Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:3400' (ECDSA) to the list of known hosts. 2026/01/16 14:30:24 fuzzer started 2026/01/16 14:30:24 dialing manager at localhost:42157 syzkaller login: [ 43.797441] cgroup: Unknown subsys name 'net' [ 43.858405] cgroup: Unknown subsys name 'cpuset' [ 43.872983] cgroup: Unknown subsys name 'rlimit' 2026/01/16 14:30:34 syscalls: 2214 2026/01/16 14:30:34 code coverage: enabled 2026/01/16 14:30:34 comparison tracing: enabled 2026/01/16 14:30:34 extra coverage: enabled 2026/01/16 14:30:34 setuid sandbox: enabled 2026/01/16 14:30:34 namespace sandbox: enabled 2026/01/16 14:30:34 Android sandbox: enabled 2026/01/16 14:30:34 fault injection: enabled 2026/01/16 14:30:34 leak checking: enabled 2026/01/16 14:30:34 net packet injection: enabled 2026/01/16 14:30:34 net device setup: enabled 2026/01/16 14:30:34 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2026/01/16 14:30:34 devlink PCI setup: PCI device 0000:00:10.0 is not available 2026/01/16 14:30:34 USB emulation: enabled 2026/01/16 14:30:34 hci packet injection: enabled 2026/01/16 14:30:34 wifi device emulation: enabled 2026/01/16 14:30:34 802.15.4 emulation: enabled 2026/01/16 14:30:34 fetching corpus: 0, signal 0/2000 (executing program) 2026/01/16 14:30:34 fetching corpus: 39, signal 19787/23420 (executing program) 2026/01/16 14:30:34 fetching corpus: 85, signal 41356/46112 (executing program) 2026/01/16 14:30:34 fetching corpus: 135, signal 49535/55571 (executing program) 2026/01/16 14:30:34 fetching corpus: 183, signal 55284/62498 (executing program) 2026/01/16 14:30:35 fetching corpus: 232, signal 59596/67977 (executing program) 2026/01/16 14:30:35 fetching corpus: 282, signal 65165/74560 (executing program) 2026/01/16 14:30:35 fetching corpus: 332, signal 70255/80619 (executing program) 2026/01/16 14:30:35 fetching corpus: 382, signal 74257/85515 (executing program) 2026/01/16 14:30:35 fetching corpus: 431, signal 77700/89882 (executing program) 2026/01/16 14:30:35 fetching corpus: 481, signal 81333/94262 (executing program) 2026/01/16 14:30:35 fetching corpus: 531, signal 83834/97684 (executing program) 2026/01/16 14:30:35 fetching corpus: 581, signal 86610/101233 (executing program) 2026/01/16 14:30:36 fetching corpus: 630, signal 89340/104702 (executing program) 2026/01/16 14:30:36 fetching corpus: 679, signal 91243/107417 (executing program) 2026/01/16 14:30:36 fetching corpus: 729, signal 94164/110915 (executing program) 2026/01/16 14:30:36 fetching corpus: 777, signal 97594/114773 (executing program) 2026/01/16 14:30:36 fetching corpus: 827, signal 99820/117599 (executing program) 2026/01/16 14:30:36 fetching corpus: 877, signal 101816/120228 (executing program) 2026/01/16 14:30:36 fetching corpus: 927, signal 103255/122364 (executing program) 2026/01/16 14:30:36 fetching corpus: 977, signal 104868/124625 (executing program) 2026/01/16 14:30:37 fetching corpus: 1027, signal 107953/128016 (executing program) 2026/01/16 14:30:37 fetching corpus: 1077, signal 110226/130734 (executing program) 2026/01/16 14:30:37 fetching corpus: 1126, signal 111228/132406 (executing program) 2026/01/16 14:30:37 fetching corpus: 1176, signal 112684/134382 (executing program) 2026/01/16 14:30:37 fetching corpus: 1226, signal 114594/136637 (executing program) 2026/01/16 14:30:37 fetching corpus: 1276, signal 116186/138637 (executing program) 2026/01/16 14:30:37 fetching corpus: 1326, signal 118378/141009 (executing program) 2026/01/16 14:30:37 fetching corpus: 1375, signal 120030/143028 (executing program) 2026/01/16 14:30:38 fetching corpus: 1425, signal 121161/144585 (executing program) 2026/01/16 14:30:38 fetching corpus: 1475, signal 122337/146143 (executing program) 2026/01/16 14:30:38 fetching corpus: 1525, signal 123491/147705 (executing program) 2026/01/16 14:30:38 fetching corpus: 1575, signal 124639/149236 (executing program) 2026/01/16 14:30:38 fetching corpus: 1625, signal 125807/150723 (executing program) 2026/01/16 14:30:38 fetching corpus: 1674, signal 126810/152124 (executing program) 2026/01/16 14:30:38 fetching corpus: 1724, signal 128622/154003 (executing program) 2026/01/16 14:30:38 fetching corpus: 1774, signal 130087/155609 (executing program) 2026/01/16 14:30:39 fetching corpus: 1824, signal 131085/156915 (executing program) 2026/01/16 14:30:39 fetching corpus: 1874, signal 132423/158399 (executing program) 2026/01/16 14:30:39 fetching corpus: 1924, signal 133255/159556 (executing program) 2026/01/16 14:30:39 fetching corpus: 1974, signal 134733/161095 (executing program) 2026/01/16 14:30:39 fetching corpus: 2024, signal 135879/162421 (executing program) 2026/01/16 14:30:39 fetching corpus: 2074, signal 136853/163547 (executing program) 2026/01/16 14:30:39 fetching corpus: 2124, signal 138237/164910 (executing program) 2026/01/16 14:30:39 fetching corpus: 2174, signal 139280/166119 (executing program) 2026/01/16 14:30:39 fetching corpus: 2224, signal 140346/167364 (executing program) 2026/01/16 14:30:40 fetching corpus: 2274, signal 141150/168423 (executing program) 2026/01/16 14:30:40 fetching corpus: 2324, signal 142164/169492 (executing program) 2026/01/16 14:30:40 fetching corpus: 2374, signal 143505/170755 (executing program) 2026/01/16 14:30:40 fetching corpus: 2424, signal 144559/171826 (executing program) 2026/01/16 14:30:40 fetching corpus: 2474, signal 145364/172775 (executing program) 2026/01/16 14:30:40 fetching corpus: 2524, signal 146523/173813 (executing program) 2026/01/16 14:30:40 fetching corpus: 2574, signal 147443/174771 (executing program) 2026/01/16 14:30:40 fetching corpus: 2624, signal 148183/175613 (executing program) 2026/01/16 14:30:41 fetching corpus: 2673, signal 149219/176625 (executing program) 2026/01/16 14:30:41 fetching corpus: 2722, signal 149764/177408 (executing program) 2026/01/16 14:30:41 fetching corpus: 2772, signal 151530/178621 (executing program) 2026/01/16 14:30:41 fetching corpus: 2822, signal 152179/179410 (executing program) 2026/01/16 14:30:41 fetching corpus: 2872, signal 152744/180082 (executing program) 2026/01/16 14:30:41 fetching corpus: 2922, signal 154051/181089 (executing program) 2026/01/16 14:30:41 fetching corpus: 2971, signal 155091/181932 (executing program) 2026/01/16 14:30:41 fetching corpus: 3021, signal 155700/182603 (executing program) 2026/01/16 14:30:41 fetching corpus: 3071, signal 156634/183353 (executing program) 2026/01/16 14:30:42 fetching corpus: 3121, signal 157302/183985 (executing program) 2026/01/16 14:30:42 fetching corpus: 3170, signal 157869/184613 (executing program) 2026/01/16 14:30:42 fetching corpus: 3219, signal 158422/185212 (executing program) 2026/01/16 14:30:42 fetching corpus: 3269, signal 160144/186171 (executing program) 2026/01/16 14:30:42 fetching corpus: 3319, signal 160812/186761 (executing program) 2026/01/16 14:30:42 fetching corpus: 3369, signal 161962/187482 (executing program) 2026/01/16 14:30:42 fetching corpus: 3419, signal 162754/188075 (executing program) 2026/01/16 14:30:42 fetching corpus: 3467, signal 163228/188525 (executing program) 2026/01/16 14:30:42 fetching corpus: 3516, signal 163848/189075 (executing program) 2026/01/16 14:30:43 fetching corpus: 3566, signal 164367/189542 (executing program) 2026/01/16 14:30:43 fetching corpus: 3616, signal 164887/189971 (executing program) 2026/01/16 14:30:43 fetching corpus: 3666, signal 165388/190461 (executing program) 2026/01/16 14:30:43 fetching corpus: 3716, signal 166093/190947 (executing program) 2026/01/16 14:30:43 fetching corpus: 3766, signal 166667/191402 (executing program) 2026/01/16 14:30:43 fetching corpus: 3816, signal 167272/191885 (executing program) 2026/01/16 14:30:43 fetching corpus: 3866, signal 167726/192329 (executing program) 2026/01/16 14:30:43 fetching corpus: 3916, signal 168342/192776 (executing program) 2026/01/16 14:30:43 fetching corpus: 3966, signal 168851/193178 (executing program) 2026/01/16 14:30:44 fetching corpus: 4016, signal 169326/193560 (executing program) 2026/01/16 14:30:44 fetching corpus: 4066, signal 170248/194006 (executing program) 2026/01/16 14:30:44 fetching corpus: 4116, signal 170994/194421 (executing program) 2026/01/16 14:30:44 fetching corpus: 4166, signal 171557/194785 (executing program) 2026/01/16 14:30:44 fetching corpus: 4216, signal 171945/195125 (executing program) 2026/01/16 14:30:44 fetching corpus: 4266, signal 172339/195451 (executing program) 2026/01/16 14:30:44 fetching corpus: 4316, signal 172902/195773 (executing program) 2026/01/16 14:30:45 fetching corpus: 4365, signal 173447/196062 (executing program) 2026/01/16 14:30:45 fetching corpus: 4415, signal 173872/196375 (executing program) 2026/01/16 14:30:45 fetching corpus: 4465, signal 174283/196642 (executing program) 2026/01/16 14:30:45 fetching corpus: 4515, signal 174929/196937 (executing program) 2026/01/16 14:30:45 fetching corpus: 4565, signal 175484/197206 (executing program) 2026/01/16 14:30:45 fetching corpus: 4615, signal 176054/197477 (executing program) 2026/01/16 14:30:45 fetching corpus: 4665, signal 176517/197718 (executing program) 2026/01/16 14:30:45 fetching corpus: 4715, signal 177278/197955 (executing program) 2026/01/16 14:30:45 fetching corpus: 4763, signal 177795/198203 (executing program) 2026/01/16 14:30:46 fetching corpus: 4813, signal 178200/198411 (executing program) 2026/01/16 14:30:46 fetching corpus: 4863, signal 178612/198436 (executing program) 2026/01/16 14:30:46 fetching corpus: 4913, signal 179156/198436 (executing program) 2026/01/16 14:30:46 fetching corpus: 4963, signal 179676/198460 (executing program) 2026/01/16 14:30:46 fetching corpus: 5013, signal 180055/198460 (executing program) 2026/01/16 14:30:46 fetching corpus: 5063, signal 180620/198501 (executing program) 2026/01/16 14:30:46 fetching corpus: 5113, signal 180998/198502 (executing program) 2026/01/16 14:30:46 fetching corpus: 5163, signal 181617/198562 (executing program) 2026/01/16 14:30:47 fetching corpus: 5213, signal 182043/198575 (executing program) 2026/01/16 14:30:47 fetching corpus: 5263, signal 182349/198576 (executing program) 2026/01/16 14:30:47 fetching corpus: 5313, signal 182755/198587 (executing program) 2026/01/16 14:30:47 fetching corpus: 5363, signal 183121/198587 (executing program) 2026/01/16 14:30:47 fetching corpus: 5413, signal 183576/198601 (executing program) 2026/01/16 14:30:47 fetching corpus: 5463, signal 183834/198603 (executing program) 2026/01/16 14:30:47 fetching corpus: 5511, signal 184295/198620 (executing program) 2026/01/16 14:30:47 fetching corpus: 5561, signal 184851/198640 (executing program) 2026/01/16 14:30:47 fetching corpus: 5611, signal 185428/198647 (executing program) 2026/01/16 14:30:47 fetching corpus: 5661, signal 185823/198648 (executing program) 2026/01/16 14:30:48 fetching corpus: 5711, signal 186311/198648 (executing program) 2026/01/16 14:30:48 fetching corpus: 5760, signal 186578/198651 (executing program) 2026/01/16 14:30:48 fetching corpus: 5810, signal 187012/198658 (executing program) 2026/01/16 14:30:48 fetching corpus: 5859, signal 187449/198666 (executing program) 2026/01/16 14:30:48 fetching corpus: 5909, signal 187834/198666 (executing program) 2026/01/16 14:30:48 fetching corpus: 5958, signal 188182/198698 (executing program) 2026/01/16 14:30:48 fetching corpus: 6008, signal 188653/198725 (executing program) 2026/01/16 14:30:48 fetching corpus: 6057, signal 189055/198760 (executing program) 2026/01/16 14:30:48 fetching corpus: 6107, signal 189356/198780 (executing program) 2026/01/16 14:30:49 fetching corpus: 6157, signal 189626/198780 (executing program) 2026/01/16 14:30:49 fetching corpus: 6207, signal 190032/198781 (executing program) 2026/01/16 14:30:49 fetching corpus: 6257, signal 190416/198783 (executing program) 2026/01/16 14:30:49 fetching corpus: 6306, signal 190830/198823 (executing program) 2026/01/16 14:30:49 fetching corpus: 6356, signal 191336/198823 (executing program) 2026/01/16 14:30:49 fetching corpus: 6406, signal 191714/198823 (executing program) 2026/01/16 14:30:49 fetching corpus: 6456, signal 192140/198824 (executing program) 2026/01/16 14:30:49 fetching corpus: 6506, signal 192392/198835 (executing program) 2026/01/16 14:30:50 fetching corpus: 6556, signal 192789/198835 (executing program) 2026/01/16 14:30:50 fetching corpus: 6605, signal 193136/198850 (executing program) 2026/01/16 14:30:50 fetching corpus: 6654, signal 193450/198854 (executing program) 2026/01/16 14:30:50 fetching corpus: 6704, signal 193708/198859 (executing program) 2026/01/16 14:30:50 fetching corpus: 6753, signal 194052/198863 (executing program) 2026/01/16 14:30:50 fetching corpus: 6803, signal 194336/198868 (executing program) 2026/01/16 14:30:50 fetching corpus: 6851, signal 194766/198884 (executing program) 2026/01/16 14:30:50 fetching corpus: 6901, signal 195124/198887 (executing program) 2026/01/16 14:30:50 fetching corpus: 6951, signal 195565/198900 (executing program) 2026/01/16 14:30:51 fetching corpus: 7001, signal 195918/198908 (executing program) 2026/01/16 14:30:51 fetching corpus: 7049, signal 196310/198921 (executing program) 2026/01/16 14:30:51 fetching corpus: 7098, signal 196591/198941 (executing program) 2026/01/16 14:30:51 fetching corpus: 7148, signal 197019/198941 (executing program) 2026/01/16 14:30:51 fetching corpus: 7198, signal 197296/198941 (executing program) 2026/01/16 14:30:51 fetching corpus: 7248, signal 197632/198941 (executing program) 2026/01/16 14:30:51 fetching corpus: 7266, signal 197736/198941 (executing program) 2026/01/16 14:30:51 fetching corpus: 7266, signal 197736/198941 (executing program) 2026/01/16 14:30:53 starting 8 fuzzer processes 14:30:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x11}, {@val={0x8, 0x117}, @void}}}, 0x1c}}, 0x0) 14:30:53 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, 0x0) 14:30:53 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr/prev\x00') pread64(r0, 0x0, 0x0, 0x0) 14:30:53 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/attr/fscreate\x00', 0x2, 0x0) lseek(r0, 0x0, 0x0) [ 73.096014] audit: type=1400 audit(1768573853.783:7): avc: denied { execmem } for pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 14:30:53 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mlock(&(0x7f0000ff1000/0xf000)=nil, 0xf000) 14:30:53 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 14:30:53 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x10, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 14:30:53 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) bind$802154_dgram(r1, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r1, &(0x7f0000000000), 0x14) write$tun(r1, 0x0, 0x0) [ 74.245119] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.250644] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.254536] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.263969] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.268488] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.308693] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.312605] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.318570] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.330616] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.334885] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.379049] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.381411] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 74.384351] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 74.386317] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 74.387698] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.388805] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 74.390940] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 74.393158] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 74.394742] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 74.396204] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.400096] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 74.402746] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 74.404183] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.405399] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.409167] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.410944] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.443871] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.471747] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 74.472617] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.482666] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.483982] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 74.484532] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 74.485631] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.487048] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 74.491517] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 74.498817] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 74.502133] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 74.503522] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 74.522588] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 74.524132] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 76.338480] Bluetooth: hci0: command tx timeout [ 76.402392] Bluetooth: hci1: command tx timeout [ 76.466630] Bluetooth: hci3: command tx timeout [ 76.466668] Bluetooth: hci5: command tx timeout [ 76.531468] Bluetooth: hci2: command tx timeout [ 76.532009] Bluetooth: hci4: command tx timeout [ 76.593717] Bluetooth: hci6: command tx timeout [ 76.593858] Bluetooth: hci7: command tx timeout [ 78.385436] Bluetooth: hci0: command tx timeout [ 78.449440] Bluetooth: hci1: command tx timeout [ 78.513627] Bluetooth: hci5: command tx timeout [ 78.514391] Bluetooth: hci3: command tx timeout [ 78.577466] Bluetooth: hci4: command tx timeout [ 78.577487] Bluetooth: hci2: command tx timeout [ 78.641503] Bluetooth: hci6: command tx timeout [ 78.641558] Bluetooth: hci7: command tx timeout [ 80.434524] Bluetooth: hci0: command tx timeout [ 80.498399] Bluetooth: hci1: command tx timeout [ 80.561419] Bluetooth: hci3: command tx timeout [ 80.561446] Bluetooth: hci5: command tx timeout [ 80.626408] Bluetooth: hci4: command tx timeout [ 80.626426] Bluetooth: hci2: command tx timeout [ 80.689455] Bluetooth: hci7: command tx timeout [ 80.690387] Bluetooth: hci6: command tx timeout [ 82.481461] Bluetooth: hci0: command tx timeout [ 82.545458] Bluetooth: hci1: command tx timeout [ 82.609619] Bluetooth: hci3: command tx timeout [ 82.610662] Bluetooth: hci5: command tx timeout [ 82.673533] Bluetooth: hci4: command tx timeout [ 82.673814] Bluetooth: hci2: command tx timeout [ 82.737481] Bluetooth: hci6: command tx timeout [ 82.741434] Bluetooth: hci7: command tx timeout [ 110.196725] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.197432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.356319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.356966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 14:31:31 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/attr/fscreate\x00', 0x2, 0x0) lseek(r0, 0x0, 0x0) 14:31:31 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/attr/fscreate\x00', 0x2, 0x0) lseek(r0, 0x0, 0x0) 14:31:31 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/attr/fscreate\x00', 0x2, 0x0) lseek(r0, 0x0, 0x0) 14:31:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) close(r0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000400)=[{&(0x7f0000000040)=""/24, 0x18}, {0x0}, {&(0x7f00000004c0)=""/152, 0x98}], 0x3) [ 111.484545] audit: type=1400 audit(1768573892.172:8): avc: denied { open } for pid=3716 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.505622] audit: type=1400 audit(1768573892.173:9): avc: denied { kernel } for pid=3716 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.521104] audit: type=1400 audit(1768573892.197:10): avc: denied { read } for pid=3716 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 14:31:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) close(r0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000400)=[{&(0x7f0000000040)=""/24, 0x18}, {0x0}, {&(0x7f00000004c0)=""/152, 0x98}], 0x3) 14:31:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) close(r0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000400)=[{&(0x7f0000000040)=""/24, 0x18}, {0x0}, {&(0x7f00000004c0)=""/152, 0x98}], 0x3) 14:31:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) close(r0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000400)=[{&(0x7f0000000040)=""/24, 0x18}, {0x0}, {&(0x7f00000004c0)=""/152, 0x98}], 0x3) 14:31:32 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) [ 112.241131] audit: type=1400 audit(1768573892.929:11): avc: denied { write } for pid=3784 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 112.649623] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.650260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.723606] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.724224] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.801518] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.802111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.839255] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.839888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.926781] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.927472] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.042910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.043582] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.161402] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.162060] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.209320] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.211038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.323562] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.324259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.390245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.390893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.847428] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.848668] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.895191] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.895879] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.268405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.269772] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.308818] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.310098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 14:31:35 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 14:31:35 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr/prev\x00') pread64(r0, 0x0, 0x0, 0x0) 14:31:35 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 14:31:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, 0x0) 14:31:35 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x10, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 14:31:35 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) bind$802154_dgram(r1, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r1, &(0x7f0000000000), 0x14) write$tun(r1, 0x0, 0x0) 14:31:35 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mlock(&(0x7f0000ff1000/0xf000)=nil, 0xf000) 14:31:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x11}, {@val={0x8, 0x117}, @void}}}, 0x1c}}, 0x0) 14:31:35 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 14:31:35 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 14:31:35 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x10, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 14:31:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x11}, {@val={0x8, 0x117}, @void}}}, 0x1c}}, 0x0) 14:31:35 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) bind$802154_dgram(r1, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r1, &(0x7f0000000000), 0x14) write$tun(r1, 0x0, 0x0) 14:31:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, 0x0) 14:31:35 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr/prev\x00') pread64(r0, 0x0, 0x0, 0x0) 14:31:35 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mlock(&(0x7f0000ff1000/0xf000)=nil, 0xf000) 14:31:35 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 14:31:35 executing program 2: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 14:31:35 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x10, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 14:31:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x11}, {@val={0x8, 0x117}, @void}}}, 0x1c}}, 0x0) 14:31:35 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, 0x0) 14:31:35 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) bind$802154_dgram(r1, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r1, &(0x7f0000000000), 0x14) write$tun(r1, 0x0, 0x0) 14:31:35 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr/prev\x00') pread64(r0, 0x0, 0x0, 0x0) 14:31:35 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mlock(&(0x7f0000ff1000/0xf000)=nil, 0xf000) 14:31:35 executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) bind$802154_dgram(r1, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r1, &(0x7f0000000000), 0x14) write$tun(r1, 0x0, 0x0) 14:31:35 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr/prev\x00') pread64(r0, 0x0, 0x0, 0x0) 14:31:35 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 14:31:35 executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) bind$802154_dgram(r1, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r1, &(0x7f0000000000), 0x14) write$tun(r1, 0x0, 0x0) 14:31:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x4) close_range(0xffffffffffffffff, r0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) close_range(r0, r1, 0x0) mount$cgroup2(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000400), 0x18, 0x244480) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x8101, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x330f, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4bfa, 0x0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4) r4 = fork() ptrace(0x10, r4) ptrace(0x8, r4) 14:31:35 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr/prev\x00') pread64(r0, 0x0, 0x0, 0x0) 14:31:35 executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) bind$802154_dgram(r1, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r1, &(0x7f0000000000), 0x14) write$tun(r1, 0x0, 0x0) [ 115.086073] random: crng reseeded on system resumption 14:31:35 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) connect(r0, &(0x7f0000000000)=@in, 0x80) 14:31:35 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) [ 115.185890] random: crng reseeded on system resumption 14:31:35 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr/prev\x00') pread64(r0, 0x0, 0x0, 0x0) 14:31:35 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) ppoll(&(0x7f0000000040)=[{r0, 0x2006}, {r1, 0x2011}], 0x2, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)={[0x8]}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) syncfs(r2) 14:31:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x4) close_range(0xffffffffffffffff, r0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) close_range(r0, r1, 0x0) mount$cgroup2(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000400), 0x18, 0x244480) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x8101, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x330f, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4bfa, 0x0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4) r4 = fork() ptrace(0x10, r4) ptrace(0x8, r4) 14:31:35 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) connect(r0, &(0x7f0000000000)=@in, 0x80) [ 115.230486] [ 115.230666] ===================================== [ 115.231046] WARNING: bad unlock balance detected! [ 115.231424] 6.19.0-rc5-next-20260116 #1 Not tainted [ 115.231846] ------------------------------------- [ 115.232256] syz-executor.1/277 is trying to release lock (rcu_read_lock) at: [ 115.232810] [] __wait_on_freeing_inode+0x105/0x350 [ 115.233730] but there are no more locks to release! [ 115.234999] [ 115.234999] other info that might help us debug this: [ 115.236791] 4 locks held by syz-executor.1/277: [ 115.238497] #0: ffff88800f92c3f8 (sb_writers#3){.+.+}-{0:0}, at: filename_create+0xf7/0x400 [ 115.240897] #1: ffff888014122a00 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1b1/0x400 [ 115.241691] #2: ffff88800f618950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe32/0x12d0 [ 115.242419] #3: ffffffff85c16898 (inode_hash_lock){+.+.}-{3:3}, at: insert_inode_locked+0xf9/0x890 [ 115.243178] [ 115.243178] stack backtrace: [ 115.243540] CPU: 0 UID: 0 PID: 277 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 115.243554] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.243562] Call Trace: [ 115.243567] [ 115.243571] dump_stack_lvl+0xca/0x120 [ 115.243602] ? __wait_on_freeing_inode+0x105/0x350 [ 115.243616] print_unlock_imbalance_bug+0x118/0x130 [ 115.243631] ? __wait_on_freeing_inode+0x105/0x350 [ 115.243645] lock_release+0x1ee/0x270 [ 115.243660] __wait_on_freeing_inode+0x10a/0x350 [ 115.243675] ? __pfx___wait_on_freeing_inode+0x10/0x10 [ 115.243690] ? __pfx_var_wake_function+0x10/0x10 [ 115.243707] ? lock_is_held_type+0x9e/0x120 [ 115.243719] insert_inode_locked+0x25f/0x890 [ 115.243736] __ext4_new_inode+0x223d/0x4cd0 [ 115.243753] ? __pfx___ext4_new_inode+0x10/0x10 [ 115.243767] ? __pfx_avc_has_perm+0x10/0x10 [ 115.243781] ? __pfx___dquot_initialize+0x10/0x10 [ 115.243802] ext4_mkdir+0x331/0xb30 [ 115.243820] ? __pfx_ext4_mkdir+0x10/0x10 [ 115.243836] ? security_inode_permission+0x72/0xe0 [ 115.243849] vfs_mkdir+0x6d8/0xc00 [ 115.243865] filename_mkdirat+0x118/0x430 [ 115.243879] ? __pfx_filename_mkdirat+0x10/0x10 [ 115.243891] ? strncpy_from_user+0x21b/0x2f0 [ 115.243908] __x64_sys_mkdir+0x6e/0xd0 [ 115.243920] do_syscall_64+0xbf/0x420 [ 115.243933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.243946] RIP: 0033:0x7fee408d3c27 [ 115.243955] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.243966] RSP: 002b:00007ffdf9ad1508 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 115.243977] RAX: ffffffffffffffda RBX: 00007ffdf9ad1590 RCX: 00007fee408d3c27 [ 115.243984] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00007ffdf9ad1590 [ 115.243991] RBP: 00007ffdf9ad156c R08: 0000000000000000 R09: 0000000000000003 [ 115.243998] R10: 00007ffdf9ad12a7 R11: 0000000000000202 R12: 0000000000000032 [ 115.244006] R13: 000000000001c164 R14: 000000000000000e R15: 00007ffdf9ad15d0 [ 115.244016] [ 115.259921] ------------[ cut here ]------------ [ 115.260311] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x25f/0x5c0, CPU#0: syz-executor.1/277 [ 115.266239] Modules linked in: [ 115.266878] CPU: 0 UID: 0 PID: 277 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 115.267736] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.268443] RIP: 0010:__rcu_read_unlock+0x25f/0x5c0 [ 115.268919] Code: f2 02 00 00 c7 43 58 01 00 00 00 bf 09 00 00 00 e8 d6 b7 de ff 4d 85 f6 0f 84 73 fe ff ff e8 38 8a 20 00 fb e9 68 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 81 4d 74 03 e8 2c 5d 56 00 e9 [ 115.270444] RSP: 0018:ffff88801c62f9e0 EFLAGS: 00010286 [ 115.270878] RAX: 00000000ffffffff RBX: ffff888015911b80 RCX: ffffffff815660f7 [ 115.271497] RDX: 0000000000000000 RSI: ffffffff81566100 RDI: ffff888015911f7c [ 115.272077] RBP: ffff888015911b80 R08: 0000000000000000 R09: fffffbfff0ba7040 [ 115.272699] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888015911b80 [ 115.273267] R13: 0000000000000001 R14: ffffffff85c0e730 R15: ffff88804b513c48 [ 115.273882] FS: 000055557bb7c400(0000) GS:ffff8880e5342000(0000) knlGS:0000000000000000 [ 115.274569] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.275036] CR2: 00007ffdf9acfcc8 CR3: 000000000dd87000 CR4: 0000000000350ef0 [ 115.275645] Call Trace: [ 115.275886] [ 115.276570] __wait_on_freeing_inode+0x10f/0x350 [ 115.277233] ? __pfx___wait_on_freeing_inode+0x10/0x10 [ 115.278309] ? __pfx_var_wake_function+0x10/0x10 [ 115.279583] ? lock_is_held_type+0x9e/0x120 [ 115.280672] insert_inode_locked+0x25f/0x890 [ 115.282252] __ext4_new_inode+0x223d/0x4cd0 [ 115.284730] ? __pfx___ext4_new_inode+0x10/0x10 [ 115.285664] ? __pfx_avc_has_perm+0x10/0x10 [ 115.286278] ? __pfx___dquot_initialize+0x10/0x10 [ 115.288511] ext4_mkdir+0x331/0xb30 [ 115.290506] ? __pfx_ext4_mkdir+0x10/0x10 [ 115.291101] ? security_inode_permission+0x72/0xe0 [ 115.292740] vfs_mkdir+0x6d8/0xc00 [ 115.294079] filename_mkdirat+0x118/0x430 [ 115.295111] ? __pfx_filename_mkdirat+0x10/0x10 [ 115.295871] ? strncpy_from_user+0x21b/0x2f0 [ 115.298625] __x64_sys_mkdir+0x6e/0xd0 [ 115.299231] do_syscall_64+0xbf/0x420 [ 115.300918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.301595] RIP: 0033:0x7fee408d3c27 [ 115.301969] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.303497] RSP: 002b:00007ffdf9ad1508 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 115.304112] RAX: ffffffffffffffda RBX: 00007ffdf9ad1590 RCX: 00007fee408d3c27 [ 115.304732] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00007ffdf9ad1590 [ 115.305311] RBP: 00007ffdf9ad156c R08: 0000000000000000 R09: 0000000000000003 [ 115.315010] R10: 00007ffdf9ad12a7 R11: 0000000000000202 R12: 0000000000000032 [ 115.473615] R13: 000000000001c164 R14: 000000000000000e R15: 00007ffdf9ad15d0 [ 115.559639] [ 115.559878] irq event stamp: 176343 [ 115.560169] hardirqs last enabled at (176343): [] irqentry_exit+0x17b/0x650 [ 115.560966] hardirqs last disabled at (176342): [] sysvec_apic_timer_interrupt+0xf/0x80 [ 115.561834] softirqs last enabled at (176336): [] kernel_fpu_end+0x59/0x70 [ 115.562634] softirqs last disabled at (176334): [] kernel_fpu_begin_mask+0x1bb/0x300 [ 115.563486] ---[ end trace 0000000000000000 ]--- 14:31:36 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 14:31:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x4) close_range(0xffffffffffffffff, r0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) close_range(r0, r1, 0x0) mount$cgroup2(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000400), 0x18, 0x244480) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x8101, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x330f, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4bfa, 0x0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4) r4 = fork() ptrace(0x10, r4) ptrace(0x8, r4) 14:31:36 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) connect(r0, &(0x7f0000000000)=@in, 0x80) 14:31:36 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000280)={{0x3}}) 14:31:36 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syncfs(r0) 14:31:36 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) ppoll(&(0x7f0000000040)=[{r0, 0x2006}, {r1, 0x2011}], 0x2, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)={[0x8]}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) syncfs(r2) 14:31:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x4) close_range(0xffffffffffffffff, r0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) close_range(r0, r1, 0x0) mount$cgroup2(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000400), 0x18, 0x244480) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x8101, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x330f, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4bfa, 0x0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4) r4 = fork() ptrace(0x10, r4) ptrace(0x8, r4) 14:31:36 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x4) close_range(0xffffffffffffffff, r0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) close_range(r0, r1, 0x0) mount$cgroup2(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000400), 0x18, 0x244480) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x8101, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x330f, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4bfa, 0x0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4) r4 = fork() ptrace(0x10, r4) ptrace(0x8, r4) 14:31:36 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) connect(r0, &(0x7f0000000000)=@in, 0x80) 14:31:36 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000280)={{0x3}}) 14:31:36 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) ppoll(&(0x7f0000000040)=[{r0, 0x2006}, {r1, 0x2011}], 0x2, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)={[0x8]}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) syncfs(r2) 14:31:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x4) close_range(0xffffffffffffffff, r0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) close_range(r0, r1, 0x0) mount$cgroup2(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000400), 0x18, 0x244480) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x8101, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x330f, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4bfa, 0x0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4) r4 = fork() ptrace(0x10, r4) ptrace(0x8, r4) 14:31:36 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_mreqsrc(r1, 0x0, 0x0, 0x0, 0x0) 14:31:36 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000280)={{0x3}}) 14:31:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x4) close_range(0xffffffffffffffff, r0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) close_range(r0, r1, 0x0) mount$cgroup2(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000400), 0x18, 0x244480) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x8101, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x330f, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4bfa, 0x0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4) r4 = fork() ptrace(0x10, r4) ptrace(0x8, r4) 14:31:36 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x4) close_range(0xffffffffffffffff, r0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) close_range(r0, r1, 0x0) mount$cgroup2(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000400), 0x18, 0x244480) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x8101, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x330f, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4bfa, 0x0) setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4) r4 = fork() ptrace(0x10, r4) ptrace(0x8, r4) 14:31:36 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) ppoll(&(0x7f0000000040)=[{r0, 0x2006}, {r1, 0x2011}], 0x2, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)={[0x8]}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) syncfs(r2) 14:31:36 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syncfs(r0) 14:31:36 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) ppoll(&(0x7f0000000040)=[{r0, 0x2006}, {r1, 0x2011}], 0x2, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)={[0x8]}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) syncfs(r2) 14:31:36 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000280)={{0x3}}) [ 118.723866] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 118.726205] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 118.732211] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 118.736984] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 118.739936] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 120.754423] Bluetooth: hci3: command tx timeout [ 122.803188] Bluetooth: hci3: command tx timeout [ 124.849741] Bluetooth: hci3: command tx timeout VM DIAGNOSIS: 14:31:36 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82975135 RDI=ffffffff889c19e0 RBP=ffffffff889c19a0 RSP=ffff88801c62f4c8 R8 =0000000000000000 R9 =ffffed10013cf046 R10=0000000000000020 R11=3a3737322f312034 R12=0000000000000020 R13=0000000000000010 R14=ffffffff889c19a0 R15=ffffffff82975120 RIP=ffffffff8297518d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055557bb7c400 00000000 00000000 GS =0000 ffff8880e5342000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffdf9acfcc8 CR3=000000000dd87000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000003515b82db34ca11 XMM02=0000000000000000333bebdfd0a6a21d XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84d1a2ce RDX=fffffbfff0b82d11 RSI=0000000000000004 RDI=ffffffff85c16880 RBP=ffffffff85c16880 RSP=ffff88800f45fb40 R8 =0000000000000000 R9 =fffffbfff0b82d10 R10=ffffffff85c16883 R11=0000000000000000 R12=1ffff11001e8bf69 R13=0000000000000003 R14=fffffbfff0b82d10 R15=ffff88800f45fb78 RIP=ffffffff84d1a460 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555555c60400 00000000 00000000 GS =0000 ffff8880e5442000 00000000 00000000 LDT=0000 fffffe5300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d223000 CR3=000000001e85c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007fed741247c800007fed741247c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000