Warning: Permanently added '[localhost]:23662' (ECDSA) to the list of known hosts. 2025/08/29 09:13:07 fuzzer started 2025/08/29 09:13:08 dialing manager at localhost:43077 syzkaller login: [ 52.588580] cgroup: Unknown subsys name 'net' [ 52.613545] cgroup: Unknown subsys name 'cpuset' [ 52.625614] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:13:18 syscalls: 2214 2025/08/29 09:13:18 code coverage: enabled 2025/08/29 09:13:18 comparison tracing: enabled 2025/08/29 09:13:18 extra coverage: enabled 2025/08/29 09:13:18 setuid sandbox: enabled 2025/08/29 09:13:18 namespace sandbox: enabled 2025/08/29 09:13:18 Android sandbox: enabled 2025/08/29 09:13:18 fault injection: enabled 2025/08/29 09:13:18 leak checking: enabled 2025/08/29 09:13:18 net packet injection: enabled 2025/08/29 09:13:18 net device setup: enabled 2025/08/29 09:13:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:13:18 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:13:18 USB emulation: enabled 2025/08/29 09:13:18 hci packet injection: enabled 2025/08/29 09:13:18 wifi device emulation: enabled 2025/08/29 09:13:18 802.15.4 emulation: enabled 2025/08/29 09:13:18 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:13:18 fetching corpus: 38, signal 13251/16893 (executing program) 2025/08/29 09:13:18 fetching corpus: 86, signal 28196/33040 (executing program) 2025/08/29 09:13:18 fetching corpus: 135, signal 42013/47689 (executing program) 2025/08/29 09:13:19 fetching corpus: 185, signal 49232/55836 (executing program) 2025/08/29 09:13:19 fetching corpus: 235, signal 55526/62903 (executing program) 2025/08/29 09:13:19 fetching corpus: 285, signal 60408/68509 (executing program) 2025/08/29 09:13:19 fetching corpus: 335, signal 63383/72279 (executing program) 2025/08/29 09:13:19 fetching corpus: 385, signal 65778/75494 (executing program) 2025/08/29 09:13:19 fetching corpus: 435, signal 70703/80909 (executing program) 2025/08/29 09:13:19 fetching corpus: 485, signal 73649/84406 (executing program) 2025/08/29 09:13:19 fetching corpus: 535, signal 76548/87782 (executing program) 2025/08/29 09:13:19 fetching corpus: 585, signal 80248/91757 (executing program) 2025/08/29 09:13:20 fetching corpus: 635, signal 82836/94712 (executing program) 2025/08/29 09:13:20 fetching corpus: 685, signal 84876/97149 (executing program) 2025/08/29 09:13:20 fetching corpus: 735, signal 86701/99409 (executing program) 2025/08/29 09:13:20 fetching corpus: 785, signal 88690/101747 (executing program) 2025/08/29 09:13:20 fetching corpus: 835, signal 90339/103801 (executing program) 2025/08/29 09:13:20 fetching corpus: 885, signal 93267/106702 (executing program) 2025/08/29 09:13:20 fetching corpus: 935, signal 96831/110106 (executing program) 2025/08/29 09:13:20 fetching corpus: 985, signal 98400/111922 (executing program) 2025/08/29 09:13:21 fetching corpus: 1035, signal 100091/113698 (executing program) 2025/08/29 09:13:21 fetching corpus: 1085, signal 101456/115277 (executing program) 2025/08/29 09:13:21 fetching corpus: 1134, signal 102971/116888 (executing program) 2025/08/29 09:13:21 fetching corpus: 1184, signal 103858/118027 (executing program) 2025/08/29 09:13:21 fetching corpus: 1234, signal 105259/119488 (executing program) 2025/08/29 09:13:21 fetching corpus: 1283, signal 106188/120655 (executing program) 2025/08/29 09:13:21 fetching corpus: 1333, signal 107448/121910 (executing program) 2025/08/29 09:13:21 fetching corpus: 1383, signal 108473/123010 (executing program) 2025/08/29 09:13:21 fetching corpus: 1433, signal 110053/124409 (executing program) 2025/08/29 09:13:22 fetching corpus: 1483, signal 111872/126017 (executing program) 2025/08/29 09:13:22 fetching corpus: 1533, signal 113642/127509 (executing program) 2025/08/29 09:13:22 fetching corpus: 1582, signal 114628/128529 (executing program) 2025/08/29 09:13:22 fetching corpus: 1632, signal 115668/129457 (executing program) 2025/08/29 09:13:22 fetching corpus: 1682, signal 116730/130421 (executing program) 2025/08/29 09:13:22 fetching corpus: 1732, signal 117885/131410 (executing program) 2025/08/29 09:13:22 fetching corpus: 1782, signal 119022/132330 (executing program) 2025/08/29 09:13:22 fetching corpus: 1832, signal 120683/133503 (executing program) 2025/08/29 09:13:22 fetching corpus: 1882, signal 121977/134534 (executing program) 2025/08/29 09:13:23 fetching corpus: 1930, signal 122622/135154 (executing program) 2025/08/29 09:13:23 fetching corpus: 1980, signal 123498/135855 (executing program) 2025/08/29 09:13:23 fetching corpus: 2030, signal 124535/136554 (executing program) 2025/08/29 09:13:23 fetching corpus: 2080, signal 125918/137440 (executing program) 2025/08/29 09:13:23 fetching corpus: 2130, signal 126734/137977 (executing program) 2025/08/29 09:13:23 fetching corpus: 2180, signal 127475/138504 (executing program) 2025/08/29 09:13:23 fetching corpus: 2230, signal 128849/139244 (executing program) 2025/08/29 09:13:23 fetching corpus: 2279, signal 129748/139790 (executing program) 2025/08/29 09:13:23 fetching corpus: 2328, signal 130620/140297 (executing program) 2025/08/29 09:13:24 fetching corpus: 2377, signal 131151/140657 (executing program) 2025/08/29 09:13:24 fetching corpus: 2427, signal 132092/141106 (executing program) 2025/08/29 09:13:24 fetching corpus: 2477, signal 132879/141540 (executing program) 2025/08/29 09:13:24 fetching corpus: 2527, signal 133637/141913 (executing program) 2025/08/29 09:13:24 fetching corpus: 2577, signal 134141/142265 (executing program) 2025/08/29 09:13:24 fetching corpus: 2626, signal 134867/142599 (executing program) 2025/08/29 09:13:24 fetching corpus: 2675, signal 135699/143086 (executing program) 2025/08/29 09:13:24 fetching corpus: 2724, signal 136262/143376 (executing program) 2025/08/29 09:13:24 fetching corpus: 2774, signal 137167/143696 (executing program) 2025/08/29 09:13:25 fetching corpus: 2824, signal 138286/143987 (executing program) 2025/08/29 09:13:25 fetching corpus: 2874, signal 138822/144185 (executing program) 2025/08/29 09:13:25 fetching corpus: 2924, signal 139181/144369 (executing program) 2025/08/29 09:13:25 fetching corpus: 2974, signal 139768/144529 (executing program) 2025/08/29 09:13:25 fetching corpus: 3024, signal 140262/144682 (executing program) 2025/08/29 09:13:25 fetching corpus: 3074, signal 140762/144868 (executing program) 2025/08/29 09:13:25 fetching corpus: 3124, signal 141251/144994 (executing program) 2025/08/29 09:13:25 fetching corpus: 3173, signal 141829/145153 (executing program) 2025/08/29 09:13:25 fetching corpus: 3222, signal 142735/145309 (executing program) 2025/08/29 09:13:26 fetching corpus: 3272, signal 143170/145374 (executing program) 2025/08/29 09:13:26 fetching corpus: 3303, signal 143495/145445 (executing program) 2025/08/29 09:13:26 fetching corpus: 3303, signal 143496/145470 (executing program) 2025/08/29 09:13:26 fetching corpus: 3303, signal 143496/145500 (executing program) 2025/08/29 09:13:26 fetching corpus: 3303, signal 143496/145509 (executing program) 2025/08/29 09:13:26 fetching corpus: 3303, signal 143496/145509 (executing program) 2025/08/29 09:13:28 starting 8 fuzzer processes 09:13:28 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x0) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="f4", 0x1}], 0x1, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) 09:13:28 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_PID={0x8}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x30}}, 0x0) 09:13:28 executing program 1: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000240)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r3, @ANYBLOB="0a0004"], 0x34}}, 0x0) 09:13:28 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x3e, 0x0, &(0x7f00000018c0)) 09:13:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000800)=' ', 0x1, 0xa00001) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x9ffffd) 09:13:28 executing program 3: perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5435, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 09:13:28 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x15, 0x117}, @void}}}, 0x1c}}, 0x0) 09:13:28 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) io_submit(r1, 0x2, &(0x7f0000003f40)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="c41fc8df8e306a88296dc1454c1de06e0156618c150a161b5d391c17c7a06c29bed22099377ea0c7016a4b5107a4add21a22c780d656e5e7fda8236c9690c15a17aec72c33da656f652b75b6203bd78576e3e64acb159f5756db3d303754db1d33c9810378f6e61a8c7cf02f3c3e3101e937457fe6e32d2b6dca962f70fc8eb1536845e613c8f52f0bfbb17b4c879006c9665a87f975d7f87826", 0x9a, 0x0, 0x0, 0x1, r0}, 0x0]) [ 72.297390] audit: type=1400 audit(1756458808.730:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 73.479480] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.481625] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.483417] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.488357] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.490975] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.541864] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.543943] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.545852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.549216] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.551284] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.613207] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.616811] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.629124] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.633376] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.640210] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.684074] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.687208] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.688487] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.693195] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.696216] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 73.701528] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.703656] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.706915] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.711844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.722917] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 73.802657] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.804207] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 73.807439] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 73.814902] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 73.832093] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 73.833538] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 73.835700] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 73.838128] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 73.839612] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 73.850503] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 73.852353] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 73.858983] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 73.863961] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.865452] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 73.891495] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 75.513425] Bluetooth: hci0: command tx timeout [ 75.577781] Bluetooth: hci1: command tx timeout [ 75.703729] Bluetooth: hci2: command tx timeout [ 75.831846] Bluetooth: hci3: command tx timeout [ 75.831851] Bluetooth: hci4: command tx timeout [ 75.960730] Bluetooth: hci7: command tx timeout [ 76.023744] Bluetooth: hci6: command tx timeout [ 76.024342] Bluetooth: hci5: command tx timeout [ 77.559820] Bluetooth: hci0: command tx timeout [ 77.623834] Bluetooth: hci1: command tx timeout [ 77.753809] Bluetooth: hci2: command tx timeout [ 77.879720] Bluetooth: hci4: command tx timeout [ 77.879737] Bluetooth: hci3: command tx timeout [ 78.007869] Bluetooth: hci7: command tx timeout [ 78.071756] Bluetooth: hci5: command tx timeout [ 78.071772] Bluetooth: hci6: command tx timeout [ 79.608730] Bluetooth: hci0: command tx timeout [ 79.671869] Bluetooth: hci1: command tx timeout [ 79.800776] Bluetooth: hci2: command tx timeout [ 79.927724] Bluetooth: hci4: command tx timeout [ 79.927769] Bluetooth: hci3: command tx timeout [ 80.055826] Bluetooth: hci7: command tx timeout [ 80.119870] Bluetooth: hci6: command tx timeout [ 80.120309] Bluetooth: hci5: command tx timeout [ 81.656882] Bluetooth: hci0: command tx timeout [ 81.722722] Bluetooth: hci1: command tx timeout [ 81.847744] Bluetooth: hci2: command tx timeout [ 81.975737] Bluetooth: hci3: command tx timeout [ 81.976183] Bluetooth: hci4: command tx timeout [ 82.103811] Bluetooth: hci7: command tx timeout [ 82.168122] Bluetooth: hci5: command tx timeout [ 82.168156] Bluetooth: hci6: command tx timeout [ 111.354102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.354911] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.544909] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.545536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.905495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.906115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.015323] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.015990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.273032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.274235] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:14:08 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x17) mbind(&(0x7f0000872000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x1, 0x1) [ 112.361584] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.362257] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.365874] audit: type=1400 audit(1756458848.798:8): avc: denied { open } for pid=3812 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 112.384210] audit: type=1400 audit(1756458848.798:9): avc: denied { kernel } for pid=3812 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 112.391065] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.7'. [ 112.429395] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.7'. 09:14:08 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x17) mbind(&(0x7f0000872000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x1, 0x1) 09:14:08 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x15, 0x117}, @void}}}, 0x1c}}, 0x0) [ 112.586100] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.7'. 09:14:09 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x15, 0x117}, @void}}}, 0x1c}}, 0x0) 09:14:09 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x17) mbind(&(0x7f0000872000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x1, 0x1) [ 112.782387] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.7'. 09:14:09 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x15, 0x117}, @void}}}, 0x1c}}, 0x0) 09:14:09 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x17) mbind(&(0x7f0000872000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x1, 0x1) [ 113.024239] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.7'. 09:14:09 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xcc0c2, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4) madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15) madvise(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x1) mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0) [ 113.394431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.395395] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.487761] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.488539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.559938] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.560553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.577389] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.578091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.610762] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.611343] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.640855] audit: type=1400 audit(1756458850.073:10): avc: denied { map } for pid=3901 comm="syz-executor.0" path="pipe:[5443]" dev="pipefs" ino=5443 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 [ 113.664591] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.666959] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.724326] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.724956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.765960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.766561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.831328] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.832097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.871620] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.872217] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.878226] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 09:14:10 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x3e, 0x0, &(0x7f00000018c0)) 09:14:10 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xcc0c2, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4) madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15) madvise(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x1) mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0) 09:14:10 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000040)={0x7fffffff}) kcmp(0x0, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x2, 0x2, 0x8, 0x3, 0x4, 0xffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000001b00)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 09:14:10 executing program 3: perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5435, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 09:14:10 executing program 1: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000240)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r3, @ANYBLOB="0a0004"], 0x34}}, 0x0) 09:14:10 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x0) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="f4", 0x1}], 0x1, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) 09:14:10 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000800)=' ', 0x1, 0xa00001) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x9ffffd) 09:14:10 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) io_submit(r1, 0x2, &(0x7f0000003f40)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="c41fc8df8e306a88296dc1454c1de06e0156618c150a161b5d391c17c7a06c29bed22099377ea0c7016a4b5107a4add21a22c780d656e5e7fda8236c9690c15a17aec72c33da656f652b75b6203bd78576e3e64acb159f5756db3d303754db1d33c9810378f6e61a8c7cf02f3c3e3101e937457fe6e32d2b6dca962f70fc8eb1536845e613c8f52f0bfbb17b4c879006c9665a87f975d7f87826", 0x9a, 0x0, 0x0, 0x1, r0}, 0x0]) 09:14:10 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000800)=' ', 0x1, 0xa00001) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x9ffffd) [ 114.140535] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 09:14:11 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x3e, 0x0, &(0x7f00000018c0)) 09:14:11 executing program 3: perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5435, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 09:14:11 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) io_submit(r1, 0x2, &(0x7f0000003f40)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="c41fc8df8e306a88296dc1454c1de06e0156618c150a161b5d391c17c7a06c29bed22099377ea0c7016a4b5107a4add21a22c780d656e5e7fda8236c9690c15a17aec72c33da656f652b75b6203bd78576e3e64acb159f5756db3d303754db1d33c9810378f6e61a8c7cf02f3c3e3101e937457fe6e32d2b6dca962f70fc8eb1536845e613c8f52f0bfbb17b4c879006c9665a87f975d7f87826", 0x9a, 0x0, 0x0, 0x1, r0}, 0x0]) 09:14:11 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x0) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="f4", 0x1}], 0x1, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) 09:14:11 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xcc0c2, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4) madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15) madvise(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x1) mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0) 09:14:11 executing program 1: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000240)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r3, @ANYBLOB="0a0004"], 0x34}}, 0x0) 09:14:11 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000040)={0x7fffffff}) kcmp(0x0, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x2, 0x2, 0x8, 0x3, 0x4, 0xffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000001b00)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 09:14:11 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000800)=' ', 0x1, 0xa00001) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x9ffffd) 09:14:11 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x3e, 0x0, &(0x7f00000018c0)) 09:14:11 executing program 3: perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5435, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 115.049341] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 115.065746] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 115.066882] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.067625] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.070205] Tainted: [W]=WARN [ 115.070857] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.072518] Workqueue: ipv6_addrconf addrconf_dad_work [ 115.073484] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.074850] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.078147] RSP: 0018:ffff8880095ff680 EFLAGS: 00010212 [ 115.079092] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.080673] RDX: ffff8880095dd280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 115.081385] RBP: ffff8880095ff8f0 R08: ffff88806ce31340 R09: ffffe8ffffc16748 [ 115.082124] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.082850] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000 [ 115.083594] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 115.084421] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.085024] CR2: 00007ffee77bce78 CR3: 0000000040161000 CR4: 0000000000350ef0 [ 115.085751] Call Trace: [ 115.086019] [ 115.086263] ? __pfx_perf_tp_event+0x10/0x10 [ 115.086730] ? __asan_memcpy+0x3d/0x60 [ 115.087147] ? find_held_lock+0x2b/0x80 [ 115.087570] ? ip6_finish_output2+0x979/0x1aa0 [ 115.088057] ? lock_release+0xc8/0x290 [ 115.088481] ? __lock_acquire+0xc65/0x1b70 [ 115.088932] kmemleak: Found object by alias at 0x607f1a6397ec [ 115.088941] ? __pfx_fib6_clean_node+0x10/0x10 [ 115.088952] CPU: 1 UID: 0 PID: 3957 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.088971] Tainted: [W]=WARN [ 115.088975] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.088986] Call Trace: [ 115.088989] [ 115.088994] dump_stack_lvl+0xca/0x120 [ 115.089018] __lookup_object+0x94/0xb0 [ 115.089034] delete_object_full+0x27/0x70 [ 115.089049] free_percpu+0x30/0x1160 [ 115.089065] ? arch_uprobe_clear_state+0x16/0x140 [ 115.089083] futex_hash_free+0x38/0xc0 [ 115.089096] mmput+0x2d3/0x390 [ 115.089114] do_exit+0x79d/0x2970 [ 115.089127] ? signal_wake_up_state+0x85/0x120 [ 115.089142] ? zap_other_threads+0x2b9/0x3a0 [ 115.089156] ? __pfx_do_exit+0x10/0x10 [ 115.089168] ? do_group_exit+0x1c3/0x2a0 [ 115.089181] ? lock_release+0xc8/0x290 [ 115.089196] do_group_exit+0xd3/0x2a0 [ 115.089209] __x64_sys_exit_group+0x3e/0x50 [ 115.089222] x64_sys_call+0x18c5/0x18d0 [ 115.089237] do_syscall_64+0xbf/0x360 [ 115.089248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.089259] RIP: 0033:0x7fc3c9930b19 [ 115.089268] Code: Unable to access opcode bytes at 0x7fc3c9930aef. [ 115.089273] RSP: 002b:00007ffc90f02668 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 115.089284] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fc3c9930b19 [ 115.089291] RDX: 00007fc3c98e372b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 115.089299] RBP: 0000000000000000 R08: 0000001b2d827804 R09: 0000000000000000 [ 115.089305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 115.089312] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc90f02750 [ 115.089322] [ 115.089326] kmemleak: Object (percpu) 0x607f1a6397e8 (size 8): [ 115.089333] kmemleak: comm "syz-executor.5", pid 3963, jiffies 4294781947 [ 115.089340] kmemleak: min_count = 1 [ 115.089343] kmemleak: count = 0 [ 115.089347] kmemleak: flags = 0x21 [ 115.089351] kmemleak: checksum = 0 [ 115.089354] kmemleak: backtrace: [ 115.089358] pcpu_alloc_noprof+0x87a/0x1170 [ 115.089372] percpu_ref_init+0x37/0x400 [ 115.089391] ioctx_alloc+0x27f/0x1e10 [ 115.089403] __x64_sys_io_setup+0xc8/0x1f0 [ 115.089415] do_syscall_64+0xbf/0x360 [ 115.089423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.093973] kmemleak: Found object by alias at 0x607f1a63974c [ 115.093984] CPU: 1 UID: 0 PID: 3969 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.094000] Tainted: [W]=WARN [ 115.094004] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.094010] Call Trace: [ 115.094013] [ 115.094017] dump_stack_lvl+0xca/0x120 [ 115.094034] __lookup_object+0x94/0xb0 [ 115.094047] delete_object_full+0x27/0x70 [ 115.094062] free_percpu+0x30/0x1160 [ 115.094076] ? arch_uprobe_clear_state+0x16/0x140 [ 115.094092] futex_hash_free+0x38/0xc0 [ 115.094103] mmput+0x2d3/0x390 [ 115.094119] do_exit+0x79d/0x2970 [ 115.094131] ? signal_wake_up_state+0x85/0x120 [ 115.094145] ? zap_other_threads+0x2b9/0x3a0 [ 115.094159] ? __pfx_do_exit+0x10/0x10 [ 115.094171] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 115.094186] ? lock_release+0x1c7/0x290 [ 115.094199] do_group_exit+0xd3/0x2a0 [ 115.094213] __x64_sys_exit_group+0x3e/0x50 [ 115.094226] x64_sys_call+0x18c5/0x18d0 [ 115.094240] do_syscall_64+0xbf/0x360 [ 115.094249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.094260] RIP: 0033:0x7fcc77477b19 [ 115.094268] Code: Unable to access opcode bytes at 0x7fcc77477aef. [ 115.094273] RSP: 002b:00007ffe2b06fd18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 115.094283] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fcc77477b19 [ 115.094290] RDX: 00007fcc7742a72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 115.094297] RBP: 0000000000000000 R08: 0000001b2d5214cc R09: 0000000000000000 [ 115.094304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 115.094310] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe2b06fe00 [ 115.094320] [ 115.094324] kmemleak: Object (percpu) 0x607f1a639748 (size 8): [ 115.094330] kmemleak: comm "syz-executor.5", pid 3963, jiffies 4294781932 [ 115.094337] kmemleak: min_count = 1 [ 115.094340] kmemleak: count = 0 [ 115.094344] kmemleak: flags = 0x21 [ 115.094347] kmemleak: checksum = 0 [ 115.094351] kmemleak: backtrace: [ 115.094354] pcpu_alloc_noprof+0x87a/0x1170 [ 115.094368] perf_trace_event_init+0x366/0xa10 [ 115.094382] perf_trace_init+0x1a4/0x2f0 [ 115.094394] perf_tp_event_init+0xa6/0x120 [ 115.094410] perf_try_init_event+0x140/0x9f0 [ 115.094423] perf_event_alloc.part.0+0x118e/0x45f0 [ 115.094439] __do_sys_perf_event_open+0x719/0x2c20 [ 115.094452] do_syscall_64+0xbf/0x360 [ 115.094460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.134073] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.134569] perf_trace_run_bpf_submit+0xef/0x180 [ 115.135062] perf_trace_contention_begin+0x235/0x3e0 [ 115.135568] ? __local_bh_enable_ip+0x63/0x110 [ 115.136037] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 115.136600] ? lock_acquire+0x15e/0x2f0 [ 115.137015] ? addrconf_dad_work+0xf6/0x11a0 [ 115.137480] trace_contention_begin+0xae/0x110 [ 115.137956] __mutex_lock+0x14b/0x1020 [ 115.138363] ? addrconf_dad_work+0xf6/0x11a0 [ 115.138828] ? addrconf_dad_work+0xf6/0x11a0 [ 115.139311] ? look_up_lock_class+0x56/0x150 [ 115.139776] ? __pfx___mutex_lock+0x10/0x10 [ 115.140224] ? __lock_acquire+0xc65/0x1b70 [ 115.140660] addrconf_dad_work+0xf6/0x11a0 [ 115.141104] ? __pfx_addrconf_dad_work+0x10/0x10 [ 115.141594] ? lock_release+0xc8/0x290 [ 115.142007] process_one_work+0x8e1/0x19c0 [ 115.142447] ? __pfx_process_one_work+0x10/0x10 [ 115.142930] ? move_linked_works+0x172/0x270 [ 115.143408] ? assign_work+0x196/0x240 [ 115.143819] worker_thread+0x67e/0xe90 [ 115.144225] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 115.144763] ? __pfx_worker_thread+0x10/0x10 [ 115.145220] kthread+0x3c8/0x740 [ 115.145576] ? __pfx_kthread+0x10/0x10 [ 115.145981] ? ret_from_fork+0x23/0x430 [ 115.146402] ? lock_release+0xc8/0x290 [ 115.146808] ? __pfx_kthread+0x10/0x10 [ 115.147227] ret_from_fork+0x34b/0x430 [ 115.147639] ? __pfx_kthread+0x10/0x10 [ 115.148038] ret_from_fork_asm+0x1a/0x30 [ 115.148470] [ 115.148719] Modules linked in: [ 115.150559] ---[ end trace 0000000000000000 ]--- [ 115.152135] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.152629] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.154480] RSP: 0018:ffff8880095ff680 EFLAGS: 00010212 [ 115.155066] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.155850] RDX: ffff8880095dd280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 115.156577] RBP: ffff8880095ff8f0 R08: ffff88806ce31340 R09: ffffe8ffffc16748 [ 115.157301] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.158068] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000 [ 115.158812] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 115.159620] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.160283] CR2: 00007ffee77bce78 CR3: 0000000040161000 CR4: 0000000000350ef0 [ 115.161065] note: kworker/u8:0[12] exited with preempt_count 2 09:14:11 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x0) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="f4", 0x1}], 0x1, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) 09:14:11 executing program 1: syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000240)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r3, @ANYBLOB="0a0004"], 0x34}}, 0x0) [ 115.228795] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 09:14:12 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000040)={0x7fffffff}) kcmp(0x0, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x2, 0x2, 0x8, 0x3, 0x4, 0xffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000001b00)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 09:14:12 executing program 6: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000040)={0x7fffffff}) kcmp(0x0, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x2, 0x2, 0x8, 0x3, 0x4, 0xffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000001b00)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 09:14:12 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) io_submit(r1, 0x2, &(0x7f0000003f40)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="c41fc8df8e306a88296dc1454c1de06e0156618c150a161b5d391c17c7a06c29bed22099377ea0c7016a4b5107a4add21a22c780d656e5e7fda8236c9690c15a17aec72c33da656f652b75b6203bd78576e3e64acb159f5756db3d303754db1d33c9810378f6e61a8c7cf02f3c3e3101e937457fe6e32d2b6dca962f70fc8eb1536845e613c8f52f0bfbb17b4c879006c9665a87f975d7f87826", 0x9a, 0x0, 0x0, 0x1, r0}, 0x0]) 09:14:12 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) io_submit(r1, 0x2, &(0x7f0000003f40)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="c41fc8df8e306a88296dc1454c1de06e0156618c150a161b5d391c17c7a06c29bed22099377ea0c7016a4b5107a4add21a22c780d656e5e7fda8236c9690c15a17aec72c33da656f652b75b6203bd78576e3e64acb159f5756db3d303754db1d33c9810378f6e61a8c7cf02f3c3e3101e937457fe6e32d2b6dca962f70fc8eb1536845e613c8f52f0bfbb17b4c879006c9665a87f975d7f87826", 0x9a, 0x0, 0x0, 0x1, r0}, 0x0]) 09:14:12 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) io_submit(r1, 0x2, &(0x7f0000003f40)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="c41fc8df8e306a88296dc1454c1de06e0156618c150a161b5d391c17c7a06c29bed22099377ea0c7016a4b5107a4add21a22c780d656e5e7fda8236c9690c15a17aec72c33da656f652b75b6203bd78576e3e64acb159f5756db3d303754db1d33c9810378f6e61a8c7cf02f3c3e3101e937457fe6e32d2b6dca962f70fc8eb1536845e613c8f52f0bfbb17b4c879006c9665a87f975d7f87826", 0x9a, 0x0, 0x0, 0x1, r0}, 0x0]) 09:14:12 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xcc0c2, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4) madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15) madvise(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x1) mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0) 09:14:12 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000040)={0x7fffffff}) kcmp(0x0, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x2, 0x2, 0x8, 0x3, 0x4, 0xffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000001b00)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 09:14:12 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x0) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="f4", 0x1}], 0x1, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) 09:14:12 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x0) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="f4", 0x1}], 0x1, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) 09:14:12 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) io_submit(r1, 0x2, &(0x7f0000003f40)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="c41fc8df8e306a88296dc1454c1de06e0156618c150a161b5d391c17c7a06c29bed22099377ea0c7016a4b5107a4add21a22c780d656e5e7fda8236c9690c15a17aec72c33da656f652b75b6203bd78576e3e64acb159f5756db3d303754db1d33c9810378f6e61a8c7cf02f3c3e3101e937457fe6e32d2b6dca962f70fc8eb1536845e613c8f52f0bfbb17b4c879006c9665a87f975d7f87826", 0x9a, 0x0, 0x0, 0x1, r0}, 0x0]) 09:14:12 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xcc0c2, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4) madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15) madvise(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x1) mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0) [ 116.027105] kmemleak: Found object by alias at 0x607f1a6397ec [ 116.027125] CPU: 0 UID: 0 PID: 3996 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.027145] Tainted: [D]=DIE, [W]=WARN [ 116.027149] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.027156] Call Trace: [ 116.027159] [ 116.027164] dump_stack_lvl+0xca/0x120 [ 116.027187] __lookup_object+0x94/0xb0 [ 116.027202] delete_object_full+0x27/0x70 [ 116.027217] free_percpu+0x30/0x1160 [ 116.027233] ? arch_uprobe_clear_state+0x16/0x140 [ 116.027250] futex_hash_free+0x38/0xc0 [ 116.027263] mmput+0x2d3/0x390 [ 116.027280] do_exit+0x79d/0x2970 [ 116.027292] ? lock_acquire+0x18c/0x2f0 [ 116.027307] ? __pfx_do_exit+0x10/0x10 [ 116.027319] ? do_raw_spin_lock+0x123/0x260 [ 116.027338] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 116.027353] do_group_exit+0xd3/0x2a0 [ 116.027367] get_signal+0x2315/0x2340 [ 116.027384] ? put_task_stack+0xd2/0x240 [ 116.027395] ? __pfx_get_signal+0x10/0x10 [ 116.027411] ? __schedule+0xe91/0x3590 [ 116.027427] arch_do_signal_or_restart+0x80/0x790 [ 116.027443] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 116.027459] ? __x64_sys_futex+0x1c9/0x4d0 [ 116.027471] ? __x64_sys_futex+0x1d2/0x4d0 [ 116.027484] ? __pfx___x64_sys_futex+0x10/0x10 [ 116.027496] ? lock_mm_and_find_vma+0xaa/0x6f0 [ 116.027508] ? xfd_validate_state+0x55/0x180 [ 116.027526] exit_to_user_mode_loop+0x8b/0x110 [ 116.027538] do_syscall_64+0x2f7/0x360 [ 116.027548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.027560] RIP: 0033:0x7fc3c9930b19 [ 116.027568] Code: Unable to access opcode bytes at 0x7fc3c9930aef. [ 116.027573] RSP: 002b:00007fc3c6ea6218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 116.027584] RAX: 0000000000000001 RBX: 00007fc3c9a43f68 RCX: 00007fc3c9930b19 [ 116.027591] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc3c9a43f6c [ 116.027598] RBP: 00007fc3c9a43f60 R08: 0000000000000016 R09: 0000000000000000 [ 116.027605] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fc3c9a43f6c [ 116.027612] R13: 00007ffc90f0243f R14: 00007fc3c6ea6300 R15: 0000000000022000 [ 116.027622] [ 116.027626] kmemleak: Object (percpu) 0x607f1a6397e8 (size 8): [ 116.027632] kmemleak: comm "syz-executor.0", pid 3991, jiffies 4294782879 [ 116.027639] kmemleak: min_count = 1 [ 116.027642] kmemleak: count = 0 [ 116.027646] kmemleak: flags = 0x21 [ 116.027650] kmemleak: checksum = 0 [ 116.027653] kmemleak: backtrace: [ 116.027657] pcpu_alloc_noprof+0x87a/0x1170 [ 116.027671] percpu_ref_init+0x37/0x400 [ 116.027688] ioctx_alloc+0x27f/0x1e10 [ 116.027701] __x64_sys_io_setup+0xc8/0x1f0 [ 116.027712] do_syscall_64+0xbf/0x360 [ 116.027720] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:14:12 executing program 7: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 09:14:12 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x0) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="f4", 0x1}], 0x1, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) 09:14:13 executing program 7: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 09:14:13 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000040)={0x7fffffff}) kcmp(0x0, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x2, 0x2, 0x8, 0x3, 0x4, 0xffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000001b00)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 09:14:13 executing program 6: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000040)={0x7fffffff}) kcmp(0x0, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x2, 0x2, 0x8, 0x3, 0x4, 0xffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000001b00)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 09:14:13 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) io_submit(r1, 0x2, &(0x7f0000003f40)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="c41fc8df8e306a88296dc1454c1de06e0156618c150a161b5d391c17c7a06c29bed22099377ea0c7016a4b5107a4add21a22c780d656e5e7fda8236c9690c15a17aec72c33da656f652b75b6203bd78576e3e64acb159f5756db3d303754db1d33c9810378f6e61a8c7cf02f3c3e3101e937457fe6e32d2b6dca962f70fc8eb1536845e613c8f52f0bfbb17b4c879006c9665a87f975d7f87826", 0x9a, 0x0, 0x0, 0x1, r0}, 0x0]) 09:14:13 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:13 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000040)={0x7fffffff}) kcmp(0x0, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x2, 0x2, 0x8, 0x3, 0x4, 0xffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000001b00)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 09:14:13 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) io_submit(r1, 0x2, &(0x7f0000003f40)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="c41fc8df8e306a88296dc1454c1de06e0156618c150a161b5d391c17c7a06c29bed22099377ea0c7016a4b5107a4add21a22c780d656e5e7fda8236c9690c15a17aec72c33da656f652b75b6203bd78576e3e64acb159f5756db3d303754db1d33c9810378f6e61a8c7cf02f3c3e3101e937457fe6e32d2b6dca962f70fc8eb1536845e613c8f52f0bfbb17b4c879006c9665a87f975d7f87826", 0x9a, 0x0, 0x0, 0x1, r0}, 0x0]) 09:14:13 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xcc0c2, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4) madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15) madvise(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x1) mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0) 09:14:13 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xcc0c2, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x7, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4) madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15) madvise(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x1) mlock2(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0) 09:14:13 executing program 1: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 09:14:13 executing program 7: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) [ 116.990497] kmemleak: Found object by alias at 0x607f1a6397ec [ 116.990526] CPU: 1 UID: 0 PID: 4022 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.990564] Tainted: [D]=DIE, [W]=WARN [ 116.990573] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.990586] Call Trace: [ 116.990593] [ 116.990601] dump_stack_lvl+0xca/0x120 [ 116.990643] __lookup_object+0x94/0xb0 [ 116.990682] delete_object_full+0x27/0x70 [ 116.990712] free_percpu+0x30/0x1160 [ 116.990743] ? arch_uprobe_clear_state+0x16/0x140 [ 116.990778] futex_hash_free+0x38/0xc0 [ 116.990804] mmput+0x2d3/0x390 [ 116.990838] do_exit+0x79d/0x2970 [ 116.990865] ? __update_load_avg_se+0x428/0xa40 [ 116.990898] ? lock_release+0x1c7/0x290 [ 116.990924] ? __pfx_do_exit+0x10/0x10 [ 116.990949] ? do_raw_spin_lock+0x123/0x260 [ 116.990980] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 116.991013] do_group_exit+0xd3/0x2a0 [ 116.991051] get_signal+0x2315/0x2340 [ 116.991086] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 116.991113] ? __pfx_get_signal+0x10/0x10 [ 116.991146] ? __schedule+0xe91/0x3590 [ 116.991179] arch_do_signal_or_restart+0x80/0x790 [ 116.991211] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 116.991243] ? __x64_sys_futex+0x1c9/0x4d0 [ 116.991269] ? __x64_sys_futex+0x1d2/0x4d0 [ 116.991297] ? __pfx___x64_sys_futex+0x10/0x10 [ 116.991323] ? xfd_validate_state+0x55/0x180 [ 116.991359] exit_to_user_mode_loop+0x8b/0x110 [ 116.991382] do_syscall_64+0x2f7/0x360 [ 116.991403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.991427] RIP: 0033:0x7fc3c9930b19 [ 116.991443] Code: Unable to access opcode bytes at 0x7fc3c9930aef. [ 116.991453] RSP: 002b:00007fc3c6e85218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 116.991476] RAX: 0000000000000001 RBX: 00007fc3c9a44028 RCX: 00007fc3c9930b19 [ 116.991491] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc3c9a4402c [ 116.991505] RBP: 00007fc3c9a44020 R08: 000000000000000e R09: 0000000000000000 [ 116.991519] R10: 000000000000000d R11: 0000000000000246 R12: 00007fc3c9a4402c [ 116.991533] R13: 00007ffc90f0243f R14: 00007fc3c6e85300 R15: 0000000000022000 [ 116.991555] [ 116.991562] kmemleak: Object (percpu) 0x607f1a6397e8 (size 8): [ 116.991575] kmemleak: comm "syz-executor.2", pid 4017, jiffies 4294783793 [ 116.991590] kmemleak: min_count = 1 [ 116.991597] kmemleak: count = 0 [ 116.991605] kmemleak: flags = 0x21 [ 116.991612] kmemleak: checksum = 0 [ 116.991619] kmemleak: backtrace: [ 116.991626] pcpu_alloc_noprof+0x87a/0x1170 [ 116.991656] alloc_vfsmnt+0x135/0x6e0 [ 116.991682] vfs_create_mount.part.0+0x40/0x440 [ 116.991711] path_mount+0x1637/0x1dd0 [ 116.991734] __x64_sys_mount+0x27b/0x300 [ 116.991756] do_syscall_64+0xbf/0x360 [ 116.991773] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:14:13 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:13 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) io_submit(r1, 0x2, &(0x7f0000003f40)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f00000003c0)="c41fc8df8e306a88296dc1454c1de06e0156618c150a161b5d391c17c7a06c29bed22099377ea0c7016a4b5107a4add21a22c780d656e5e7fda8236c9690c15a17aec72c33da656f652b75b6203bd78576e3e64acb159f5756db3d303754db1d33c9810378f6e61a8c7cf02f3c3e3101e937457fe6e32d2b6dca962f70fc8eb1536845e613c8f52f0bfbb17b4c879006c9665a87f975d7f87826", 0x9a, 0x0, 0x0, 0x1, r0}, 0x0]) 09:14:13 executing program 1: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 09:14:13 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:13 executing program 7: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) [ 117.189289] kmemleak: Found object by alias at 0x607f1a6397ec [ 117.189317] CPU: 1 UID: 0 PID: 4031 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.189352] Tainted: [D]=DIE, [W]=WARN [ 117.189359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.189371] Call Trace: [ 117.189378] [ 117.189385] dump_stack_lvl+0xca/0x120 [ 117.189423] __lookup_object+0x94/0xb0 [ 117.189451] delete_object_full+0x27/0x70 [ 117.189478] free_percpu+0x30/0x1160 [ 117.189506] ? arch_uprobe_clear_state+0x16/0x140 [ 117.189538] futex_hash_free+0x38/0xc0 [ 117.189562] mmput+0x2d3/0x390 [ 117.189593] do_exit+0x79d/0x2970 [ 117.189616] ? signal_wake_up_state+0x85/0x120 [ 117.189643] ? zap_other_threads+0x2b9/0x3a0 [ 117.189677] ? __pfx_do_exit+0x10/0x10 [ 117.189699] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.189728] ? lock_release+0x1c7/0x290 [ 117.189753] do_group_exit+0xd3/0x2a0 [ 117.189778] __x64_sys_exit_group+0x3e/0x50 [ 117.189803] x64_sys_call+0x18c5/0x18d0 [ 117.189830] do_syscall_64+0xbf/0x360 [ 117.189849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.189869] RIP: 0033:0x7fc3c9930b19 [ 117.189885] Code: Unable to access opcode bytes at 0x7fc3c9930aef. [ 117.189894] RSP: 002b:00007ffc90f02668 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 117.189914] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fc3c9930b19 [ 117.189928] RDX: 00007fc3c98e372b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 117.189941] RBP: 0000000000000000 R08: 0000001b2d82c7dc R09: 0000000000000000 [ 117.189954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.189966] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc90f02750 [ 117.189985] [ 117.189992] kmemleak: Object (percpu) 0x607f1a6397e8 (size 8): [ 117.190004] kmemleak: comm "syz-executor.2", pid 4032, jiffies 4294784016 [ 117.190017] kmemleak: min_count = 1 [ 117.190024] kmemleak: count = 0 [ 117.190030] kmemleak: flags = 0x21 [ 117.190037] kmemleak: checksum = 0 [ 117.190044] kmemleak: backtrace: [ 117.190050] pcpu_alloc_noprof+0x87a/0x1170 [ 117.190077] alloc_vfsmnt+0x135/0x6e0 [ 117.190100] vfs_create_mount.part.0+0x40/0x440 [ 117.190127] path_mount+0x1637/0x1dd0 [ 117.190147] __x64_sys_mount+0x27b/0x300 [ 117.190167] do_syscall_64+0xbf/0x360 [ 117.190183] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:14:14 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000040)={0x7fffffff}) kcmp(0x0, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x2, 0x2, 0x8, 0x3, 0x4, 0xffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000001b00)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 09:14:14 executing program 6: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000040)={0x7fffffff}) kcmp(0x0, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x2, 0x2, 0x8, 0x3, 0x4, 0xffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000001b00)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 09:14:14 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 0: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 1: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 09:14:14 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 5: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 0: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 1: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 09:14:14 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x28, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000200000006000000000008000080000020000000e2f4655fe2f4655f0100ffff53ef010001000000e2f4655f000000000000000001000000000000000b0000000001000008000000d2420100128300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e30323537333639353800"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000009b94b11e46934f5489a26265ae170793010040000c00000000000000e2f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000005900000000000000", 0x40, 0x540}, {&(0x7f0000010300)="0300000004000000000000000000000000000000010400"/32, 0x20, 0x640}, {&(0x7f0000010400)="02000000030000000400000016000f000300040000000000000000000f00c5d7", 0x20, 0x1000}, {&(0x7f0000010500)="ff030000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000e2f4655fe2f4655fe2f4655f00"/8224, 0x2020, 0x2000}, {&(0x7f0000012600)="ed41000000100000e2f4655fe2f4655fe2f4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x4100}, {&(0x7f0000012700)="20000000b4253260b425326000000000e2f4655f00"/32, 0x20, 0x4180}, {&(0x7f0000012800)="8081000000180000e2f4655fe2f4655fe2f4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030000000", 0x40, 0x4200}, {&(0x7f0000012900)="20000000000000000000000000000000e2f4655f00"/32, 0x20, 0x4280}, {&(0x7f0000012a00)="8081000000180000e2f4655fe2f4655fe2f4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000040000000", 0x40, 0x4300}, {&(0x7f0000012b00)="20000000000000000000000000000000e2f4655f00"/32, 0x20, 0x4380}, {&(0x7f0000012c00)="c041000000400000e2f4655fe2f4655fe2f4655f00000000000002008000000000000800000000000af301000400000000000000000000000400000020000000", 0x40, 0x4a00}, {&(0x7f0000012d00)="20000000000000000000000000000000e2f4655f00"/32, 0x20, 0x4a80}, {&(0x7f0000012e00)="ed41000000100000e2f4655fe2f4655fe2f4655f00000000000002008000000000000800030000000af3010004000000000000000000000001000000500000000000000000000000000000000000000000000000000000000000000000000000000000005bcc129100000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x4b00}, {&(0x7f0000012f00)="ed8100001a040000e2f4655fe2f4655fe2f4655f00000000000001008000000000000800010000000af3010004000000000000000000000001000000600000000000000000000000000000000000000000000000000000000000000000000000000000005f43fa2400000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x4c00}, {&(0x7f0000013000)="ffa1000026000000e2f4655fe2f4655fe2f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3032353733363935382f66696c65302f66696c6530000000000000000000000000000000000000000000006561281700000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x4d00}, {&(0x7f0000013100)="ed8100000a000000e2f4655fe2f4655fe2f4655f00000000000001008000000000000800010000000af3010004000000000000000000000001000000700000000000000000000000000000000000000000000000000000000000000000000000000000002a20390700000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000000002ea06015400000000000600000000000000786174747231000006014c0000000000060000000000000078617474723200000000000000000000000000000000000000000000000000000000000078617474723200007861747472310000ed81000028230000e2f4655fe2f4655fe2f4655f00000000000002008000000000000800010000000af30100040000000000000000000000030000008000000002000000010000008200000002000000018000008200000000000000000000000000000033142f1800000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0x1a0, 0x4e00}, {&(0x7f0000013300)="ed81000064000000e2f4655fe2f4655fe2f4655f00000000000001008000000000000800010000000af301000400000000000000000000000100000090000000000000000000000000000000000000000000000000000000000000000000000000000000eaaaeb6900000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x5000}, {&(0x7f0000013400)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c653300000011000000940f090166696c652e636f6c64000000", 0x80, 0x10000}, {&(0x7f0000013500)="0b0000000c0001022e00000002000000f40f02022e2e00"/32, 0x20, 0x20000}, {&(0x7f0000013600)="00000000001000"/32, 0x20, 0x21000}, {&(0x7f0000013700)="00000000001000"/32, 0x20, 0x22000}, {&(0x7f0000013800)="00000000001000"/32, 0x20, 0x23000}, {&(0x7f0000013900)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x30000}, {&(0x7f0000013a00)="0200"/32, 0x20, 0x30400}, {&(0x7f0000013b00)="0300"/32, 0x20, 0x30800}, {&(0x7f0000013c00)="0400"/32, 0x20, 0x30c00}, {&(0x7f0000013d00)="0500"/32, 0x20, 0x31000}, {&(0x7f0000013e00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000700"/96, 0x60, 0x31400}, {&(0x7f0000013f00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x40000}, {&(0x7f0000014000)="0200"/32, 0x20, 0x40400}, {&(0x7f0000014100)="0300"/32, 0x20, 0x40800}, {&(0x7f0000014200)="0400"/32, 0x20, 0x40c00}, {&(0x7f0000014300)="0500"/32, 0x20, 0x41000}, {&(0x7f0000014400)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000700"/96, 0x60, 0x41400}, {&(0x7f0000014500)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d80f050766696c653100"/64, 0x40, 0x50000}, {&(0x7f0000014600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x60000}, {&(0x7f0000014b00)='syzkallers\x00'/32, 0x20, 0x70000}, {&(0x7f0000014c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x90000}], 0x0, &(0x7f0000014d00)) 09:14:14 executing program 5: madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x7000000) 09:14:14 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) [ 118.132628] loop2: detected capacity change from 0 to 4096 09:14:14 executing program 0: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r0, &(0x7f0000000200)='./file0\x00') readlink(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240)=""/207, 0xcf) readlink(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)=""/170, 0xaa) 09:14:14 executing program 1: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) [ 118.174272] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.320328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. 09:14:15 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)=[{0x0}, {0x0}], 0x2, &(0x7f0000001080)=[{0x30, 0x0, 0x0, "70f465934afdfbb8673dc99edeb850471b0eb3f676939727c1"}, {0x1010, 0x0, 0x0, "17b461cc7566c0f2847678d5e43635d591f23865f6fa3f70bcd9a190e34bc1aca19f99d2f44d6a2ea4705f98bdcd440ce55bc8f367d3690a490c9f37f4e2ef040a3cb8d945485a178c8561abb1adf4036e4334efd954aff0d1c733394953ada0cae8f07249737df70e3123fc09a51a8ed90e14fba20795396ad64648325acb9380659b8db2e95eba65f5659f8bcae800ec2f1f58bc80f460a3076479212f6344b5b6bdde90ca7c06277e5d0a9eb111234cb5aeebd2c9fa82b0c21fa0f1b96e854def281a18ee642f68b62791fa918b2dcdf592ea383dc9d8f999cf169ae7177b64483a468076357c0abb913144bd837c982d6a79b35f8a1d1ae3d14aae682aaadb0453812fc46369160845fc423fde882c22ade3a5754804ca68e565232b7f1f246b16574cd56d13b3f891231dd6e49c2a8c303a762c003dd9274d23a48e39d152608560d2dbab86bbd5a2aeb0c592158f1eccf83781c2307ce66bc51fa186bb71e5612452ba263640d85bca935575d7ebfaf358567ae9a8be13c2ea6b3ac086254e544d79d0c19691c6c14613cbe8629b5576eae74d2d35be2b20148b224078129b30ce01441c25a04ea9e9ee8cf627ccb4228c452d3a1037ba206f5c29444cbf4e36e034255cb3a8af562b30a0a4f17bd367afec0545eb1a7ee5b53039bda9b916cc9c6c9a91037602a01f9f7ed7572efa3295b8f5a26eee786bc3cf2fdbe2525466e1698ad9ef8fed9701e36cbecfc653b395eab91377d24f6b384b49c63c63bc37db97f67bb338be6dc7fe8ffbc2973a1d0466a66bf52ece688588b120e298e2f46e03140bb98d20425cd69a04cc6879220a257fa12910c18dbb6df47ea9c9f1ea415ff87446a6f5bb4ffb557618ada94b581e922ae30fe2683f155401167684cde8a5c1a88e181dab7fb8af47a6e1ed41bc21e2db0ba231feb62803cff29f542ebc324165baba1fd6d1c18026aebc468b0a22b035eeedd388f23d9c2cc110bd266cffc32549415bb6291477b81e5ad349d9e8ca5ec789eff78986fb34245617611a994abfaae17f1d707f1839a9d9d96f881c60fa350ada7bc14e03c28c0decd8c25f35fbcaec4b820975e1532798003f39aa640d89b1ae8e89ba52f20bbfef6ecc844ee87c2ef9e165cad7779432f6a66f1861cf744d08d407af150a600ad2809e7b9c2376b0c000ad420c2db910035ba7cd8e31259c5e6af0c40144e0d1bcfb52ce89e8b83256bed0fa4c7cabcc77d490b6a8fc3eaf8c5bde7b7b749b83c400972e8ba5dedba0068516faf12ca3a6bf4415a6fe81b566404f0ef1819907664e1497cc6996e045dfaf7cbb185e116b4c663df471e1a026e5f573483b97941e6bddc449e676c6499e1b47b27317bc04157de6e86be45c04462264d5fedd6caf21c2aaaa60f08e4a350a546e5ecf7acc014967c77f7dd50194a993bf914c450aa770cd39869a84b4c46a4d452a8f4130781ef09a4533850dbbdf33ba2d1376cfe1735e0717b63808dabe295f436ddf269e5ad1c93a03fb13af119e878031aafe92120aaa654577ee287486866d395a3d6739931e0b11ef1b83cfdc1def7f0d76e4c532a67dc01334604e5d82d10a348551e60be200bb079d8e091ac189e06804526c87325b35fd1d53596d763e0bd5a1c8673e9a80d4ac44268f3637dd890f9714c25820608ca2f7c317ea12beea132971739338f679586e004da3fb65e14ffcacab5fb13b18d75b76e14ae961e941df768a6fef2cf6592f88b36f49c8ea9c89ecba3e8f7784010784fed2ab7cdfcbae6b43a585b503218c015e0d2361fd23a989338bcc813a9dacd35629b96d4e93d014ca210227736e0ca6020779063a4c679c78e116e3878e3b37d057ecd888e7bfa8c93ebccea0a52f9260b95d849a85404038a591741b8319842e2ad831590b1987af7305e07020f3af767748137b253300c76e8fe9f85d7225f8b02f4588804daf8e293f2f2f6fa1be1ba04f8e90faa252d634f45f2fb5e90258e09155bbd60e746bce56a7a93ed224026f78d749de553f430461113194acf1699c63f0ed8c6b3fe1518a46fceb0de887182ff390a60e7b3ffd7cf028cf163efa9920a63258238c63535cf0eaa5333af15dbf84e4ad4277a51615cd08975fb49fad60756c915bcd01603d112ceb415792f0534483461ac202100e1c9648013c7d1a268172697010c628fcae216082a1469f6550026cfeaed9130879edbc0c27eeb47a91c33e62e583614dfa3f8bd55e9ba555c94537098253739eac5cebda3ae6cf182dfe678689a8ff250e4a1d17c317eebc257663b38a54e8fa9f6424e55efdbca1d854ab9e52f061b3c26e05185158b2de43bb5761c10d9541f56838495fe77ae4bd6db799fd24a06ff75a4364fba1e061c200ba69217e15339b1e976646ab89dcb13187458ed2620f72004c187cce868be3fe6370307188ce4b5a314b5b4509ea392715f8f58722fd37f8c55e2058bc23000e36ab901396af91ee07f88da7689bcb5a8575a9b63f97e9794cbeeeebd68aea8503a51e2622c0cab323ae5942a5af3e58adb78e553b06887504484fdf788008d06e161b6f786415867dd663ec30004e92e1e3891dc93fffd21c45c097387d652d4c2b1c2412d8d1fb470fd33046223495f3a34c27d829a1cee9ed39480a311651a8f0ba1474815fabf6f06decd05c0ab847787dab570f6e0e70cae76577c3dc25bc48163306443a51aa3ce8a8448b662a7a002bffca64e29a98caaa1945fe7e42aef8d1a2b5148a7a73c793267a11bace1a41199583f6a4bc1247ddbdf49c58d765870cfd624b07d07371112dfecc13634c13ff5ab0b8fdbafcef66fc95987b33ca67ce2a7b812dece2c7b600ea11ded61daa165e693d58d0c02cfbfc203fe5a9afc4b9ae1750c87d263e278a4fc67876f042876fb169bdb5c00c357171983fe46728f68bd22c2e588b4343e8ff1fb261f4fb7a6fcb694fbbb9b7c8c0abb5e4fbd459889f3296489731d1e46ef8aee9f6881a2d7d612304bc3d9fa2c4848ba57aafb6a55c36f5c0eacf256a546e8ca47fc1b8b6e21123a2c02e97370c52215e77b7f55191b4d0fd2a1b98b99ce009861b87a1cb77810084c62708d88efe0ed19e33fc539f9e77c0cd75d2b17a3273fde5c938a0d1c7c35ea79236de82e29f881e81a496028f235ac8a17044995fccf00375b7776eb025b90ce8c4cac40b41876bc50d20959ba62035045cd7e1e0530632cdc78b6e9973db7050dd699762ad1199403f292c92055cf03606d884d9d1716cef3e971bbd8a511496a20cae1632c5dbe721b4103efcc3ef011c523f5cabc055dd5caf19880925f4b7ac9bff0cff2de90c850e101e5d5756b3465f305c770f6a717e0fc7361b10955520bdbaf9e233ed9ca7414f3e2cd7286b96e14773c2e352323d0ce162bf6ac4331e05e3d4765d1396dd282f4727a91f969184670da0b3405a40131ad0b3a31970db2ff11a4536d346a4c5de4f53fccbd6fa391eb032a4c54180242bc93f45a9bbaf1abbab49c5a5d5834c1552276f5498ff23afdeed57d096fe50ee11fd32ca9389d6bc5c3cf1ac4c8beb7eb2eb776449d16d0f4f726c026bf00debf97e41b900af761ddf5e95b42b9e6a408324ed4f37e404e3a91c7b2cdb5ad4ac2236c26e3713c4cc2131a8d6f3fb3bf967c55ac486a7d00b7a2a9611eee67c65c83bb7bfde6818e7d7d7df8bbcac862b9ab6f607bc6ead8611ead64b9322e3784d762d1783af437f6f4120be2e2b2c2718fe9937d37dab0c817159242f2416f2b8fce19834a00853e0b3a74a7b29c8de0e9117f6087607040286d7510e104cf39896e263d75f52301cf19c889ae3e046b1194ad4eb5549289f033bbfee74222702540f396b78bfbdaa56ad537be7dc5a21892a15cf2503894750c8865d8c665e38f4e79eeccf0c76d13d640fc5e89004be0f284d624c25b6c5e357794e17036c7f37b29e6c215f6b1d2110a0ffbe90ab63ba4cb68bb129a890dd445feccb6f3104e2cc7f861666e682313bfcd0725c64d07cff63df7cac249812351e8d6b6aec1e21d24388516bdb4c01965b1e0f7c180be971bc1cb649f83add0aac52481a1f9e762647e525050f332384178abd4e767eaa67631e5b341d51e0ad0ffdc647eab169132fdae02bc23f464d4145e33454ef7cebe3b587e064fea00885a62b4251e83385cea2a47613042f6fe3d61d206a51efed96aa368faea72b5c0e06a9aa1762c2aea0f5a810430ad2f1d7662fc36053d97d7bd04cbf32808da9df9188c93f198b4e5d33d408d7ffa4635e6486bbad86e2147e2f71371916857dbf50d90360b861299929923e3ffcfcb69e1d13f653bf7b028898a5400f9ec1e7522023ea59eba9640766a66cd5f155821ae239e0c2597437647faac644d3da01d1fb21606e62024792ecb63809608abe81a979e91dd895851c14f660bb4db904014c2cfb75964ca2716c92d32957d092354abd899e448cc55d2be908ae2bae4f60715f6970ad40189e77e228554ffab7a00b39bfaeb00c2d9ad7aaeca5edd6573c28c248fc90a73cca4ccd6eb73cdd2bc5312d56dc07de3b413c4f2a88fedb7b0306ba966ee17e077046edb6ffefc7ea8a3933d1c316fbf9821da1b591b464f620fc7c227c5d3572b21bd89fa0e628d824085966d7d1318156d33bd90b5dd6f6726eb07954436845ebdd82a1530bb30d17a2301fb47a033614ee72badd4337bba5133f3bf8a7cfb56d015863ea664b156339fd7e0ce215be332d692fb426badce0a6499819b6401223348c20978238eac7ba8b251f7d8b4faadf126dfeedb8030c99ade568548a33f13d74627edc5e5903c0dcd75e2fe2032e23963a63069b2f7f00baee8d80100c4c7491d08be067ab20d2cdc43aecaca4f81a2407c0688418450b7525decf824fb6eb428538a78331764ba4da54e60263588195c6a99546897e0d4c4df5522d252167425e5dac82f306c05431141848e225cc7a0a08e09dd7e851811d832c2a2bd4634964f5d801a53c0430d112f949182739fc3d9d40eead7f504aab4e0b570023fa4a4edd3bcdbacd8f8f1bcb4330ffef226d30487f67c214c14d48817628a32cbdffb5c5b0340f21d4d7a08ed2244a85bac08ae3780f2ba6eb023c98973172f20736402e598919406662f71efccbbf42946ba6371dfff73aa1bdecde81a625783c1d5169faa45720208f00a5e45613cc977e840140c4b07927ab36c30793e969d48f6b2cb989b612b9e17c4802b7758bf63ad6a466e238a641323c273c343f91ae532e684b2606c2bef592fd74559e64ac4cfdd3f2ab847da2471970a18873d0ea54bf1d79287bd43b96ea9181188b500b70f08a0cfbe265662ac5df5531e75907f5d05a02973ee2211030cd8f59c4027e4fee51cb303dcdfe4d2d61b9351464f4a7b4797b6cb3deaca627b32c46993d7324d34db9b6d1c08826fefd494aa145ddd96c20106af2fb4792105e7d70aac1ce72916a29a6550b9ef754fdc444d6665e5a61710c5034340051da0dc91887462de0419e054ffb88f1e0b63a8741b79cc436bfb2ea2b17996bc07166e1b8bb13ebf7fa94a1b5496a605b88a7759ac41424fa68ea4c5527e976a6b719d8c6c717d2044492e6956a5c5b51fb338814dba91816d258dc50aaf3326752b9b38cde1fa31b511b214e33a070a45ee688a747dcd80fcada314baf455a7aa64953a4b6976625b8c6b9a9a77c8e2a246aa18d64ffe2dbfbd0f1b71cb5332a64b28cf92a017d0fb638de1bdc4a5846ef0050df0fb044"}, {0x60, 0x107, 0x0, "bf05ebc12afa9b79e15167007fd1827fd0adbc9214b93b17462c706ec0e8e14cbde752437d65163c88a8440d0a3268696ccfe35a3c70094d46dc6c0f629bf8a15fb9cf847eac9fe565"}, {0xf58, 0x0, 0x0, "afdee0f978fc12ecb33e4e4a4bb8ce4d13339d1bffd6d0be526ff7ff48577014be4def58d48b4bb01f45d360d8051b3cf5854bc0786f54307049433d9b74de5a5c100b9ee1c4d7f1913daedd3d0e8b27d15171506fbb605e0b72272116195b39b97f61b32a5e5de76f52a1e6cb8bd955ac77015fe5de9a3feb446355ee44bcfd42d77a41597b49d18b49439cd7ed78e9bad8cb713bd92758148b1c926ca27270705c8e7bb21222bcd99890492d8677649042e3e4fbca7354ad33a5954dabc25cf9833399a99ce1a769d2c2835a4161b71714730e13987c2aa65fcc2bfe07afa664c978323d80a5b1160bf5440dcc0fb376158ea80ca8876cf712bf593a46b2eaa30ce6511ebc761596fdae9fa3277dd93620eb312dacfd63c6c10867d191e5af8eb138ed1788c8b1748df738b6e51ba6d470381a6f6df60b2185268b1becf112378a260109e3cfb0b818bfdd02af99d9c2475d61c6cb3a7da8aa1574a454e18f6b643807bacc16b1593efb3cfcc031710c125cb25d1d91c53a28052dc4eb2ef5a6c7985093854e3f9ed2cc0b9cca1ccbc81d09c5f19ed5c377d49de8536e539ea281927419b868517d7f2daaf66c854e6b404d469768454d218c258a732f04871ac921ffc04523ba43ad8385a5fef0c7e48f573040330eba4a7d35e011ef3c1c0860d478fad5c276c61f401e93fe868128e39925efd0955fed2d5121b47c8cf794c3d376fb5026ec82339b689d4751e4520d78b53578f9e61fe3448b0bb28919d1d780a400b22ba903ab26d2a45323626e0a1ef80aa39fd55c6ef97d6a90ef1124128ae55a4954aa4d0a15ab7093fe92cfe253d7d82825cf9a12e47ffc818448b8a340d55dd8b8edbbf7f4612c73a1f4c3097f38de8a8a6921503d44936dd5f0bffb6a303da8cdb00a0d88dd33e027237af28711bfe7b6be88e110677f7b2579dbd3bceb89c890660125b1daf6de9625ef13d1022f7a1674c4a4a144c352a63ececdf478a4f54fb4a0c272f0154d85b0fe1b2806dd5b850effa70272c961fb339f5ed1b0ab8a049a038d190dcd8ad9f6f5d3d21052212ed702e3b2adc0056ef6ddb75e4c38128d6ff87d767fa72ce01d3a78a7ce416ea4d31f27c9e81360a44b6886a72152162062b8e1669ecc6c6aa12d45e6943d7dddd109cfd724d954f9872be73c5b79b055b6e051b3074a79436526b3bb978ee1b54bbd0d634ff2237ea29fb53472944e3dbbcd49b187a67a5bba69a3d46e825b3b7eaec45fc6f212222fa6fbf697c0a63bfff71989f429af13a961f716da9e33b3ef363199a3c924f25faea0f491f48f976ed648be12161854e7c0383482b6c44638111799562ed76e0189281b8bce462c70b3c0e09e04f5c3b2502a7f519535ba89dda5f037db44422c77966bbb8c2b9a23e1cbb29f3ce62cc351a824c34f814e7c6ea0756c7c20287c788748ecc8bb73ab572f8da9194554da372bfdf6b47d60aefb1d08eaafabb3fbe65b7768146429e880a3ad6ee6042789dabfb7e85561d06ae0eec2788e0988730101bee06a00f4a3f149ee6a2260d5226bc50d2c2b0e1042e332736783d671d829fa2ab6e7b4ce377f587500974307d0b0176b69ea8d345d9f11d4bd3a30932c92ea48d521ad053f2ad596041916749139c4f4013b607b986ef097f48518c038bbecdd7023f3de01f94bdd0937c8b7c2410178ccb91a5e3281bbc7ba949b610d8b010e925b6eb202300678c6c9d0cc310a0960f91659b04dc0f104740bd9e583adba5bbdf963e6c497658323170368bd1effa82ba342ea2304f133311a615f08960d94ad8ce0e84fa1207b6c4b1246188f498a7766df2f3750f87450fbbf8422a82ba3a2eb043100716d0e1e37355bb2160f6254c49973288f831576cfe237c7e8ac7062725afbd4f8f9fb8f0368ff7d47d411100298d7f687a3f6ae709157b3d9ca11453eb87d09c059b21b9464f4ab50d0c96b258c87ee5f494189613c8f6f575739be800bf0ed3e06b0a129a4d1c171787f8553fe7f0e0f01f97058139da07976206db290165cea21f7e16dc97ee7ec77836b52d83f9b0f5c9acf2cb56b567776730c1bf7d62c7b33436d35ef55cbb0607090ed97ed61c690cd6bd9ebff722d01a0219f5259a7664ae52d231e82477ac495f9f1ad521cf630094d480a62165e12909dba3ab1c16bc2044a4a6e492041cb904b72d219fa663b76aa44b914cf40abd558be924fe2f830967845be72d44d287d39d8a58e0ea662a4ea627a61d34982cbee805ebd55f44222525dfca5886f0d6fc0e4c0d66a756e6678b02be478058fc0dacb75432f26144c10f4c46c8eded6c0c5c29e677827c84462c7485fda07c839ddd04e7408910cb7288d89c66a2f0e408e1f5076d0db017e3faab118d3c32f59e98547a17058fd6b1bd02e36086586a24c7cc2d3f98f5d897bb8dfa1a8e1162d6a1f2110bef4845d321334861c6de3df5e9a5054753d50f07d9ec91ce7b5f935913ef2d617365d94e7814e7d39372202db821beac798fd3e6a46e3573e335835b8edcfaf4c67d33a4116ffcca418d6df4ab7196d327d327d98e5ac7cd5214f5decba24d54900df013f7a10eb1fd8a1a4ebb26ee010d3fca4a1522b421f8fa8e5769cbe6a25742a86bceecb377fd3f1ae6e316b82c14627743db4bc043c9603bafca0cd10778af1dab28bf64474c18f0726bafaad93279a6547d079e614ba8179abcaf49fd9e536e67b9723fa76ea691cfd774377048ca783870ac550af16a071b2e81a256ecad79081a8aa2f5fa7d5405b825d3e29134eacdcad27e20fd377cce105f9cc935342781ddfac8bf279aa8253f6a70f6f07350ebe6ea2a4dd74a7a15f6a8a3d937ceef119226f8a8d60357e898fbd01e5182fcdedfa1eeef6b05890b46c9878d5e98fdfac34c5cb43b5b7c387912c6bbea802a366f68156431a8ce3fb418e45e866c0a0b2873b772c3591e04b83a7859bdacd4adb2b7a83182079c3443d0c16465ab82ac8c0d573bce424a2d624efda60567e77cec650e19592648e68a9e32cee834a72beabfddd4507274f2cceb9c777b3019b1e6b9fc6842096e8c5b909dda5c4bd13ab06424d343d38bb51515803463b8a2049f6f8f643f9b5589d5c34986b47aef9e083b04dc0bc86605573be849bdd314f41ad8c2234ee68af0cd1c58c643d605fa0a019b6c0e6933c8e806d71f35c98a440663f8692bab28852a16bafa17cbf5d9c47340cd4ebb435c0b0e05a1894fb2d9ccb3b424dbdba1e04d0312e59e2844b9e1c3027547d53a40c773f920832730b978bd56dac59e322e2a8a1eb5f430634b69b7c9ec427faea7d4b96048338563e3e7ba3232d266b231f3e5abfbcf86fb4cc29a9b4ba3b2255456028d4ae44982371ab1713a71519dc8fa6d33c423490bf8dce92f5fa6c72ae45811615a92001e3576b27d3fe9565130951a303c756b441162f57be9f26c4819b34991ab0a2695e66d74862dddc22af580fbc7e7870c2460e142d78ca34a7238a08dff5df93bbecad9d87ece3c47682012283360f8cb8e3da37f101e4c4f58f6a067e59b4ffa3a72f19872e71425f3f06832046572942143c6360b571fbd7b0ff9619703b48ff46676198e323745c671edad64f25ef257dd547fb9aea23fe15a0620e5a42a88e60f8c5fe40facb4935aa0543d3e64aab91eb4316c7e657dc361989b810f29551c4a3593f59126bc85a5507892980712a7061ae06318462a5f4b2dd3f3fd8ebc65cafea18a06412cbd7c2ddd8fdbd3e23455736775ac95ed8a16dbb1292e544d7f7b60f24d610864f6df0d4c7ff7c6ac1b36b93e254089075b096b0d73fde95a0906d90b270df19e909bfa74ae07569cd311e3b4a0546017ff9d348e91dd4f6e7900c5ff5c30a2ec30fcd6d35cd792a057a97ab7acdf40b13a351bbe9fbe91028d74e7afe76217aadbb4874e4241e71134fad7267bb6ba9fdb0915f876682e24a8c0a345aa4ae2654750d342f84b7ea42e0c917af58a0a9d4b2dadd5e722c563f662a6269308852d20ae766ef7398a2072f01117cbf278e08d8b51777372f7eefebf72acaa98299e02ed88539598cb1f2ee0cd7651445c6a1880a3562a2bd7b9ec63c9cf054ef3e81a9c4e30b98225c366479e0126c1eb8b7d74f0270e0303049bbd02da424b4ac81bb4a0ea672d5eb798d9232aee9fd0a71ccb986d84a38d3a8002f0fb6107a73b395eff07093384d4a6cb917446dab016e2f69e87bf9240e8d3fdd354ef21a60de0ea0a7842c5164b6755f9e55ef2f7ddc0991e383dfee7b0d5de5bf7e78625a1e1cf5f5beb1519e523e06a6399d9de6fc48efe18e94c688d07926f6d444988e5856bf4dddffd6442958a037ad24d9564ade7dec2a0e1772d6ef7d5104931c162cd6d55e146effe5391a9d1c634df47ee13d1165c0a3733b4a37498940ee0186ce0f5bd55dcf6072922b4f57e03ba45949dfc5f1f574a28cf85a50a4bb8988a12dbf63e1848792e2f8740e3736db77ee54220cd33e4d40b1bd2f2977210d3867ed61dd93d5562bdcc134fee7f58b7b90e29a44021f990727af1de7d28cc054c564c6d342af58bb62430aae36413a72206766722e30487efeaaf957d2b7a97f76d9310d42e639374853e57554901751f2014ccab2396971285b6c85847565767eeaccdd59e2ff49af2f79f0c8148709d80bb5cdcc349c47f22ec0cfb91618b686efbcf039c103fe94baefb471fb1b4617872c9ea96ab1f6bed536b896fab8529c66174bb3b9a4391ced6e9bf71ef99e2fba7d91be59fd7e27bc88949c9284c8a2392ab1f589df15868bf8a9b144ab98ff375f6ee33bdfb1aafe9c60a9fc8f62f9ce5613f475ac5fe46cc172fffc5b325d53089dc253b1ddd14923d67767bf2d4af83b89fc46d6f048e1bf41a636489c403fa27854ca05d51ac8b95fc99077245bbebb1f7e5cac4bfa15bcf44de6d187f54e6ffb36e56dd45a2980a79f8a3078f4ca2c4a7dc653a5b56223da6a3ed561374e29337d22166a800323121a7944c4d2ad4b5b71250e55eab6ee9f336d7270e74ba352b5a31ad2f2b05e88a6d88ffabc6dfaa53d5f6dea915fe8d71426c11a25b659a46b33e6118bd397250363167b242628d323d5bb16ac3434d50d862a352fa5f7fbce92a71f4779d22e1a708053bc4bb0734f70ab9cd166c22ecd392f6ac4ea280b3f8a5067e600b1ee7ef5dd39f055f7ac4ce21224da039ed40ecdd5e5acd74c433e038d1f36d4e912769218725f332867b130529617ece63f3ac55c3d0f870aa04aa0ba123a7f2b48819438cf6a509b78d6232a77684617113f0435d16e3b83ac15f3fe3844556560b0d66e73b4b5b25080bd7750cdcf37b7dd7b011fcd17d6ff88cb070562e48c9afb78773d4e982bbc09d44ef32bb5020b07a5f5d4a76df24e7a0b2c3505079dc02bf4c137d4ad1fe6020e5f7d16fd5f95cae14baf6223df28d685de6b948bb6ba8fbda638f356c39b8ba46a2e647049ecb51bb4097c70f1db0c8c46e47219b9b84a73fca820"}, {0x10}], 0x2008}, 0x0) 09:14:15 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x28, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000200000006000000000008000080000020000000e2f4655fe2f4655f0100ffff53ef010001000000e2f4655f000000000000000001000000000000000b0000000001000008000000d2420100128300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e30323537333639353800"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000009b94b11e46934f5489a26265ae170793010040000c00000000000000e2f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000005900000000000000", 0x40, 0x540}, {&(0x7f0000010300)="0300000004000000000000000000000000000000010400"/32, 0x20, 0x640}, {&(0x7f0000010400)="02000000030000000400000016000f000300040000000000000000000f00c5d7", 0x20, 0x1000}, {&(0x7f0000010500)="ff030000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000e2f4655fe2f4655fe2f4655f00"/8224, 0x2020, 0x2000}, {&(0x7f0000012600)="ed41000000100000e2f4655fe2f4655fe2f4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x4100}, {&(0x7f0000012700)="20000000b4253260b425326000000000e2f4655f00"/32, 0x20, 0x4180}, {&(0x7f0000012800)="8081000000180000e2f4655fe2f4655fe2f4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030000000", 0x40, 0x4200}, {&(0x7f0000012900)="20000000000000000000000000000000e2f4655f00"/32, 0x20, 0x4280}, {&(0x7f0000012a00)="8081000000180000e2f4655fe2f4655fe2f4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000040000000", 0x40, 0x4300}, {&(0x7f0000012b00)="20000000000000000000000000000000e2f4655f00"/32, 0x20, 0x4380}, {&(0x7f0000012c00)="c041000000400000e2f4655fe2f4655fe2f4655f00000000000002008000000000000800000000000af301000400000000000000000000000400000020000000", 0x40, 0x4a00}, {&(0x7f0000012d00)="20000000000000000000000000000000e2f4655f00"/32, 0x20, 0x4a80}, {&(0x7f0000012e00)="ed41000000100000e2f4655fe2f4655fe2f4655f00000000000002008000000000000800030000000af3010004000000000000000000000001000000500000000000000000000000000000000000000000000000000000000000000000000000000000005bcc129100000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x4b00}, {&(0x7f0000012f00)="ed8100001a040000e2f4655fe2f4655fe2f4655f00000000000001008000000000000800010000000af3010004000000000000000000000001000000600000000000000000000000000000000000000000000000000000000000000000000000000000005f43fa2400000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x4c00}, {&(0x7f0000013000)="ffa1000026000000e2f4655fe2f4655fe2f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3032353733363935382f66696c65302f66696c6530000000000000000000000000000000000000000000006561281700000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x4d00}, {&(0x7f0000013100)="ed8100000a000000e2f4655fe2f4655fe2f4655f00000000000001008000000000000800010000000af3010004000000000000000000000001000000700000000000000000000000000000000000000000000000000000000000000000000000000000002a20390700000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000000002ea06015400000000000600000000000000786174747231000006014c0000000000060000000000000078617474723200000000000000000000000000000000000000000000000000000000000078617474723200007861747472310000ed81000028230000e2f4655fe2f4655fe2f4655f00000000000002008000000000000800010000000af30100040000000000000000000000030000008000000002000000010000008200000002000000018000008200000000000000000000000000000033142f1800000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0x1a0, 0x4e00}, {&(0x7f0000013300)="ed81000064000000e2f4655fe2f4655fe2f4655f00000000000001008000000000000800010000000af301000400000000000000000000000100000090000000000000000000000000000000000000000000000000000000000000000000000000000000eaaaeb6900000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x5000}, {&(0x7f0000013400)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c653300000011000000940f090166696c652e636f6c64000000", 0x80, 0x10000}, {&(0x7f0000013500)="0b0000000c0001022e00000002000000f40f02022e2e00"/32, 0x20, 0x20000}, {&(0x7f0000013600)="00000000001000"/32, 0x20, 0x21000}, {&(0x7f0000013700)="00000000001000"/32, 0x20, 0x22000}, {&(0x7f0000013800)="00000000001000"/32, 0x20, 0x23000}, {&(0x7f0000013900)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x30000}, {&(0x7f0000013a00)="0200"/32, 0x20, 0x30400}, {&(0x7f0000013b00)="0300"/32, 0x20, 0x30800}, {&(0x7f0000013c00)="0400"/32, 0x20, 0x30c00}, {&(0x7f0000013d00)="0500"/32, 0x20, 0x31000}, {&(0x7f0000013e00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000700"/96, 0x60, 0x31400}, {&(0x7f0000013f00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x40000}, {&(0x7f0000014000)="0200"/32, 0x20, 0x40400}, {&(0x7f0000014100)="0300"/32, 0x20, 0x40800}, {&(0x7f0000014200)="0400"/32, 0x20, 0x40c00}, {&(0x7f0000014300)="0500"/32, 0x20, 0x41000}, {&(0x7f0000014400)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000700"/96, 0x60, 0x41400}, {&(0x7f0000014500)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d80f050766696c653100"/64, 0x40, 0x50000}, {&(0x7f0000014600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x60000}, {&(0x7f0000014b00)='syzkallers\x00'/32, 0x20, 0x70000}, {&(0x7f0000014c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x90000}], 0x0, &(0x7f0000014d00)) 09:14:15 executing program 1: io_setup(0x9, &(0x7f0000000180)=0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 09:14:15 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f0000000140)={0x1f, 0x0, @fixed}, 0xe) listen(r0, 0x0) 09:14:15 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x3, 0x0, 0x80, 0x81, 0x0, 0xca6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000600), 0x0, 0x0) poll(&(0x7f0000000100)=[{r0}, {}], 0x2, 0x8) r1 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 09:14:15 executing program 5: madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x7000000) 09:14:15 executing program 7: perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x560f, &(0x7f0000000000)) [ 118.788444] loop2: detected capacity change from 0 to 4096 09:14:15 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) listen(r0, 0x0) [ 118.793185] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#2] SMP KASAN NOPTI [ 118.794307] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 118.795076] CPU: 1 UID: 0 PID: 4086 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 118.796270] Tainted: [D]=DIE, [W]=WARN [ 118.796657] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.797481] RIP: 0010:__queue_work+0x202/0x1240 [ 118.797957] Code: 48 8b 6d 00 e8 4f 9e 79 03 31 ff 41 89 c5 89 c6 e8 93 f3 31 00 45 85 ed 0f 85 e1 05 00 00 e8 55 f8 31 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 118.799791] RSP: 0018:ffff888045427398 EFLAGS: 00010056 [ 118.800328] RAX: 0000000000000000 RBX: ffff88801ecca718 RCX: ffffc90006cc0000 [ 118.801031] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 118.801740] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff0f11ef4 [ 118.802441] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 118.803154] R13: 0000000000000000 R14: 0000000000000001 R15: ffff8880143a1800 [ 118.803858] FS: 00007fc3c6ea6700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.804650] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.805230] CR2: 0000000000000000 CR3: 000000000ed20000 CR4: 0000000000350ef0 [ 118.805943] Call Trace: [ 118.806206] [ 118.806442] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 118.806923] queue_work_on+0xd0/0xe0 [ 118.807314] loop_queue_rq+0x5c8/0x1180 [ 118.807721] __blk_mq_issue_directly+0xd5/0x260 [ 118.808204] ? __pfx___blk_mq_issue_directly+0x10/0x10 [ 118.808736] ? blk_mq_put_tag+0x131/0x160 [ 118.809156] ? bdev_count_inflight_rw.part.0+0x5f/0x380 [ 118.809700] blk_mq_request_issue_directly+0x11c/0x1e0 [ 118.810221] blk_mq_issue_direct+0x192/0x640 [ 118.810664] ? __blk_mq_alloc_requests+0xa16/0x15a0 [ 118.811178] blk_mq_dispatch_queue_requests+0x4b0/0x7c0 [ 118.811724] blk_mq_flush_plug_list+0x1ec/0x5b0 [ 118.812189] ? read_tsc+0x9/0x20 [ 118.812539] ? ktime_get+0x16d/0x270 [ 118.812923] ? trace_block_plug+0x149/0x1b0 [ 118.813356] ? blk_add_rq_to_plug+0x234/0x550 [ 118.813810] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 118.814321] ? blk_mq_submit_bio+0x4fd/0x2220 [ 118.814788] __blk_flush_plug+0x25c/0x460 [ 118.815209] ? __pfx___blk_flush_plug+0x10/0x10 [ 118.815677] ? __pfx_css_rstat_updated+0x10/0x10 [ 118.816160] ? lock_release+0x1c7/0x290 [ 118.816562] __submit_bio+0x480/0x5b0 [ 118.816950] ? __pfx___submit_bio+0x10/0x10 [ 118.817377] ? lock_acquire+0x18c/0x2f0 [ 118.817783] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 118.818310] ? read_tsc+0x9/0x20 [ 118.818655] ? ktime_get+0x16d/0x270 [ 118.819031] submit_bio_noacct_nocheck+0x68e/0xcb0 [ 118.819540] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 118.820078] ? __pfx_bio_alloc_bioset+0x10/0x10 [ 118.820552] ? __ia32_sys_file_setattr+0xf1/0x150 [ 118.821043] submit_bio_noacct+0x359/0x1350 [ 118.821485] ? __pfx_end_buffer_read_sync+0x10/0x10 [ 118.821992] ext4_read_bh+0x15a/0x2e0 [ 118.822376] ext4_read_bh_lock+0x7a/0xd0 [ 118.822786] ext4_sb_bread_unmovable+0x172/0x260 [ 118.823273] ext4_fill_super+0x662/0xba20 [ 118.823702] ? __pfx_wake_up_var+0x10/0x10 [ 118.824132] ? snprintf+0xbe/0x100 [ 118.824507] ? __pfx_snprintf+0x10/0x10 [ 118.824912] ? __pfx_ext4_fill_super+0x10/0x10 [ 118.825375] ? do_raw_spin_lock+0x123/0x260 [ 118.825813] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 118.826288] ? set_blocksize+0x1b4/0x470 [ 118.826691] ? lock_release+0x1c7/0x290 [ 118.827105] ? sb_set_blocksize+0x177/0x1c0 [ 118.827549] ? setup_bdev_super+0x31f/0x6e0 [ 118.827993] get_tree_bdev_flags+0x38a/0x620 [ 118.828447] ? __pfx_ext4_fill_super+0x10/0x10 [ 118.828919] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 118.829407] ? cap_capable+0xdb/0x3b0 [ 118.829797] ? security_capable+0x2f/0x90 [ 118.830214] vfs_get_tree+0x93/0x340 [ 118.830602] path_mount+0x132d/0x1dd0 [ 118.830986] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 118.831519] ? __pfx_path_mount+0x10/0x10 [ 118.831932] ? kmem_cache_free+0x2a1/0x540 [ 118.832352] ? putname.part.0+0x11b/0x160 [ 118.832774] ? getname_flags.part.0+0x1c6/0x540 [ 118.833255] ? putname.part.0+0x11b/0x160 [ 118.833677] __x64_sys_mount+0x27b/0x300 [ 118.834093] ? __pfx___x64_sys_mount+0x10/0x10 [ 118.834557] do_syscall_64+0xbf/0x360 [ 118.834943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.835501] RIP: 0033:0x7fc3c993204a [ 118.835883] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.837705] RSP: 002b:00007fc3c6ea5fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 118.838457] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc3c993204a [ 118.839162] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc3c6ea6000 [ 118.839870] RBP: 00007fc3c6ea6040 R08: 00007fc3c6ea6040 R09: 0000000020000000 [ 118.840577] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 118.841271] R13: 0000000020000100 R14: 00007fc3c6ea6000 R15: 0000000020014d00 [ 118.841990] [ 118.842221] Modules linked in: [ 118.842546] ---[ end trace 0000000000000000 ]--- [ 118.843010] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.843486] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.845259] RSP: 0018:ffff8880095ff680 EFLAGS: 00010212 [ 118.845783] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 118.846481] RDX: ffff8880095dd280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 118.847186] RBP: ffff8880095ff8f0 R08: ffff88806ce31340 R09: ffffe8ffffc16748 [ 118.847885] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 118.848583] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000 [ 118.849284] FS: 00007fc3c6ea6700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.850085] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.850656] CR2: 0000000000000000 CR3: 000000000ed20000 CR4: 0000000000350ef0 [ 118.851373] note: syz-executor.2[4086] exited with irqs disabled [ 118.852193] note: syz-executor.2[4086] exited with preempt_count 1 [ 118.852978] ------------[ cut here ]------------ [ 118.853452] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#1: syz-executor.2/4086 [ 118.854295] Modules linked in: [ 118.854638] CPU: 1 UID: 0 PID: 4086 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 118.855838] Tainted: [D]=DIE, [W]=WARN [ 118.856272] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.857468] RIP: 0010:do_exit+0x1c36/0x2970 [ 118.857990] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 bf a4 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 ab a4 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 9d a4 38 00 4c 89 e6 bf 05 06 00 00 e8 [ 118.859987] RSP: 0018:ffff888045427e40 EFLAGS: 00010246 [ 118.860588] RAX: 0000000000040000 RBX: 0000000000000200 RCX: ffffc90006cc0000 [ 118.861477] RDX: 0000000000040000 RSI: ffffffff813b42d5 RDI: ffff888045412d68 [ 118.862192] RBP: ffff888045411b80 R08: 0000000000000001 R09: fffffbfff0f11cd8 [ 118.862904] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b [ 118.863601] R13: 0000000000002710 R14: dffffc0000000000 R15: 0000000000000000 [ 118.864323] FS: 00007fc3c6ea6700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.865190] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.865933] CR2: 0000000000000000 CR3: 000000000ed20000 CR4: 0000000000350ef0 [ 118.866642] Call Trace: [ 118.866922] [ 118.867159] ? _printk+0xbe/0xf0 [ 118.867504] ? __pfx__printk+0x10/0x10 [ 118.868006] ? __pfx_do_exit+0x10/0x10 [ 118.868530] make_task_dead+0x174/0x3b0 [ 118.868952] ? do_syscall_64+0xbf/0x360 [ 118.869369] rewind_stack_and_make_dead+0x16/0x20 [ 118.870006] RIP: 0033:0x7fc3c993204a [ 118.870377] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.872388] RSP: 002b:00007fc3c6ea5fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 118.873152] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc3c993204a [ 118.873893] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc3c6ea6000 [ 118.874793] RBP: 00007fc3c6ea6040 R08: 00007fc3c6ea6040 R09: 0000000020000000 [ 118.875653] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 118.876376] R13: 0000000020000100 R14: 00007fc3c6ea6000 R15: 0000000020014d00 [ 118.877096] [ 118.877333] irq event stamp: 0 [ 118.877661] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 118.878437] hardirqs last disabled at (0): [] copy_process+0x1e08/0x73c0 [ 118.879464] softirqs last enabled at (0): [] copy_process+0x1e58/0x73c0 [ 118.880426] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 118.881138] ---[ end trace 0000000000000000 ]--- [ 118.881737] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 118.882777] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4086, name: syz-executor.2 [ 118.883856] preempt_count: 0, expected: 0 [ 118.884308] RCU nest depth: 2, expected: 0 [ 118.884868] INFO: lockdep is turned off. [ 118.885281] CPU: 1 UID: 0 PID: 4086 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 118.885304] Tainted: [D]=DIE, [W]=WARN [ 118.885309] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.885316] Call Trace: [ 118.885321] [ 118.885326] dump_stack_lvl+0xfa/0x120 [ 118.885351] __might_resched+0x2f3/0x510 [ 118.885368] exit_signals+0x25/0x940 [ 118.885390] do_exit+0x2db/0x2970 [ 118.885406] ? _printk+0xbe/0xf0 [ 118.885421] ? __pfx__printk+0x10/0x10 [ 118.885436] ? __pfx_do_exit+0x10/0x10 [ 118.885455] make_task_dead+0x174/0x3b0 [ 118.885470] ? do_syscall_64+0xbf/0x360 [ 118.885482] rewind_stack_and_make_dead+0x16/0x20 [ 118.885501] RIP: 0033:0x7fc3c993204a [ 118.885511] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.885524] RSP: 002b:00007fc3c6ea5fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 118.885537] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fc3c993204a [ 118.885547] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc3c6ea6000 [ 118.885555] RBP: 00007fc3c6ea6040 R08: 00007fc3c6ea6040 R09: 0000000020000000 [ 118.885564] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 118.885573] R13: 0000000020000100 R14: 00007fc3c6ea6000 R15: 0000000020014d00 [ 118.885586] [ 118.923047] kmemleak: Found object by alias at 0x607f1a63974c [ 118.923076] CPU: 1 UID: 0 PID: 4098 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 118.923100] Tainted: [D]=DIE, [W]=WARN [ 118.923105] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.923113] Call Trace: [ 118.923118] [ 118.923123] dump_stack_lvl+0xca/0x120 [ 118.923149] __lookup_object+0x94/0xb0 [ 118.923167] delete_object_full+0x27/0x70 [ 118.923186] free_percpu+0x30/0x1160 [ 118.923206] ? arch_uprobe_clear_state+0x16/0x140 [ 118.923227] futex_hash_free+0x38/0xc0 [ 118.923243] mmput+0x2d3/0x390 [ 118.923264] do_exit+0x79d/0x2970 [ 118.923279] ? signal_wake_up_state+0x85/0x120 [ 118.923297] ? zap_other_threads+0x2b9/0x3a0 [ 118.923315] ? __pfx_do_exit+0x10/0x10 [ 118.923330] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 118.923349] ? lock_release+0x1c7/0x290 [ 118.923366] do_group_exit+0xd3/0x2a0 [ 118.923383] __x64_sys_exit_group+0x3e/0x50 [ 118.923399] x64_sys_call+0x18c5/0x18d0 [ 118.923421] do_syscall_64+0xbf/0x360 [ 118.923434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.923448] RIP: 0033:0x7fcc77477b19 [ 118.923457] Code: Unable to access opcode bytes at 0x7fcc77477aef. [ 118.923464] RSP: 002b:00007ffe2b06fd18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 118.923477] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fcc77477b19 [ 118.923487] RDX: 00007fcc7742a72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 118.923495] RBP: 0000000000000000 R08: 00007fcc7758f0c8 R09: 0000000000000001 [ 118.923503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.923512] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffe2b06fe00 [ 118.923524] [ 118.923529] kmemleak: Object (percpu) 0x607f1a639748 (size 8): [ 118.923537] kmemleak: comm "syz-executor.0", pid 4085, jiffies 4294785669 [ 118.923545] kmemleak: min_count = 1 [ 118.923550] kmemleak: count = 0 [ 118.923554] kmemleak: flags = 0x21 [ 118.923559] kmemleak: checksum = 0 [ 118.923563] kmemleak: backtrace: [ 118.923567] pcpu_alloc_noprof+0x87a/0x1170 [ 118.923585] perf_trace_event_init+0x366/0xa10 [ 118.923601] perf_trace_init+0x1a4/0x2f0 [ 118.923615] perf_tp_event_init+0xa6/0x120 [ 118.923634] perf_try_init_event+0x140/0x9f0 [ 118.923650] perf_event_alloc.part.0+0x118e/0x45f0 [ 118.923669] __do_sys_perf_event_open+0x719/0x2c20 [ 118.923684] do_syscall_64+0xbf/0x360 [ 118.923694] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:14:15 executing program 5: madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x7000000) 09:14:15 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) listen(r0, 0x0) 09:14:15 executing program 7: perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x560f, &(0x7f0000000000)) [ 119.007390] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 119.008316] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 119.008915] CPU: 1 UID: 0 PID: 4088 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 119.009851] Tainted: [D]=DIE, [W]=WARN [ 119.010159] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.010806] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.011196] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.012624] RSP: 0018:ffff8880454377c0 EFLAGS: 00010212 [ 119.013047] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90007cc8000 [ 119.013603] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 119.014164] RBP: ffff888045437a30 R08: ffff88806cf31340 R09: ffffe8ffffd16748 [ 119.014725] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 119.015295] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 119.015856] FS: 00007f407077e700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 119.016487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.016953] CR2: 00005555569b4708 CR3: 000000000ae6e000 CR4: 0000000000350ef0 [ 119.017516] Call Trace: [ 119.017727] [ 119.017913] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 119.018337] ? __pfx_perf_tp_event+0x10/0x10 [ 119.018697] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 119.019211] ? kvm_sched_clock_read+0x16/0x30 [ 119.019578] ? local_clock_noinstr+0xf/0xc0 [ 119.019933] ? ctx_sched_in+0x134/0x9b0 [ 119.020250] ? __kernel_text_address+0xd/0x40 [ 119.020614] ? __pfx_ctx_sched_in+0x10/0x10 [ 119.020955] ? arch_stack_walk+0x9c/0xf0 [ 119.021283] ? lock_release+0x1c7/0x290 [ 119.021608] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.022009] ? _raw_spin_unlock+0x1e/0x40 [ 119.022341] perf_trace_run_bpf_submit+0xef/0x180 [ 119.022732] perf_trace_lock_acquire+0x3c2/0x700 [ 119.023121] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 119.023539] ? __pfx_remote_function+0x10/0x10 [ 119.023922] lock_acquire+0xc5/0x2f0 [ 119.024224] ? futex_private_hash_put+0x4c/0x2d0 [ 119.024605] ? lock_release+0x1c7/0x290 [ 119.024931] futex_private_hash_put+0x5d/0x2d0 [ 119.025298] ? futex_private_hash_put+0x4c/0x2d0 [ 119.025678] futex_hash_put+0x3f/0x50 [ 119.025988] futex_wake+0x1bb/0x540 [ 119.026287] ? lock_acquire+0xc5/0x2f0 [ 119.026600] ? __pfx_futex_wake+0x10/0x10 [ 119.026933] ? lock_release+0x1c7/0x290 [ 119.027260] ? lock_release+0x1c7/0x290 [ 119.027580] ? fd_install+0x1f0/0x660 [ 119.027889] do_futex+0x26d/0x370 [ 119.028181] ? __pfx_do_futex+0x10/0x10 [ 119.028502] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 119.028924] ? do_raw_spin_lock+0x123/0x260 [ 119.029273] __x64_sys_futex+0x1c9/0x4d0 [ 119.029599] ? __pfx___x64_sys_futex+0x10/0x10 [ 119.029968] ? xfd_validate_state+0x55/0x180 [ 119.030325] ? kcov_ioctl+0x386/0x6c0 [ 119.030643] do_syscall_64+0xbf/0x360 [ 119.030950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.031378] RIP: 0033:0x7f4073208b19 [ 119.031676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.033098] RSP: 002b:00007f407077e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.033696] RAX: ffffffffffffffda RBX: 00007f407331bf68 RCX: 00007f4073208b19 [ 119.034253] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f407331bf6c [ 119.034813] RBP: 00007f407331bf60 R08: 000000000000000e R09: 0000000000000000 [ 119.035377] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f407331bf6c [ 119.035940] R13: 00007ffcd209527f R14: 00007f407077e300 R15: 0000000000022000 [ 119.036508] [ 119.036697] Modules linked in: [ 119.036993] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 119.037866] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 119.038463] CPU: 1 UID: 0 PID: 4088 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 119.039404] Tainted: [D]=DIE, [W]=WARN [ 119.039705] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.040349] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.040724] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.042147] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 119.042566] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.043135] RDX: ffff88801be8d280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 119.043694] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16748 [ 119.044257] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 119.044817] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000 [ 119.045378] FS: 00007f407077e700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 119.046003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.046466] CR2: 00005555569b4708 CR3: 000000000ae6e000 CR4: 0000000000350ef0 [ 119.047034] Call Trace: [ 119.047251] [ 119.047434] ? __pfx_perf_tp_event+0x10/0x10 [ 119.047795] ? stack_depot_save_flags+0x2c/0xa20 [ 119.048174] ? trace_pelt_se_tp+0xdf/0x130 [ 119.048513] ? kasan_save_stack+0x34/0x50 [ 119.048848] ? kasan_save_stack+0x24/0x50 [ 119.049186] ? kasan_save_track+0x14/0x30 [ 119.049515] ? __kasan_save_free_info+0x3a/0x60 [ 119.049888] ? __kasan_slab_free+0x3f/0x50 [ 119.050231] ? kmem_cache_free+0x2a1/0x540 [ 119.050567] ? rcu_core+0x7c8/0x1800 [ 119.050870] ? handle_softirqs+0x1b1/0x770 [ 119.051220] ? __irq_exit_rcu+0xc4/0x100 [ 119.051550] ? irq_exit_rcu+0x9/0x20 [ 119.051847] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 119.052257] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 119.052688] ? unwind_next_frame+0xc4a/0x2540 [ 119.053052] ? arch_stack_walk+0x86/0xf0 [ 119.053377] ? stack_trace_save+0x8e/0xc0 [ 119.053710] ? set_track_prepare+0x35/0x70 [ 119.054052] ? __alloc_object+0xf0/0x2c0 [ 119.054378] ? __create_object+0x1d/0x80 [ 119.054706] ? __kmalloc_noprof+0x45c/0x6e0 [ 119.055053] ? tracepoint_add_func+0x2a2/0xec0 [ 119.055436] ? tracepoint_probe_register+0xa4/0xf0 [ 119.055829] ? trace_event_reg+0x297/0x350 [ 119.056169] ? perf_trace_event_init+0x511/0xa10 [ 119.056545] ? perf_trace_init+0x1a4/0x2f0 [ 119.056883] ? perf_tp_event_init+0xa6/0x120 [ 119.057236] ? perf_try_init_event+0x140/0x9f0 [ 119.057601] ? perf_event_alloc.part.0+0x118e/0x45f0 [ 119.058010] ? __do_sys_perf_event_open+0x719/0x2c20 [ 119.058412] ? do_syscall_64+0xbf/0x360 [ 119.058726] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.059157] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.059554] perf_trace_run_bpf_submit+0xef/0x180 [ 119.059944] perf_trace_lock_acquire+0x3c2/0x700 [ 119.060329] ? do_raw_spin_lock+0x123/0x260 [ 119.060679] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 119.061098] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 119.061473] ? lock_acquire+0x18c/0x2f0 [ 119.061796] lock_acquire+0xc5/0x2f0 [ 119.062094] ? perf_ctx_lock+0x15/0xe0 [ 119.062403] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 119.062808] ? try_to_wake_up+0x128/0x11d0 [ 119.063166] _raw_spin_lock+0x2b/0x40 [ 119.063474] ? perf_ctx_lock+0x15/0xe0 [ 119.063788] perf_ctx_lock+0x15/0xe0 [ 119.064089] event_function+0x109/0x300 [ 119.064405] ? __pfx_event_function+0x10/0x10 [ 119.064764] ? __pfx_remote_function+0x10/0x10 [ 119.065135] remote_function+0x129/0x1b0 [ 119.065471] __flush_smp_call_function_queue+0x20d/0x740 [ 119.065907] __sysvec_call_function_single+0x6d/0x370 [ 119.066321] sysvec_call_function_single+0xa1/0xc0 [ 119.066713] [ 119.066896] [ 119.067087] asm_sysvec_call_function_single+0x1a/0x20 [ 119.067505] RIP: 0010:oops_exit+0x0/0x50 [ 119.067834] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 119.069261] RSP: 0018:ffff888045437650 EFLAGS: 00000202 [ 119.069679] RAX: 000000000002b9c2 RBX: 0000000000000212 RCX: ffffc90007cc8000 [ 119.070242] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 119.070798] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 119.071366] R10: 0000000000000000 R11: 000000000000002c R12: ffff888045437718 [ 119.071927] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 119.072488] ? oops_end+0x4a/0xe0 [ 119.072780] oops_end+0x65/0xe0 [ 119.073055] exc_general_protection+0x1a2/0x330 [ 119.073437] asm_exc_general_protection+0x26/0x30 [ 119.073822] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.074194] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.075616] RSP: 0018:ffff8880454377c0 EFLAGS: 00010212 [ 119.076032] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90007cc8000 [ 119.076592] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 119.077151] RBP: ffff888045437a30 R08: ffff88806cf31340 R09: ffffe8ffffd16748 [ 119.077708] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 119.078266] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 119.078831] ? perf_tp_event+0x167/0xe70 [ 119.079166] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 119.079590] ? __pfx_perf_tp_event+0x10/0x10 [ 119.079948] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 119.080457] ? kvm_sched_clock_read+0x16/0x30 [ 119.080818] ? local_clock_noinstr+0xf/0xc0 [ 119.081170] ? ctx_sched_in+0x134/0x9b0 [ 119.081490] ? __kernel_text_address+0xd/0x40 [ 119.081854] ? __pfx_ctx_sched_in+0x10/0x10 [ 119.082194] ? arch_stack_walk+0x9c/0xf0 [ 119.082522] ? lock_release+0x1c7/0x290 [ 119.082844] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.083252] ? _raw_spin_unlock+0x1e/0x40 [ 119.083585] perf_trace_run_bpf_submit+0xef/0x180 [ 119.083977] perf_trace_lock_acquire+0x3c2/0x700 [ 119.084359] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 119.084774] ? __pfx_remote_function+0x10/0x10 [ 119.085150] lock_acquire+0xc5/0x2f0 [ 119.085451] ? futex_private_hash_put+0x4c/0x2d0 [ 119.085833] ? lock_release+0x1c7/0x290 [ 119.086155] futex_private_hash_put+0x5d/0x2d0 [ 119.086520] ? futex_private_hash_put+0x4c/0x2d0 [ 119.086896] futex_hash_put+0x3f/0x50 [ 119.087210] futex_wake+0x1bb/0x540 [ 119.087508] ? lock_acquire+0xc5/0x2f0 [ 119.087822] ? __pfx_futex_wake+0x10/0x10 [ 119.088155] ? lock_release+0x1c7/0x290 [ 119.088474] ? lock_release+0x1c7/0x290 [ 119.088792] ? fd_install+0x1f0/0x660 [ 119.089099] do_futex+0x26d/0x370 [ 119.089382] ? __pfx_do_futex+0x10/0x10 [ 119.089703] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 119.090124] ? do_raw_spin_lock+0x123/0x260 [ 119.090473] __x64_sys_futex+0x1c9/0x4d0 [ 119.090801] ? __pfx___x64_sys_futex+0x10/0x10 [ 119.091173] ? xfd_validate_state+0x55/0x180 [ 119.091537] ? kcov_ioctl+0x386/0x6c0 [ 119.091850] do_syscall_64+0xbf/0x360 [ 119.092156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.092561] RIP: 0033:0x7f4073208b19 [ 119.092857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.094272] RSP: 002b:00007f407077e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.094866] RAX: ffffffffffffffda RBX: 00007f407331bf68 RCX: 00007f4073208b19 [ 119.095442] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f407331bf6c [ 119.096033] RBP: 00007f407331bf60 R08: 000000000000000e R09: 0000000000000000 [ 119.096619] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f407331bf6c [ 119.097205] R13: 00007ffcd209527f R14: 00007f407077e300 R15: 0000000000022000 [ 119.097798] [ 119.097996] Modules linked in: [ 119.098271] ---[ end trace 0000000000000000 ]--- [ 119.098659] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.099049] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.100550] RSP: 0018:ffff8880095ff680 EFLAGS: 00010212 [ 119.100990] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.101578] RDX: ffff8880095dd280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 119.102162] RBP: ffff8880095ff8f0 R08: ffff88806ce31340 R09: ffffe8ffffc16748 [ 119.102752] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.103341] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.103927] FS: 00007f407077e700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 119.104586] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.105063] CR2: 00005555569b4708 CR3: 000000000ae6e000 CR4: 0000000000350ef0 [ 119.105653] Kernel panic - not syncing: Fatal exception in interrupt [ 119.106444] Kernel Offset: disabled [ 119.106750] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:14:11 Registers: info registers vcpu 0 RAX=0000000000000076 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880095fefd8 R8 =0000000000000000 R9 =ffffed100175f046 R10=0000000000000076 R11=30376578302f4952 R12=0000000000000076 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe0b00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffee77bce78 CR3=0000000040161000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=fffff940001ce8b6 RBX=fffff940001ce8b7 RCX=ffffffff81a280ec RDX=fffff940001ce8b7 RSI=0000000000000004 RDI=ffffea0000e745b0 RBP=fffff940001ce8b6 RSP=ffff888045bb7818 R8 =0000000000000001 R9 =fffff940001ce8b6 R10=ffffea0000e745b3 R11=1ffff1100d9e6f7b R12=ffffea0000e74580 R13=0000000000000000 R14=ffff8880161c1640 R15=ffffea0000e745b0 RIP=ffffffff81afefd1 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fcc774c4258 CR3=0000000041d58000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000