Warning: Permanently added '[localhost]:13141' (ECDSA) to the list of known hosts.
2025/09/01 20:17:23 fuzzer started
2025/09/01 20:17:23 dialing manager at localhost:35473
syzkaller login: [   59.149402] cgroup: Unknown subsys name 'net'
[   59.211984] cgroup: Unknown subsys name 'cpuset'
[   59.230139] cgroup: Unknown subsys name 'rlimit'
2025/09/01 20:17:34 syscalls: 2214
2025/09/01 20:17:34 code coverage: enabled
2025/09/01 20:17:34 comparison tracing: enabled
2025/09/01 20:17:34 extra coverage: enabled
2025/09/01 20:17:34 setuid sandbox: enabled
2025/09/01 20:17:34 namespace sandbox: enabled
2025/09/01 20:17:34 Android sandbox: enabled
2025/09/01 20:17:34 fault injection: enabled
2025/09/01 20:17:34 leak checking: enabled
2025/09/01 20:17:34 net packet injection: enabled
2025/09/01 20:17:34 net device setup: enabled
2025/09/01 20:17:34 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 20:17:34 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 20:17:34 USB emulation: enabled
2025/09/01 20:17:34 hci packet injection: enabled
2025/09/01 20:17:34 wifi device emulation: enabled
2025/09/01 20:17:34 802.15.4 emulation: enabled
2025/09/01 20:17:34 fetching corpus: 50, signal 17830/19654 (executing program)
2025/09/01 20:17:34 fetching corpus: 100, signal 28718/32187 (executing program)
2025/09/01 20:17:34 fetching corpus: 150, signal 42154/46954 (executing program)
2025/09/01 20:17:34 fetching corpus: 200, signal 45988/52196 (executing program)
2025/09/01 20:17:34 fetching corpus: 250, signal 51688/59182 (executing program)
2025/09/01 20:17:34 fetching corpus: 300, signal 58195/66847 (executing program)
2025/09/01 20:17:34 fetching corpus: 350, signal 63184/72918 (executing program)
2025/09/01 20:17:34 fetching corpus: 400, signal 66674/77552 (executing program)
2025/09/01 20:17:35 fetching corpus: 450, signal 70002/81935 (executing program)
2025/09/01 20:17:35 fetching corpus: 500, signal 72947/85926 (executing program)
2025/09/01 20:17:35 fetching corpus: 550, signal 75585/89574 (executing program)
2025/09/01 20:17:35 fetching corpus: 600, signal 77038/92091 (executing program)
2025/09/01 20:17:35 fetching corpus: 650, signal 80102/96030 (executing program)
2025/09/01 20:17:35 fetching corpus: 700, signal 84347/100882 (executing program)
2025/09/01 20:17:35 fetching corpus: 750, signal 86153/103606 (executing program)
2025/09/01 20:17:35 fetching corpus: 800, signal 89050/107197 (executing program)
2025/09/01 20:17:35 fetching corpus: 850, signal 90927/109897 (executing program)
2025/09/01 20:17:35 fetching corpus: 900, signal 93006/112696 (executing program)
2025/09/01 20:17:35 fetching corpus: 950, signal 95200/115634 (executing program)
2025/09/01 20:17:36 fetching corpus: 1000, signal 98066/118989 (executing program)
2025/09/01 20:17:36 fetching corpus: 1050, signal 100096/121633 (executing program)
2025/09/01 20:17:36 fetching corpus: 1100, signal 102002/124175 (executing program)
2025/09/01 20:17:36 fetching corpus: 1150, signal 103171/126091 (executing program)
2025/09/01 20:17:36 fetching corpus: 1200, signal 104437/128065 (executing program)
2025/09/01 20:17:36 fetching corpus: 1250, signal 106004/130254 (executing program)
2025/09/01 20:17:36 fetching corpus: 1300, signal 107549/132388 (executing program)
2025/09/01 20:17:36 fetching corpus: 1350, signal 110038/135185 (executing program)
2025/09/01 20:17:36 fetching corpus: 1400, signal 111357/137061 (executing program)
2025/09/01 20:17:36 fetching corpus: 1450, signal 112750/139014 (executing program)
2025/09/01 20:17:37 fetching corpus: 1500, signal 114238/141039 (executing program)
2025/09/01 20:17:37 fetching corpus: 1550, signal 115185/142630 (executing program)
2025/09/01 20:17:37 fetching corpus: 1600, signal 116213/144225 (executing program)
2025/09/01 20:17:37 fetching corpus: 1650, signal 117029/145678 (executing program)
2025/09/01 20:17:37 fetching corpus: 1700, signal 118042/147189 (executing program)
2025/09/01 20:17:37 fetching corpus: 1750, signal 119080/148747 (executing program)
2025/09/01 20:17:37 fetching corpus: 1800, signal 120062/150274 (executing program)
2025/09/01 20:17:37 fetching corpus: 1850, signal 120838/151631 (executing program)
2025/09/01 20:17:37 fetching corpus: 1900, signal 121844/153044 (executing program)
2025/09/01 20:17:37 fetching corpus: 1950, signal 122700/154406 (executing program)
2025/09/01 20:17:37 fetching corpus: 2000, signal 123448/155680 (executing program)
2025/09/01 20:17:38 fetching corpus: 2050, signal 124518/157130 (executing program)
2025/09/01 20:17:38 fetching corpus: 2100, signal 125507/158549 (executing program)
2025/09/01 20:17:38 fetching corpus: 2150, signal 126856/160069 (executing program)
2025/09/01 20:17:38 fetching corpus: 2200, signal 128034/161493 (executing program)
2025/09/01 20:17:38 fetching corpus: 2250, signal 128827/162711 (executing program)
2025/09/01 20:17:38 fetching corpus: 2300, signal 129942/164125 (executing program)
2025/09/01 20:17:38 fetching corpus: 2350, signal 130647/165185 (executing program)
2025/09/01 20:17:38 fetching corpus: 2400, signal 131333/166270 (executing program)
2025/09/01 20:17:38 fetching corpus: 2450, signal 131975/167359 (executing program)
2025/09/01 20:17:38 fetching corpus: 2500, signal 132677/168454 (executing program)
2025/09/01 20:17:38 fetching corpus: 2550, signal 133237/169467 (executing program)
2025/09/01 20:17:39 fetching corpus: 2600, signal 134089/170600 (executing program)
2025/09/01 20:17:39 fetching corpus: 2650, signal 134874/171691 (executing program)
2025/09/01 20:17:39 fetching corpus: 2700, signal 135607/172759 (executing program)
2025/09/01 20:17:39 fetching corpus: 2750, signal 136212/173716 (executing program)
2025/09/01 20:17:39 fetching corpus: 2800, signal 137295/174912 (executing program)
2025/09/01 20:17:39 fetching corpus: 2850, signal 138142/175942 (executing program)
2025/09/01 20:17:39 fetching corpus: 2900, signal 138891/176945 (executing program)
2025/09/01 20:17:39 fetching corpus: 2950, signal 139280/177797 (executing program)
2025/09/01 20:17:39 fetching corpus: 3000, signal 139930/178705 (executing program)
2025/09/01 20:17:39 fetching corpus: 3050, signal 140315/179485 (executing program)
2025/09/01 20:17:39 fetching corpus: 3100, signal 140885/180346 (executing program)
2025/09/01 20:17:39 fetching corpus: 3150, signal 141569/181225 (executing program)
2025/09/01 20:17:40 fetching corpus: 3200, signal 142340/182146 (executing program)
2025/09/01 20:17:40 fetching corpus: 3250, signal 143157/183056 (executing program)
2025/09/01 20:17:40 fetching corpus: 3300, signal 143906/183937 (executing program)
2025/09/01 20:17:40 fetching corpus: 3350, signal 144497/184699 (executing program)
2025/09/01 20:17:40 fetching corpus: 3400, signal 144943/185439 (executing program)
2025/09/01 20:17:40 fetching corpus: 3450, signal 145972/186406 (executing program)
2025/09/01 20:17:40 fetching corpus: 3500, signal 146541/187192 (executing program)
2025/09/01 20:17:40 fetching corpus: 3550, signal 147132/187940 (executing program)
2025/09/01 20:17:40 fetching corpus: 3600, signal 147493/188619 (executing program)
2025/09/01 20:17:40 fetching corpus: 3650, signal 147888/189326 (executing program)
2025/09/01 20:17:40 fetching corpus: 3700, signal 148462/190013 (executing program)
2025/09/01 20:17:41 fetching corpus: 3750, signal 149056/190753 (executing program)
2025/09/01 20:17:41 fetching corpus: 3800, signal 149551/191451 (executing program)
2025/09/01 20:17:41 fetching corpus: 3850, signal 149904/192100 (executing program)
2025/09/01 20:17:41 fetching corpus: 3900, signal 150496/192749 (executing program)
2025/09/01 20:17:41 fetching corpus: 3950, signal 150851/193424 (executing program)
2025/09/01 20:17:41 fetching corpus: 4000, signal 151310/194075 (executing program)
2025/09/01 20:17:41 fetching corpus: 4050, signal 151745/194744 (executing program)
2025/09/01 20:17:41 fetching corpus: 4100, signal 152269/195381 (executing program)
2025/09/01 20:17:41 fetching corpus: 4150, signal 152761/195996 (executing program)
2025/09/01 20:17:41 fetching corpus: 4200, signal 153383/196632 (executing program)
2025/09/01 20:17:41 fetching corpus: 4250, signal 153735/197235 (executing program)
2025/09/01 20:17:42 fetching corpus: 4300, signal 154294/197884 (executing program)
2025/09/01 20:17:42 fetching corpus: 4350, signal 154657/198462 (executing program)
2025/09/01 20:17:42 fetching corpus: 4400, signal 154997/199009 (executing program)
2025/09/01 20:17:42 fetching corpus: 4450, signal 155421/199568 (executing program)
2025/09/01 20:17:42 fetching corpus: 4500, signal 157222/200261 (executing program)
2025/09/01 20:17:42 fetching corpus: 4550, signal 157628/200791 (executing program)
2025/09/01 20:17:42 fetching corpus: 4600, signal 157970/201299 (executing program)
2025/09/01 20:17:42 fetching corpus: 4650, signal 158557/201828 (executing program)
2025/09/01 20:17:42 fetching corpus: 4700, signal 159329/202347 (executing program)
2025/09/01 20:17:42 fetching corpus: 4750, signal 159794/202842 (executing program)
2025/09/01 20:17:42 fetching corpus: 4800, signal 160372/203340 (executing program)
2025/09/01 20:17:42 fetching corpus: 4850, signal 160705/203822 (executing program)
2025/09/01 20:17:43 fetching corpus: 4900, signal 161139/204390 (executing program)
2025/09/01 20:17:43 fetching corpus: 4950, signal 161444/204867 (executing program)
2025/09/01 20:17:43 fetching corpus: 5000, signal 161754/205337 (executing program)
2025/09/01 20:17:43 fetching corpus: 5050, signal 162226/205766 (executing program)
2025/09/01 20:17:43 fetching corpus: 5100, signal 162589/206121 (executing program)
2025/09/01 20:17:43 fetching corpus: 5150, signal 163189/206148 (executing program)
2025/09/01 20:17:43 fetching corpus: 5200, signal 163808/206154 (executing program)
2025/09/01 20:17:43 fetching corpus: 5250, signal 164267/206162 (executing program)
2025/09/01 20:17:43 fetching corpus: 5300, signal 164540/206174 (executing program)
2025/09/01 20:17:43 fetching corpus: 5350, signal 164801/206179 (executing program)
2025/09/01 20:17:43 fetching corpus: 5400, signal 165214/206184 (executing program)
2025/09/01 20:17:43 fetching corpus: 5450, signal 165999/206187 (executing program)
2025/09/01 20:17:43 fetching corpus: 5500, signal 166313/206189 (executing program)
2025/09/01 20:17:44 fetching corpus: 5550, signal 166601/206190 (executing program)
2025/09/01 20:17:44 fetching corpus: 5600, signal 166984/206190 (executing program)
2025/09/01 20:17:44 fetching corpus: 5650, signal 167377/206227 (executing program)
2025/09/01 20:17:44 fetching corpus: 5700, signal 167922/206257 (executing program)
2025/09/01 20:17:44 fetching corpus: 5750, signal 168186/206257 (executing program)
2025/09/01 20:17:44 fetching corpus: 5800, signal 168718/206261 (executing program)
2025/09/01 20:17:44 fetching corpus: 5850, signal 169112/206261 (executing program)
2025/09/01 20:17:44 fetching corpus: 5900, signal 169366/206287 (executing program)
2025/09/01 20:17:44 fetching corpus: 5950, signal 169976/206300 (executing program)
2025/09/01 20:17:44 fetching corpus: 6000, signal 170381/206300 (executing program)
2025/09/01 20:17:44 fetching corpus: 6050, signal 170667/206307 (executing program)
2025/09/01 20:17:45 fetching corpus: 6100, signal 171178/206311 (executing program)
2025/09/01 20:17:45 fetching corpus: 6150, signal 171541/206316 (executing program)
2025/09/01 20:17:45 fetching corpus: 6200, signal 171873/206320 (executing program)
2025/09/01 20:17:45 fetching corpus: 6250, signal 172236/206330 (executing program)
2025/09/01 20:17:45 fetching corpus: 6300, signal 172526/206336 (executing program)
2025/09/01 20:17:45 fetching corpus: 6350, signal 172746/206347 (executing program)
2025/09/01 20:17:45 fetching corpus: 6400, signal 173036/206348 (executing program)
2025/09/01 20:17:45 fetching corpus: 6450, signal 173314/206359 (executing program)
2025/09/01 20:17:45 fetching corpus: 6500, signal 173636/206361 (executing program)
2025/09/01 20:17:45 fetching corpus: 6550, signal 174189/206366 (executing program)
2025/09/01 20:17:45 fetching corpus: 6600, signal 174483/206390 (executing program)
2025/09/01 20:17:45 fetching corpus: 6650, signal 174848/206392 (executing program)
2025/09/01 20:17:46 fetching corpus: 6700, signal 175173/206395 (executing program)
2025/09/01 20:17:46 fetching corpus: 6750, signal 175383/206395 (executing program)
2025/09/01 20:17:46 fetching corpus: 6800, signal 175711/206399 (executing program)
2025/09/01 20:17:46 fetching corpus: 6850, signal 176137/206406 (executing program)
2025/09/01 20:17:46 fetching corpus: 6900, signal 176527/206411 (executing program)
2025/09/01 20:17:46 fetching corpus: 6950, signal 177043/206423 (executing program)
2025/09/01 20:17:46 fetching corpus: 7000, signal 177250/206435 (executing program)
2025/09/01 20:17:46 fetching corpus: 7050, signal 177746/206446 (executing program)
2025/09/01 20:17:46 fetching corpus: 7100, signal 178105/206446 (executing program)
2025/09/01 20:17:46 fetching corpus: 7150, signal 178540/206483 (executing program)
2025/09/01 20:17:46 fetching corpus: 7200, signal 178926/206508 (executing program)
2025/09/01 20:17:46 fetching corpus: 7250, signal 179160/206515 (executing program)
2025/09/01 20:17:47 fetching corpus: 7300, signal 179459/206519 (executing program)
2025/09/01 20:17:47 fetching corpus: 7350, signal 179651/206524 (executing program)
2025/09/01 20:17:47 fetching corpus: 7400, signal 179930/206555 (executing program)
2025/09/01 20:17:47 fetching corpus: 7450, signal 180318/206559 (executing program)
2025/09/01 20:17:47 fetching corpus: 7500, signal 180578/206561 (executing program)
2025/09/01 20:17:47 fetching corpus: 7550, signal 180851/206569 (executing program)
2025/09/01 20:17:47 fetching corpus: 7600, signal 181188/206572 (executing program)
2025/09/01 20:17:47 fetching corpus: 7650, signal 181549/206578 (executing program)
2025/09/01 20:17:47 fetching corpus: 7700, signal 181787/206580 (executing program)
2025/09/01 20:17:47 fetching corpus: 7750, signal 182106/206582 (executing program)
2025/09/01 20:17:47 fetching corpus: 7800, signal 182396/206633 (executing program)
2025/09/01 20:17:47 fetching corpus: 7850, signal 182652/206657 (executing program)
2025/09/01 20:17:48 fetching corpus: 7900, signal 182920/206659 (executing program)
2025/09/01 20:17:48 fetching corpus: 7950, signal 183268/206659 (executing program)
2025/09/01 20:17:48 fetching corpus: 8000, signal 183470/206659 (executing program)
2025/09/01 20:17:48 fetching corpus: 8050, signal 183736/206662 (executing program)
2025/09/01 20:17:48 fetching corpus: 8100, signal 183986/206664 (executing program)
2025/09/01 20:17:48 fetching corpus: 8150, signal 184252/206665 (executing program)
2025/09/01 20:17:48 fetching corpus: 8200, signal 184453/206676 (executing program)
2025/09/01 20:17:48 fetching corpus: 8250, signal 184918/206684 (executing program)
2025/09/01 20:17:48 fetching corpus: 8300, signal 185396/206684 (executing program)
2025/09/01 20:17:48 fetching corpus: 8350, signal 185657/206697 (executing program)
2025/09/01 20:17:48 fetching corpus: 8400, signal 185905/206702 (executing program)
2025/09/01 20:17:49 fetching corpus: 8450, signal 186197/206703 (executing program)
2025/09/01 20:17:49 fetching corpus: 8500, signal 186401/206709 (executing program)
2025/09/01 20:17:49 fetching corpus: 8550, signal 186623/206709 (executing program)
2025/09/01 20:17:49 fetching corpus: 8600, signal 186873/206712 (executing program)
2025/09/01 20:17:49 fetching corpus: 8650, signal 187106/206717 (executing program)
2025/09/01 20:17:49 fetching corpus: 8700, signal 187278/206720 (executing program)
2025/09/01 20:17:49 fetching corpus: 8750, signal 187553/206736 (executing program)
2025/09/01 20:17:49 fetching corpus: 8800, signal 187841/206770 (executing program)
2025/09/01 20:17:49 fetching corpus: 8850, signal 188210/206780 (executing program)
2025/09/01 20:17:49 fetching corpus: 8900, signal 188674/206787 (executing program)
2025/09/01 20:17:49 fetching corpus: 8950, signal 188968/206790 (executing program)
2025/09/01 20:17:49 fetching corpus: 9000, signal 189208/206796 (executing program)
2025/09/01 20:17:50 fetching corpus: 9050, signal 189481/206799 (executing program)
2025/09/01 20:17:50 fetching corpus: 9100, signal 189780/206808 (executing program)
2025/09/01 20:17:50 fetching corpus: 9150, signal 189979/206810 (executing program)
2025/09/01 20:17:50 fetching corpus: 9200, signal 190144/206810 (executing program)
2025/09/01 20:17:50 fetching corpus: 9250, signal 190374/206810 (executing program)
2025/09/01 20:17:50 fetching corpus: 9300, signal 190640/206821 (executing program)
2025/09/01 20:17:50 fetching corpus: 9350, signal 191083/206827 (executing program)
2025/09/01 20:17:50 fetching corpus: 9400, signal 191382/206828 (executing program)
2025/09/01 20:17:50 fetching corpus: 9450, signal 191651/206836 (executing program)
2025/09/01 20:17:50 fetching corpus: 9500, signal 191863/206837 (executing program)
2025/09/01 20:17:50 fetching corpus: 9550, signal 192272/206841 (executing program)
2025/09/01 20:17:50 fetching corpus: 9600, signal 192596/206845 (executing program)
2025/09/01 20:17:51 fetching corpus: 9650, signal 192790/206846 (executing program)
2025/09/01 20:17:51 fetching corpus: 9700, signal 193021/206848 (executing program)
2025/09/01 20:17:51 fetching corpus: 9750, signal 193166/206854 (executing program)
2025/09/01 20:17:51 fetching corpus: 9800, signal 193837/206856 (executing program)
2025/09/01 20:17:51 fetching corpus: 9850, signal 194082/206860 (executing program)
2025/09/01 20:17:51 fetching corpus: 9900, signal 194475/206863 (executing program)
2025/09/01 20:17:51 fetching corpus: 9950, signal 194767/206903 (executing program)
2025/09/01 20:17:51 fetching corpus: 10000, signal 194984/206909 (executing program)
2025/09/01 20:17:51 fetching corpus: 10050, signal 195226/206915 (executing program)
2025/09/01 20:17:51 fetching corpus: 10100, signal 195565/206916 (executing program)
2025/09/01 20:17:51 fetching corpus: 10150, signal 195732/206917 (executing program)
2025/09/01 20:17:52 fetching corpus: 10200, signal 195941/206917 (executing program)
2025/09/01 20:17:52 fetching corpus: 10250, signal 196106/206933 (executing program)
2025/09/01 20:17:52 fetching corpus: 10300, signal 196329/206934 (executing program)
2025/09/01 20:17:52 fetching corpus: 10344, signal 196473/206935 (executing program)
2025/09/01 20:17:52 fetching corpus: 10344, signal 196473/206935 (executing program)
2025/09/01 20:17:54 starting 8 fuzzer processes
20:17:54 executing program 0:
ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, &(0x7f0000000000)={0x5, "f817a034d61401ee52b582fa157cbede24abb5ac43fd743aac291597dc16f5560fe324a0811c6975ccc792aed6ea01602fbc576d38cde37cd1c25c628d29fce981428b768fa005c3f59255c2abcbe6aad63ad798ffcb18641767e7b3e56fe5676e1837d4c30c4982c35a4e51e9cc35b1eaf7720c308ecd7e2199f8741f46a8009ee35ceddd7e24bb63feadba3c82da620483358e9079a76f1d11e72c1b18403a9a1ae38948935b02483d52e2b86e4bdc3284623899667ae121526464aaa6cca22dad91ffe72a6e015aa1e27ca56144463004f2ea57d3d065820d0ccbb76f89f2e53f275f1342eca185738d2bcb07897a416d53758f22089211a866f01c2874186ba5f64b84b046a6f8dcb4177bbde089ab70661c335d12c3bea0b21ec6132a2d9cd60abbe5192bdf006a46f4465f2e614da0e926a381d5ee75ab3a2239921c3815e1033a2e66744a091a2d98a20096a44c09df3cba66355f0ba36ad5282efdc5d0152836d3c276f3063348e0052ec9359a19aa6902a726c7e601860729228e281f3c87e389a1096341eef950ffac68322a5ea097b931117242c33c9627ee3233e2587bcee813af5be6d76cde8626fca81857612840aad2682a111ebb7962337dd16f42fe3d8c104aa225fe1d0785f586f8dfdbf5684d689b865e74c3ab0b9469b14d49a051fc4b8f136b0f9d3acd7f24586453dd64e517c4ad78a4498d7b5df4"})
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0)
ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000280)="13413b193301c2de936e3ffc6fbcaa0f0633edf181ab6535f74e3e284b4b0b94435c18b7a1ebef67f512bcadae14f3451dd200ff4e41f5bd73e1d73912b782b006c49965197459c5415d9522258ebbed3db550bb5587148d9e7f51e60c217185c16b3348fd221c1cca24f6fb85d918beba2b856b1cf38f79af5cf22a83bde577a9c0b06d1edb269d508779fc96e974b6d53037bff506049786e7620d98086ebaf07a990077c7c3cd8a524e6c8e6ac1502c25348a2d96c278620788af141d74437c728d0b0b31e39a9a1e64b086946955ccb9738c09cc993319b046856e98ede6dcda1af96b69a1fa982bb57a071a3e3cee9c71c0e76002ff5b5cb8d8")
ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000000380)=0x12)
r1 = syz_open_dev$vcsn(&(0x7f00000003c0), 0x2, 0xc0800)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000400)=0xff)
ioctl$TIOCCBRK(r1, 0x5428)
ioctl$KDSETMODE(r1, 0x4b3a, 0x1)
r2 = fcntl$dupfd(r0, 0x0, r1)
r3 = openat(r2, &(0x7f0000000440)='./file0\x00', 0x80, 0x20)
r4 = syz_io_uring_setup(0x1ef3, &(0x7f0000000480)={0x0, 0xfc78, 0x1, 0x1, 0x35c}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000500), &(0x7f0000000540))
ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000580)={{0x1, 0x1, 0x18, <r5=>r3, {0x8, 0x5}}, './file1\x00'})
io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x6, &(0x7f0000000600)={0x75ec, 0x0, &(0x7f00000005c0)=[r0, r5, r3]}, 0x3)
ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f0000000640)="8b2a16d83359fc270614976e4c20dcea9acacde3b0f20aec86ea84fe4b90d5ca409e78b851f068b5c4edca5551400ed91f51b1232072a0642e464428127120bbd4bfeb5629ffbb180026657b3acdd395b9fade7803d2c59a6448d445a2eb1768064464edf4ed0a3d4b5a524d6970c80f3a7d3deb7395df11583bb6c9059f03c6")
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f00000006c0)={0x8, 0xffff, 0x3, 0x2, 0xfa, "ba8b3257df0555f661940ee5491f16ea8ddec8", 0x301a24f4, 0xffff8001})
sendfile(r0, r4, &(0x7f0000000700)=0x3, 0x7fff)
ioctl$TIOCGISO7816(r2, 0x80285442, &(0x7f0000000740))
syz_open_dev$tty1(0xc, 0x4, 0x3)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000780), 0x42002, 0x0)
ioctl$VT_DISALLOCATE(r6, 0x5608)

20:17:54 executing program 1:
modify_ldt$write2(0x11, &(0x7f0000000000)={0x10000, 0x0, 0x400, 0x0, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000040)={0x8, 0x20000000, 0x2000, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000080)={0x9, 0xffffffffffffffff, 0x1000, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f00000000c0)={0x5, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x10)
set_thread_area(&(0x7f0000000100)={0x765, 0xffffffffffffffff, 0x2000})
modify_ldt$write2(0x11, &(0x7f0000000140)={0x1ff, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000180)={0xc7c, 0x1000, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f00000001c0)={0x7f, 0x20000000, 0x1000, 0x0, 0x0, 0x1}, 0x10)
get_thread_area(&(0x7f0000000200)={0x3, 0xffffffffffffffff, 0x400, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1})
modify_ldt$write2(0x11, &(0x7f0000000240)={0xd50, 0x1000, 0x4000, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000280)={0x81, 0x1000, 0xffffffffffffffff, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10)
get_thread_area(&(0x7f00000002c0)={0x8, 0x20001000, 0xffffffffffffffff, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1})
modify_ldt$write2(0x11, &(0x7f0000000300)={0xc0000000, 0x100000, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000340)={0x5, 0x20001000, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000380)={0x6, 0x20001000, 0x400, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1}, 0x10)
modify_ldt$write(0x1, &(0x7f00000003c0)={0x3, 0x20000800, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1}, 0x10)
modify_ldt$write(0x1, &(0x7f0000000400)={0x4062fa49, 0xffffffffdfffe7ff, 0x1000, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000440)={0x6, 0xffffffffdfffe7ff, 0xffffffffffffffff, 0x1, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000480)={0x3, 0x20000800, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f00000004c0)={0xffff7fff, 0x0, 0x1000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)

20:17:54 executing program 7:
r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r0, 0x1, 0x70bd2b, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0xc00}, 0x4040000)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'syztnl2\x00', &(0x7f0000000180)={'ip6_vti0\x00', <r1=>0x0, 0x4, 0x0, 0x9, 0x200000, 0x60, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x7800, 0x4, 0x2}})
sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0x0, 0x300, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x80)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000480)={&(0x7f0000000380)={0xcc, r2, 0x400, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x8, 0x2c}}}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0x1f}, @NL80211_ATTR_IE={0xa2, 0x2a, [@rann={0x7e, 0x15, {{0x0, 0x5d}, 0xef, 0x1f, @device_b, 0x29d52406, 0x5, 0x6}}, @random_vendor={0xdd, 0x59, "edcaecca5971d75e2c31b1d7eef813b1b0f1aadb0287cd16f333b98cba560d720013a92b7b07102f436eab6325881815a9fd547d7c979389a05f05c8c9076b2208273805d9f9450ed949ab1f21f4bcb7ab519c2b401c670e6a"}, @mic={0x8c, 0x18, {0xe43, "de30dd2aa72d", @long="5b3d02990dd8e65dd33f51ddbc28bab2"}}, @mic={0x8c, 0x10, {0xfb5, "8ec6cfcde6c1", @short="9bcbeaf1ad7be69d"}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x8000}, 0x20060800)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x80000, 0x0)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r4, 0x8, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}]}, 0x24}}, 0x40000)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), r3)
sendmsg$NL80211_CMD_DISASSOCIATE(r3, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x34, r5, 0x108, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0xc001)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f00000007c0)={{0x1, 0x1, 0x18, r3, {<r6=>r3}}, './file0\x00'})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x4c, r2, 0x20, 0x43, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x5, 0xb}}}}, [@NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x27a}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x5}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x40}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x100}, @NL80211_ATTR_BSSID={0xa}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000000}, 0x400c000)
r7 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000940), 0x20400, 0x0)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000009c0), r3)
sendmsg$TIPC_CMD_GET_LINKS(r7, &(0x7f0000000a80)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x24, r8, 0x4, 0x70bd26, 0x25dfdbfd, {{}, {}, {0x8, 0x11, 0x6}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x40)
r9 = pidfd_getfd(r3, r3, 0x0)
setsockopt$inet_mreqn(r9, 0x0, 0x20, &(0x7f0000000ac0)={@remote, @initdev={0xac, 0x1e, 0x1, 0x0}, r1}, 0xc)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r10, &(0x7f00000039c0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000003980)={&(0x7f0000003780)={0x1d8, 0x0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x8000}, 0x4000)

20:17:54 executing program 5:
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(0xffffffffffffffff, 0x8010661b, &(0x7f0000000000))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3e8, 0x800, 0x70bd2c, 0x25dfdbfb, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000080}, 0x44000)
ioctl$int_out(0xffffffffffffffff, 0x5464, &(0x7f0000000140))
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x58, 0x0, 0x20, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x44, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0xc001}, 0x0)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000300)=0x208080)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000340), 0x4a0006, 0x0)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/net\x00')
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r3=>r2, {0x2}}, './file0\x00'})
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000400), 0x9880, 0x0)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480), r3)
sendmsg$TIPC_NL_KEY_FLUSH(r4, &(0x7f0000000640)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000600)={&(0x7f00000004c0)={0x110, r5, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4b45}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x800}]}, @TIPC_NLA_MEDIA={0x28, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10001}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xdb1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfa}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}]}, @TIPC_NLA_SOCK={0x28, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffbeb2}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfffffc00}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x101}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x40}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffff9}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x800}, 0x8000)
fsetxattr$security_capability(r1, &(0x7f0000000680), &(0x7f00000006c0)=@v2={0x2000000, [{0x2, 0xff}, {0x3, 0x6}]}, 0x14, 0x1)
setns(r4, 0x40000000)
sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7fff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48050}, 0x40840)
r6 = mq_open(&(0x7f0000000800)='\x00', 0x40, 0x11, &(0x7f0000000840)={0x3, 0x7, 0x1, 0x2b6a})
r7 = epoll_create1(0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000880)={{0x1, 0x1, 0x18, <r8=>r2, {0x6}}, './file0\x00'})
io_uring_register$IORING_REGISTER_FILES(r4, 0x2, &(0x7f00000008c0)=[r3, r3, r0, r6, r1, r0, r7, r4, r8], 0x9)

20:17:54 executing program 6:
copy_file_range(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000040)=0x1, 0x7, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f00000000c0)={0x0, 0x2, 0xffffffffffffffff, 0x5, 0x80000})
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000100))
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
r1 = pidfd_getfd(r0, r0, 0x0)
ioctl$BTRFS_IOC_DEV_REPLACE(r1, 0xca289435, &(0x7f0000000200)={0x1, 0xfffffffffffffe00, @status={[0x8, 0x6, 0x3, 0xd6, 0x400000000000000, 0x9]}, [0x9, 0x7, 0xffffffffffff7fff, 0x8000000000000000, 0xffff, 0x3, 0x2, 0xffff, 0x4, 0xcf65, 0x100, 0xfff, 0x800, 0x4, 0x0, 0x8, 0x0, 0xfff, 0x1000, 0x101, 0x0, 0xfd6e, 0x9, 0x8, 0x1, 0x1, 0xcef7, 0x101, 0x1ff, 0x4, 0x7, 0x400, 0x8e, 0xeaa, 0x6, 0x6, 0x5, 0xfffffffffffffffe, 0xffffffff, 0xffffffff00000001, 0x2, 0x9, 0x7, 0x100000000, 0x8, 0x3d8df928, 0x5, 0xfffffffffffffffb, 0x7fff, 0xffffffffffff0765, 0xbac, 0x3, 0x80000001, 0x10000, 0x0, 0x0, 0x9, 0x3, 0x2, 0x81, 0x400, 0x4, 0x7, 0xff]})
ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000c40))
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r2)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000c80)='\x00', &(0x7f0000000cc0)='./file0\x00', 0xffffffffffffffff)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0xa, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000d00)={{0x1, 0x1, 0x18, <r3=>r0, {0x11}}, '.\x00'})
openat$cgroup_netprio_ifpriomap(r3, &(0x7f0000000d40), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000d80)={{0x1, 0x1, 0x18, <r4=>0xffffffffffffffff}, './file0/file0\x00'})
ioctl$BLKRESETZONE(r4, 0x40101283, &(0x7f0000000dc0)={0x2})
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00), 0x40000, 0x0)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r5, 0x40309410, &(0x7f0000000e40)={0x1f, 0xffffffff7fffffff, 0x2, 0x8, 0x0, [0x2a434cd9, 0xfff, 0xe4, 0x6]})
ioctl$BLKRAGET(r4, 0x1263, &(0x7f0000000e80))
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000f40)={0x0, 0x2, 0xffffffffffffffff, 0xfff, 0x80000})

20:17:54 executing program 3:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0)
r1 = dup(r0)
r2 = dup(r1)
r3 = dup(r2)
r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
clone3(&(0x7f0000000240)={0x200, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100), {0x23}, &(0x7f0000000140)=""/57, 0x39, &(0x7f0000000180)=""/71, &(0x7f0000000200)=[0xffffffffffffffff], 0x1}, 0x58)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000600)={0x0, 0xffffffffffffffff, 0x4d, 0x2, @scatter={0x3, 0x0, &(0x7f0000000440)=[{&(0x7f00000002c0)=""/91, 0x5b}, {&(0x7f0000000340)=""/51, 0x33}, {&(0x7f0000000380)=""/171, 0xab}]}, &(0x7f0000000480)="0a93cb217702d5bc8eeae7c96101cd87579cba2d796f16b719248de34a8499c8e3932c234411dd97bec38c4f80bb9a1299895339ea2bdedf6ca96e17b4609168a8f4f2c47986a43ae0c21b3300", &(0x7f0000000500)=""/132, 0x8110, 0x40, 0x0, &(0x7f00000005c0)})
r5 = accept$inet6(r4, 0x0, &(0x7f0000000680))
r6 = dup(r5)
write$cgroup_pressure(r4, &(0x7f00000006c0)={'some', 0x20, 0x1, 0x20, 0x93}, 0x2f)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), r1)
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x20, r7, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x3b}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x8040)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), r6)
r8 = socket$packet(0x11, 0x3, 0x300)
fcntl$F_SET_FILE_RW_HINT(r8, 0x40e, &(0x7f0000000880)=0x3)
r9 = socket$nl_sock_diag(0x10, 0x3, 0x4)
preadv2(r9, &(0x7f0000000940)=[{&(0x7f00000008c0)=""/81, 0x51}], 0x1, 0x7fff, 0x4, 0x4)
r10 = accept(r5, 0x0, &(0x7f0000000980))
shutdown(r10, 0x1)
getsockopt$sock_buf(r9, 0x1, 0x3b, &(0x7f00000009c0)=""/21, &(0x7f0000000a00)=0x15)

20:17:54 executing program 4:
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x8}}, './file0\x00'})
mount_setattr(r0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={0x4, 0x1}, 0x20)
execve(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)=[&(0x7f0000000100)='%(:\x00', &(0x7f0000000140)='^\'-/\x00'], &(0x7f00000003c0)=[&(0x7f00000001c0)='\x89[,:*\r}/#*:\x00', &(0x7f0000000200)='\x00', &(0x7f0000000240)=':\\*%\x00', &(0x7f0000000280)='\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='{*/V]\\\x00', &(0x7f0000000380)='+-/!{\x00'])
sendto(r0, &(0x7f0000000400)="9fcb571339eddf2b8afdbbc2251fc924cffecb82ca28101146852b6f28", 0x1d, 0x10, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
close(r1)
linkat(r0, &(0x7f0000000440)='./file0\x00', r0, &(0x7f0000000480)='./file0\x00', 0x1000)
execveat(r0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000700)=[&(0x7f0000000500)='{*/V]\\\x00', &(0x7f0000000540)=')..\xf7\x00', &(0x7f0000000580)='\x00', &(0x7f00000005c0)='(\x00', &(0x7f0000000600)=':\\*%\x00', &(0x7f0000000640)='.\x00', &(0x7f0000000680)='+-/!{\x00', &(0x7f00000006c0)='/](+\x00'], &(0x7f0000000740), 0x2c742edcb562c7a)
r2 = openat$cgroup_ro(r0, &(0x7f0000000780)='cpuset.effective_cpus\x00', 0x0, 0x0)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f00000007c0)={0xa9a2, {{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x32}}}, 0x0, 0x8, [{{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1c}}}, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e23, @remote}}, {{0x2, 0x4e22, @private=0xa010100}}, {{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3d}}}, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}}, {{0x2, 0x4e21, @loopback}}]}, 0x490)
r3 = accept$inet(r0, &(0x7f0000000c80)={0x2, 0x0, @multicast2}, &(0x7f0000000cc0)=0x10)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r3, 0x8982, &(0x7f0000000d00)={0x2, 'team_slave_1\x00', {0x1}, 0x3})
openat$incfs(r0, &(0x7f0000000d40)='.log\x00', 0x408100, 0x32)
r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000d80), 0x80000, 0x0)
faccessat(r4, &(0x7f0000000dc0)='./file0\x00', 0x11)
preadv2(r0, &(0x7f0000001040)=[{&(0x7f0000000e00)=""/251, 0xfb}, {&(0x7f0000000f00)=""/160, 0xa0}, {&(0x7f0000000fc0)=""/124, 0x7c}], 0x3, 0x390, 0x10001, 0x0)
fchmodat(r4, &(0x7f0000001080)='./file0\x00', 0x40)
r5 = socket$inet(0x2, 0x800, 0x7fffffff)
getsockopt$inet_tcp_buf(r5, 0x6, 0x21, &(0x7f00000010c0)=""/107, &(0x7f0000001140)=0x6b)
execveat(0xffffffffffffffff, &(0x7f00000011c0)='./file0\x00', &(0x7f00000013c0)=[&(0x7f0000001200)=':\\*%\x00', &(0x7f0000001240)='(\x00', &(0x7f0000001280)='\x00', &(0x7f00000012c0)='^\'-/\x00', &(0x7f0000001300)=')\x00', &(0x7f0000001340)='\'#[-\x00', &(0x7f0000001380)='\x00'], &(0x7f0000001680)=[&(0x7f0000001400)='\x00', &(0x7f0000001440)='\'\xe0}-\x00', &(0x7f0000001480)='^*\x00', &(0x7f00000014c0)='\x89[,:*\r}/#*:\x00', &(0x7f0000001500)='\',+*\x00', &(0x7f0000001540)='\x00', &(0x7f0000001580)='*\x00', &(0x7f00000015c0)=':\\*%\x00', &(0x7f0000001600)='/dev/sr0\x00', &(0x7f0000001640)='(\x00'], 0x1000)

20:17:54 executing program 2:
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040), 0x2, 0x2)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, &(0x7f00000000c0)={0x1, 0x38, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000100)=""/217, 0xd9}], 0x1)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2c00)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000240))
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000002c0)={0x3, &(0x7f0000000280)=[{0x100, 0xfe, 0x0, 0x3}, {0x8, 0x3f, 0xb7, 0x4}, {0x8, 0xfe, 0x80, 0x7}]})
pwritev2(r0, &(0x7f00000004c0)=[{&(0x7f0000000300)="ce23845c028f3290d11efad8fa02fbbcc908684fa0f7452493f0", 0x1a}, {&(0x7f0000000340)="248c34ad8d79ef30b08e86ff129acb562cc4d6c0b80885486c34bba4d9f71ea86e81359fb2b8616cbf9a", 0x2a}, {&(0x7f0000000380)="961ed09a2e73b5e8266e1b73ab512e97119b3ffe1ff069109042a182192798543e601a4e0d7ed53390b64d03e0518cfdd04a591a75970a149ccc533edc7cca5f0d10ded684f5769b005d9e625f358e6512661f2a12dda8dfd3684a96b7bcf6c49d0094ab9f600566397ab97fb382", 0x6e}, {&(0x7f0000000400)="f0e382ce6284e565fa53c5945c27309caa7cfbf3aadaba464046253b2c999fb1e702bf6f9d92ae628b1c2612441b7e558dae740c88e47860bbb9c84adf5475dc2111eae1f15e22fb39de4930dc48e337ff6396145fd21637f7735e94e01c39cc5e3d883cc3391742637095ddb1cabbb198b54ba781b4d4ad16ea1f681e668252eac955ed245b930a072224db9646bece12c828bc07df07bdad9acc5afd7a7b943a374a9ccb5511", 0xa7}], 0x4, 0x2, 0x4, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f0000000500)='fd\x00')
ioctl$SCSI_IOCTL_SYNC(r1, 0x4)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000540)={{0x1, 0x1, 0x18, <r2=>r1, {0xee01, 0xffffffffffffffff}}, './file0\x00'})
r3 = creat(&(0x7f0000000580)='./file0\x00', 0x102)
ioctl$BTRFS_IOC_QUOTA_CTL(r3, 0xc0109428, &(0x7f00000005c0)={0x3, 0x8})
flistxattr(0xffffffffffffffff, &(0x7f0000000600)=""/61, 0x3d)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000680)={0x4, &(0x7f0000000640)=[{0x887, 0x73, 0x49, 0x8}, {0x7fff, 0x0, 0x3c, 0x800}, {0x7, 0x0, 0xe5, 0x7}, {0x400, 0x1f, 0x8}]})
r4 = openat$cgroup_ro(r2, &(0x7f00000006c0)='blkio.bfq.io_service_bytes_recursive\x00', 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000700)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$getown(r5, 0x9)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r4, 0xc0189378, &(0x7f0000000740)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {<r7=>r6}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f0000000780)={{0x1, 0x1, 0x18, <r8=>r1, {0xb42}}, './file0\x00'})
dup2(r7, r8)

[   89.771382] audit: type=1400 audit(1756757874.623:7): avc:  denied  { execmem } for  pid=275 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   90.923614] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   90.925244] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   90.926329] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   90.929028] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   90.930578] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   90.960381] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   90.961358] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   90.962511] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   90.964645] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   90.966484] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   90.969342] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   90.970350] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   90.972240] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   90.974253] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   90.975688] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   91.030139] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   91.038387] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   91.039826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   91.041841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   91.047835] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   91.058035] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   91.065989] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   91.069121] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   91.071308] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   91.084048] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   91.092963] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   91.094040] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   91.096859] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   91.108532] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   91.112062] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   91.116245] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   91.119813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   91.148958] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   91.164183] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   91.165549] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   91.168880] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   91.175005] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   91.183016] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   91.189130] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   91.198008] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   93.005277] Bluetooth: hci2: command tx timeout
[   93.005909] Bluetooth: hci1: command tx timeout
[   93.005953] Bluetooth: hci0: command tx timeout
[   93.132840] Bluetooth: hci3: command tx timeout
[   93.132943] Bluetooth: hci4: command tx timeout
[   93.196806] Bluetooth: hci5: command tx timeout
[   93.261305] Bluetooth: hci6: command tx timeout
[   93.261386] Bluetooth: hci7: command tx timeout
[   95.052741] Bluetooth: hci0: command tx timeout
[   95.052768] Bluetooth: hci2: command tx timeout
[   95.053209] Bluetooth: hci1: command tx timeout
[   95.180784] Bluetooth: hci3: command tx timeout
[   95.181218] Bluetooth: hci4: command tx timeout
[   95.244799] Bluetooth: hci5: command tx timeout
[   95.308765] Bluetooth: hci6: command tx timeout
[   95.309799] Bluetooth: hci7: command tx timeout
[   97.100813] Bluetooth: hci2: command tx timeout
[   97.100846] Bluetooth: hci0: command tx timeout
[   97.101778] Bluetooth: hci1: command tx timeout
[   97.228742] Bluetooth: hci3: command tx timeout
[   97.229765] Bluetooth: hci4: command tx timeout
[   97.294699] Bluetooth: hci5: command tx timeout
[   97.356823] Bluetooth: hci7: command tx timeout
[   97.357264] Bluetooth: hci6: command tx timeout
[   99.148721] Bluetooth: hci0: command tx timeout
[   99.148756] Bluetooth: hci1: command tx timeout
[   99.149160] Bluetooth: hci2: command tx timeout
[   99.277839] Bluetooth: hci4: command tx timeout
[   99.278253] Bluetooth: hci3: command tx timeout
[   99.341828] Bluetooth: hci5: command tx timeout
[   99.404730] Bluetooth: hci6: command tx timeout
[   99.405130] Bluetooth: hci7: command tx timeout
[  126.375320] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.376013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.507788] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.508430] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.686911] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.687542] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.919814] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.920401] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.006414] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.007569] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.127188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.128013] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.238940] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.239563] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.413033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.413629] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.521223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.521864] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.626240] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.627103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.675840] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.676482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.743047] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.743758] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.809593] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.810395] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.908918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.909536] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.980711] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.981307] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.997128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.998797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.055805] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  129.057269] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  129.064235] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  129.068921] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  129.070312] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  129.075838] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  129.080606] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  129.082120] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  129.086080] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  129.090080] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  129.092233] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  129.095949] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  129.099256] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  129.101186] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  129.105230] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  129.110848] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  129.113356] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  129.117473] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  129.121066] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  129.123904] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  129.129428] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  129.141217] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  129.142378] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  129.146439] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  130.188801] Bluetooth: hci0: command 0x0c1a tx timeout
[  131.087325] Bluetooth: hci2: command 0x0c1a tx timeout
[  131.088844] Bluetooth: hci1: command 0x0c1a tx timeout
[  131.148821] Bluetooth: hci6: command 0x0c1a tx timeout
[  131.150015] Bluetooth: hci7: command 0x0c1a tx timeout
[  131.150068] Bluetooth: hci5: command 0x0c1a tx timeout
[  131.151177] Bluetooth: hci3: command 0x0c1a tx timeout
[  131.151979] Bluetooth: hci4: command 0x0c1a tx timeout
[  132.236788] Bluetooth: hci0: command 0x0c1a tx timeout
[  133.132775] Bluetooth: hci2: command 0x0c1a tx timeout
[  133.133726] Bluetooth: hci1: command 0x0c1a tx timeout
[  133.196790] Bluetooth: hci3: command 0x0c1a tx timeout
[  133.197916] Bluetooth: hci6: command 0x0c1a tx timeout
[  133.197956] Bluetooth: hci5: command 0x0c1a tx timeout
[  133.198925] Bluetooth: hci7: command 0x0c1a tx timeout
[  133.199769] Bluetooth: hci4: command 0x0c1a tx timeout
[  134.284805] Bluetooth: hci0: command 0x0c1a tx timeout
[  135.180763] Bluetooth: hci2: command 0x0c1a tx timeout
[  135.181847] Bluetooth: hci1: command 0x0c1a tx timeout
[  135.245093] Bluetooth: hci3: command 0x0c1a tx timeout
[  135.246196] Bluetooth: hci7: command 0x0c1a tx timeout
[  135.247250] Bluetooth: hci5: command 0x0c1a tx timeout
[  135.247295] Bluetooth: hci6: command 0x0c1a tx timeout
[  135.248247] Bluetooth: hci4: command 0x0c1a tx timeout
20:18:44 executing program 0:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
ioctl$CDROM_SEND_PACKET(r0, 0x1269, &(0x7f0000000340)={"9aa04bb5181700d0f7d4c0ae", &(0x7f0000000240), 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0})

20:18:44 executing program 7:
r0 = open(&(0x7f0000001c40)='./file0\x00', 0x68240, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

20:18:44 executing program 3:
mount$9p_tcp(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="7472616e733d7463702c706f72743d3078303030303030fdffffffffffffff302c00c645488c53aeb895a8bf7e5764f29ce29bee07d890e2a44d043e134cc783a19b07326e72b7bb619b213d6c9d01f5dd11fcb8941823b2afd257648b32e5cb0f3fde42761860c55a6ba98a9e8e57b1cc1c52add661de385d094c21441f115231c6186e4a76da339a0b1d13d11a8e8614a7394f7cce51685de794c5ba85"])
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='numa_maps\x00')
pread64(r0, &(0x7f0000000080)=""/239, 0xef, 0x0)

20:18:44 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), 0x0)
lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@known='security.selinux\x00', 0x0, 0x2)

20:18:44 executing program 1:
modify_ldt$write2(0x11, &(0x7f0000000000)={0x10000, 0x0, 0x400, 0x0, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000040)={0x8, 0x20000000, 0x2000, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000080)={0x9, 0xffffffffffffffff, 0x1000, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f00000000c0)={0x5, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x10)
set_thread_area(&(0x7f0000000100)={0x765, 0xffffffffffffffff, 0x2000})
modify_ldt$write2(0x11, &(0x7f0000000140)={0x1ff, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000180)={0xc7c, 0x1000, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f00000001c0)={0x7f, 0x20000000, 0x1000, 0x0, 0x0, 0x1}, 0x10)
get_thread_area(&(0x7f0000000200)={0x3, 0xffffffffffffffff, 0x400, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1})
modify_ldt$write2(0x11, &(0x7f0000000240)={0xd50, 0x1000, 0x4000, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000280)={0x81, 0x1000, 0xffffffffffffffff, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10)
get_thread_area(&(0x7f00000002c0)={0x8, 0x20001000, 0xffffffffffffffff, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1})
modify_ldt$write2(0x11, &(0x7f0000000300)={0xc0000000, 0x100000, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000340)={0x5, 0x20001000, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000380)={0x6, 0x20001000, 0x400, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1}, 0x10)
modify_ldt$write(0x1, &(0x7f00000003c0)={0x3, 0x20000800, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1}, 0x10)
modify_ldt$write(0x1, &(0x7f0000000400)={0x4062fa49, 0xffffffffdfffe7ff, 0x1000, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000440)={0x6, 0xffffffffdfffe7ff, 0xffffffffffffffff, 0x1, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000480)={0x3, 0x20000800, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f00000004c0)={0xffff7fff, 0x0, 0x1000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)

20:18:44 executing program 5:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
copy_file_range(r0, 0x0, r0, 0x0, 0x9, 0x0)
mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0)

20:18:44 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'vlan0\x00', <r2=>0x0})
sendmmsg$inet(r1, &(0x7f0000008700), 0x0, 0x880)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = dup2(r3, r3)
ioctl$sock_SIOCINQ(r4, 0x541b, &(0x7f0000000000))
getsockopt$WPAN_SECURITY_LEVEL(r4, 0x0, 0x2, &(0x7f0000000180), &(0x7f0000000200)=0x4)
bind$packet(r0, &(0x7f00000000c0)={0x11, 0x7, r2, 0x1, 0x80, 0x6, @remote}, 0x14)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4)
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="8bcc00ae850f909b81b2e815a55b341a29d5da0029a7d3e28058c0469a1646d1b380ab5cc33f1cb2b771c2fc5663455540eed430bc1607cdd9463784f5d26ea3abc35e87bef8918e0c954aa6ce75a50a7222219ebb63e99398db0679001ac42ce04d3bc7d5dee4d019c14563e249ad5944dd093ba687989021fb7d693a8ccb898a51ac246e2d306bde27b04a0f6213070080f6cda44caa654184ebfdff286e7aeabc5ac9337c5761252797a30a48eaf0", @ANYRESOCT=r0])
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10f000, 0x24)

20:18:44 executing program 6:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = dup2(r0, r0)
ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000000))
sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000400)={0xd0, 0x0, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x8}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x9}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x24, 0x7}}]}, @IPVS_CMD_ATTR_SERVICE={0x58, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1c00}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x5e}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x50}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3b}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xf}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5012}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}]}, 0xd0}, 0x1, 0x0, 0x0, 0x44000}, 0x40)
[  139.759961] audit: type=1400 audit(1756757924.638:8): avc:  denied  { open } for  pid=3924 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  139.762926] audit: type=1400 audit(1756757924.639:9): avc:  denied  { kernel } for  pid=3924 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x15, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000e2f4655fe2f4655f0100ffff53ef010001000000e2f4655f000000000000000001000000000000000b0000000001000018000000c28500002b0200000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e31313037303533313000"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000000ac78aee630b40d9ae2efa3163fd2529010040000c00000000000000e2f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000500400000000000000000000000000000005e00000000000000", 0x40, 0x540}, {&(0x7f0000010300)="02000000030000000400000019000f0003000400"/32, 0x20, 0x1000}, {&(0x7f0000010400)="7f000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000e2f4655fe2f4655fe2f4655f00"/8224, 0x2020, 0x2000}, {&(0x7f0000012500)="ed41000000100000e2f4655fe2f4655fe2f4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x4100}, {&(0x7f0000012600)="2000000088b35c7188b35c7100000000e2f4655f00"/32, 0x20, 0x4180}, {&(0x7f0000012700)="8081000000c04000e2f4655fe2f4655fe2f4655f00000000000001008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000010000000000000000000000000000000000000020000000000000000000000000000000e2f4655f00"/160, 0xa0, 0x4600}, {&(0x7f0000012800)="c041000000300000e2f4655fe2f4655fe2f4655f00000000000002008000000000000800000000000af301000400000000000000000000000300000020000000", 0x40, 0x4a00}, {&(0x7f0000012900)="20000000000000000000000000000000e2f4655f000000000000000000000000000002ea00"/64, 0x40, 0x4a80}, {&(0x7f0000012a00)="ed4100003c000000e2f4655fe2f4655fe2f4655f0000000000000200000000000000001003000000020000000d0000001000050166696c65300000000e0000002800050766696c65310000000000000000000000000000000000000000000000000000008c0e26bc0000000000000000000000000000000000000000000000002000000088b35c7188b35c7188b35c71e2f4655f88b35c710000000000000000000002ea04070000000000000000000000000000646174610000000000000000", 0xc0, 0x4b00}, {&(0x7f0000012b00)="ed8100001a040000e2f4655fe2f4655fe2f4655f00000000000001008000000000000800010000000af3010004000000000000000000000001000000500000000000000000000000000000000000000000000000000000000000000000000000000000007a837ae20000000000000000000000000000000000000000000000002000000088b35c7188b35c7188b35c71e2f4655f88b35c710000000000000000", 0xa0, 0x4c00}, {&(0x7f0000012c00)="ffa1000026000000e2f4655fe2f4655fe2f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3131303730353331302f66696c65302f66696c6530000000000000000000000000000000000000000000002e5c7f160000000000000000000000000000000000000000000000002000000088b35c7188b35c7188b35c71e2f4655f88b35c710000000000000000", 0xa0, 0x4d00}, {&(0x7f0000012d00)="ed8100000a000000e2f4655fe2f4655fe2f4655f000000000000010000000000000000100100000073797a6b616c6c65727300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005c91e3450000000000000000000000000000000000000000000000002000000088b35c7188b35c7188b35c71e2f4655f88b35c710000000000000000000002ea040700000000000000000000000000006461746106015400000000000600000000000000786174747231000006014c000000000006000000000000007861747472320000000000000000000078617474723200007861747472310000ed81000028230000e2f4655fe2f4655fe2f4655f00000000000002008000000000000800010000000af301000400000000000000000000000300000060000000020000000100000062000000020000000180000062000000000000000000000000000000347eabae0000000000000000000000000000000000000000000000002000000088b35c7188b35c7188b35c71e2f4655f88b35c710000000000000000", 0x1a0, 0x4e00}, {&(0x7f0000012f00)="ed81000064000000e2f4655fe2f4655fe2f4655f000000000000010000000000000000100100000073797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616cd1ec0e270000000000000000000000000000000000000000000000002000000088b35c7188b35c7188b35c71e2f4655f88b35c710000000000000000000002ea040734000000000028000000000000006461746100000000000000000000000000000000000000000000000000000000000000006c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273", 0x100, 0x5000}, {&(0x7f0000013000)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c653300000011000000940f090166696c652e636f6c64000000", 0x80, 0x10000}, {&(0x7f0000013100)="0b0000000c0001022e000000020000000c0002022e2e000000000000e80f0000", 0x20, 0x20000}, {&(0x7f0000013200)="00000000001000"/32, 0x20, 0x21000}, {&(0x7f0000013300)="00000000001000"/32, 0x20, 0x22000}, {&(0x7f0000013400)="504d4d00504d4dffe2f4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7032390075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x40000}, {&(0x7f0000013500)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x50000}], 0x0, &(0x7f0000013a00))

20:18:44 executing program 5:
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r2, 0x2, 0x6}, 0x10)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={0x0, @vsock, @vsock={0x28, 0x0, 0x2711, @hyper}, @llc={0x1a, 0x304, 0x4, 0x87, 0x32, 0x5, @random="33ad2df2e0c9"}, 0x0, 0x0, 0x0, 0x0, 0x200, &(0x7f0000000080)='veth0_to_bridge\x00', 0x10000, 0x9, 0x9bb})
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r3}, './file0\x00'})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r5=>0x0})
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={r5, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, 0x10)

[  139.833920] mac80211_hwsim hwsim10 wlan1: entered allmulticast mode
[  139.843931] mac80211_hwsim hwsim10 wlan1: left allmulticast mode
[  139.850313] mac80211_hwsim hwsim10 wlan1: entered allmulticast mode
[  139.853526] loop6: detected capacity change from 0 to 4096
[  139.864365] mac80211_hwsim hwsim10 wlan1: left allmulticast mode
[  139.896739] tmpfs: Unknown parameter '‹Ì'
20:18:44 executing program 7:
syz_emit_vhci(&(0x7f00000007c0)=ANY=[@ANYBLOB="040e040912204007a36a2f74a5a8cb4afef2541ebc5b4200603f6908884684145fbd04179fea9e02835ae6306d911a55dfa1dbc8db9a0f444809345a122b8a3de6f188f757ba6369aed8283cf9ab156f6ed154d0ca1a833b5207445923c222d41dea8a94f2eee34296ba87169462cd5c15f1ef1c005461ded632e874ea764801a332f303a370972a8acf4f040d1a9fc9e2bfd890164047f3166d95c214f499fb7b312568c02d03abd9a1b23728b4a0d1512ce0535dd92e21e814c395d6ed3274236ab362dd45105a144ead1b4b79dc866df71a95b11d82b3030d741d131ee47f511a0010529c1416df442d8ec75f67619ea9fa1662"], 0x7)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_rsp={{0xf, 0x3, 0x4}, {0x4, 0x9}}]}}, 0x11)
syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x41c}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x103180, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c800a23b9d1d50823db5e2e45988439ba596412882a4a358c2aadd49ebbc0ac108037fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"], 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929215cca5d888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da148f7d6737e0a5d0583471a33fbd62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0xf}, {0x8, 0x2, [{0xc8, 0x8001, 0x2}, {0xc8, 0x3, 0x3f}]}}}, 0x12)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x120, 0xa00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="371337cfa3139f007c84e02d8e4af6bcc65adabcf288000000ff78856d451224ded76f020000003def2129b762617306025dc3ab02fefdc8c81e99c9432b4d763185f3798ea45a000000807a2997604e26d27d4fbe5367b47a6abe08e052100b78407f797ddf1677b6ca78623a60e86aa735eafc950014d31476d3c19ab92ba9bf1e12da13b5"])
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYRESHEX, @ANYRESHEX=r0, @ANYRESOCT=r1, @ANYRESOCT=r0, @ANYRES16=r0, @ANYRESDEC=r0, @ANYRESOCT], 0x54df1abb4fd15e78)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

20:18:44 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019040)='/proc/mdstat\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000040)=""/102400, 0x19000, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = inotify_init()
sendfile(r2, r0, &(0x7f0000019080)=0x8000, 0x40)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000190c0)={'dummy0\x00'})
ioctl$SIOCGIFHWADDR(r1, 0x800454e1, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = dup2(r3, r3)
ioctl$sock_SIOCINQ(r4, 0x541b, &(0x7f0000000000))
r5 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}, {0x0, 0x0, 0xffffffffffffff4b}], 0x0, &(0x7f0000010f60))
r6 = fsmount(0xffffffffffffffff, 0x1, 0x89)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000000)={0x0, <r8=>0x0}, &(0x7f0000000040)=0x5)
setuid(r8)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x2008000, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',dfl|gid=', @ANYRESHEX=0x0, @ANYBLOB=',version=9p2000,access=client,access=', @ANYRESDEC=r8, @ANYBLOB=',seclabel,audit,\x00'])
ioctl$TUNSETOWNER(r4, 0x400454cc, r8)

20:18:44 executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000000)={0x2})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f00000000c0)={0x1ff, 0x9, 0x5})

20:18:44 executing program 0:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2c02}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
r1 = getpid()
r2 = getpid()
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
r4 = syz_open_procfs$namespace(r2, &(0x7f00000000c0)='ns/pid_for_children\x00')
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000100)=[r0, r0, r4], 0x3)
kcmp(r1, r2, 0x0, r0, r3)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)

20:18:44 executing program 1:
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000000)=0x4)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000540)=ANY=[@ANYBLOB="12010000020000002505a1a44000000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d0000090582020000000000090503020000000000"], 0x0)

[  139.941605] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.981074] kmemleak: Found object by alias at 0x607f1a63e324
[  139.981093] CPU: 0 UID: 0 PID: 3937 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  139.981112] Tainted: [W]=WARN
[  139.981116] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.981123] Call Trace:
[  139.981127]  <TASK>
[  139.981132]  dump_stack_lvl+0xca/0x120
[  139.981158]  __lookup_object+0x94/0xb0
[  139.981176]  delete_object_full+0x27/0x70
[  139.981192]  free_percpu+0x30/0x1160
[  139.981210]  ? arch_uprobe_clear_state+0x16/0x140
[  139.981231]  futex_hash_free+0x38/0xc0
[  139.981245]  mmput+0x2d3/0x390
[  139.981265]  do_exit+0x79d/0x2970
[  139.981279]  ? signal_wake_up_state+0x85/0x120
[  139.981296]  ? zap_other_threads+0x2b9/0x3a0
[  139.981312]  ? __pfx_do_exit+0x10/0x10
[  139.981325]  ? do_group_exit+0x1c3/0x2a0
[  139.981339]  ? lock_release+0xc8/0x290
[  139.981356]  do_group_exit+0xd3/0x2a0
[  139.981371]  __x64_sys_exit_group+0x3e/0x50
[  139.981385]  x64_sys_call+0x18c5/0x18d0
[  139.981406]  do_syscall_64+0xbf/0x360
[  139.981418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.981430] RIP: 0033:0x7f8e5f822b19
[  139.981439] Code: Unable to access opcode bytes at 0x7f8e5f822aef.
[  139.981444] RSP: 002b:00007ffd37c08bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  139.981456] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f8e5f822b19
[  139.981463] RDX: 00007f8e5f7d572b RSI: ffffffffffffffbc RDI: 0000000000000000
[  139.981471] RBP: 0000000000000000 R08: 00007f8e5f93a0e0 R09: 0000000000000001
[  139.981477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  139.981484] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffd37c08ca0
[  139.981499]  </TASK>
[  139.981503] kmemleak: Object (percpu) 0x607f1a63e320 (size 8):
[  139.981510] kmemleak:   comm "syz-executor.6", pid 3945, jiffies 4294806716
[  139.981517] kmemleak:   min_count = 1
[  139.981521] kmemleak:   count = 0
[  139.981525] kmemleak:   flags = 0x21
[  139.981529] kmemleak:   checksum = 0
[  139.981532] kmemleak:   backtrace:
[  139.981536]  pcpu_alloc_noprof+0x87a/0x1170
[  139.981551]  __alloc_workqueue+0x74b/0x1820
[  139.981569]  alloc_workqueue_noprof+0xc7/0x200
[  139.981579]  ext4_fill_super+0x8067/0xba20
[  139.981596]  get_tree_bdev_flags+0x38a/0x620
[  139.981607]  vfs_get_tree+0x93/0x340
[  139.981622]  path_mount+0x132d/0x1dd0
[  139.981635]  __x64_sys_mount+0x27b/0x300
[  139.981646]  do_syscall_64+0xbf/0x360
[  139.981656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.015213] loop2: detected capacity change from 0 to 16383
[  140.027389] Bluetooth: hci6: unexpected event for opcode 0x2012
[  140.027947] Bluetooth: hci6: ACL packet for unknown connection handle 200
[  140.028569] Bluetooth: hci6: unexpected event for opcode 0x041c
[  140.029265] Bluetooth: hci6: SCO packet for unknown connection handle 200
[  140.030358] kmemleak: Cannot insert 0x607f1a63e324 into the object search tree (overlaps existing)
[  140.030374] CPU: 0 UID: 0 PID: 3962 Comm: syz-executor.2 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  140.030392] Tainted: [W]=WARN
[  140.030396] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  140.030403] Call Trace:
[  140.030407]  <TASK>
[  140.030412]  dump_stack_lvl+0xca/0x120
[  140.030436]  __link_object+0x190/0x210
[  140.030454]  __create_object+0x48/0x80
[  140.030472]  pcpu_alloc_noprof+0x87a/0x1170
[  140.030496]  __percpu_init_rwsem+0x2d/0x160
[  140.030513]  ? security_sb_alloc+0x75/0x140
[  140.030531]  alloc_super+0x29e/0xb80
[  140.030545]  ? __pfx_super_s_dev_test+0x10/0x10
[  140.030563]  sget_fc+0xfe/0xb80
[  140.030575]  ? __pfx_super_s_dev_set+0x10/0x10
[  140.030595]  get_tree_bdev_flags+0x1b8/0x620
[  140.030607]  ? __pfx_ext4_fill_super+0x10/0x10
[  140.030627]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  140.030640]  ? cap_capable+0xdb/0x3b0
[  140.030658]  ? security_capable+0x2f/0x90
[  140.030674]  vfs_get_tree+0x93/0x340
[  140.030692]  path_mount+0x132d/0x1dd0
[  140.030707]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  140.030722]  ? __pfx_path_mount+0x10/0x10
[  140.030735]  ? kmem_cache_free+0x2a1/0x540
[  140.030747]  ? putname.part.0+0x11b/0x160
[  140.030764]  ? getname_flags.part.0+0x1c6/0x540
[  140.030782]  ? putname.part.0+0x11b/0x160
[  140.030800]  __x64_sys_mount+0x27b/0x300
[  140.030814]  ? __pfx___x64_sys_mount+0x10/0x10
[  140.030833]  do_syscall_64+0xbf/0x360
[  140.030845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.030858] RIP: 0033:0x7f7f5758304a
[  140.030867] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  140.030878] RSP: 002b:00007f7f54af6fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  140.030889] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7f5758304a
[  140.030897] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7f54af7000
[  140.030905] RBP: 00007f7f54af7040 R08: 00007f7f54af7040 R09: 0000000020000000
[  140.030912] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
[  140.030919] R13: 0000000020000100 R14: 00007f7f54af7000 R15: 0000000020010f60
[  140.030934]  </TASK>
[  140.031275] kmemleak: Kernel memory leak detector disabled
[  140.031279] kmemleak: Object (percpu) 0x607f1a63e320 (size 8):
[  140.031286] kmemleak:   comm "syz-executor.6", pid 3945, jiffies 4294806716
[  140.031294] kmemleak:   min_count = 1
[  140.031297] kmemleak:   count = 0
[  140.031301] kmemleak:   flags = 0x21
[  140.031305] kmemleak:   checksum = 0
[  140.031309] kmemleak:   backtrace:
[  140.031312]  pcpu_alloc_noprof+0x87a/0x1170
[  140.031328]  __alloc_workqueue+0x74b/0x1820
[  140.031346]  alloc_workqueue_noprof+0xc7/0x200
[  140.031356]  ext4_fill_super+0x8067/0xba20
[  140.031371]  get_tree_bdev_flags+0x38a/0x620
[  140.031382]  vfs_get_tree+0x93/0x340
[  140.031397]  path_mount+0x132d/0x1dd0
[  140.031408]  __x64_sys_mount+0x27b/0x300
[  140.031420]  do_syscall_64+0xbf/0x360
[  140.031429]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.038899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  140.040265] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
[  140.057045] EXT4-fs (loop2): group descriptors corrupted!
[  140.058501] Bluetooth: hci6: SCO packet for unknown connection handle 201
[  140.061021] kmemleak: Automatic memory scanning thread ended
[  140.066096] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  140.114389] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.151183] Oops: general protection fault, probably for non-canonical address 0xdffffc0002b94060: 0000 [#1] SMP KASAN NOPTI
[  140.153105] KASAN: probably user-memory-access in range [0x0000000015ca0300-0x0000000015ca0307]
[  140.154500] CPU: 1 UID: 0 PID: 291 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  140.161987] Tainted: [W]=WARN
[  140.162496] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  140.163793] RIP: 0010:destroy_workqueue+0x5a2/0xa00
[  140.164635] Code: 3f 0f 87 24 01 00 00 e8 3c 67 31 00 89 de 48 89 ef e8 52 6b fe ff 49 89 c7 48 85 c0 74 41 e8 25 67 31 00 4c 89 fa 48 c1 ea 03 <42> 80 3c 22 00 0f 85 89 03 00 00 49 8b 3f e8 bb a0 7b 03 4c 89 ff
[  140.167529] RSP: 0018:ffff888016d97cb8 EFLAGS: 00010216
[  140.168392] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8140fc07
[  140.169562] RDX: 0000000002b94060 RSI: ffffffff81428f8b RDI: 0000000000000005
[  140.170715] RBP: ffff888043f84800 R08: 0000000000000001 R09: 0000000000000000
[  140.171866] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  140.172986] R13: ffffffff85852560 R14: ffffed10087f0939 R15: 0000000015ca0300
[  140.174113] FS:  000055558f612400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  140.175380] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  140.176300] CR2: 0000555575d65c18 CR3: 0000000045485000 CR4: 0000000000350ef0
[  140.177454] Call Trace:
[  140.177868]  <TASK>
[  140.178240]  ext4_put_super+0x106/0xf30
[  140.178899]  ? sync_blockdev+0x54/0x70
[  140.179520]  ? __pfx_ext4_put_super+0x10/0x10
[  140.180254]  generic_shutdown_super+0x15a/0x4a0
[  140.181044]  kill_block_super+0x3b/0x90
[  140.181699]  ext4_kill_sb+0x6c/0xb0
[  140.182296]  deactivate_locked_super+0xbf/0x1a0
[  140.183051]  deactivate_super+0xb1/0xd0
[  140.183691]  cleanup_mnt+0x2df/0x430
[  140.184308]  task_work_run+0x172/0x280
[  140.184950]  ? __pfx_task_work_run+0x10/0x10
[  140.185666]  ? __x64_sys_umount+0x114/0x190
[  140.186356]  ? __pfx___x64_sys_umount+0x10/0x10
[  140.187102]  exit_to_user_mode_loop+0xef/0x110
[  140.187825]  do_syscall_64+0x2f7/0x360
[  140.188440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.189253] RIP: 0033:0x7f8e5f823f87
[  140.189845] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  140.192685] RSP: 002b:00007ffd37c07ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  140.193888] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 00007f8e5f823f87
[  140.195014] RDX: 00007ffd37c07ba9 RSI: 000000000000000a RDI: 00007ffd37c07ba0
[  140.196130] RBP: 00007ffd37c07ba0 R08: 00000000ffffffff R09: 00007ffd37c07970
[  140.197252] R10: 000055558f613c7b R11: 0000000000000246 R12: 00007f8e5f87c105
[  140.198362] R13: 00007ffd37c08c60 R14: 000055558f613c20 R15: 00007ffd37c08ca0
[  140.199480]  </TASK>
[  140.199864] Modules linked in:
[  140.201192] ---[ end trace 0000000000000000 ]---
[  140.202492] RIP: 0010:destroy_workqueue+0x5a2/0xa00
[  140.203338] Code: 3f 0f 87 24 01 00 00 e8 3c 67 31 00 89 de 48 89 ef e8 52 6b fe ff 49 89 c7 48 85 c0 74 41 e8 25 67 31 00 4c 89 fa 48 c1 ea 03 <42> 80 3c 22 00 0f 85 89 03 00 00 49 8b 3f e8 bb a0 7b 03 4c 89 ff
[  140.206211] RSP: 0018:ffff888016d97cb8 EFLAGS: 00010216
[  140.207063] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8140fc07
[  140.207112] Bluetooth: hci6: unexpected event for opcode 0x2012
[  140.208188] RDX: 0000000002b94060 RSI: ffffffff81428f8b RDI: 0000000000000005
[  140.208725] Bluetooth: hci6: ACL packet for unknown connection handle 200
[  140.209800] RBP: ffff888043f84800 R08: 0000000000000001 R09: 0000000000000000
[  140.210336] Bluetooth: hci6: unexpected event for opcode 0x041c
[  140.211395] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  140.211873] Bluetooth: hci6: SCO packet for unknown connection handle 200
[  140.212963] R13: ffffffff85852560 R14: ffffed10087f0939 R15: 0000000015ca0300
[  140.212989] Bluetooth: hci6: SCO packet for unknown connection handle 201
[  140.214030] FS:  000055558f612400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  140.216855] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  140.217785] CR2: 0000555575d65c18 CR3: 0000000045485000 CR4: 0000000000350ef0
[  140.218912] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51
[  140.220331] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 291, name: syz-executor.6
[  140.221671] preempt_count: 0, expected: 0
[  140.222305] RCU nest depth: 1, expected: 0
[  140.222989] INFO: lockdep is turned off.
[  140.223613] CPU: 1 UID: 0 PID: 291 Comm: syz-executor.6 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  140.223651] Tainted: [D]=DIE, [W]=WARN
[  140.223664] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  140.223677] Call Trace:
[  140.223685]  <TASK>
[  140.223694]  dump_stack_lvl+0xfa/0x120
[  140.223734]  __might_resched+0x2f3/0x510
[  140.223761]  exit_signals+0x25/0x940
[  140.223797]  do_exit+0x2db/0x2970
[  140.223824]  ? task_work_run+0x172/0x280
[  140.223852]  ? __pfx_task_work_run+0x10/0x10
[  140.223878]  ? __pfx_do_exit+0x10/0x10
[  140.223903]  ? __pfx___x64_sys_umount+0x10/0x10
[  140.223932]  make_task_dead+0x174/0x3b0
[  140.223958]  ? do_syscall_64+0x2f7/0x360
[  140.223981]  rewind_stack_and_make_dead+0x16/0x20
[  140.224013] RIP: 0033:0x7f8e5f823f87
[  140.224030] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  140.224051] RSP: 002b:00007ffd37c07ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  140.224073] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 00007f8e5f823f87
[  140.224087] RDX: 00007ffd37c07ba9 RSI: 000000000000000a RDI: 00007ffd37c07ba0
[  140.224102] RBP: 00007ffd37c07ba0 R08: 00000000ffffffff R09: 00007ffd37c07970
[  140.224116] R10: 000055558f613c7b R11: 0000000000000246 R12: 00007f8e5f87c105
[  140.224131] R13: 00007ffd37c08c60 R14: 000055558f613c20 R15: 00007ffd37c08ca0
[  140.224152]  </TASK>
[  140.276066] loop2: detected capacity change from 0 to 16383
[  140.316469] ------------[ cut here ]------------
[  140.317346] Voluntary context switch within RCU read-side critical section!
[  140.317447] WARNING: kernel/rcu/tree_plugin.h:332 at rcu_note_context_switch+0xa96/0x1b00, CPU#1: syz-executor.6/291
[  140.320348] Modules linked in:
[  140.320924] CPU: 1 UID: 0 PID: 291 Comm: syz-executor.6 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  140.322901] Tainted: [D]=DIE, [W]=WARN
[  140.323554] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  140.324942] RIP: 0010:rcu_note_context_switch+0xa96/0x1b00
[  140.325902] Code: 00 00 00 65 48 8b 3d 41 dc 27 06 e8 84 11 fd ff e9 1a f8 ff ff c6 05 2e 4a e4 04 01 90 48 c7 c7 a0 8a c9 84 e8 0b 39 dd ff 90 <0f> 0b 90 90 e9 3a f6 ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea
[  140.328924] RSP: 0018:ffff888016d977c0 EFLAGS: 00010086
[  140.329813] RAX: 0000000000000000 RBX: ffff88806cf37d00 RCX: ffffffff8139de70
[  140.330981] RDX: ffff8880169f5280 RSI: ffffffff8139de7e RDI: 0000000000000001
[  140.332151] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d9e4801
[  140.333330] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880169f5280
[  140.334499] R13: 0000000000000000 R14: ffff8880169f5280 R15: ffffffff84bd30d5
[  140.335654] FS:  0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  140.336996] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  140.337965] CR2: 00007fbe7a8732a0 CR3: 0000000041d77000 CR4: 0000000000350ef0
[  140.339129] Call Trace:
[  140.339561]  <TASK>
[  140.339948]  ? __is_insn_slot_addr+0x140/0x290
[  140.340727]  ? kernel_text_address+0x5b/0xc0
[  140.341460]  ? lock_acquire+0x18c/0x2f0
[  140.342123]  ? __mutex_lock+0x4d5/0x1020
[  140.342813]  __schedule+0x217/0x3590
[  140.343440]  ? lock_acquire+0x18c/0x2f0
[  140.344110]  ? __pfx___schedule+0x10/0x10
[  140.344813]  ? __is_insn_slot_addr+0x140/0x290
[  140.345584]  ? lock_acquire+0x18c/0x2f0
[  140.346245]  ? lock_release+0x1c7/0x290
[  140.346916]  ? __mutex_lock+0x4d5/0x1020
[  140.347608]  schedule+0xdb/0x390
[  140.348191]  schedule_preempt_disabled+0x10/0x20
[  140.348990]  __mutex_lock+0x813/0x1020
[  140.349639]  ? exp_funnel_lock+0x2c7/0x5c0
[  140.350344]  ? __pfx___mutex_lock+0x10/0x10
[  140.351082]  ? __mutex_trylock_common+0x77/0x260
[  140.351869]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  140.352675]  ? __call_rcu_common.constprop.0+0x70/0x960
[  140.353548]  ? lock_release+0x1c7/0x290
[  140.354216]  exp_funnel_lock+0x2c7/0x5c0
[  140.354877]  ? __pfx_exp_funnel_lock+0x10/0x10
[  140.355644]  ? do_raw_spin_lock+0x123/0x260
[  140.356362]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  140.357164]  ? xas_start+0x14e/0x710
[  140.357779]  ? lock_release+0x1c7/0x290
[  140.358424]  synchronize_rcu_expedited+0x27e/0x420
[  140.359213]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  140.360085]  ? lock_release+0x1c7/0x290
[  140.360755]  ? __virt_addr_valid+0x100/0x5d0
[  140.361493]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  140.362351]  ? shrink_dentry_list+0x1a/0x650
[  140.363085]  ? __call_rcu_common.constprop.0+0x4c1/0x960
[  140.363962]  namespace_unlock+0x4b6/0x810
[  140.364675]  ? __pfx_namespace_unlock+0x10/0x10
[  140.365438]  ? do_raw_spin_lock+0x123/0x260
[  140.366149]  ? __pfx_umount_tree+0x10/0x10
[  140.366836]  ? lock_acquire+0x18c/0x2f0
[  140.367484]  ? lock_release+0x1c7/0x290
[  140.368127]  put_mnt_ns+0xf5/0x120
[  140.368721]  free_nsproxy+0x3a/0x400
[  140.369343]  switch_task_namespaces+0xe2/0x100
[  140.370099]  do_exit+0x841/0x2970
[  140.370672]  ? task_work_run+0x172/0x280
[  140.371331]  ? __pfx_task_work_run+0x10/0x10
[  140.372053]  ? __pfx_do_exit+0x10/0x10
[  140.372698]  ? __pfx___x64_sys_umount+0x10/0x10
[  140.373459]  make_task_dead+0x174/0x3b0
[  140.374115]  ? do_syscall_64+0x2f7/0x360
[  140.374772]  rewind_stack_and_make_dead+0x16/0x20
[  140.375569] RIP: 0033:0x7f8e5f823f87
[  140.376175] Code: Unable to access opcode bytes at 0x7f8e5f823f5d.
[  140.377186] RSP: 002b:00007ffd37c07ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  140.378384] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 00007f8e5f823f87
[  140.379509] RDX: 00007ffd37c07ba9 RSI: 000000000000000a RDI: 00007ffd37c07ba0
[  140.380642] RBP: 00007ffd37c07ba0 R08: 00000000ffffffff R09: 00007ffd37c07970
[  140.381771] R10: 000055558f613c7b R11: 0000000000000246 R12: 00007f8e5f87c105
[  140.382913] R13: 00007ffd37c08c60 R14: 000055558f613c20 R15: 00007ffd37c08ca0
[  140.384066]  </TASK>
[  140.384446] irq event stamp: 159777
[  140.385042] hardirqs last  enabled at (159777): [<ffffffff8129745e>] cond_local_irq_enable.isra.0+0x2e/0x40
[  140.386588] hardirqs last disabled at (159776): [<ffffffff84bb8fe2>] exc_general_protection+0x32/0x330
[  140.388051] softirqs last  enabled at (159542): [<ffffffff813bafcc>] handle_softirqs+0x50c/0x770
[  140.389435] softirqs last disabled at (159533): [<ffffffff813bb364>] __irq_exit_rcu+0xc4/0x100
[  140.390786] ---[ end trace 0000000000000000 ]---
[  140.696507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  140.699057] misc raw-gadget: fail, usb_gadget_register_driver returned -16
SYZFAIL: failed to write(kmemleak, "scan")
 (errno 1: Operation not permitted)
BUG: leak checking failed
[  144.268745] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0
[  144.270189] Bluetooth: hci6: Injecting HCI hardware error event
[  144.271916] Bluetooth: hci6: hardware error 0x00
[  146.316716] Bluetooth: hci6: Opcode 0x0c03 failed: -110

VM DIAGNOSIS:
20:18:45  Registers:
info registers vcpu 0
RAX=dffffc0000000000 RBX=ffff888017210000 RCX=ffff88801723f950 RDX=0000000000000000
RSI=ffffffff81608b3e RDI=ffff8880172103fc RBP=ffff888017210000 RSP=ffff88801723f828
R8 =0000000000000001 R9 =ffff88801723f8f0 R10=000000000003bea3 R11=0000000000004433
R12=0000000000000000 R13=ffff88801723f8f8 R14=ffff888017210000 R15=ffff88801723f8b0
RIP=ffffffff815af927 RFL=00000213 [----A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe2800000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d829000 CR3=000000000b794000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=514e49434f49535f6b636f73246c7463
XMM02=0000000000000000415076f600000000 XMM03=a36ed2f5843746d9cd0716bc30d4ee40
XMM04=0aa575cea64a950c8e91f8be875ec3ab XMM05=2cc41a007906db9893e963bb9e212272
XMM06=59ad49e26345c119d0e4ded5c73b4de0 XMM07=89cb8c3a697dfb21909887a63b09dd44
XMM08=a36ed2f5843746d9cd0716bc30d4ee40 XMM09=0aa575cea64a950c8e91f8be875ec3ab
XMM10=2cc41a007906db9893e963bb9e212272 XMM11=59ad49e26345c119d0e4ded5c73b4de0
XMM12=89cb8c3a697dfb21909887a63b09dd44 XMM13=0713620f4ab027de6b302d6e24ac518a
XMM14=7a6e28fffdeb844165aa4ca4cdf68000 XMM15=f0ea480aa397272561577c33c95abcea
info registers vcpu 1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888016d97610
R8 =0000000000000000 R9 =ffffed1001728046 R10=0000000000000020 R11=552031203a555043
R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055558f612400 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 ffffc90000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555575d65c18 CR3=0000000045485000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00ffffffffffff0000000000000000 XMM01=0100010001000000ffffffffffffffff
XMM02=0500050005000000455441564952505f XMM03=0000000000000000000000564952505f
XMM04=00030005000500050005000000455441 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000