Warning: Permanently added '[localhost]:65424' (ECDSA) to the list of known hosts. 2026/01/14 08:10:23 fuzzer started 2026/01/14 08:10:23 dialing manager at localhost:46753 syzkaller login: [ 44.222052] cgroup: Unknown subsys name 'net' [ 44.265860] cgroup: Unknown subsys name 'cpuset' [ 44.272989] cgroup: Unknown subsys name 'rlimit' 2026/01/14 08:10:33 syscalls: 2214 2026/01/14 08:10:33 code coverage: enabled 2026/01/14 08:10:33 comparison tracing: enabled 2026/01/14 08:10:33 extra coverage: enabled 2026/01/14 08:10:33 setuid sandbox: enabled 2026/01/14 08:10:33 namespace sandbox: enabled 2026/01/14 08:10:33 Android sandbox: enabled 2026/01/14 08:10:33 fault injection: enabled 2026/01/14 08:10:33 leak checking: enabled 2026/01/14 08:10:33 net packet injection: enabled 2026/01/14 08:10:33 net device setup: enabled 2026/01/14 08:10:33 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2026/01/14 08:10:33 devlink PCI setup: PCI device 0000:00:10.0 is not available 2026/01/14 08:10:33 USB emulation: enabled 2026/01/14 08:10:33 hci packet injection: enabled 2026/01/14 08:10:33 wifi device emulation: enabled 2026/01/14 08:10:33 802.15.4 emulation: enabled 2026/01/14 08:10:33 fetching corpus: 0, signal 0/2000 (executing program) 2026/01/14 08:10:34 fetching corpus: 28, signal 17228/20615 (executing program) 2026/01/14 08:10:34 fetching corpus: 68, signal 37080/41061 (executing program) 2026/01/14 08:10:34 fetching corpus: 118, signal 53222/57377 (executing program) 2026/01/14 08:10:34 fetching corpus: 168, signal 59810/64412 (executing program) 2026/01/14 08:10:34 fetching corpus: 218, signal 64459/69508 (executing program) 2026/01/14 08:10:34 fetching corpus: 267, signal 69079/74378 (executing program) 2026/01/14 08:10:34 fetching corpus: 317, signal 74358/79648 (executing program) 2026/01/14 08:10:35 fetching corpus: 366, signal 79087/84262 (executing program) 2026/01/14 08:10:35 fetching corpus: 416, signal 83724/88565 (executing program) 2026/01/14 08:10:35 fetching corpus: 466, signal 86749/91460 (executing program) 2026/01/14 08:10:35 fetching corpus: 516, signal 89537/94056 (executing program) 2026/01/14 08:10:36 fetching corpus: 566, signal 93179/97163 (executing program) 2026/01/14 08:10:36 fetching corpus: 614, signal 95466/99178 (executing program) 2026/01/14 08:10:36 fetching corpus: 663, signal 97386/100842 (executing program) 2026/01/14 08:10:36 fetching corpus: 711, signal 99989/102931 (executing program) 2026/01/14 08:10:36 fetching corpus: 760, signal 102813/105040 (executing program) 2026/01/14 08:10:36 fetching corpus: 809, signal 105176/106756 (executing program) 2026/01/14 08:10:37 fetching corpus: 854, signal 107822/108562 (executing program) 2026/01/14 08:10:37 fetching corpus: 854, signal 107824/108602 (executing program) 2026/01/14 08:10:37 fetching corpus: 854, signal 107824/108647 (executing program) 2026/01/14 08:10:37 fetching corpus: 857, signal 107897/108753 (executing program) 2026/01/14 08:10:37 fetching corpus: 857, signal 107897/108789 (executing program) 2026/01/14 08:10:37 fetching corpus: 857, signal 107897/108835 (executing program) 2026/01/14 08:10:37 fetching corpus: 857, signal 107897/108877 (executing program) 2026/01/14 08:10:37 fetching corpus: 857, signal 107897/108917 (executing program) 2026/01/14 08:10:37 fetching corpus: 857, signal 107897/108953 (executing program) 2026/01/14 08:10:37 fetching corpus: 857, signal 107897/108999 (executing program) 2026/01/14 08:10:37 fetching corpus: 857, signal 107913/109058 (executing program) 2026/01/14 08:10:37 fetching corpus: 857, signal 107914/109095 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109146 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109187 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109225 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109262 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109300 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109337 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109378 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109403 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109444 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109476 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109518 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109550 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109584 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109621 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109656 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109692 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109722 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109767 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109809 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109846 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109880 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109919 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109953 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107928/109974 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107950/110019 (executing program) 2026/01/14 08:10:37 fetching corpus: 858, signal 107950/110019 (executing program) 2026/01/14 08:10:40 starting 8 fuzzer processes 08:10:40 executing program 0: keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x7c7faaad362bf8b5) 08:10:40 executing program 1: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000940), 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, 0x0, 0x0, 0x0) 08:10:40 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:10:40 executing program 7: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000004400)) r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x22, &(0x7f0000000440)=[{&(0x7f0000000280)}], 0x1) statx(0xffffffffffffffff, &(0x7f0000004440)='./file0\x00', 0x2000, 0x7ff, &(0x7f0000004480)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0xee01, 0xee01, 0x18, 0x3}, 0x7fffffff, 0x7ff, 0x101, 0xcf, 0x0, 0x0, 0x4}) [ 60.055923] audit: type=1400 audit(1768378240.137:7): avc: denied { execmem } for pid=270 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:10:40 executing program 3: waitid(0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) 08:10:40 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$LOOP_GET_STATUS64(r1, 0x1261, 0x0) 08:10:40 executing program 5: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) read$hiddev(r0, 0x0, 0x0) 08:10:40 executing program 6: epoll_create(0x0) [ 61.189175] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.193922] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.196959] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.203351] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.208115] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.261102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.263054] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 61.264999] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 61.278992] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 61.282433] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 61.313470] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 61.343384] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 61.345000] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 61.351386] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 61.355974] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 61.455400] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 61.459948] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 61.461892] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 61.464806] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 61.473182] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 61.502753] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 61.509025] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 61.511421] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 61.513321] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 61.515927] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 61.519411] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 61.525985] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 61.530329] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 61.531998] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 61.533662] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 61.544156] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 61.545969] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 61.549123] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 61.551236] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 61.554017] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 61.558639] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 61.561061] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 61.581547] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 61.616886] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 61.732174] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 63.286920] Bluetooth: hci0: command tx timeout [ 63.349915] Bluetooth: hci1: command tx timeout [ 63.413812] Bluetooth: hci2: command tx timeout [ 63.541798] Bluetooth: hci3: command tx timeout [ 63.605855] Bluetooth: hci6: command tx timeout [ 63.606539] Bluetooth: hci5: command tx timeout [ 63.733889] Bluetooth: hci4: command tx timeout [ 63.861152] Bluetooth: hci7: command tx timeout [ 65.332835] Bluetooth: hci0: command tx timeout [ 65.397844] Bluetooth: hci1: command tx timeout [ 65.460797] Bluetooth: hci2: command tx timeout [ 65.590786] Bluetooth: hci3: command tx timeout [ 65.653861] Bluetooth: hci5: command tx timeout [ 65.653898] Bluetooth: hci6: command tx timeout [ 65.780939] Bluetooth: hci4: command tx timeout [ 65.909860] Bluetooth: hci7: command tx timeout [ 67.382882] Bluetooth: hci0: command tx timeout [ 67.444810] Bluetooth: hci1: command tx timeout [ 67.508816] Bluetooth: hci2: command tx timeout [ 67.638793] Bluetooth: hci3: command tx timeout [ 67.700849] Bluetooth: hci6: command tx timeout [ 67.702875] Bluetooth: hci5: command tx timeout [ 67.828802] Bluetooth: hci4: command tx timeout [ 67.956812] Bluetooth: hci7: command tx timeout [ 69.428856] Bluetooth: hci0: command tx timeout [ 69.492824] Bluetooth: hci1: command tx timeout [ 69.556837] Bluetooth: hci2: command tx timeout [ 69.684882] Bluetooth: hci3: command tx timeout [ 69.749125] Bluetooth: hci5: command tx timeout [ 69.749154] Bluetooth: hci6: command tx timeout [ 69.876829] Bluetooth: hci4: command tx timeout [ 70.004918] Bluetooth: hci7: command tx timeout [ 94.875958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.876585] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.048222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.048838] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.302320] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.303441] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.575303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.576411] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:11:15 executing program 6: epoll_create(0x0) [ 95.760094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.760671] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:11:15 executing program 6: epoll_create(0x0) 08:11:15 executing program 6: epoll_create(0x0) [ 95.995481] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.998179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:11:16 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$LOOP_GET_STATUS64(r1, 0x1261, 0x0) 08:11:16 executing program 6: r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_PKEY_QUERY(0x18, r0, 0x0, &(0x7f0000000200)='\x00', 0x0) 08:11:16 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$LOOP_GET_STATUS64(r1, 0x1261, 0x0) [ 96.096808] [ 96.096990] ===================================== [ 96.097369] WARNING: bad unlock balance detected! [ 96.097722] 6.19.0-rc5-next-20260114 #1 Not tainted [ 96.098118] ------------------------------------- [ 96.098491] syz-executor.6/3822 is trying to release lock (rcu_read_lock) at: [ 96.099512] [] __wait_on_freeing_inode+0x105/0x350 [ 96.101085] but there are no more locks to release! [ 96.102360] [ 96.102360] other info that might help us debug this: [ 96.104171] 4 locks held by syz-executor.6/3822: [ 96.105414] #0: ffff88800a6a23f8 (sb_writers#3){.+.+}-{0:0}, at: filename_create+0xf7/0x400 [ 96.106426] #1: ffff88801c8b7640 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1b1/0x400 [ 96.107164] #2: ffff88800a6a6950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe32/0x12d0 [ 96.107825] #3: ffffffff85c16898 (inode_hash_lock){+.+.}-{3:3}, at: insert_inode_locked+0xf9/0x890 [ 96.108500] [ 96.108500] stack backtrace: [ 96.108855] CPU: 1 UID: 0 PID: 3822 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260114 #1 PREEMPT(lazy) [ 96.108870] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 96.108877] Call Trace: [ 96.108881] [ 96.108886] dump_stack_lvl+0xca/0x120 [ 96.108917] ? __wait_on_freeing_inode+0x105/0x350 [ 96.108931] print_unlock_imbalance_bug+0x118/0x130 [ 96.108947] ? __wait_on_freeing_inode+0x105/0x350 [ 96.108961] lock_release+0x1ee/0x270 [ 96.108977] __wait_on_freeing_inode+0x10a/0x350 [ 96.108991] ? __pfx___wait_on_freeing_inode+0x10/0x10 [ 96.109007] ? __pfx_var_wake_function+0x10/0x10 [ 96.109025] ? lock_is_held_type+0x9e/0x120 [ 96.109044] insert_inode_locked+0x25f/0x890 [ 96.109061] __ext4_new_inode+0x223d/0x4cd0 [ 96.109078] ? __pfx___ext4_new_inode+0x10/0x10 [ 96.109093] ? __pfx___dquot_initialize+0x10/0x10 [ 96.109111] ? __pfx_avc_has_perm+0x10/0x10 [ 96.109128] ext4_symlink+0x623/0xb40 [ 96.109147] ? __pfx_ext4_symlink+0x10/0x10 [ 96.109162] ? security_inode_permission+0x72/0xe0 [ 96.109176] vfs_symlink+0x44b/0x840 [ 96.109192] do_symlinkat+0x153/0x440 [ 96.109206] ? __pfx_do_symlinkat+0x10/0x10 [ 96.109219] ? strncpy_from_user+0x21b/0x2f0 [ 96.109237] __x64_sys_symlink+0x79/0xa0 [ 96.109250] do_syscall_64+0xbf/0x420 [ 96.109262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.109275] RIP: 0033:0x7ff7f5c1e427 [ 96.109284] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 96.109296] RSP: 002b:00007ffc26d54158 EFLAGS: 00000202 ORIG_RAX: 0000000000000058 [ 96.109307] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff7f5c1e427 [ 96.109315] RDX: 00007ffc26d54233 RSI: 00007ff7f5c7902f RDI: 00007ffc26d54220 [ 96.109322] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffc26d53ff0 [ 96.109329] R10: 00007ffc26d53ea7 R11: 0000000000000202 R12: 0000000000000001 [ 96.109337] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffc26d54220 [ 96.109347] [ 96.124714] ------------[ cut here ]------------ [ 96.130855] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x25f/0x5c0, CPU#1: syz-executor.6/3822 [ 96.131707] Modules linked in: [ 96.132017] CPU: 1 UID: 0 PID: 3822 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260114 #1 PREEMPT(lazy) [ 96.132841] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 96.133482] RIP: 0010:__rcu_read_unlock+0x25f/0x5c0 [ 96.133991] Code: f2 02 00 00 c7 43 58 01 00 00 00 bf 09 00 00 00 e8 16 c0 de ff 4d 85 f6 0f 84 73 fe ff ff e8 38 8a 20 00 fb e9 68 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 81 24 74 03 e8 bc 5c 56 00 e9 [ 96.135447] RSP: 0018:ffff88804b4079a0 EFLAGS: 00010286 [ 96.135909] RAX: 00000000ffffffff RBX: ffff888051ec8000 RCX: ffffffff81565a27 [ 96.136472] RDX: 0000000000000000 RSI: ffffffff81565a30 RDI: ffff888051ec83fc [ 96.137074] RBP: ffff888051ec8000 R08: 0000000000000000 R09: fffffbfff0ba6ffc [ 96.137637] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888051ec8000 [ 96.138245] R13: 0000000000000001 R14: ffffffff85c0e5a0 R15: ffff88801c95cf58 [ 96.138853] FS: 0000555585e04400(0000) GS:ffff8880e5443000(0000) knlGS:0000000000000000 [ 96.139490] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 96.139996] CR2: 00007ff7f5c9e546 CR3: 0000000050686000 CR4: 0000000000350ef0 [ 96.140556] Call Trace: [ 96.140841] [ 96.141479] __wait_on_freeing_inode+0x10f/0x350 [ 96.142188] ? __pfx___wait_on_freeing_inode+0x10/0x10 [ 96.143251] ? __pfx_var_wake_function+0x10/0x10 [ 96.144464] ? lock_is_held_type+0x9e/0x120 [ 96.145561] insert_inode_locked+0x25f/0x890 [ 96.147186] __ext4_new_inode+0x223d/0x4cd0 [ 96.149609] ? __pfx___ext4_new_inode+0x10/0x10 [ 96.150867] ? __pfx___dquot_initialize+0x10/0x10 [ 96.151592] ? __pfx_avc_has_perm+0x10/0x10 [ 96.153350] ext4_symlink+0x623/0xb40 [ 96.155569] ? __pfx_ext4_symlink+0x10/0x10 [ 96.156575] ? security_inode_permission+0x72/0xe0 [ 96.158211] vfs_symlink+0x44b/0x840 [ 96.159466] do_symlinkat+0x153/0x440 [ 96.160540] ? __pfx_do_symlinkat+0x10/0x10 [ 96.161267] ? strncpy_from_user+0x21b/0x2f0 [ 96.163134] __x64_sys_symlink+0x79/0xa0 [ 96.163870] do_syscall_64+0xbf/0x420 [ 96.164633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.165178] RIP: 0033:0x7ff7f5c1e427 [ 96.165535] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 96.167582] RSP: 002b:00007ffc26d54158 EFLAGS: 00000202 ORIG_RAX: 0000000000000058 [ 96.168701] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff7f5c1e427 [ 96.169312] RDX: 00007ffc26d54233 RSI: 00007ff7f5c7902f RDI: 00007ffc26d54220 [ 96.169927] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffc26d53ff0 [ 96.170487] R10: 00007ffc26d53ea7 R11: 0000000000000202 R12: 0000000000000001 [ 96.171090] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffc26d54220 [ 96.173641] [ 96.173873] irq event stamp: 397 [ 96.174154] hardirqs last enabled at (397): [] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 96.174995] hardirqs last disabled at (396): [] _raw_spin_lock_irqsave+0x53/0x60 [ 96.175805] softirqs last enabled at (392): [] kernel_fpu_end+0x59/0x70 [ 96.176514] softirqs last disabled at (388): [] kernel_fpu_begin_mask+0x1bb/0x300 [ 96.177323] ---[ end trace 0000000000000000 ]--- [ 96.199784] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.200352] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:11:16 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$LOOP_GET_STATUS64(r1, 0x1261, 0x0) [ 96.207805] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' 08:11:16 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, 0x0, &(0x7f0000000040)) [ 96.352789] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.353348] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.381130] audit: type=1400 audit(1768378276.462:8): avc: denied { open } for pid=3843 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 96.386860] audit: type=1400 audit(1768378276.462:9): avc: denied { kernel } for pid=3843 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 96.560611] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' [ 96.620103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.621342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.627555] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht' [ 96.659156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.659739] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.659934] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht' [ 96.710433] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' [ 96.748002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.748584] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.750232] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.750822] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.813438] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht' [ 96.835191] ieee80211 phy15: Selected rate control algorithm 'minstrel_ht' [ 96.835797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.836310] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.849140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.849696] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.020448] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht' [ 97.041304] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.041908] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.046725] ieee80211 phy17: Selected rate control algorithm 'minstrel_ht' [ 97.072971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.073556] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:11:17 executing program 3: waitid(0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) 08:11:17 executing program 5: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) read$hiddev(r0, 0x0, 0x0) 08:11:17 executing program 1: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000940), 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, 0x0, 0x0, 0x0) 08:11:17 executing program 0: keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x7c7faaad362bf8b5) 08:11:17 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, 0x0, &(0x7f0000000040)) 08:11:17 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 7: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000004400)) r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x22, &(0x7f0000000440)=[{&(0x7f0000000280)}], 0x1) statx(0xffffffffffffffff, &(0x7f0000004440)='./file0\x00', 0x2000, 0x7ff, &(0x7f0000004480)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0xee01, 0xee01, 0x18, 0x3}, 0x7fffffff, 0x7ff, 0x101, 0xcf, 0x0, 0x0, 0x4}) 08:11:17 executing program 6: r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_PKEY_QUERY(0x18, r0, 0x0, &(0x7f0000000200)='\x00', 0x0) 08:11:17 executing program 5: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) read$hiddev(r0, 0x0, 0x0) 08:11:17 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 6: r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_PKEY_QUERY(0x18, r0, 0x0, &(0x7f0000000200)='\x00', 0x0) 08:11:17 executing program 7: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000004400)) r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x22, &(0x7f0000000440)=[{&(0x7f0000000280)}], 0x1) statx(0xffffffffffffffff, &(0x7f0000004440)='./file0\x00', 0x2000, 0x7ff, &(0x7f0000004480)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0xee01, 0xee01, 0x18, 0x3}, 0x7fffffff, 0x7ff, 0x101, 0xcf, 0x0, 0x0, 0x4}) 08:11:17 executing program 1: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000940), 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, 0x0, 0x0, 0x0) 08:11:17 executing program 0: keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x7c7faaad362bf8b5) 08:11:17 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, 0x0, &(0x7f0000000040)) 08:11:17 executing program 5: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) read$hiddev(r0, 0x0, 0x0) 08:11:17 executing program 3: waitid(0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) 08:11:17 executing program 0: keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x7c7faaad362bf8b5) 08:11:17 executing program 7: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000004400)) r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x22, &(0x7f0000000440)=[{&(0x7f0000000280)}], 0x1) statx(0xffffffffffffffff, &(0x7f0000004440)='./file0\x00', 0x2000, 0x7ff, &(0x7f0000004480)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0xee01, 0xee01, 0x18, 0x3}, 0x7fffffff, 0x7ff, 0x101, 0xcf, 0x0, 0x0, 0x4}) 08:11:17 executing program 6: r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_PKEY_QUERY(0x18, r0, 0x0, &(0x7f0000000200)='\x00', 0x0) 08:11:17 executing program 1: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000940), 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, 0x0, 0x0, 0x0) 08:11:17 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 3: waitid(0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) 08:11:17 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, 0x0, &(0x7f0000000040)) 08:11:17 executing program 5: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 7: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 0: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000004400)) r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x22, &(0x7f0000000440)=[{&(0x7f0000000280)}], 0x1) statx(0xffffffffffffffff, &(0x7f0000004440)='./file0\x00', 0x2000, 0x7ff, &(0x7f0000004480)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0xee01, 0xee01, 0x18, 0x3}, 0x7fffffff, 0x7ff, 0x101, 0xcf, 0x0, 0x0, 0x4}) 08:11:17 executing program 1: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000004400)) r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x22, &(0x7f0000000440)=[{&(0x7f0000000280)}], 0x1) statx(0xffffffffffffffff, &(0x7f0000004440)='./file0\x00', 0x2000, 0x7ff, &(0x7f0000004480)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0xee01, 0xee01, 0x18, 0x3}, 0x7fffffff, 0x7ff, 0x101, 0xcf, 0x0, 0x0, 0x4}) 08:11:17 executing program 2: r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_PKEY_QUERY(0x18, r0, 0x0, &(0x7f0000000200)='\x00', 0x0) 08:11:17 executing program 5: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 2: r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_PKEY_QUERY(0x18, r0, 0x0, &(0x7f0000000200)='\x00', 0x0) 08:11:17 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 7: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 3: clone3(&(0x7f0000005880)={0x7b804100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:11:17 executing program 1: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000004400)) r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x22, &(0x7f0000000440)=[{&(0x7f0000000280)}], 0x1) statx(0xffffffffffffffff, &(0x7f0000004440)='./file0\x00', 0x2000, 0x7ff, &(0x7f0000004480)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0xee01, 0xee01, 0x18, 0x3}, 0x7fffffff, 0x7ff, 0x101, 0xcf, 0x0, 0x0, 0x4}) 08:11:17 executing program 0: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000004400)) r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x22, &(0x7f0000000440)=[{&(0x7f0000000280)}], 0x1) statx(0xffffffffffffffff, &(0x7f0000004440)='./file0\x00', 0x2000, 0x7ff, &(0x7f0000004480)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0xee01, 0xee01, 0x18, 0x3}, 0x7fffffff, 0x7ff, 0x101, 0xcf, 0x0, 0x0, 0x4}) 08:11:17 executing program 2: r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_PKEY_QUERY(0x18, r0, 0x0, &(0x7f0000000200)='\x00', 0x0) 08:11:17 executing program 5: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 5: clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:11:17 executing program 0: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000004400)) r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x22, &(0x7f0000000440)=[{&(0x7f0000000280)}], 0x1) statx(0xffffffffffffffff, &(0x7f0000004440)='./file0\x00', 0x2000, 0x7ff, &(0x7f0000004480)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0xee01, 0xee01, 0x18, 0x3}, 0x7fffffff, 0x7ff, 0x101, 0xcf, 0x0, 0x0, 0x4}) 08:11:17 executing program 3: clone3(&(0x7f0000005880)={0x7b804100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:11:17 executing program 2: syz_emit_ethernet(0x15, &(0x7f0000000000)={@remote, @dev, @val={@void}, {@llc_tr={0x11, {@llc={0xff, 0xff, 'g'}}}}}, 0x0) 08:11:17 executing program 7: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x2, &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 08:11:17 executing program 1: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000004400)) r0 = syz_io_uring_setup(0x6133, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x22, &(0x7f0000000440)=[{&(0x7f0000000280)}], 0x1) statx(0xffffffffffffffff, &(0x7f0000004440)='./file0\x00', 0x2000, 0x7ff, &(0x7f0000004480)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0xee01, 0xee01, 0x18, 0x3}, 0x7fffffff, 0x7ff, 0x101, 0xcf, 0x0, 0x0, 0x4}) 08:11:17 executing program 4: r0 = fork() ptrace(0x10, r0) ptrace$setsig(0x4203, r0, 0x3, &(0x7f0000002d40)={0x1e, 0x4}) 08:11:17 executing program 2: syz_emit_ethernet(0x15, &(0x7f0000000000)={@remote, @dev, @val={@void}, {@llc_tr={0x11, {@llc={0xff, 0xff, 'g'}}}}}, 0x0) 08:11:17 executing program 3: clone3(&(0x7f0000005880)={0x7b804100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:11:17 executing program 4: r0 = fork() ptrace(0x10, r0) ptrace$setsig(0x4203, r0, 0x3, &(0x7f0000002d40)={0x1e, 0x4}) 08:11:17 executing program 1: r0 = fork() ptrace(0x10, r0) ptrace$setsig(0x4203, r0, 0x3, &(0x7f0000002d40)={0x1e, 0x4}) 08:11:17 executing program 2: syz_emit_ethernet(0x15, &(0x7f0000000000)={@remote, @dev, @val={@void}, {@llc_tr={0x11, {@llc={0xff, 0xff, 'g'}}}}}, 0x0) 08:11:17 executing program 0: ptrace(0x10, 0x1) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0) 08:11:17 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) write$binfmt_aout(r0, &(0x7f00000003c0), 0x20) 08:11:18 executing program 6: syz_mount_image$nfs(0x0, &(0x7f0000001dc0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000001800)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000001300)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 08:11:18 executing program 5: clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:11:18 executing program 4: r0 = fork() ptrace(0x10, r0) ptrace$setsig(0x4203, r0, 0x3, &(0x7f0000002d40)={0x1e, 0x4}) VM DIAGNOSIS: 08:11:16 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000000 RCX=ffffffff81a5779a RDX=1ffff1100980ed94 RSI=ffffffff81a577f4 RDI=ffff88804c076ca0 RBP=0000000000000001 RSP=ffff88804adef820 R8 =0000000000000001 R9 =fffff940000809ce R10=0000000000000000 R11=0000000000000000 R12=ffffea0000404e40 R13=0000000000000000 R14=ffff88804c076c80 R15=00000000ffffffff RIP=ffffffff81a57813 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e5343000 00000000 00000000 LDT=0000 fffffe6d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f9e856ec6f4 CR3=000000004d205000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f9e856fb47000007f9e856faf20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff82973870 RDI=ffffffff889c0960 RBP=ffffffff889c0920 RSP=ffff88804b407490 R8 =0000000000000001 R9 =ffffed1009680e83 R10=0000000000000000 R11=666666203a302320 R12=0000000000000060 R13=ffffffff889c0970 R14=ffffffff889c0920 R15=ffffffff889c0be0 RIP=ffffffff829738c5 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555585e04400 00000000 00000000 GS =0000 ffff8880e5443000 00000000 00000000 LDT=0000 fffffe0600000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff7f5c9e546 CR3=0000000050686000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000003515b82db34ca11 XMM02=0000000000000000333bebdfd0a6a21d XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000