Warning: Permanently added '[localhost]:53527' (ECDSA) to the list of known hosts. 2025/08/29 09:46:12 fuzzer started 2025/08/29 09:46:13 dialing manager at localhost:43077 syzkaller login: [ 53.015675] cgroup: Unknown subsys name 'net' [ 53.099618] cgroup: Unknown subsys name 'cpuset' [ 53.123890] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:46:25 syscalls: 2214 2025/08/29 09:46:25 code coverage: enabled 2025/08/29 09:46:25 comparison tracing: enabled 2025/08/29 09:46:25 extra coverage: enabled 2025/08/29 09:46:25 setuid sandbox: enabled 2025/08/29 09:46:25 namespace sandbox: enabled 2025/08/29 09:46:25 Android sandbox: enabled 2025/08/29 09:46:25 fault injection: enabled 2025/08/29 09:46:25 leak checking: enabled 2025/08/29 09:46:25 net packet injection: enabled 2025/08/29 09:46:25 net device setup: enabled 2025/08/29 09:46:25 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:46:25 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:46:25 USB emulation: enabled 2025/08/29 09:46:25 hci packet injection: enabled 2025/08/29 09:46:25 wifi device emulation: enabled 2025/08/29 09:46:25 802.15.4 emulation: enabled 2025/08/29 09:46:25 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:46:25 fetching corpus: 36, signal 18157/21654 (executing program) 2025/08/29 09:46:25 fetching corpus: 82, signal 32064/36798 (executing program) 2025/08/29 09:46:25 fetching corpus: 129, signal 39670/45621 (executing program) 2025/08/29 09:46:25 fetching corpus: 178, signal 46341/53390 (executing program) 2025/08/29 09:46:25 fetching corpus: 228, signal 53452/61340 (executing program) 2025/08/29 09:46:25 fetching corpus: 278, signal 57825/66625 (executing program) 2025/08/29 09:46:25 fetching corpus: 328, signal 62282/71881 (executing program) 2025/08/29 09:46:25 fetching corpus: 378, signal 65763/76171 (executing program) 2025/08/29 09:46:26 fetching corpus: 428, signal 68228/79489 (executing program) 2025/08/29 09:46:26 fetching corpus: 478, signal 71913/83863 (executing program) 2025/08/29 09:46:26 fetching corpus: 528, signal 74571/87189 (executing program) 2025/08/29 09:46:26 fetching corpus: 578, signal 77698/90966 (executing program) 2025/08/29 09:46:26 fetching corpus: 627, signal 79778/93711 (executing program) 2025/08/29 09:46:26 fetching corpus: 677, signal 82753/97144 (executing program) 2025/08/29 09:46:26 fetching corpus: 727, signal 84889/99782 (executing program) 2025/08/29 09:46:26 fetching corpus: 776, signal 86834/102269 (executing program) 2025/08/29 09:46:26 fetching corpus: 826, signal 88104/104152 (executing program) 2025/08/29 09:46:26 fetching corpus: 876, signal 89789/106326 (executing program) 2025/08/29 09:46:27 fetching corpus: 926, signal 92159/108916 (executing program) 2025/08/29 09:46:27 fetching corpus: 976, signal 93860/111010 (executing program) 2025/08/29 09:46:27 fetching corpus: 1026, signal 95835/113250 (executing program) 2025/08/29 09:46:27 fetching corpus: 1076, signal 97309/115080 (executing program) 2025/08/29 09:46:27 fetching corpus: 1125, signal 100420/118000 (executing program) 2025/08/29 09:46:27 fetching corpus: 1175, signal 102013/119800 (executing program) 2025/08/29 09:46:27 fetching corpus: 1225, signal 103566/121581 (executing program) 2025/08/29 09:46:27 fetching corpus: 1275, signal 104997/123253 (executing program) 2025/08/29 09:46:27 fetching corpus: 1325, signal 106860/125120 (executing program) 2025/08/29 09:46:28 fetching corpus: 1375, signal 108034/126559 (executing program) 2025/08/29 09:46:28 fetching corpus: 1425, signal 109346/128013 (executing program) 2025/08/29 09:46:28 fetching corpus: 1475, signal 110219/129185 (executing program) 2025/08/29 09:46:28 fetching corpus: 1525, signal 111871/130757 (executing program) 2025/08/29 09:46:28 fetching corpus: 1575, signal 113413/132293 (executing program) 2025/08/29 09:46:28 fetching corpus: 1625, signal 114440/133483 (executing program) 2025/08/29 09:46:28 fetching corpus: 1675, signal 116714/135628 (executing program) 2025/08/29 09:46:28 fetching corpus: 1725, signal 117896/136780 (executing program) 2025/08/29 09:46:28 fetching corpus: 1775, signal 119242/138028 (executing program) 2025/08/29 09:46:28 fetching corpus: 1825, signal 120259/139119 (executing program) 2025/08/29 09:46:29 fetching corpus: 1875, signal 121387/140173 (executing program) 2025/08/29 09:46:29 fetching corpus: 1925, signal 122545/141277 (executing program) 2025/08/29 09:46:29 fetching corpus: 1975, signal 123490/142195 (executing program) 2025/08/29 09:46:29 fetching corpus: 2024, signal 124885/143307 (executing program) 2025/08/29 09:46:29 fetching corpus: 2074, signal 126127/144294 (executing program) 2025/08/29 09:46:29 fetching corpus: 2124, signal 127858/145487 (executing program) 2025/08/29 09:46:29 fetching corpus: 2174, signal 128799/146313 (executing program) 2025/08/29 09:46:29 fetching corpus: 2223, signal 129978/147209 (executing program) 2025/08/29 09:46:29 fetching corpus: 2273, signal 130702/147874 (executing program) 2025/08/29 09:46:30 fetching corpus: 2323, signal 131737/148715 (executing program) 2025/08/29 09:46:30 fetching corpus: 2372, signal 132445/149330 (executing program) 2025/08/29 09:46:30 fetching corpus: 2422, signal 133023/149883 (executing program) 2025/08/29 09:46:30 fetching corpus: 2472, signal 133649/150524 (executing program) 2025/08/29 09:46:30 fetching corpus: 2522, signal 134191/151039 (executing program) 2025/08/29 09:46:30 fetching corpus: 2572, signal 134693/151529 (executing program) 2025/08/29 09:46:30 fetching corpus: 2622, signal 135474/152065 (executing program) 2025/08/29 09:46:30 fetching corpus: 2672, signal 136333/152623 (executing program) 2025/08/29 09:46:30 fetching corpus: 2722, signal 137195/153144 (executing program) 2025/08/29 09:46:30 fetching corpus: 2772, signal 137975/153661 (executing program) 2025/08/29 09:46:30 fetching corpus: 2822, signal 138709/154157 (executing program) 2025/08/29 09:46:31 fetching corpus: 2872, signal 139339/154633 (executing program) 2025/08/29 09:46:31 fetching corpus: 2921, signal 139933/155046 (executing program) 2025/08/29 09:46:31 fetching corpus: 2969, signal 140434/155422 (executing program) 2025/08/29 09:46:31 fetching corpus: 3019, signal 141053/155809 (executing program) 2025/08/29 09:46:31 fetching corpus: 3069, signal 141543/156150 (executing program) 2025/08/29 09:46:31 fetching corpus: 3119, signal 142054/156497 (executing program) 2025/08/29 09:46:31 fetching corpus: 3169, signal 142859/156872 (executing program) 2025/08/29 09:46:31 fetching corpus: 3218, signal 143483/157241 (executing program) 2025/08/29 09:46:31 fetching corpus: 3268, signal 143964/157552 (executing program) 2025/08/29 09:46:32 fetching corpus: 3317, signal 144521/157837 (executing program) 2025/08/29 09:46:32 fetching corpus: 3367, signal 145066/158110 (executing program) 2025/08/29 09:46:32 fetching corpus: 3417, signal 145599/158386 (executing program) 2025/08/29 09:46:32 fetching corpus: 3467, signal 146241/158668 (executing program) 2025/08/29 09:46:32 fetching corpus: 3517, signal 146604/158877 (executing program) 2025/08/29 09:46:32 fetching corpus: 3567, signal 147059/159123 (executing program) 2025/08/29 09:46:32 fetching corpus: 3615, signal 147638/159332 (executing program) 2025/08/29 09:46:32 fetching corpus: 3664, signal 148193/159543 (executing program) 2025/08/29 09:46:32 fetching corpus: 3714, signal 148728/159710 (executing program) 2025/08/29 09:46:32 fetching corpus: 3764, signal 149175/159852 (executing program) 2025/08/29 09:46:33 fetching corpus: 3814, signal 149730/159907 (executing program) 2025/08/29 09:46:33 fetching corpus: 3863, signal 150092/161354 (executing program) 2025/08/29 09:46:33 fetching corpus: 3913, signal 150716/161355 (executing program) 2025/08/29 09:46:33 fetching corpus: 3963, signal 151474/161385 (executing program) 2025/08/29 09:46:33 fetching corpus: 4013, signal 151979/161403 (executing program) 2025/08/29 09:46:33 fetching corpus: 4063, signal 152494/161403 (executing program) 2025/08/29 09:46:33 fetching corpus: 4112, signal 152857/161406 (executing program) 2025/08/29 09:46:33 fetching corpus: 4162, signal 153346/161416 (executing program) 2025/08/29 09:46:33 fetching corpus: 4212, signal 153942/161427 (executing program) 2025/08/29 09:46:33 fetching corpus: 4262, signal 154649/161429 (executing program) 2025/08/29 09:46:33 fetching corpus: 4310, signal 156487/161433 (executing program) 2025/08/29 09:46:34 fetching corpus: 4360, signal 156840/161441 (executing program) 2025/08/29 09:46:34 fetching corpus: 4410, signal 157510/161532 (executing program) 2025/08/29 09:46:34 fetching corpus: 4460, signal 157907/161596 (executing program) 2025/08/29 09:46:34 fetching corpus: 4510, signal 158696/161619 (executing program) 2025/08/29 09:46:34 fetching corpus: 4558, signal 159231/161652 (executing program) 2025/08/29 09:46:34 fetching corpus: 4597, signal 159477/161660 (executing program) 2025/08/29 09:46:34 fetching corpus: 4598, signal 159480/161753 (executing program) 2025/08/29 09:46:34 fetching corpus: 4598, signal 159480/161753 (executing program) 2025/08/29 09:46:36 starting 8 fuzzer processes 09:46:36 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) 09:46:36 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00') utimensat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x100) 09:46:36 executing program 1: msgrcv(0x0, 0x0, 0x0, 0x8000000000000000, 0x0) 09:46:36 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0xffffffffffffff42, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x539401, 0x0) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000200)="f6", 0x1}], 0x1) 09:46:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x4, r3}]}]}, 0x20}}, 0x0) [ 75.158492] audit: type=1400 audit(1756460796.892:7): avc: denied { execmem } for pid=275 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:46:36 executing program 4: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) acct(&(0x7f0000000100)='./file0\x00') 09:46:36 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)={[{@nr_inodes={'nr_inodes', 0x3d, [0x32]}}]}) creat(&(0x7f0000000240)='./file0/file0\x00', 0x0) 09:46:36 executing program 6: setrlimit(0x0, &(0x7f0000000100)) [ 76.346636] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.348715] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.355093] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.360011] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.365441] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.537425] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.540489] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.543576] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.548233] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.550461] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.616459] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.620750] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.622561] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.629149] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.631702] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.634402] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.637094] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.640333] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.650235] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.657214] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.663596] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.668979] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 76.671483] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 76.674300] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.674397] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 76.682384] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 76.683850] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 76.687321] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 76.691207] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 76.693137] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.693171] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 76.696078] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 76.697267] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.699359] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 76.712045] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.729853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.744116] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.749417] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.758325] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 76.760326] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.441377] Bluetooth: hci0: command tx timeout [ 78.568916] Bluetooth: hci1: command tx timeout [ 78.696892] Bluetooth: hci2: command tx timeout [ 78.764094] Bluetooth: hci3: command tx timeout [ 78.764859] Bluetooth: hci7: command tx timeout [ 78.765171] Bluetooth: hci6: command tx timeout [ 78.824904] Bluetooth: hci4: command tx timeout [ 78.824997] Bluetooth: hci5: command tx timeout [ 80.488887] Bluetooth: hci0: command tx timeout [ 80.617113] Bluetooth: hci1: command tx timeout [ 80.744879] Bluetooth: hci2: command tx timeout [ 80.809084] Bluetooth: hci6: command tx timeout [ 80.809685] Bluetooth: hci7: command tx timeout [ 80.810898] Bluetooth: hci3: command tx timeout [ 80.872842] Bluetooth: hci5: command tx timeout [ 80.873288] Bluetooth: hci4: command tx timeout [ 82.538083] Bluetooth: hci0: command tx timeout [ 82.667836] Bluetooth: hci1: command tx timeout [ 82.792935] Bluetooth: hci2: command tx timeout [ 82.856917] Bluetooth: hci3: command tx timeout [ 82.857634] Bluetooth: hci7: command tx timeout [ 82.858479] Bluetooth: hci6: command tx timeout [ 82.920907] Bluetooth: hci4: command tx timeout [ 82.921643] Bluetooth: hci5: command tx timeout [ 84.584834] Bluetooth: hci0: command tx timeout [ 84.713894] Bluetooth: hci1: command tx timeout [ 84.842966] Bluetooth: hci2: command tx timeout [ 84.905920] Bluetooth: hci6: command tx timeout [ 84.906345] Bluetooth: hci7: command tx timeout [ 84.906721] Bluetooth: hci3: command tx timeout [ 84.969846] Bluetooth: hci5: command tx timeout [ 84.970269] Bluetooth: hci4: command tx timeout [ 120.217221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.217970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.422846] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.423462] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:47:22 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)={[{@nr_inodes={'nr_inodes', 0x3d, [0x32]}}]}) creat(&(0x7f0000000240)='./file0/file0\x00', 0x0) 09:47:22 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)={[{@nr_inodes={'nr_inodes', 0x3d, [0x32]}}]}) creat(&(0x7f0000000240)='./file0/file0\x00', 0x0) 09:47:23 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)={[{@nr_inodes={'nr_inodes', 0x3d, [0x32]}}]}) creat(&(0x7f0000000240)='./file0/file0\x00', 0x0) [ 121.419680] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.420351] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:47:23 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000140)=""/121, 0x79, 0x0) lseek(r0, 0x0, 0x0) 09:47:23 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000140)=""/121, 0x79, 0x0) lseek(r0, 0x0, 0x0) [ 121.762610] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.763607] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:47:23 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000140)=""/121, 0x79, 0x0) lseek(r0, 0x0, 0x0) [ 121.772834] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.773484] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:47:23 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000140)=""/121, 0x79, 0x0) lseek(r0, 0x0, 0x0) [ 121.920301] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.920945] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:47:23 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000140)=""/121, 0x79, 0x0) lseek(r0, 0x0, 0x0) [ 122.068495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.069690] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.091433] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.093361] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.104383] audit: type=1326 audit(1756460843.838:8): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3889 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f98c6bd2b19 code=0x0 [ 122.139088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.139664] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.189332] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.190535] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.211094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.211703] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.272641] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.273672] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.311514] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.312248] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.358474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.359204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.427582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.428326] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.476271] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.477035] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.614430] Process accounting resumed [ 122.625520] audit: type=1400 audit(1756460844.358:9): avc: denied { open } for pid=3908 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.627685] audit: type=1400 audit(1756460844.358:10): avc: denied { kernel } for pid=3908 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.646737] Process accounting resumed [ 122.934046] audit: type=1326 audit(1756460844.667:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3889 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f98c6bd2b19 code=0x0 09:47:24 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) 09:47:24 executing program 6: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000140)=""/121, 0x79, 0x0) lseek(r0, 0x0, 0x0) 09:47:24 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x4, r3}]}]}, 0x20}}, 0x0) 09:47:24 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000140)=""/121, 0x79, 0x0) lseek(r0, 0x0, 0x0) 09:47:24 executing program 1: msgrcv(0x0, 0x0, 0x0, 0x8000000000000000, 0x0) 09:47:24 executing program 4: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) acct(&(0x7f0000000100)='./file0\x00') 09:47:24 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0xffffffffffffff42, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x539401, 0x0) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000200)="f6", 0x1}], 0x1) 09:47:24 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00') utimensat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x100) [ 123.090728] Process accounting resumed [ 123.091968] audit: type=1326 audit(1756460844.826:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3929 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f98c6bd2b19 code=0x0 09:47:25 executing program 6: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000140)=""/121, 0x79, 0x0) lseek(r0, 0x0, 0x0) 09:47:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x4, r3}]}]}, 0x20}}, 0x0) 09:47:25 executing program 1: msgrcv(0x0, 0x0, 0x0, 0x8000000000000000, 0x0) 09:47:25 executing program 4: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) acct(&(0x7f0000000100)='./file0\x00') 09:47:25 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000140)=""/121, 0x79, 0x0) lseek(r0, 0x0, 0x0) 09:47:25 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0xffffffffffffff42, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x539401, 0x0) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000200)="f6", 0x1}], 0x1) 09:47:25 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) 09:47:25 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00') utimensat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x100) [ 123.980036] audit: type=1326 audit(1756460845.712:13): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3934 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f98c6bd2b19 code=0x0 09:47:25 executing program 1: msgrcv(0x0, 0x0, 0x0, 0x8000000000000000, 0x0) 09:47:25 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00') utimensat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x100) [ 124.054828] kmemleak: Found object by alias at 0x607f1a6399a4 [ 124.054849] CPU: 0 UID: 0 PID: 3937 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 124.054867] Tainted: [W]=WARN [ 124.054870] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.054878] Call Trace: [ 124.054882] [ 124.054887] dump_stack_lvl+0xca/0x120 [ 124.054911] __lookup_object+0x94/0xb0 [ 124.054928] delete_object_full+0x27/0x70 [ 124.054943] free_percpu+0x30/0x1160 [ 124.054959] ? arch_uprobe_clear_state+0x16/0x140 [ 124.054979] futex_hash_free+0x38/0xc0 [ 124.054993] mmput+0x2d3/0x390 [ 124.055011] do_exit+0x79d/0x2970 [ 124.055024] ? signal_wake_up_state+0x85/0x120 [ 124.055039] ? zap_other_threads+0x2b9/0x3a0 [ 124.055055] ? __pfx_do_exit+0x10/0x10 [ 124.055069] ? do_group_exit+0x1c3/0x2a0 [ 124.055088] ? lock_release+0xc8/0x290 [ 124.055109] do_group_exit+0xd3/0x2a0 [ 124.055123] __x64_sys_exit_group+0x3e/0x50 [ 124.055137] x64_sys_call+0x18c5/0x18d0 [ 124.055152] do_syscall_64+0xbf/0x360 [ 124.055163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.055174] RIP: 0033:0x7fb7f75dbb19 [ 124.055183] Code: Unable to access opcode bytes at 0x7fb7f75dbaef. [ 124.055188] RSP: 002b:00007ffd526ecb58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 124.055199] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fb7f75dbb19 [ 124.055207] RDX: 00007fb7f758e72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 124.055214] RBP: 0000000000000000 R08: 0000001b2d22b648 R09: 0000000000000000 [ 124.055220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.055227] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd526ecc40 [ 124.055242] [ 124.055246] kmemleak: Object (percpu) 0x607f1a6399a0 (size 8): [ 124.055252] kmemleak: comm "syz-executor.4", pid 3945, jiffies 4294790927 [ 124.055259] kmemleak: min_count = 1 [ 124.055263] kmemleak: count = 0 [ 124.055267] kmemleak: flags = 0x21 [ 124.055270] kmemleak: checksum = 0 [ 124.055274] kmemleak: backtrace: [ 124.055277] pcpu_alloc_noprof+0x87a/0x1170 [ 124.055292] alloc_vfsmnt+0x135/0x6e0 [ 124.055305] clone_mnt+0x6c/0xb70 [ 124.055319] mnt_clone_internal+0x60/0xf0 [ 124.055329] acct_on+0x207/0x870 [ 124.055341] __x64_sys_acct+0xb1/0x220 [ 124.055354] do_syscall_64+0xbf/0x360 [ 124.055362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.074039] kmemleak: Found object by alias at 0x607f1a63954c [ 124.074061] CPU: 1 UID: 0 PID: 3939 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 124.074085] Tainted: [W]=WARN [ 124.074091] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.074100] Call Trace: [ 124.074105] [ 124.074111] dump_stack_lvl+0xca/0x120 [ 124.074146] __lookup_object+0x94/0xb0 [ 124.074169] delete_object_full+0x27/0x70 [ 124.074190] free_percpu+0x30/0x1160 [ 124.074212] ? arch_uprobe_clear_state+0x16/0x140 [ 124.074238] futex_hash_free+0x38/0xc0 [ 124.074257] mmput+0x2d3/0x390 [ 124.074282] do_exit+0x79d/0x2970 [ 124.074300] ? signal_wake_up_state+0x85/0x120 [ 124.074322] ? zap_other_threads+0x2b9/0x3a0 [ 124.074342] ? __pfx_do_exit+0x10/0x10 [ 124.074359] ? do_group_exit+0x1c3/0x2a0 [ 124.074377] ? lock_release+0xc8/0x290 [ 124.074399] do_group_exit+0xd3/0x2a0 [ 124.074419] __x64_sys_exit_group+0x3e/0x50 [ 124.074437] x64_sys_call+0x18c5/0x18d0 [ 124.074457] do_syscall_64+0xbf/0x360 [ 124.074473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.074489] RIP: 0033:0x7fa178c09b19 [ 124.074500] Code: Unable to access opcode bytes at 0x7fa178c09aef. [ 124.074507] RSP: 002b:00007ffd4f4da198 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 124.074522] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fa178c09b19 [ 124.074532] RDX: 00007fa178bbc72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 124.074542] RBP: 0000000000000000 R08: 0000001b2d821d50 R09: 0000000000000000 [ 124.074551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.074560] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd4f4da280 [ 124.074580] [ 124.074585] kmemleak: Object (percpu) 0x607f1a639548 (size 8): [ 124.074594] kmemleak: comm "syz-executor.7", pid 3942, jiffies 4294790917 [ 124.074603] kmemleak: min_count = 1 [ 124.074608] kmemleak: count = 0 [ 124.074613] kmemleak: flags = 0x21 [ 124.074618] kmemleak: checksum = 0 [ 124.074623] kmemleak: backtrace: [ 124.074627] pcpu_alloc_noprof+0x87a/0x1170 [ 124.074647] alloc_vfsmnt+0x135/0x6e0 [ 124.074664] vfs_create_mount.part.0+0x40/0x440 [ 124.074684] path_mount+0x1637/0x1dd0 [ 124.074700] __x64_sys_mount+0x27b/0x300 [ 124.074714] do_syscall_64+0xbf/0x360 [ 124.074725] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:47:25 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0xffffffffffffff42, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x539401, 0x0) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000200)="f6", 0x1}], 0x1) [ 124.123117] Process accounting resumed [ 124.214210] ------------[ cut here ]------------ [ 124.214728] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#1: syz-executor.7/285 [ 124.215672] Modules linked in: [ 124.216119] CPU: 1 UID: 0 PID: 285 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 124.218777] Tainted: [W]=WARN [ 124.219639] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.221420] RIP: 0010:cleanup_mnt+0x33f/0x430 [ 124.222863] Code: c7 a0 45 d1 85 e8 01 7c fa 02 49 8d 7d 40 5b 48 c7 c6 10 e2 be 81 5d 41 5c 41 5d 41 5e 41 5f e9 57 b3 9c ff e8 82 46 b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 74 46 b4 ff 4c 89 ef e8 6c d7 06 00 e9 [ 124.227056] RSP: 0018:ffff88801a3f7e20 EFLAGS: 00010293 [ 124.227609] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81bf9de5 [ 124.228367] RDX: ffff88800a649b80 RSI: ffffffff81bfa0fe RDI: 0000000000000005 [ 124.229132] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 124.229882] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800a64a458 [ 124.230603] R13: ffff888009d2f340 R14: 0000000000000001 R15: ffff888009d2f380 [ 124.231365] FS: 0000555575f5e400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 124.232383] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.233134] CR2: 0000555575f67c58 CR3: 000000003df11000 CR4: 0000000000350ef0 [ 124.233881] Call Trace: [ 124.234152] [ 124.234391] task_work_run+0x172/0x280 [ 124.234836] ? __pfx_task_work_run+0x10/0x10 [ 124.235309] ? __x64_sys_umount+0x114/0x190 [ 124.235753] ? __pfx___x64_sys_umount+0x10/0x10 [ 124.236280] exit_to_user_mode_loop+0xef/0x110 [ 124.236757] do_syscall_64+0x2f7/0x360 [ 124.237190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.237718] RIP: 0033:0x7fb7f75dcf87 [ 124.238134] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.239999] RSP: 002b:00007ffd526eba78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 124.240777] RAX: 0000000000000000 RBX: 000000000000000a RCX: 00007fb7f75dcf87 [ 124.241537] RDX: 00007ffd526ebb49 RSI: 000000000000000a RDI: 00007ffd526ebb40 [ 124.244316] RBP: 00007ffd526ebb40 R08: 00000000ffffffff R09: 00007ffd526eb910 [ 124.246722] R10: 0000555575f5fc7b R11: 0000000000000246 R12: 00007fb7f7635105 [ 124.247497] R13: 00007ffd526ecc00 R14: 0000555575f5fc20 R15: 00007ffd526ecc40 [ 124.248272] [ 124.248522] irq event stamp: 160817 [ 124.248937] hardirqs last enabled at (160827): [] __up_console_sem+0x78/0x80 [ 124.249848] hardirqs last disabled at (160836): [] __up_console_sem+0x5d/0x80 [ 124.250723] softirqs last enabled at (160786): [] handle_softirqs+0x50c/0x770 [ 124.251641] softirqs last disabled at (160393): [] __irq_exit_rcu+0xc4/0x100 [ 124.252578] ---[ end trace 0000000000000000 ]--- 09:47:26 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) 09:47:26 executing program 4: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) acct(&(0x7f0000000100)='./file0\x00') 09:47:26 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) 09:47:26 executing program 6: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000140)=""/121, 0x79, 0x0) lseek(r0, 0x0, 0x0) 09:47:26 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0xffffffffffffff42, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x539401, 0x0) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000200)="f6", 0x1}], 0x1) 09:47:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x4, r3}]}]}, 0x20}}, 0x0) 09:47:26 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x4, r3}]}]}, 0x20}}, 0x0) 09:47:26 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x42c82, 0x0) dup2(r0, r1) [ 124.895527] Process accounting resumed [ 124.896051] audit: type=1326 audit(1756460846.629:14): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3956 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f057484eb19 code=0x0 09:47:26 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, &(0x7f0000001100)) [ 124.939161] audit: type=1326 audit(1756460846.672:15): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3968 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f98c6bd2b19 code=0x0 09:47:26 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0xffffffffffffff42, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x539401, 0x0) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000200)="f6", 0x1}], 0x1) 09:47:26 executing program 4: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x7) ftruncate(r0, 0x5) [ 124.975645] kmemleak: Found object by alias at 0x607f1a639548 [ 124.975671] CPU: 1 UID: 0 PID: 3953 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 124.975701] Tainted: [W]=WARN [ 124.975707] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.975718] Call Trace: [ 124.975724] [ 124.975731] dump_stack_lvl+0xca/0x120 [ 124.975770] __lookup_object+0x94/0xb0 [ 124.975803] delete_object_full+0x27/0x70 [ 124.975829] free_percpu+0x30/0x1160 [ 124.975855] ? arch_uprobe_clear_state+0x16/0x140 [ 124.975886] futex_hash_free+0x38/0xc0 [ 124.975909] mmput+0x2d3/0x390 [ 124.975938] do_exit+0x79d/0x2970 [ 124.975960] ? signal_wake_up_state+0x85/0x120 [ 124.975985] ? zap_other_threads+0x2b9/0x3a0 [ 124.976010] ? __pfx_do_exit+0x10/0x10 [ 124.976031] ? do_group_exit+0x1c3/0x2a0 [ 124.976053] ? lock_release+0xc8/0x290 [ 124.976079] do_group_exit+0xd3/0x2a0 [ 124.976103] __x64_sys_exit_group+0x3e/0x50 [ 124.976125] x64_sys_call+0x18c5/0x18d0 [ 124.976162] do_syscall_64+0xbf/0x360 [ 124.976180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.976199] RIP: 0033:0x7f6952641b19 [ 124.976213] Code: Unable to access opcode bytes at 0x7f6952641aef. [ 124.976222] RSP: 002b:00007ffc46836018 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 124.976240] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f6952641b19 [ 124.976252] RDX: 00007f69525f472b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 124.976264] RBP: 0000000000000000 R08: 00007f6952759b18 R09: 0000000000000001 [ 124.976275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.976286] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffc46836100 [ 124.976311] [ 124.976317] kmemleak: Object (percpu) 0x607f1a639544 (size 8): [ 124.976328] kmemleak: comm "syz-executor.4", pid 3959, jiffies 4294791772 [ 124.976339] kmemleak: min_count = 1 [ 124.976345] kmemleak: count = 0 [ 124.976351] kmemleak: flags = 0x21 [ 124.976357] kmemleak: checksum = 0 [ 124.976364] kmemleak: backtrace: [ 124.976369] pcpu_alloc_noprof+0x87a/0x1170 [ 124.976393] alloc_vfsmnt+0x135/0x6e0 [ 124.976414] clone_mnt+0x6c/0xb70 [ 124.976437] mnt_clone_internal+0x60/0xf0 [ 124.976453] acct_on+0x207/0x870 [ 124.976473] __x64_sys_acct+0xb1/0x220 [ 124.976494] do_syscall_64+0xbf/0x360 [ 124.976507] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:47:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x4, r3}]}]}, 0x20}}, 0x0) 09:47:26 executing program 4: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x7) ftruncate(r0, 0x5) 09:47:26 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0xffffffffffffff42, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x539401, 0x0) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000200)="f6", 0x1}], 0x1) 09:47:26 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x42c82, 0x0) dup2(r0, r1) 09:47:26 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r0, 0x0, 0x4, &(0x7f0000000000), 0x4) [ 125.108195] kmemleak: Found object by alias at 0x607f1a6399a4 [ 125.108222] CPU: 1 UID: 0 PID: 3978 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 125.108251] Tainted: [W]=WARN [ 125.108257] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.108268] Call Trace: [ 125.108274] [ 125.108282] dump_stack_lvl+0xca/0x120 [ 125.108320] __lookup_object+0x94/0xb0 [ 125.108347] delete_object_full+0x27/0x70 [ 125.108372] free_percpu+0x30/0x1160 [ 125.108397] ? arch_uprobe_clear_state+0x16/0x140 [ 125.108428] futex_hash_free+0x38/0xc0 [ 125.108451] mmput+0x2d3/0x390 [ 125.108480] do_exit+0x79d/0x2970 [ 125.108502] ? lock_release+0xc8/0x290 [ 125.108528] ? __pfx_do_exit+0x10/0x10 [ 125.108550] ? find_held_lock+0x2b/0x80 [ 125.108583] ? get_signal+0x835/0x2340 [ 125.108615] do_group_exit+0xd3/0x2a0 [ 125.108638] get_signal+0x2315/0x2340 [ 125.108666] ? __fget_files+0x203/0x3b0 [ 125.108690] ? __pfx_get_signal+0x10/0x10 [ 125.108716] ? do_futex+0x135/0x370 [ 125.108738] ? __pfx_do_futex+0x10/0x10 [ 125.108762] arch_do_signal_or_restart+0x80/0x790 [ 125.108789] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 125.108815] ? __x64_sys_futex+0x1c9/0x4d0 [ 125.108835] ? __x64_sys_futex+0x1d2/0x4d0 [ 125.108859] ? __pfx___x64_sys_futex+0x10/0x10 [ 125.108888] exit_to_user_mode_loop+0x8b/0x110 [ 125.108909] do_syscall_64+0x2f7/0x360 [ 125.108927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.108947] RIP: 0033:0x7fb7f75dbb19 [ 125.108961] Code: Unable to access opcode bytes at 0x7fb7f75dbaef. [ 125.108969] RSP: 002b:00007fb7f4b51218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.108986] RAX: fffffffffffffe00 RBX: 00007fb7f76eef68 RCX: 00007fb7f75dbb19 [ 125.108999] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb7f76eef68 [ 125.109010] RBP: 00007fb7f76eef60 R08: 0000000000000000 R09: 0000000000000000 [ 125.109022] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb7f76eef6c [ 125.109033] R13: 00007ffd526ec92f R14: 00007fb7f4b51300 R15: 0000000000022000 [ 125.109058] [ 125.109064] kmemleak: Object (percpu) 0x607f1a6399a0 (size 8): [ 125.109075] kmemleak: comm "syz-executor.3", pid 3984, jiffies 4294791998 [ 125.109086] kmemleak: min_count = 1 [ 125.109092] kmemleak: count = 0 [ 125.109098] kmemleak: flags = 0x21 [ 125.109104] kmemleak: checksum = 0 [ 125.109110] kmemleak: backtrace: [ 125.109115] pcpu_alloc_noprof+0x87a/0x1170 [ 125.109139] perf_trace_event_init+0x366/0xa10 [ 125.109160] perf_trace_init+0x1a4/0x2f0 [ 125.109179] perf_tp_event_init+0xa6/0x120 [ 125.109203] perf_try_init_event+0x140/0x9f0 [ 125.109223] perf_event_alloc.part.0+0x118e/0x45f0 [ 125.109249] __do_sys_perf_event_open+0x719/0x2c20 [ 125.109270] do_syscall_64+0xbf/0x360 [ 125.109284] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:47:27 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, &(0x7f0000001100)) 09:47:27 executing program 4: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x7) ftruncate(r0, 0x5) 09:47:27 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x4, r3}]}]}, 0x20}}, 0x0) 09:47:27 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x42c82, 0x0) dup2(r0, r1) 09:47:27 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r0, 0x0, 0x4, &(0x7f0000000000), 0x4) 09:47:27 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) 09:47:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)={0x44, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_HEADER={0x4}, @ETHTOOL_A_WOL_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @ETHTOOL_A_WOL_MODES={0x14, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xd, 0x4, "48d203e7a5451c196e"}]}]}, 0x44}}, 0x0) 09:47:27 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=@newsa={0x104, 0x10, 0x1, 0x0, 0x0, {{@in6=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {@in=@dev, 0x0, 0x3c}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0x2}, [@coaddr={0x14, 0xe, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}}]}, 0x104}}, 0x0) [ 125.815484] audit: type=1326 audit(1756460847.548:16): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3989 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f057484eb19 code=0x0 [ 125.863304] kmemleak: Found object by alias at 0x607f1a63954c [ 125.863323] CPU: 0 UID: 0 PID: 3997 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 125.863341] Tainted: [W]=WARN [ 125.863345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.863352] Call Trace: [ 125.863356] [ 125.863360] dump_stack_lvl+0xca/0x120 [ 125.863385] __lookup_object+0x94/0xb0 [ 125.863402] delete_object_full+0x27/0x70 [ 125.863417] free_percpu+0x30/0x1160 [ 125.863434] ? arch_uprobe_clear_state+0x16/0x140 [ 125.863453] futex_hash_free+0x38/0xc0 [ 125.863467] mmput+0x2d3/0x390 [ 125.863485] do_exit+0x79d/0x2970 [ 125.863499] ? signal_wake_up_state+0x85/0x120 [ 125.863514] ? zap_other_threads+0x2b9/0x3a0 [ 125.863529] ? __pfx_do_exit+0x10/0x10 [ 125.863542] ? do_group_exit+0x1c3/0x2a0 [ 125.863555] ? lock_release+0xc8/0x290 [ 125.863571] do_group_exit+0xd3/0x2a0 [ 125.863586] __x64_sys_exit_group+0x3e/0x50 [ 125.863599] x64_sys_call+0x18c5/0x18d0 [ 125.863614] do_syscall_64+0xbf/0x360 [ 125.863626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.863636] RIP: 0033:0x7fa178c09b19 [ 125.863649] Code: Unable to access opcode bytes at 0x7fa178c09aef. [ 125.863654] RSP: 002b:00007ffd4f4da198 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 125.863665] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fa178c09b19 [ 125.863673] RDX: 00007fa178bbc72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 125.863680] RBP: 0000000000000000 R08: 0000001b2d824390 R09: 0000000000000000 [ 125.863686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.863693] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd4f4da280 [ 125.863708] [ 125.863711] kmemleak: Object (percpu) 0x607f1a639548 (size 8): [ 125.863718] kmemleak: comm "syz-executor.1", pid 4000, jiffies 4294792751 [ 125.863725] kmemleak: min_count = 1 [ 125.863728] kmemleak: count = 0 [ 125.863732] kmemleak: flags = 0x21 [ 125.863735] kmemleak: checksum = 0 [ 125.863739] kmemleak: backtrace: [ 125.863742] pcpu_alloc_noprof+0x87a/0x1170 [ 125.863757] perf_trace_event_init+0x366/0xa10 [ 125.863770] perf_trace_init+0x1a4/0x2f0 [ 125.863781] perf_tp_event_init+0xa6/0x120 [ 125.863796] perf_try_init_event+0x140/0x9f0 [ 125.863809] perf_event_alloc.part.0+0x118e/0x45f0 [ 125.863824] __do_sys_perf_event_open+0x719/0x2c20 [ 125.863837] do_syscall_64+0xbf/0x360 [ 125.863845] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:47:27 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r0, 0x0, 0x4, &(0x7f0000000000), 0x4) 09:47:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)={0x44, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_HEADER={0x4}, @ETHTOOL_A_WOL_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @ETHTOOL_A_WOL_MODES={0x14, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xd, 0x4, "48d203e7a5451c196e"}]}]}, 0x44}}, 0x0) 09:47:27 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=@newsa={0x104, 0x10, 0x1, 0x0, 0x0, {{@in6=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {@in=@dev, 0x0, 0x3c}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0x2}, [@coaddr={0x14, 0xe, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}}]}, 0x104}}, 0x0) 09:47:27 executing program 4: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x7) ftruncate(r0, 0x5) 09:47:27 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0) 09:47:27 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, &(0x7f0000001100)) 09:47:27 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x42c82, 0x0) dup2(r0, r1) 09:47:27 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r0, 0x0, 0x4, &(0x7f0000000000), 0x4) 09:47:27 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=@newsa={0x104, 0x10, 0x1, 0x0, 0x0, {{@in6=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {@in=@dev, 0x0, 0x3c}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0x2}, [@coaddr={0x14, 0xe, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}}]}, 0x104}}, 0x0) 09:47:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)={0x44, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_HEADER={0x4}, @ETHTOOL_A_WOL_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @ETHTOOL_A_WOL_MODES={0x14, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xd, 0x4, "48d203e7a5451c196e"}]}]}, 0x44}}, 0x0) 09:47:28 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, &(0x7f0000001100)) 09:47:28 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20}, {0x6}]}) flistxattr(0xffffffffffffffff, 0x0, 0x0) 09:47:28 executing program 3: delete_module(0x0, 0x0) 09:47:28 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80284504, 0x0) 09:47:28 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=@newsa={0x104, 0x10, 0x1, 0x0, 0x0, {{@in6=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {@in=@dev, 0x0, 0x3c}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0x2}, [@coaddr={0x14, 0xe, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}}]}, 0x104}}, 0x0) 09:47:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)={0x44, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_HEADER={0x4}, @ETHTOOL_A_WOL_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @ETHTOOL_A_WOL_MODES={0x14, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xd, 0x4, "48d203e7a5451c196e"}]}]}, 0x44}}, 0x0) 09:47:28 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0) 09:47:28 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0) 09:47:28 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0) [ 126.725092] audit: type=1326 audit(1756460848.456:17): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4034 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f057484eb19 code=0x0 09:47:28 executing program 3: delete_module(0x0, 0x0) 09:47:28 executing program 6: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}}], 0x80000, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 09:47:28 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80284504, 0x0) 09:47:28 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0) 09:47:28 executing program 3: delete_module(0x0, 0x0) 09:47:29 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80284504, 0x0) 09:47:29 executing program 0: prlimit64(0x0, 0xa540b6410adebd81, 0x0, 0x0) 09:47:29 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0) 09:47:29 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0) 09:47:29 executing program 2: io_uring_setup(0x6aff, &(0x7f0000000140)) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x12, 0x0, 0x0) 09:47:29 executing program 3: delete_module(0x0, 0x0) 09:47:29 executing program 6: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}}], 0x80000, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 09:47:29 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}}], 0x80000, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 09:47:29 executing program 0: prlimit64(0x0, 0xa540b6410adebd81, 0x0, 0x0) 09:47:29 executing program 2: io_uring_setup(0x6aff, &(0x7f0000000140)) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x12, 0x0, 0x0) 09:47:29 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f0000000340)={"9aa04bb5181700d0f7d4c0ae", &(0x7f0000000240)='`', 0x20000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}) 09:47:29 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:29 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x7}) 09:47:29 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80284504, 0x0) 09:47:29 executing program 0: prlimit64(0x0, 0xa540b6410adebd81, 0x0, 0x0) 09:47:29 executing program 2: io_uring_setup(0x6aff, &(0x7f0000000140)) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x12, 0x0, 0x0) [ 127.720553] kmemleak: Found object by alias at 0x607f1a6399a4 [ 127.720576] CPU: 0 UID: 0 PID: 4076 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 127.720594] Tainted: [W]=WARN [ 127.720598] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.720605] Call Trace: [ 127.720609] [ 127.720614] dump_stack_lvl+0xca/0x120 [ 127.720639] __lookup_object+0x94/0xb0 [ 127.720656] delete_object_full+0x27/0x70 [ 127.720672] free_percpu+0x30/0x1160 [ 127.720689] ? arch_uprobe_clear_state+0x16/0x140 [ 127.720709] futex_hash_free+0x38/0xc0 [ 127.720723] mmput+0x2d3/0x390 [ 127.720741] do_exit+0x79d/0x2970 [ 127.720755] ? signal_wake_up_state+0x85/0x120 [ 127.720771] ? zap_other_threads+0x2b9/0x3a0 [ 127.720790] ? __pfx_do_exit+0x10/0x10 [ 127.720803] ? do_group_exit+0x1c3/0x2a0 [ 127.720816] ? lock_release+0xc8/0x290 [ 127.720834] do_group_exit+0xd3/0x2a0 [ 127.720849] __x64_sys_exit_group+0x3e/0x50 [ 127.720862] x64_sys_call+0x18c5/0x18d0 [ 127.720877] do_syscall_64+0xbf/0x360 [ 127.720889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.720900] RIP: 0033:0x7fb7f75dbb19 [ 127.720909] Code: Unable to access opcode bytes at 0x7fb7f75dbaef. [ 127.720914] RSP: 002b:00007ffd526ecb58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 127.720925] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fb7f75dbb19 [ 127.720932] RDX: 00007fb7f758e72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 127.720939] RBP: 0000000000000000 R08: 00007fb7f76f3ad0 R09: 0000000000000001 [ 127.720946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.720953] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffd526ecc40 [ 127.720970] [ 127.720973] kmemleak: Object (percpu) 0x607f1a6399a0 (size 8): [ 127.720980] kmemleak: comm "syz-executor.1", pid 4081, jiffies 4294794582 [ 127.720987] kmemleak: min_count = 1 [ 127.720990] kmemleak: count = 0 [ 127.720994] kmemleak: flags = 0x21 [ 127.720998] kmemleak: checksum = 0 [ 127.721001] kmemleak: backtrace: [ 127.721004] pcpu_alloc_noprof+0x87a/0x1170 [ 127.721019] percpu_ref_init+0x37/0x400 [ 127.721037] io_uring_setup+0x44c/0x2000 [ 127.721048] __x64_sys_io_uring_setup+0xc8/0x170 [ 127.721059] do_syscall_64+0xbf/0x360 [ 127.721067] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:47:30 executing program 6: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}}], 0x80000, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 09:47:30 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x7}) 09:47:30 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:30 executing program 2: io_uring_setup(0x6aff, &(0x7f0000000140)) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x12, 0x0, 0x0) 09:47:30 executing program 0: prlimit64(0x0, 0xa540b6410adebd81, 0x0, 0x0) 09:47:30 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f0000000340)={"9aa04bb5181700d0f7d4c0ae", &(0x7f0000000240)='`', 0x20000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}) 09:47:30 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}}], 0x80000, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 09:47:30 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) [ 128.638337] kmemleak: Found object by alias at 0x607f1a6399a4 [ 128.638358] CPU: 1 UID: 0 PID: 4097 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 128.638376] Tainted: [W]=WARN [ 128.638380] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.638387] Call Trace: [ 128.638391] [ 128.638396] dump_stack_lvl+0xca/0x120 [ 128.638423] __lookup_object+0x94/0xb0 [ 128.638441] delete_object_full+0x27/0x70 [ 128.638457] free_percpu+0x30/0x1160 [ 128.638473] ? arch_uprobe_clear_state+0x16/0x140 [ 128.638493] futex_hash_free+0x38/0xc0 [ 128.638507] mmput+0x2d3/0x390 [ 128.638526] do_exit+0x79d/0x2970 [ 128.638544] ? __pfx_do_exit+0x10/0x10 [ 128.638558] ? find_held_lock+0x2b/0x80 [ 128.638576] ? get_signal+0x835/0x2340 [ 128.638596] do_group_exit+0xd3/0x2a0 [ 128.638611] get_signal+0x2315/0x2340 [ 128.638633] ? __pfx_get_signal+0x10/0x10 [ 128.638650] ? do_futex+0x135/0x370 [ 128.638663] ? __pfx_do_futex+0x10/0x10 [ 128.638675] ? trace_contention_begin+0x3c/0x140 [ 128.638693] arch_do_signal_or_restart+0x80/0x790 [ 128.638711] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 128.638727] ? __x64_sys_futex+0x1c9/0x4d0 [ 128.638739] ? __x64_sys_futex+0x1d2/0x4d0 [ 128.638754] ? __pfx___x64_sys_futex+0x10/0x10 [ 128.638767] ? selinux_file_ioctl+0xb9/0x280 [ 128.638793] exit_to_user_mode_loop+0x8b/0x110 [ 128.638806] do_syscall_64+0x2f7/0x360 [ 128.638818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.638830] RIP: 0033:0x7fb7f75dbb19 [ 128.638839] Code: Unable to access opcode bytes at 0x7fb7f75dbaef. [ 128.638844] RSP: 002b:00007fb7f4b51218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 128.638855] RAX: fffffffffffffe00 RBX: 00007fb7f76eef68 RCX: 00007fb7f75dbb19 [ 128.638863] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb7f76eef68 [ 128.638870] RBP: 00007fb7f76eef60 R08: 0000000000000000 R09: 0000000000000000 [ 128.638877] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb7f76eef6c [ 128.638884] R13: 00007ffd526ec92f R14: 00007fb7f4b51300 R15: 0000000000022000 [ 128.638899] [ 128.638903] kmemleak: Object (percpu) 0x607f1a6399a0 (size 8): [ 128.638910] kmemleak: comm "syz-executor.1", pid 4107, jiffies 4294795528 [ 128.638917] kmemleak: min_count = 1 [ 128.638921] kmemleak: count = 0 [ 128.638925] kmemleak: flags = 0x21 [ 128.638928] kmemleak: checksum = 0 [ 128.638932] kmemleak: backtrace: [ 128.638935] pcpu_alloc_noprof+0x87a/0x1170 [ 128.638950] percpu_ref_init+0x37/0x400 [ 128.638968] io_uring_setup+0x44c/0x2000 [ 128.638979] __x64_sys_io_uring_setup+0xc8/0x170 [ 128.638990] do_syscall_64+0xbf/0x360 [ 128.638999] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:47:30 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:30 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x7}) 09:47:30 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:30 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f0000000340)={"9aa04bb5181700d0f7d4c0ae", &(0x7f0000000240)='`', 0x20000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}) 09:47:30 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:30 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:30 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x7}) 09:47:30 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:31 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:31 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f0000000340)={"9aa04bb5181700d0f7d4c0ae", &(0x7f0000000240)='`', 0x20000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}) 09:47:31 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:31 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:31 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:31 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}}], 0x80000, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 09:47:31 executing program 6: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}}], 0x80000, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 09:47:31 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:31 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:31 executing program 1: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, 0x0) 09:47:31 executing program 0: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE1(r0, 0x30d, &(0x7f0000000400)) 09:47:31 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000000)={@remote}, 0x14) 09:47:31 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000006140)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@hopopts_2292={{0x18, 0x29, 0x43}}], 0x18}}], 0x2, 0x0) 09:47:31 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/114, 0x72}], 0x1) 09:47:31 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:31 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000000)={@remote}, 0x14) 09:47:31 executing program 1: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, 0x0) 09:47:32 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/114, 0x72}], 0x1) 09:47:32 executing program 0: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE1(r0, 0x30d, &(0x7f0000000400)) 09:47:32 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000006140)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@hopopts_2292={{0x18, 0x29, 0x43}}], 0x18}}], 0x2, 0x0) 09:47:32 executing program 1: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, 0x0) 09:47:32 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000000)={@remote}, 0x14) 09:47:32 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r1, 0x4, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$getown(r2, 0x10) r3 = signalfd4(r0, &(0x7f0000000080)={[0x3ff]}, 0x8, 0x80800) ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000001c0)={0x9, 0xff5d, 0x0, 0x3, 0x2, [{0x1, 0x4, 0x81f5000, '\x00', 0x1904}, {0x7, 0x0, 0x8000}]}) readahead(0xffffffffffffffff, 0x0, 0x0) readahead(r0, 0x0, 0xfffffffffffffffc) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) 09:47:32 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x2e, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d2420000120300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e31313435383439333100"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040000c00000000000000ddf4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000003700000000000000", 0x40, 0x540}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010500)="ff030000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000ddf4655fddf4655fddf4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x1500}, {&(0x7f0000010f00)="2000000064e828b364e828b300000000ddf4655f00"/32, 0x20, 0x1580}, {&(0x7f0000011000)="8081000000180000ddf4655fddf4655fddf4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000300000000200000004000000320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ddf4655f00"/160, 0xa0, 0x1600}, {&(0x7f0000011100)="8081000000180000ddf4655fddf4655fddf4655f00000000000001002000000010000800000000000af3020004000000000000000000000002000000400000000200000004000000420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ddf4655f00"/160, 0xa0, 0x1700}, {&(0x7f0000011200)="c041000000300000ddf4655fddf4655fddf4655f00000000000002002000000000000800000000000af301000400000000000000000000000c00000020000000", 0x40, 0x1e00}, {&(0x7f0000011300)="20000000000000000000000000000000ddf4655f00"/32, 0x20, 0x1e80}, {&(0x7f0000011400)="ed41000000040000ddf4655fddf4655fddf4655f00000000000002002000000000000800030000000af301000400000000000000000000000100000050000000000000000000000000000000000000000000000000000000000000000000000000000000e736ebb30000000000000000000000000000000000000000000000002000000064e828b364e828b364e828b3ddf4655f64e828b30000000000000000", 0xa0, 0x1f00}, {&(0x7f0000011500)="ed8100001a040000ddf4655fddf4655fddf4655f00000000000001002000000000000800010000000af30100040000000000000000000000020000006000000000000000000000000000000000000000000000000000000000000000000000000000000068cf8b090000000000000000000000000000000000000000000000002000000064e828b364e828b364e828b3ddf4655f64e828b30000000000000000", 0xa0, 0x2000}, {&(0x7f0000011600)="ffa1000026000000ddf4655fddf4655fddf4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3131343538343933312f66696c65302f66696c653000000000000000000000000000000000000000000000b6c73cca0000000000000000000000000000000000000000000000002000000064e828b364e828b364e828b3ddf4655f64e828b30000000000000000", 0xa0, 0x2100}, {&(0x7f0000011700)="ed8100000a000000ddf4655fddf4655fddf4655f00000000000001002000000000000800010000000af301000400000000000000000000000100000070000000000000000000000000000000000000000000000000000000000000000000000000000000a774d0c60000000000000000000000000000000000000000000000002000000064e828b364e828b364e828b3ddf4655f64e828b30000000000000000000002ea06015400000000000600000000000000786174747231000006014c0000000000060000000000000078617474723200000000000000000000000000000000000000000000000000000000000078617474723200007861747472310000ed81000028230000ddf4655fddf4655fddf4655f00000000000002002000000000000800010000000af3010004000000000000000000000009000000800000000000000000000000000000000000000000000000000000000000000000000000000000000586822d0000000000000000000000000000000000000000000000002000000064e828b364e828b364e828b3ddf4655f64e828b30000000000000000", 0x1a0, 0x2200}, {&(0x7f0000011900)="ed81000064000000ddf4655fddf4655fddf4655f00000000000001002000000000000800010000000af301000400000000000000000000000100000090000000000000000000000000000000000000000000000000000000000000000000000000000000802240f70000000000000000000000000000000000000000000000002000000064e828b364e828b364e828b3ddf4655f64e828b30000000000000000", 0xa0, 0x2400}, {&(0x7f0000011a00)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0x4000}, {&(0x7f0000011b00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x8000}, {&(0x7f0000011c00)="00000000000400"/32, 0x20, 0x8400}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0x8800}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0x8c00}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0x9000}, {&(0x7f0000012000)="00000000000400"/32, 0x20, 0x9400}, {&(0x7f0000012100)="00000000000400"/32, 0x20, 0x9800}, {&(0x7f0000012200)="00000000000400"/32, 0x20, 0x9c00}, {&(0x7f0000012300)="00000000000400"/32, 0x20, 0xa000}, {&(0x7f0000012400)="00000000000400"/32, 0x20, 0xa400}, {&(0x7f0000012500)="00000000000400"/32, 0x20, 0xa800}, {&(0x7f0000012600)="00000000000400"/32, 0x20, 0xac00}, {&(0x7f0000012700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0xc000}, {&(0x7f0000012800)="0200"/32, 0x20, 0xc400}, {&(0x7f0000012900)="0300"/32, 0x20, 0xc800}, {&(0x7f0000012a00)="0400"/32, 0x20, 0xcc00}, {&(0x7f0000012b00)="0500"/32, 0x20, 0xd000}, {&(0x7f0000012c00)="000000000000000001000000000000000000000032ed2fbf0000000000000000000000000000000008000000000000000000000000000000000000000000000000c00100"/96, 0x60, 0xd400}, {&(0x7f0000012d00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x10000}, {&(0x7f0000012e00)="0200"/32, 0x20, 0x10400}, {&(0x7f0000012f00)="0300"/32, 0x20, 0x10800}, {&(0x7f0000013000)="0400"/32, 0x20, 0x10c00}, {&(0x7f0000013100)="0500"/32, 0x20, 0x11000}, {&(0x7f0000013200)="000000000000000001000000000000000000000032ed2fbf0000000000000000000000000000000008000000000000000000000000000000000000000000000000c00100"/96, 0x60, 0x11400}, {&(0x7f0000013300)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x14000}, {&(0x7f0000013400)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x18000}, {&(0x7f0000013900)='syzkallers\x00'/32, 0x20, 0x1c000}, {&(0x7f0000013a00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x24000}], 0x0, &(0x7f0000013b00)) 09:47:32 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x1, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) io_submit(r0, 0x1, &(0x7f0000000300)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0, 0x2}]) 09:47:32 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000000)={@remote}, 0x14) 09:47:32 executing program 6: fsmount(0xffffffffffffffff, 0x0, 0x0) r0 = open_tree(0xffffffffffffffff, 0x0, 0x8000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r3 = dup2(r2, r1) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e) ioctl$SG_IO(r3, 0x2285, &(0x7f00000022c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0}) syz_genetlink_get_family_id$nl80211(0x0, r0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x30, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0xfffffffc}, {0x8}]}]}, 0x30}}, 0x0) 09:47:32 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/114, 0x72}], 0x1) 09:47:32 executing program 0: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE1(r0, 0x30d, &(0x7f0000000400)) [ 130.573117] sg_write: data in/out 3223822/4 bytes for SCSI command 0x0-- guessing data in; [ 130.573117] program syz-executor.6 not setting count and/or reply_len properly 09:47:32 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000006140)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@hopopts_2292={{0x18, 0x29, 0x43}}], 0x18}}], 0x2, 0x0) 09:47:32 executing program 1: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, 0x0) 09:47:32 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x26, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000600000000f000000000000000100000001000000004000000040000020000000def4655fdef4655f0100ffff53ef010001000000def4655f000000000000000001000000000000000b000000800000000800000052470000620100000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e35393734373637303400"/192, 0xc0, 0x400}, {&(0x7f0000010100)="00000000000000000000000026acba7564fc4e5aa2fa9146860a2012010000000c00000000000000def4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="01000000000005000c0000000000000000000000040000004b00000000000000", 0x20, 0x560}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="02000000120000002200000060000f0003000400"/32, 0x20, 0x800}, {&(0x7f0000010500)="ffff0f00ff0f00000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009407090166696c652e636f6c64000000", 0x880, 0x1000}, {&(0x7f0000010e00)="0b0000000c0001022e00000002000000f40702022e2e00"/32, 0x20, 0x2000}, {&(0x7f0000010f00)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x2800}, {&(0x7f0000011000)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x3000}, {&(0x7f0000011100)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x3800}, {&(0x7f0000011200)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x4000}, {&(0x7f0000011300)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x4800}, {&(0x7f0000011400)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x5000}, {&(0x7f0000011500)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x5800}, {&(0x7f0000011600)="504d4d00504d4dffdef4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7032390075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x6000}, {&(0x7f0000011700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x6800}, {&(0x7f0000011800)="0200"/32, 0x20, 0x6c00}, {&(0x7f0000011900)="0300"/32, 0x20, 0x7000}, {&(0x7f0000011a00)="0400"/32, 0x20, 0x7400}, {&(0x7f0000011b00)="0500"/32, 0x20, 0x7800}, {&(0x7f0000011c00)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000009800"/96, 0x60, 0x7c00}, {&(0x7f0000011d00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x8000}, {&(0x7f0000011e00)="0200"/32, 0x20, 0x8400}, {&(0x7f0000011f00)="0300"/32, 0x20, 0x8800}, {&(0x7f0000012000)="0400"/32, 0x20, 0x8c00}, {&(0x7f0000012100)="ffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0500"/2080, 0x820, 0x9000}, {&(0x7f0000012a00)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000009800"/96, 0x60, 0x9c00}, {&(0x7f0000012b00)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d807050766696c653100"/64, 0x40, 0x10000}, {&(0x7f0000012c00)="000002ea0100000001000000270f240c000000000000000000000000000000000601f8070000000006000000779b539778617474723100000601f00700000000060000007498539778617474723200"/96, 0x60, 0x10800}, {&(0x7f0000012d00)="00000000000000000000000000000000786174747232000078617474723100000000000000000000def4655fdef4655fdef4655f00"/64, 0x40, 0x10fe0}, {&(0x7f0000012e00)="ed41000000080000def4655fdef4655fdef4655f00000000000004000400000000000800050000000af301000400000000000000000000000100000003000000", 0x40, 0x11080}, {&(0x7f0000012f00)="8081000000180000def4655fdef4655fdef4655f00000000000001000c00000010000800000000000af30100040000000000000000000000030000000d000000", 0x40, 0x11100}, {&(0x7f0000013000)="8081000000180000def4655fdef4655fdef4655f00000000000001000c00000010000800000000000af30200040000000000000000000000020000001000000002000000010000001300"/96, 0x60, 0x11180}, {&(0x7f0000013100)="c041000000400000def4655fdef4655fdef4655f00000000000002002000000000000800000000000af301000400000000000000000000000800000004000000", 0x40, 0x11500}, {&(0x7f0000013200)="ed41000000080000def4655fdef4655fdef4655f00000000000002000400000000000800030000000af3010004000000000000000000000001000000200000000000000000000000000000000000000000000000000000000000000000000000000000006038208e000000000000000000000000000000000000000000000000ed8100001a040000def4655fdef4655fdef4655f00000000000001000400000000000800010000000af301000400000000000000000000000100000024000000000000000000000000000000000000000000000000000000000000000000000000000000df03f451000000000000000000000000000000000000000000000000ffa1000026000000def4655fdef4655fdef4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3539373437363730342f66696c65302f66696c65300000000000000000000000000000000000000000000077da14d0000000000000000000000000000000000000000000000000ed8100000a000000def4655fdef4655fdef4655f00000000000001000800000000000800010000000af301000400000000000000000000000100000025000000000000000000000000000000000000000000000000000000000000000000000000000000d75d3bef210000000000000000000000000000000000000000000000ed81000028230000def4655fdef4655fdef4655f00000000000002001400000000000800010000000af30100040000000000000000000000050000002600000000000000000000000000000000000000000000000000000000000000000000000000000009541ef4000000000000000000000000000000000000000000000000ed81000064000000def4655fdef4655fdef4655f00000000000001000400000000000800010000000af30100040000000000000000000000010000002b000000000000000000000000000000000000000000000000000000000000000000000000000000f3d82c1b00"/768, 0x300, 0x11580}, {&(0x7f0000013500)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000013a00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000013b00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000013c00)) 09:47:32 executing program 7: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup2(r0, r1) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="f4", 0x1}], 0x1, 0x0) splice(r0, 0x0, r2, 0x0, 0x802, 0x0) 09:47:32 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x1, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) io_submit(r0, 0x1, &(0x7f0000000300)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0, 0x2}]) 09:47:32 executing program 6: fsmount(0xffffffffffffffff, 0x0, 0x0) r0 = open_tree(0xffffffffffffffff, 0x0, 0x8000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r3 = dup2(r2, r1) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e) ioctl$SG_IO(r3, 0x2285, &(0x7f00000022c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0}) syz_genetlink_get_family_id$nl80211(0x0, r0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x30, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0xfffffffc}, {0x8}]}]}, 0x30}}, 0x0) 09:47:32 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/114, 0x72}], 0x1) [ 130.713846] sg_write: data in/out 3223822/4 bytes for SCSI command 0x0-- guessing data in; [ 130.713846] program syz-executor.6 not setting count and/or reply_len properly 09:47:32 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000006140)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@hopopts_2292={{0x18, 0x29, 0x43}}], 0x18}}], 0x2, 0x0) 09:47:32 executing program 1: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0) sendfile(r1, r2, 0x0, 0xfdef) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x68e146a1) 09:47:32 executing program 0: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE1(r0, 0x30d, &(0x7f0000000400)) 09:47:32 executing program 7: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup2(r0, r1) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="f4", 0x1}], 0x1, 0x0) splice(r0, 0x0, r2, 0x0, 0x802, 0x0) 09:47:32 executing program 3: pipe(&(0x7f0000000880)={0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x4, 0x0, 0x0) 09:47:32 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x1, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) io_submit(r0, 0x1, &(0x7f0000000300)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0, 0x2}]) 09:47:32 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x0, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01030000000000c3798d20"], 0x1c}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) 09:47:32 executing program 6: fsmount(0xffffffffffffffff, 0x0, 0x0) r0 = open_tree(0xffffffffffffffff, 0x0, 0x8000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r3 = dup2(r2, r1) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e) ioctl$SG_IO(r3, 0x2285, &(0x7f00000022c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0}) syz_genetlink_get_family_id$nl80211(0x0, r0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x30, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0xfffffffc}, {0x8}]}]}, 0x30}}, 0x0) 09:47:32 executing program 7: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup2(r0, r1) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="f4", 0x1}], 0x1, 0x0) splice(r0, 0x0, r2, 0x0, 0x802, 0x0) [ 130.828134] sg_write: data in/out 3223822/4 bytes for SCSI command 0x0-- guessing data in; [ 130.828134] program syz-executor.6 not setting count and/or reply_len properly 09:47:32 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x0, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01030000000000c3798d20"], 0x1c}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) 09:47:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x0, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01030000000000c3798d20"], 0x1c}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) 09:47:32 executing program 4: io_pgetevents(0x0, 0x0, 0x3, &(0x7f0000000040)=[{}, {}, {}], &(0x7f00000000c0), &(0x7f0000000140)={&(0x7f0000000100), 0xfffffffffffffd8b}) 09:47:32 executing program 3: pipe(&(0x7f0000000880)={0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x4, 0x0, 0x0) 09:47:32 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x1, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) io_submit(r0, 0x1, &(0x7f0000000300)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0, 0x2}]) 09:47:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x0, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01030000000000c3798d20"], 0x1c}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) 09:47:32 executing program 6: fsmount(0xffffffffffffffff, 0x0, 0x0) r0 = open_tree(0xffffffffffffffff, 0x0, 0x8000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r3 = dup2(r2, r1) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x2e) ioctl$SG_IO(r3, 0x2285, &(0x7f00000022c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0}) syz_genetlink_get_family_id$nl80211(0x0, r0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x30, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0xfffffffc}, {0x8}]}]}, 0x30}}, 0x0) [ 130.970881] sg_write: data in/out 3223822/4 bytes for SCSI command 0x0-- guessing data in; [ 130.970881] program syz-executor.6 not setting count and/or reply_len properly 09:47:33 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x0, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01030000000000c3798d20"], 0x1c}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) 09:47:33 executing program 4: io_pgetevents(0x0, 0x0, 0x3, &(0x7f0000000040)=[{}, {}, {}], &(0x7f00000000c0), &(0x7f0000000140)={&(0x7f0000000100), 0xfffffffffffffd8b}) 09:47:33 executing program 3: pipe(&(0x7f0000000880)={0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x4, 0x0, 0x0) 09:47:33 executing program 7: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup2(r0, r1) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="f4", 0x1}], 0x1, 0x0) splice(r0, 0x0, r2, 0x0, 0x802, 0x0) 09:47:33 executing program 6: pipe(&(0x7f0000000880)={0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x4, 0x0, 0x0) 09:47:33 executing program 5: move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0xfffffffffffffffc, 0x50) 09:47:33 executing program 1: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0) sendfile(r1, r2, 0x0, 0xfdef) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x68e146a1) 09:47:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x0, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01030000000000c3798d20"], 0x1c}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) 09:47:33 executing program 5: move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0xfffffffffffffffc, 0x50) 09:47:33 executing program 4: io_pgetevents(0x0, 0x0, 0x3, &(0x7f0000000040)=[{}, {}, {}], &(0x7f00000000c0), &(0x7f0000000140)={&(0x7f0000000100), 0xfffffffffffffd8b}) 09:47:33 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) rseq(0x0, 0x0, 0x0, 0x0) 09:47:33 executing program 3: pipe(&(0x7f0000000880)={0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x4, 0x0, 0x0) 09:47:33 executing program 6: pipe(&(0x7f0000000880)={0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x4, 0x0, 0x0) 09:47:33 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x0, 0x0, 0x0, {{0x5}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01030000000000c3798d20"], 0x1c}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2) 09:47:33 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, &(0x7f0000019540)={0x8}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='clear_refs\x00') write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[@ANYRESDEC], 0x520) r2 = accept4(r0, &(0x7f0000019140)=@can, &(0x7f0000000000)=0x80, 0x33266981b49ef31e) dup3(r1, r2, 0x0) pread64(r0, &(0x7f0000000100)=""/102400, 0x19002, 0x0) ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, &(0x7f00000194c0)={{'\x00', 0x3}, {0x8}, 0x42, 0x0, 0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000019100)='./file0\x00', 0x0, 0x0, 0x0, 0x0}) r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000191c0), 0x400, 0x0) ioctl$SNAPSHOT_CREATE_IMAGE(r3, 0x40043311, &(0x7f0000019200)) syz_io_uring_complete(0x0) 09:47:35 executing program 4: io_pgetevents(0x0, 0x0, 0x3, &(0x7f0000000040)=[{}, {}, {}], &(0x7f00000000c0), &(0x7f0000000140)={&(0x7f0000000100), 0xfffffffffffffd8b}) 09:47:35 executing program 5: move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0xfffffffffffffffc, 0x50) 09:47:35 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) rseq(0x0, 0x0, 0x0, 0x0) 09:47:35 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000000), 0xc) bind$netlink(r0, &(0x7f0000000040), 0xc) 09:47:35 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 09:47:35 executing program 6: pipe(&(0x7f0000000880)={0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x4, 0x0, 0x0) 09:47:35 executing program 1: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000180)="ec", 0x1}], 0x1, 0x2000000, 0x0, 0x0) sendfile(r1, r2, 0x0, 0xfdef) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x68e146a1) 09:47:35 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, &(0x7f0000019540)={0x8}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='clear_refs\x00') write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[@ANYRESDEC], 0x520) r2 = accept4(r0, &(0x7f0000019140)=@can, &(0x7f0000000000)=0x80, 0x33266981b49ef31e) dup3(r1, r2, 0x0) pread64(r0, &(0x7f0000000100)=""/102400, 0x19002, 0x0) ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, &(0x7f00000194c0)={{'\x00', 0x3}, {0x8}, 0x42, 0x0, 0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000019100)='./file0\x00', 0x0, 0x0, 0x0, 0x0}) r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000191c0), 0x400, 0x0) ioctl$SNAPSHOT_CREATE_IMAGE(r3, 0x40043311, &(0x7f0000019200)) syz_io_uring_complete(0x0) 09:47:35 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, &(0x7f0000019540)={0x8}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='clear_refs\x00') write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[@ANYRESDEC], 0x520) r2 = accept4(r0, &(0x7f0000019140)=@can, &(0x7f0000000000)=0x80, 0x33266981b49ef31e) dup3(r1, r2, 0x0) pread64(r0, &(0x7f0000000100)=""/102400, 0x19002, 0x0) ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, &(0x7f00000194c0)={{'\x00', 0x3}, {0x8}, 0x42, 0x0, 0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000019100)='./file0\x00', 0x0, 0x0, 0x0, 0x0}) r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000191c0), 0x400, 0x0) ioctl$SNAPSHOT_CREATE_IMAGE(r3, 0x40043311, &(0x7f0000019200)) syz_io_uring_complete(0x0) 09:47:35 executing program 5: move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0xfffffffffffffffc, 0x50) 09:47:35 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x17, &(0x7f0000000000)={0x0, 0x1}, 0x4) 09:47:35 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000000), 0xc) bind$netlink(r0, &(0x7f0000000040), 0xc) 09:47:35 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$netlink(r0, 0x10e, 0x0, 0x0, 0x0) 09:47:35 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) rseq(0x0, 0x0, 0x0, 0x0) 09:47:35 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) VM DIAGNOSIS: 09:47:26 Registers: info registers vcpu 0 RAX=ffffffff867e2ded RBX=0000000000000001 RCX=ffffffff867e2de8 RDX=0000000000000000 RSI=1ffffffff0cfc5bd RDI=ffffffff86495b58 RBP=ffff888015dbf4e0 RSP=ffff888015dbf3c8 R8 =ffffffff867e2de8 R9 =0000000000000000 R10=000000000003be53 R11=0000000000006cee R12=ffff888015dbf4e8 R13=ffff888015dbf4d0 R14=ffff888015dbf4c9 R15=ffff888015dbf488 RIP=ffffffff81358775 RFL=00000217 [----APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fedabedc900 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6b00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fedab385c28 CR3=000000000e850000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=494e4f544f4e4f4d5f454352554f535f XMM01=4d49545f43494e4f544f4e4f4d5f4543 XMM02=38303062343861363036386166633561 XMM03=2f6c616e72756f6a2f676f6c2f6e7572 XMM04=b3f55ba7978236820000000000104320 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=be92ab430fa519c500000000000ae988 XMM07=00000000000000000000000000000000 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=00002000000000000000200000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000039 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88801a3f76f0 R8 =0000000000000000 R9 =ffffed100151b046 R10=0000000000000039 R11=0000000000000001 R12=0000000000000039 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555575f5e400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555575f67c58 CR3=000000003df11000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=7269762f736563697665642f7379732f XMM03=747269762f736563697665642f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=3d5145534b534944006b7369643d4550 XMM06=3d454d414e56454400303d444955555f XMM07=00000000000000000000000000000000 XMM08=6e753c007325732575253a5d73255b00 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000