W]=WARN
[  188.675479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  188.675500] Call Trace:
[  188.675507]  <TASK>
[  188.675515]  dump_stack_lvl+0xca/0x120
[  188.675557]  __lookup_object+0x94/0xb0
[  188.675587]  delete_object_full+0x27/0x70
[  188.675617]  free_percpu+0x30/0x1160
[  188.675646]  ? arch_uprobe_clear_state+0x16/0x140
[  188.675682]  futex_hash_free+0x38/0xc0
[  188.675708]  mmput+0x2d3/0x390
[  188.675741]  do_exit+0x79d/0x2970
[  188.675771]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  188.675809]  ? __pfx_do_exit+0x10/0x10
[  188.675835]  ? find_held_lock+0x2b/0x80
[  188.675866]  ? get_signal+0x835/0x2340
[  188.675903]  do_group_exit+0xd3/0x2a0
[  188.675931]  get_signal+0x2315/0x2340
[  188.675974]  ? __pfx_get_signal+0x10/0x10
[  188.676003]  ? do_futex+0x135/0x370
[  188.676029]  ? __pfx_do_futex+0x10/0x10
[  188.676057]  arch_do_signal_or_restart+0x80/0x790
[  188.676089]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  188.676119]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  188.676155]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  188.676188]  ? fput+0x6a/0x100
[  188.676214]  ? __pfx___x64_sys_futex+0x10/0x10
[  188.676237]  ? ksys_write+0x1a3/0x240
[  188.676258]  ? xfd_validate_state+0x55/0x180
[  188.676286]  ? __pfx_ksys_write+0x10/0x10
[  188.676316]  exit_to_user_mode_loop+0x8b/0x110
[  188.676339]  do_syscall_64+0x2f7/0x360
[  188.676361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.676383] RIP: 0033:0x7f07daa49b19
[  188.676399] Code: Unable to access opcode bytes at 0x7f07daa49aef.
[  188.676408] RSP: 002b:00007f07d7fbf218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  188.676428] RAX: fffffffffffffe00 RBX: 00007f07dab5cf68 RCX: 00007f07daa49b19
[  188.676443] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f07dab5cf68
[  188.676455] RBP: 00007f07dab5cf60 R08: 0000000000000000 R09: 0000000000000000
[  188.676468] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f07dab5cf6c
[  188.676481] R13: 00007fff6016417f R14: 00007f07d7fbf300 R15: 0000000000022000
[  188.676513]  </TASK>
[  188.676520] kmemleak: Object (percpu) 0x607f1a639230 (size 8):
[  188.676532] kmemleak:   comm "syz-executor.5", pid 4310, jiffies 4294855172
[  188.676545] kmemleak:   min_count = 1
[  188.676552] kmemleak:   count = 0
[  188.676559] kmemleak:   flags = 0x21
[  188.676566] kmemleak:   checksum = 0
[  188.676573] kmemleak:   backtrace:
[  188.676579]  pcpu_alloc_noprof+0x87a/0x1170
[  188.676606]  percpu_ref_init+0x37/0x400
[  188.676636]  blkg_alloc+0xe9/0x7d0
[  188.676659]  blkg_create+0xe08/0x1420
[  188.676681]  bio_associate_blkg_from_css+0xe06/0x1380
[  188.676705]  bio_associate_blkg+0x10e/0x2a0
[  188.676728]  bio_init+0x2dd/0x570
[  188.676750]  bio_alloc_bioset+0x2cf/0x8c0
[  188.676775]  submit_bh_wbc+0x286/0x720
[  188.676804]  __bread_gfp+0x18b/0x3c0
[  188.676823]  fat_fill_super+0x5e1/0x3fd0
[  188.676851]  get_tree_bdev_flags+0x38a/0x620
[  188.676881]  vfs_get_tree+0x93/0x340
[  188.676907]  path_mount+0x132d/0x1dd0
[  188.676927]  __x64_sys_mount+0x27b/0x300
[  188.676947]  do_syscall_64+0xbf/0x360
13:41:38 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
gettid()
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

13:41:38 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), r0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x2c, r3, 0x5, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r4}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}]]}, 0x2c}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x1a0, r1, 0xd0c859201709cb56, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x83bf, 0x56}}}}, [@NL80211_ATTR_TX_RATES={0x158, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x50, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xb3f2, 0x0, 0x7, 0x6, 0x8, 0x2, 0xfffd, 0x5]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x2, 0x0, 0x6, 0x80, 0x1, 0x200, 0x3c5]}}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x36, 0x30, 0x60, 0x14, 0x12, 0x1b, 0x2, 0x9, 0x16, 0x1b, 0x16, 0x9, 0x3, 0xb, 0x1, 0x75, 0x12]}]}, @NL80211_BAND_2GHZ={0x3c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x24, 0x1, [0xc, 0x12, 0x9, 0x9, 0x7, 0x4, 0x3, 0x48, 0x12, 0x60, 0x60, 0x1b, 0xb, 0x16, 0x16, 0x32, 0x1b, 0x0, 0x12, 0x6c, 0x9, 0x30, 0x24, 0x6, 0x6, 0x6, 0x3, 0x6, 0x4, 0x16, 0x30, 0x48]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0xb, 0x3, 0x6, 0x36, 0x68, 0x48, 0x30, 0x4, 0x24, 0xc, 0x4d, 0x36, 0x18]}]}, @NL80211_BAND_6GHZ={0x14, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x7, 0x1, [0x1, 0x3, 0x24]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_60GHZ={0x9c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xb, 0x1, [0x9, 0xcb, 0x1, 0x6c, 0x2, 0x24, 0x4]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x18, 0x6c, 0x1b, 0xb, 0x6]}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x12, 0x3, 0x6c, 0x9, 0x6c, 0x9, 0x36, 0x18, 0x1, 0x2, 0x18, 0x16, 0x12, 0x6]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x1000, 0x2, 0x400, 0x3, 0x1, 0x101, 0x7e]}}, @NL80211_TXRATE_HT={0x46, 0x2, [{0x4, 0x8}, {0x1, 0x9}, {0x4, 0xa}, {0x4, 0x6}, {0x3, 0x3}, {0x1, 0x10}, {0x1, 0x6}, {0x3, 0x6}, {0x0, 0x4}, {0x6, 0x2}, {0x3, 0x1}, {0x5, 0x3}, {0x5, 0x4}, {0x6, 0xa}, {0x2, 0x8}, {0x0, 0x5}, {0x7, 0x2}, {0x2, 0x9}, {0x6, 0x1}, {0x7, 0x9}, {0x5, 0x9}, {}, {0x6, 0x2}, {0x4, 0x7}, {0x2, 0x2}, {0x7, 0xa}, {0x1, 0x5}, {0x0, 0x4}, {}, {0x1, 0x7}, {0x0, 0x4}, {0x0, 0x1}, {0x3, 0x6}, {0x0, 0x7}, {0x2, 0x6}, {0x1, 0x4}, {0x5, 0x1}, {0x5, 0x8}, {0x7, 0x8}, {}, {0x1, 0x4}, {0x2, 0x3}, {0x1, 0x5}, {0x4, 0x2}, {0x6, 0x4}, {0x0, 0x8}, {0x2, 0x6}, {0x1, 0x8}, {0x0, 0x4}, {0x6, 0x2}, {0x5, 0x9}, {0x4, 0x7}, {0x1, 0xa}, {0x1, 0x3}, {0x7, 0x9}, {0x1, 0x8}, {}, {0x4, 0xa}, {0x3, 0x9}, {0x5, 0x1}, {0x4, 0x6}, {0x2, 0x6}, {0x5}, {0x6, 0x8}, {0x7, 0x4}, {0x6, 0x5}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_MESH_CONFIG={0x1c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_CONFIRM_TIMEOUT={0x6, 0x2, 0xd3}, @NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6, 0xd, 0x40}, @NL80211_MESHCONF_GATE_ANNOUNCEMENTS={0x5, 0x11, 0x1}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000400)={0x0, 0x0, 0x4000000002, 0x7})
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfff})
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0)
pwritev(r5, &(0x7f0000000100)=[{&(0x7f0000000440)="85", 0x1}], 0x1, 0xffff, 0x0)

13:41:38 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
write$snapshot(0xffffffffffffffff, &(0x7f0000000100)="83", 0x1)

13:41:38 executing program 5:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r1}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r1, &(0x7f0000000100)="83", 0x1)

[  188.865754] audit: type=1326 audit(1756474898.532:16): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4324 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
[  188.899731] loop7: detected capacity change from 0 to 9
[  188.925727] FAT-fs (loop7): FAT read failed (blocknr 32)
[  188.932102] loop5: detected capacity change from 0 to 9
13:41:38 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r2=>0x0, 0x2f, 0x9d, 0x1, 0x2, 0x9, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x10, 0x700, 0x1ff, 0xe1}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f00000001c0)={'gre0\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB='s\x00'/13, @ANYRES32=r3, @ANYBLOB="0010004000000088000000014a7b00e800650000b8299078ffffffffe00000028927cfe0000002e0000002ac1e0101ac1e000164010100ac1414aae000000264010101ac1e000144343151e000000100000362000000000000a221ffffffff16af86bc0000000080000001ac1414aa00000002ffffffff00000000831f06e0000001ac1414aaffffffffe0000002ac1e0001e000000200000000442474830a010102000002007f00000100000006e0000001ffffffff0a010102002800004410402000000004ffffffff00000002830f0aac1414240a010100ac1414aa890be2ffffffffe0000001940401008604ec6401000000"]})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1008820}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xfc, r0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4)

[  188.997238] FAT-fs (loop5): FAT read failed (blocknr 32)
13:41:38 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
gettid()
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

[  189.118355] audit: type=1326 audit(1756474898.793:17): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4336 comm="syz-executor.2" exe="/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1fea892b19 code=0x0
13:41:50 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
r0 = perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xf}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

13:41:50 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
write$snapshot(0xffffffffffffffff, &(0x7f0000000100)="83", 0x1)

13:41:50 executing program 6:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0)=<r6=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={<r7=>0xffffffffffffffff})
r8 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000040)={'lo\x00'})
r9 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r9, 0x8914, &(0x7f0000000040)={'lo\x00'})
sendmsg$unix(r2, &(0x7f00000005c0)={&(0x7f0000000400)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000240)="bf0cedeeec1ac206f0f9135a380842c9b12f72f1d847330cac63ebadf656", 0x1e}], 0x1, &(0x7f0000000540)=[@cred={{0x1c, 0x1, 0x2, {r6, r4, r5}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r4, r5}}}, @rights={{0x28, 0x1, 0x1, [r3, r7, r0, r1, r8, r9]}}], 0x68, 0x28040000}, 0x4000)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

13:41:50 executing program 5:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r1}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r1, &(0x7f0000000100)="83", 0x1)

13:41:50 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
gettid()
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

13:41:50 executing program 4:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)

13:41:50 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'ip6_vti0\x00', 0x0, 0x2f, 0x9d, 0x1, 0x2, 0x9, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x10, 0x700, 0x1ff, 0xe1}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000001c0)={'gre0\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB='s\x00'/13, @ANYRES32=r1, @ANYBLOB="0010004000000088000000014a7b00e800650000b8299078ffffffffe00000028927cfe0000002e0000002ac1e0101ac1e000164010100ac1414aae000000264010101ac1e000144343151e000000100000362000000000000a221ffffffff16af86bc0000000080000001ac1414aa00000002ffffffff00000000831f06e0000001ac1414aaffffffffe0000002ac1e0001e000000200000000442474830a010102000002007f00000100000006e0000001ffffffff0a010102002800004410402000000004ffffffff00000002830f0aac1414240a010100ac1414aa890be2ffffffffe0000001940401008604ec6401000000"]})
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2)

13:41:50 executing program 2:
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x24a, 0x1}, 0x4826, 0x200, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x108, 0x0, 0x10001}, 0x0, 0x4, 0xffffffffffffffff, 0x1)
r1 = getpgrp(0xffffffffffffffff)
perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf71, 0x0, 0x0, 0x401, 0x0, 0x9}, r1, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x1, 0x20, 0x3, 0x20, 0x0, 0x4, 0x3200, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xcf0, 0x0, @perf_config_ext={0x4, 0x1320000000000}, 0x40050, 0x9, 0x200, 0x6, 0x7, 0x4, 0x4, 0x0, 0x1, 0x0, 0x35e}, r1, 0xf, 0xffffffffffffffff, 0xb)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x16, 0x0, 0x8, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x30000000}, 0x0, 0x4, 0x6c0, 0x9, 0x6, 0x71, 0x5, 0x0, 0x7}, 0xffffffffffffffff, 0x0, r0, 0x2)
openat$random(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000003c0)={0xffffffffffffffff, 0x71, 0x8})
r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x44000)
pwritev2(r2, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000000)="1e", 0x300000}], 0x2, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x7, r2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

[  200.970460] loop7: detected capacity change from 0 to 9
[  201.014212] loop5: detected capacity change from 0 to 9
[  201.018931] FAT-fs (loop7): FAT read failed (blocknr 32)
13:41:50 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'ip6_vti0\x00', 0x0, 0x2f, 0x9d, 0x1, 0x2, 0x9, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x10, 0x700, 0x1ff, 0xe1}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)

[  201.037731] audit: type=1326 audit(1756474910.703:18): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4352 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
[  201.057895] FAT-fs (loop5): FAT read failed (blocknr 32)
13:41:50 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
write$snapshot(0xffffffffffffffff, &(0x7f0000000100)="83", 0x1)

13:41:50 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

13:41:50 executing program 5:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
r1 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r1}], 0x1, &(0x7f0000000400), 0x0, 0x0)

[  201.142314] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  201.172873] loop7: detected capacity change from 0 to 9
13:41:50 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'ip6_vti0\x00', 0x0, 0x2f, 0x9d, 0x1, 0x2, 0x9, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x10, 0x700, 0x1ff, 0xe1}})
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)

[  201.190883] FAT-fs (loop7): FAT read failed (blocknr 32)
[  201.218839] audit: type=1326 audit(1756474910.893:19): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4370 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
[  201.264703] loop5: detected capacity change from 0 to 9
13:41:50 executing program 2:
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x24a, 0x1}, 0x4826, 0x200, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x108, 0x0, 0x10001}, 0x0, 0x4, 0xffffffffffffffff, 0x1)
r1 = getpgrp(0xffffffffffffffff)
perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf71, 0x0, 0x0, 0x401, 0x0, 0x9}, r1, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x1, 0x20, 0x3, 0x20, 0x0, 0x4, 0x3200, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xcf0, 0x0, @perf_config_ext={0x4, 0x1320000000000}, 0x40050, 0x9, 0x200, 0x6, 0x7, 0x4, 0x4, 0x0, 0x1, 0x0, 0x35e}, r1, 0xf, 0xffffffffffffffff, 0xb)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x16, 0x0, 0x8, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x30000000}, 0x0, 0x4, 0x6c0, 0x9, 0x6, 0x71, 0x5, 0x0, 0x7}, 0xffffffffffffffff, 0x0, r0, 0x2)
openat$random(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000003c0)={0xffffffffffffffff, 0x71, 0x8})
r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x44000)
pwritev2(r2, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000000)="1e", 0x300000}], 0x2, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x7, r2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

13:41:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
write$snapshot(r0, &(0x7f0000000100)="83", 0x1)

13:41:50 executing program 4:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)

[  201.303820] FAT-fs (loop5): FAT read failed (blocknr 32)
[  201.313316] loop7: detected capacity change from 0 to 9
[  201.356747] kmemleak: Found object by alias at 0x607f1a639234
[  201.356765] CPU: 0 UID: 0 PID: 4375 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  201.356784] Tainted: [W]=WARN
[  201.356788] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  201.356795] Call Trace:
[  201.356799]  <TASK>
[  201.356804]  dump_stack_lvl+0xca/0x120
[  201.356830]  __lookup_object+0x94/0xb0
[  201.356847]  delete_object_full+0x27/0x70
[  201.356867]  free_percpu+0x30/0x1160
[  201.356884]  ? arch_uprobe_clear_state+0x16/0x140
[  201.356906]  futex_hash_free+0x38/0xc0
[  201.356921]  mmput+0x2d3/0x390
[  201.356941]  do_exit+0x79d/0x2970
[  201.356960]  ? __pfx_do_exit+0x10/0x10
[  201.356975]  ? find_held_lock+0x2b/0x80
[  201.356993]  ? get_signal+0x835/0x2340
[  201.357014]  do_group_exit+0xd3/0x2a0
[  201.357030]  get_signal+0x2315/0x2340
[  201.357051]  ? __might_fault+0xe0/0x190
[  201.357074]  ? __pfx_get_signal+0x10/0x10
[  201.357090]  ? do_futex+0x135/0x370
[  201.357104]  ? __pfx_do_futex+0x10/0x10
[  201.357120]  arch_do_signal_or_restart+0x80/0x790
[  201.357138]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  201.357154]  ? __x64_sys_futex+0x1c9/0x4d0
[  201.357166]  ? __x64_sys_futex+0x1d2/0x4d0
[  201.357181]  ? __pfx___x64_sys_futex+0x10/0x10
[  201.357202]  exit_to_user_mode_loop+0x8b/0x110
[  201.357216]  do_syscall_64+0x2f7/0x360
[  201.357229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.357242] RIP: 0033:0x7f07daa49b19
[  201.357250] Code: Unable to access opcode bytes at 0x7f07daa49aef.
[  201.357256] RSP: 002b:00007f07d7fbf218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  201.357267] RAX: fffffffffffffe00 RBX: 00007f07dab5cf68 RCX: 00007f07daa49b19
[  201.357275] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f07dab5cf68
[  201.357281] RBP: 00007f07dab5cf60 R08: 0000000000000000 R09: 0000000000000000
[  201.357288] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f07dab5cf6c
[  201.357295] R13: 00007fff6016417f R14: 00007f07d7fbf300 R15: 0000000000022000
[  201.357314]  </TASK>
[  201.357318] kmemleak: Object (percpu) 0x607f1a639230 (size 8):
[  201.357324] kmemleak:   comm "syz-executor.7", pid 4380, jiffies 4294867944
[  201.357331] kmemleak:   min_count = 1
[  201.357335] kmemleak:   count = 0
[  201.357338] kmemleak:   flags = 0x21
[  201.357342] kmemleak:   checksum = 0
[  201.357345] kmemleak:   backtrace:
[  201.357349]  pcpu_alloc_noprof+0x87a/0x1170
[  201.357363]  alloc_vfsmnt+0x135/0x6e0
[  201.357376]  vfs_create_mount.part.0+0x40/0x440
[  201.357391]  path_mount+0x1637/0x1dd0
[  201.357402]  __x64_sys_mount+0x27b/0x300
[  201.357412]  do_syscall_64+0xbf/0x360
[  201.357421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.525665] Bluetooth: hci0: command 0x0406 tx timeout
[  208.526677] Bluetooth: hci1: command 0x0406 tx timeout
[  208.527793] Bluetooth: hci2: command 0x0406 tx timeout
[  208.529266] Bluetooth: hci4: command 0x0406 tx timeout
[  208.530245] Bluetooth: hci3: command 0x0406 tx timeout
[  208.531291] Bluetooth: hci5: command 0x0406 tx timeout
[  208.532297] Bluetooth: hci7: command 0x0406 tx timeout
[  208.533312] Bluetooth: hci6: command 0x0406 tx timeout
13:42:01 executing program 6:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500))
r6 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000040)={'lo\x00'})
r7 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000040)={'lo\x00'})
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

13:42:01 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
r0 = perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xf}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

13:42:01 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

13:42:01 executing program 5:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)
syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)

13:42:01 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
write$snapshot(r0, &(0x7f0000000100)="83", 0x1)

13:42:01 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)

13:42:01 executing program 2:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)

13:42:01 executing program 4:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)

[  212.179877] audit: type=1326 audit(1756474921.848:20): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4397 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
13:42:01 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

[  212.211513] loop7: detected capacity change from 0 to 9
13:42:01 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)

[  212.233223] loop5: detected capacity change from 0 to 9
[  212.242307] FAT-fs (loop5): FAT read failed (blocknr 32)
[  212.281812] audit: type=1326 audit(1756474921.948:21): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4409 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
13:42:01 executing program 2:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)

[  212.301700] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
13:42:01 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)

13:42:02 executing program 7:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
write$snapshot(r0, &(0x7f0000000100)="83", 0x1)

13:42:02 executing program 5:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)

13:42:02 executing program 4:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r2}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r2, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)

13:42:02 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

[  212.404198] audit: type=1326 audit(1756474922.079:22): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4419 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
[  212.440361] loop5: detected capacity change from 0 to 9
[  212.448236] FAT-fs (loop5): FAT read failed (blocknr 32)
[  212.494360] kmemleak: Found object by alias at 0x607f1a639234
[  212.494379] CPU: 1 UID: 0 PID: 4422 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  212.494397] Tainted: [W]=WARN
[  212.494400] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  212.494407] Call Trace:
[  212.494411]  <TASK>
[  212.494416]  dump_stack_lvl+0xca/0x120
[  212.494440]  __lookup_object+0x94/0xb0
[  212.494457]  delete_object_full+0x27/0x70
[  212.494473]  free_percpu+0x30/0x1160
[  212.494489]  ? arch_uprobe_clear_state+0x16/0x140
[  212.494510]  futex_hash_free+0x38/0xc0
[  212.494524]  mmput+0x2d3/0x390
[  212.494543]  do_exit+0x79d/0x2970
[  212.494557]  ? signal_wake_up_state+0x85/0x120
[  212.494573]  ? zap_other_threads+0x2b9/0x3a0
[  212.494594]  ? __pfx_do_exit+0x10/0x10
[  212.494606]  ? do_group_exit+0x1c3/0x2a0
[  212.494620]  ? lock_release+0xc8/0x290
[  212.494638]  do_group_exit+0xd3/0x2a0
[  212.494653]  __x64_sys_exit_group+0x3e/0x50
[  212.494667]  x64_sys_call+0x18c5/0x18d0
[  212.494682]  do_syscall_64+0xbf/0x360
[  212.494694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.494705] RIP: 0033:0x7f07daa49b19
[  212.494714] Code: Unable to access opcode bytes at 0x7f07daa49aef.
[  212.494719] RSP: 002b:00007fff601643a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  212.494730] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f07daa49b19
[  212.494738] RDX: 00007f07da9fc72b RSI: ffffffffffffffbc RDI: 0000000000000000
[  212.494744] RBP: 0000000000000000 R08: 0000001b2d324498 R09: 0000000000000000
[  212.494751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.494758] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff60164490
[  212.494777]  </TASK>
[  212.494780] kmemleak: Object (percpu) 0x607f1a639230 (size 8):
[  212.494787] kmemleak:   comm "syz-executor.4", pid 4425, jiffies 4294879085
[  212.494793] kmemleak:   min_count = 1
[  212.494797] kmemleak:   count = 0
[  212.494801] kmemleak:   flags = 0x21
[  212.494804] kmemleak:   checksum = 0
[  212.494808] kmemleak:   backtrace:
[  212.494812]  pcpu_alloc_noprof+0x87a/0x1170
[  212.494826]  percpu_ref_init+0x37/0x400
[  212.494843]  ioctx_alloc+0x27f/0x1e10
[  212.494856]  __x64_sys_io_setup+0xc8/0x1f0
[  212.494867]  do_syscall_64+0xbf/0x360
[  212.494875]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
13:42:10 executing program 7:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
write$snapshot(r0, &(0x7f0000000100)="83", 0x1)

13:42:10 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

13:42:10 executing program 1:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500))
r6 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000040)={'lo\x00'})
r7 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000040)={'lo\x00'})
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

13:42:10 executing program 2:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0)

13:42:10 executing program 0:
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)

13:42:10 executing program 5:
mknodat$loop(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)

13:42:10 executing program 4:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r2}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r2, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)

13:42:10 executing program 6:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500))
r6 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000040)={'lo\x00'})
socket$inet(0x2, 0x3, 0x5)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

13:42:10 executing program 5:
mknodat$loop(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)

[  221.173052] audit: type=1326 audit(1756474930.848:23): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4437 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
[  221.177323] 9pnet_fd: Insufficient options for proto=fd
13:42:10 executing program 2:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)

[  221.190250] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  221.199875] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
13:42:10 executing program 4:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r2}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r2, &(0x7f0000000100)="83", 0x1)

13:42:10 executing program 7:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
write$snapshot(r0, &(0x7f0000000100)="83", 0x1)

13:42:10 executing program 0:
pipe2(0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)

13:42:10 executing program 6:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500))
r6 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000040)={'lo\x00'})
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

13:42:10 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

13:42:10 executing program 5:
mknodat$loop(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)

[  221.383412] 9pnet_fd: Insufficient options for proto=fd
[  221.385351] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  221.389512] audit: type=1326 audit(1756474931.064:24): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4456 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0347c00b19 code=0x0
13:42:20 executing program 4:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r2}], 0x1, &(0x7f0000000400), 0x0, 0x0)

13:42:20 executing program 7:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
write$snapshot(r0, &(0x7f0000000100)="83", 0x1)

13:42:20 executing program 2:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)

13:42:20 executing program 5:
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)

13:42:20 executing program 0:
pipe2(0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)

13:42:20 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

13:42:20 executing program 6:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500))
socket$inet(0x2, 0x3, 0x5)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

13:42:20 executing program 1:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500))
r6 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000040)={'lo\x00'})
r7 = socket$inet(0x2, 0x3, 0x5)
ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000040)={'lo\x00'})
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

[  230.587263] loop5: detected capacity change from 0 to 9
[  230.635126] 9pnet_fd: Insufficient options for proto=fd
13:42:20 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

[  230.647521] loop7: detected capacity change from 0 to 9
[  230.653152] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
13:42:20 executing program 5:
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)

[  230.692405] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  230.694302] loop5: detected capacity change from 0 to 9
[  230.694756] kmemleak: Found object by alias at 0x607f1a639c4c
[  230.694772] CPU: 1 UID: 0 PID: 4477 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  230.694790] Tainted: [W]=WARN
[  230.694794] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  230.694801] Call Trace:
[  230.694805]  <TASK>
[  230.694810]  dump_stack_lvl+0xca/0x120
[  230.694837]  __lookup_object+0x94/0xb0
[  230.694855]  delete_object_full+0x27/0x70
[  230.694871]  free_percpu+0x30/0x1160
[  230.694888]  ? arch_uprobe_clear_state+0x16/0x140
[  230.694909]  futex_hash_free+0x38/0xc0
[  230.694923]  mmput+0x2d3/0x390
[  230.694943]  do_exit+0x79d/0x2970
[  230.694961]  ? __pfx_do_exit+0x10/0x10
[  230.694976]  ? find_held_lock+0x2b/0x80
[  230.694994]  ? get_signal+0x835/0x2340
[  230.695016]  do_group_exit+0xd3/0x2a0
[  230.695031]  get_signal+0x2315/0x2340
[  230.695048]  ? __virt_addr_valid+0x2e8/0x5d0
[  230.695072]  ? __pfx_get_signal+0x10/0x10
[  230.695088]  ? do_futex+0x135/0x370
[  230.695103]  ? __pfx_do_futex+0x10/0x10
[  230.695114]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  230.695130]  arch_do_signal_or_restart+0x80/0x790
[  230.695148]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  230.695164]  ? __x64_sys_futex+0x1c9/0x4d0
[  230.695177]  ? __x64_sys_futex+0x1d2/0x4d0
[  230.695192]  ? __pfx___x64_sys_futex+0x10/0x10
[  230.695206]  ? xfd_validate_state+0x55/0x180
[  230.695222]  ? __pfx___x64_sys_mount+0x10/0x10
[  230.695240]  exit_to_user_mode_loop+0x8b/0x110
[  230.695254]  do_syscall_64+0x2f7/0x360
[  230.695266]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.695278] RIP: 0033:0x7ff08aff2b19
[  230.695287] Code: Unable to access opcode bytes at 0x7ff08aff2aef.
[  230.695292] RSP: 002b:00007ff088568218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  230.695304] RAX: fffffffffffffe00 RBX: 00007ff08b105f68 RCX: 00007ff08aff2b19
[  230.695316] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff08b105f68
[  230.695323] RBP: 00007ff08b105f60 R08: 0000000000000000 R09: 0000000000000000
[  230.695330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff08b105f6c
[  230.695337] R13: 00007ffdb779368f R14: 00007ff088568300 R15: 0000000000022000
[  230.695355]  </TASK>
[  230.695359] kmemleak: Object (percpu) 0x607f1a639c48 (size 8):
[  230.695366] kmemleak:   comm "syz-executor.2", pid 4482, jiffies 4294897272
[  230.695373] kmemleak:   min_count = 1
[  230.695377] kmemleak:   count = 0
[  230.695380] kmemleak:   flags = 0x21
[  230.695384] kmemleak:   checksum = 0
[  230.695388] kmemleak:   backtrace:
[  230.695391]  pcpu_alloc_noprof+0x87a/0x1170
[  230.695406]  percpu_ref_init+0x37/0x400
[  230.695424]  ioctx_alloc+0x368/0x1e10
[  230.695437]  __x64_sys_io_setup+0xc8/0x1f0
[  230.695449]  do_syscall_64+0xbf/0x360
[  230.695457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
13:42:20 executing program 0:
pipe2(0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)

13:42:20 executing program 6:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500))
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

13:42:20 executing program 5:
r0 = syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1)

[  230.791252] 9pnet_fd: Insufficient options for proto=fd
[  230.797955] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
13:42:20 executing program 7:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0))
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
write$snapshot(r0, &(0x7f0000000100)="83", 0x1)

13:42:20 executing program 4:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)

13:42:20 executing program 2:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x140)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000)
io_setup(0xfff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[0x0])
ioctl$FIOCLEX(0xffffffffffffffff, 0x5451)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
ppoll(&(0x7f0000000380)=[{r3}], 0x1, &(0x7f0000000400), 0x0, 0x0)
write$snapshot(r3, &(0x7f0000000100)="83", 0x1)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0)

13:42:20 executing program 6:
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x5, 0x0, 0x0, 0x1100426, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000004c0))
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_any}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@msize={'msize', 0x3d, 0x40}}, {@version_9p2000}, {@noextend}, {@access_uid={'access', 0x3d, 0xee00}}, {@access_any}], [{@pcr={'pcr', 0x3d, 0x14}}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}})

13:42:20 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x28, &(0x7f00000000c0)={0x1, &(0x7f0000001100)=[{0x6}]})

[  230.911190] loop7: detected capacity change from 0 to 9
[  230.934863] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[  230.936566] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  230.937802] CPU: 1 UID: 0 PID: 4497 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  230.940543] Tainted: [W]=WARN
[  230.941355] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  230.943223] RIP: 0010:perf_tp_event+0x175/0xe70
[  230.944500] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  230.950762] RSP: 0018:ffff888016eff780 EFLAGS: 00010012
[  230.951558] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  230.952608] RDX: ffff888045130000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  230.953666] RBP: ffff888016eff9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16c48
[  230.954742] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  230.955808] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  230.956872] FS:  000055555c18a400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  230.958071] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  230.958937] CR2: 00007ff08b102000 CR3: 000000000dbc5000 CR4: 0000000000350ef0
[  230.959996] Call Trace:
[  230.960388]  <TASK>
[  230.960740]  ? __pfx_perf_tp_event+0x10/0x10
[  230.961436]  ? trace_mm_page_alloc+0xfc/0x150
[  230.962126]  ? __alloc_frozen_pages_noprof+0x296/0x1f20
[  230.962946]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  230.963869]  ? css_rstat_updated+0x1b8/0x4d0
[  230.964544]  ? __pfx_css_rstat_updated+0x10/0x10
[  230.965276]  ? lock_is_held_type+0x9e/0x120
[  230.965943]  ? trace_pelt_se_tp+0xdf/0x130
[  230.966585]  ? perf_trace_run_bpf_submit+0xef/0x180
[  230.967334]  ? lock_is_held_type+0x9e/0x120
[  230.967985]  perf_trace_run_bpf_submit+0xef/0x180
[  230.968717]  perf_trace_preemptirq_template+0x259/0x430
[  230.969524]  ? __pfx_perf_trace_lock+0x10/0x10
[  230.970222]  ? __pfx_perf_trace_lock+0x10/0x10
[  230.970929]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  230.971813]  ? check_preempt_wakeup_fair+0x406/0x950
[  230.972590]  ? find_held_lock+0x2b/0x80
[  230.973201]  ? try_to_wake_up+0x8ae/0x11d0
[  230.973871]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  230.974650]  trace_irq_enable.constprop.0+0xa6/0x100
[  230.975407]  trace_hardirqs_on+0x26/0x40
[  230.976021]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  230.976761]  try_to_wake_up+0x8ae/0x11d0
[  230.977387]  ? __pfx_try_to_wake_up+0x10/0x10
[  230.978101]  ? plist_del+0x122/0x270
[  230.978689]  ? find_held_lock+0x2b/0x80
[  230.979306]  ? futex_wake+0x474/0x540
[  230.979894]  wake_up_q+0xa1/0x130
[  230.980435]  futex_wake+0x47e/0x540
[  230.980998]  ? __pfx_futex_wake+0x10/0x10
[  230.981640]  ? __handle_mm_fault+0x753/0x3260
[  230.982326]  ? perf_trace_lock+0xb5/0x5d0
[  230.982954]  do_futex+0x26d/0x370
[  230.983486]  ? __pfx_do_futex+0x10/0x10
[  230.984087]  ? __pfx_perf_trace_lock+0x10/0x10
[  230.984793]  ? find_held_lock+0x2b/0x80
[  230.985426]  __x64_sys_futex+0x1c9/0x4d0
[  230.986051]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  230.986933]  ? __pfx___x64_sys_futex+0x10/0x10
[  230.987628]  do_syscall_64+0xbf/0x360
[  230.988200]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.988965] RIP: 0033:0x7ff08aff2b19
[  230.989525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  230.992207] RSP: 002b:00007ffdb7793708 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  230.993342] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff08aff2b19
[  230.994403] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff08b105f68
[  230.995471] RBP: 00007ff08b105f60 R08: 0000000000000000 R09: 0000000000000000
[  230.996522] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff08b10a130
[  230.997646] R13: 00007ffdb7793810 R14: 00007ff08b105f60 R15: 0000000000038541
[  230.998757]  </TASK>
[  230.999134] Modules linked in:
[  230.999645] ---[ end trace 0000000000000000 ]---
[  230.999653] Oops: general protection fault, probably for non-canonical address 0xe8fffc0000000032: 0000 [#2] SMP KASAN NOPTI
[  231.000372] RIP: 0010:perf_tp_event+0x175/0xe70
[  231.002064] KASAN: maybe wild-memory-access in range [0x4800000000000190-0x4800000000000197]
[  231.002783] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  231.004036] CPU: 0 UID: 0 PID: 4500 Comm: syz-executor.4 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  231.006854] RSP: 0018:ffff888016eff780 EFLAGS: 00010012
[  231.008610] Tainted: [D]=DIE, [W]=WARN
[  231.009430] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  231.010005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  231.011111] RDX: ffff888045130000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  231.012327] RIP: 0010:perf_tp_event+0x175/0xe70
[  231.013420] RBP: ffff888016eff9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16c48
[  231.014119] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  231.015211] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  231.017914] RSP: 0018:ffff888018527780 EFLAGS: 00010012
[  231.019008] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  231.019796] RAX: 0900000000000032 RBX: 47ffffffffffffa0 RCX: ffffc9000a839000
[  231.020910] FS:  000055555c18a400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  231.021956] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 4800000000000190
[  231.023185] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  231.024231] RBP: ffff8880185279f0 R08: ffff88806ce31340 R09: ffffe8ffffc16c48
[  231.025129] CR2: 00007ff08b102000 CR3: 000000000dbc5000 CR4: 0000000000350ef0
[  231.026178] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  231.027224] note: syz-executor.6[4497] exited with irqs disabled
[  231.028270] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[  231.030259] FS:  00007f8af29c5700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  231.031464] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  231.032334] CR2: 00007f1fea912542 CR3: 000000000d242000 CR4: 0000000000350ef0
[  231.033406] Call Trace:
[  231.033812]  <TASK>
[  231.034175]  ? __pfx_perf_tp_event+0x10/0x10
[  231.034861]  ? __asan_memcpy+0x3d/0x60
[  231.035468]  ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[  231.036445]  ? kvm_sched_clock_read+0x16/0x30
[  231.037144]  ? local_clock_noinstr+0xf/0xc0
[  231.037820]  ? perf_trace_lock+0xb5/0x5d0
[  231.038457]  ? perf_trace_lock+0xb5/0x5d0
[  231.039090]  ? tracing_gen_ctx_irq_test+0x167/0x1f0
[  231.039851]  ? perf_swevent_event+0x134/0x3f0
[  231.040542]  ? css_rstat_updated+0x1b8/0x4d0
[  231.041226]  ? __pfx_css_rstat_updated+0x10/0x10
[  231.041970]  ? __pfx_perf_trace_lock+0x10/0x10
[  231.042682]  ? perf_trace_run_bpf_submit+0xef/0x180
[  231.043449]  perf_trace_run_bpf_submit+0xef/0x180
[  231.044197]  perf_trace_preemptirq_template+0x259/0x430
[  231.045020]  ? __pfx_perf_trace_lock+0x10/0x10
[  231.045729]  ? __pfx_perf_trace_lock+0x10/0x10
[  231.046434]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  231.047327]  ? check_preempt_wakeup_fair+0x406/0x950
[  231.048104]  ? try_to_wake_up+0x8ae/0x11d0
[  231.048760]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  231.049543]  trace_irq_enable.constprop.0+0xa6/0x100
[  231.050325]  trace_hardirqs_on+0x26/0x40
[  231.050943]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  231.051694]  try_to_wake_up+0x8ae/0x11d0
[  231.052325]  ? __pfx_try_to_wake_up+0x10/0x10
[  231.053018]  ? plist_del+0x122/0x270
[  231.053607]  ? futex_wake+0x474/0x540
[  231.054209]  wake_up_q+0xa1/0x130
[  231.054754]  futex_wake+0x47e/0x540
[  231.055326]  ? __pfx_futex_wake+0x10/0x10
[  231.055968]  ? lock_release+0x1c7/0x290
[  231.056581]  ? fd_install+0x1f0/0x660
[  231.057167]  do_futex+0x26d/0x370
[  231.057717]  ? __pfx_do_futex+0x10/0x10
[  231.058333]  __x64_sys_futex+0x1c9/0x4d0
[  231.058959]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  231.059856]  ? __pfx___x64_sys_futex+0x10/0x10
[  231.060558]  ? xfd_validate_state+0x55/0x180
[  231.061250]  do_syscall_64+0xbf/0x360
[  231.061844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.062626] RIP: 0033:0x7f8af544fb19
[  231.063194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  231.065912] RSP: 002b:00007f8af29c5218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  231.067046] RAX: ffffffffffffffda RBX: 00007f8af5562f68 RCX: 00007f8af544fb19
[  231.068136] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8af5562f6c
[  231.069233] RBP: 00007f8af5562f60 R08: 000000000000000e R09: 0000000000000000
[  231.070329] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8af5562f6c
[  231.071397] R13: 00007ffe5b0586ef R14: 00007f8af29c5300 R15: 0000000000022000
[  231.072471]  </TASK>
[  231.072828] Modules linked in:
[  231.073322] ---[ end trace 0000000000000000 ]---
[  231.073325] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[  231.074040] RIP: 0010:perf_tp_event+0x175/0xe70
[  231.075664] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  231.076347] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  231.077610] CPU: 1 UID: 0 PID: 4497 Comm: syz-executor.6 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  231.080561] RSP: 0018:ffff888016eff780 EFLAGS: 00010012
[  231.082299] Tainted: [D]=DIE, [W]=WARN
[  231.082313] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  231.083077] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  231.083673] RDX: ffff888045130000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  231.084711] RIP: 0010:perf_tp_event+0x175/0xe70
[  231.085952] RBP: ffff888016eff9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16c48
[  231.086993] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  231.087676] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  231.088710] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[  231.091404] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  231.092438] 
[  231.093213] FS:  00007f8af29c5700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  231.094252] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  231.094512] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  231.095672] RDX: ffff888045130000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  231.096716] CR2: 00007f1fea912542 CR3: 000000000d242000 CR4: 0000000000350ef0
[  231.097561] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16c48
[  231.098611] note: syz-executor.4[4500] exited with irqs disabled
[  231.099649] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  231.102803] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000
[  231.103861] FS:  000055555c18a400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  231.105049] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  231.105926] CR2: 00007ff08b102000 CR3: 000000000dbc5000 CR4: 0000000000350ef0
[  231.106982] Call Trace:
[  231.107376]  <IRQ>
[  231.107713]  ? css_rstat_updated+0x1b8/0x4d0
[  231.108390]  ? __pfx_perf_tp_event+0x10/0x10
[  231.109063]  ? __pfx_perf_trace_lock+0x10/0x10
[  231.109792]  ? __pfx_perf_trace_lock+0x10/0x10
[  231.110496]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  231.111273]  ? task_work_add+0x1b2/0x340
[  231.111890]  ? perf_event_task_tick+0x18b/0x360
[  231.112603]  ? lock_release+0x1c7/0x290
[  231.113205]  ? trace_softirq_raise+0xbe/0x100
[  231.113913]  ? run_posix_cpu_timers+0x160/0x7d0
[  231.114614]  ? __raise_softirq_irqoff+0x5f/0x90
[  231.115312]  ? __pfx_run_posix_cpu_timers+0x10/0x10
[  231.116060]  ? sched_balance_trigger+0x1ac/0xcb0
[  231.116779]  ? perf_trace_lock+0xb5/0x5d0
[  231.117406]  ? do_raw_spin_lock+0x123/0x260
[  231.118068]  ? __pfx_perf_trace_lock+0x10/0x10
[  231.118763]  ? perf_trace_run_bpf_submit+0xef/0x180
[  231.119517]  perf_trace_run_bpf_submit+0xef/0x180
[  231.120249]  perf_trace_preemptirq_template+0x259/0x430
[  231.121057]  ? read_tsc+0x9/0x20
[  231.121586]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  231.122471]  ? clockevents_program_event+0x135/0x360
[  231.123241]  ? tick_program_event+0xac/0x140
[  231.123907]  ? handle_softirqs+0x16e/0x770
[  231.124552]  trace_irq_enable.constprop.0+0xa6/0x100
[  231.125309]  trace_hardirqs_on+0x26/0x40
[  231.125928]  handle_softirqs+0x16e/0x770
[  231.126559]  __irq_exit_rcu+0xc4/0x100
[  231.127157]  irq_exit_rcu+0x9/0x20
[  231.127694]  sysvec_apic_timer_interrupt+0x70/0x80
[  231.128438]  </IRQ>
[  231.128781]  <TASK>
[  231.129124]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  231.129915] RIP: 0010:make_task_dead+0xa2/0x3b0
[  231.130620] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 <e8> b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[  231.133292] RSP: 0018:ffff888016efff28 EFLAGS: 00000246
[  231.134096] RAX: 0000000000000001 RBX: ffff888045130000 RCX: ffffffff817c2b86
[  231.135147] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  231.136200] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  231.137250] R10: ffffffff8643ac57 R11: 7973203a65746f6e R12: ffff888045130000
[  231.138312] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[  231.139365]  ? trace_irq_enable.constprop.0+0x26/0x100
[  231.140148]  ? make_task_dead+0x214/0x3b0
[  231.140756]  ? make_task_dead+0x214/0x3b0
[  231.141365]  ? do_syscall_64+0xbf/0x360
[  231.141953]  rewind_stack_and_make_dead+0x16/0x20
[  231.142667] RIP: 0033:0x7ff08aff2b19
[  231.143202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  231.145769] RSP: 002b:00007ffdb7793708 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  231.146852] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff08aff2b19
[  231.147860] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff08b105f68
[  231.148869] RBP: 00007ff08b105f60 R08: 0000000000000000 R09: 0000000000000000
[  231.149887] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff08b10a130
[  231.150902] R13: 00007ffdb7793810 R14: 00007ff08b105f60 R15: 0000000000038541
[  231.151923]  </TASK>
[  231.152269] Modules linked in:
[  231.152755] ---[ end trace 0000000000000000 ]---
[  231.152758] Oops: general protection fault, probably for non-canonical address 0xe8fffc0000000032: 0000 [#4] SMP KASAN NOPTI
[  231.153425] RIP: 0010:perf_tp_event+0x175/0xe70
[  231.155009] KASAN: maybe wild-memory-access in range [0x4800000000000190-0x4800000000000197]
[  231.155665] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  231.156972] CPU: 0 UID: 0 PID: 4500 Comm: syz-executor.4 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  231.159550] RSP: 0018:ffff888016eff780 EFLAGS: 00010012
[  231.161435] Tainted: [D]=DIE, [W]=WARN
[  231.162204] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  231.162867] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  231.163909] RDX: ffff888045130000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  231.165133] RIP: 0010:perf_tp_event+0x175/0xe70
[  231.166184] RBP: ffff888016eff9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16c48
[  231.166997] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  231.168034] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  231.171094] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[  231.172131] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  231.172151] FS:  000055555c18a400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  231.172943] RAX: 0900000000000032 RBX: 47ffffffffffffa0 RCX: ffffffff81898973
[  231.173992] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  231.175178] RDX: ffff888017683700 RSI: ffffffff818995b7 RDI: 4800000000000190
[  231.176221] CR2: 00007ff08b102000 CR3: 000000000dbc5000 CR4: 0000000000350ef0
[  231.177067] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16c48
[  231.178119] Kernel panic - not syncing: Fatal exception in interrupt
[  232.282379] Shutting down cpus with NMI
[  232.284777] Kernel Offset: disabled
[  232.285227] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
13:42:20  Registers:
info registers vcpu 0
RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09
RSI=0000000000000004 RDI=ffffffff87876044 RBP=ffffffff87876044 RSP=ffff888018527530
R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620
R12=1ffff110030a4ea7 R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff888018527568
RIP=ffffffff84bdeda0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f8af29c5700 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe2400000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f1fea912542 CR3=000000000d242000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f8af55367c000007f8af55367c8
XMM02=00007f8af55367e000007f8af55367c0 XMM03=00007f8af55367c800007f8af55367c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000039 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888016eff070
R8 =0000000000000000 R9 =ffffed10014ec046 R10=0000000000000039 R11=0000000065646f43
R12=0000000000000039 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055555c18a400 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe6b00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ff08b102000 CR3=000000000dbc5000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00ff0000000000ff0000000000000000 XMM01=70003265706970006c616e6769735f64
XMM02=00010000000000000000000000000000 XMM03=00007ff08b0d97c800007ff08b0d97c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000