Warning: Permanently added '[localhost]:51918' (ECDSA) to the list of known hosts.
2025/09/01 12:23:40 fuzzer started
2025/09/01 12:23:40 dialing manager at localhost:35473
syzkaller login: [   50.502484] cgroup: Unknown subsys name 'net'
[   50.563984] cgroup: Unknown subsys name 'cpuset'
[   50.578168] cgroup: Unknown subsys name 'rlimit'
2025/09/01 12:23:50 syscalls: 2214
2025/09/01 12:23:50 code coverage: enabled
2025/09/01 12:23:50 comparison tracing: enabled
2025/09/01 12:23:50 extra coverage: enabled
2025/09/01 12:23:50 setuid sandbox: enabled
2025/09/01 12:23:50 namespace sandbox: enabled
2025/09/01 12:23:50 Android sandbox: enabled
2025/09/01 12:23:50 fault injection: enabled
2025/09/01 12:23:50 leak checking: enabled
2025/09/01 12:23:50 net packet injection: enabled
2025/09/01 12:23:50 net device setup: enabled
2025/09/01 12:23:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 12:23:50 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 12:23:50 USB emulation: enabled
2025/09/01 12:23:50 hci packet injection: enabled
2025/09/01 12:23:50 wifi device emulation: enabled
2025/09/01 12:23:50 802.15.4 emulation: enabled
2025/09/01 12:23:50 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 12:23:50 fetching corpus: 50, signal 17141/20773 (executing program)
2025/09/01 12:23:50 fetching corpus: 100, signal 32000/37013 (executing program)
2025/09/01 12:23:51 fetching corpus: 150, signal 41501/47789 (executing program)
2025/09/01 12:23:51 fetching corpus: 200, signal 48886/56365 (executing program)
2025/09/01 12:23:51 fetching corpus: 250, signal 54850/63452 (executing program)
2025/09/01 12:23:51 fetching corpus: 300, signal 57227/67117 (executing program)
2025/09/01 12:23:51 fetching corpus: 350, signal 63131/73989 (executing program)
2025/09/01 12:23:51 fetching corpus: 400, signal 66843/78758 (executing program)
2025/09/01 12:23:51 fetching corpus: 450, signal 70314/83196 (executing program)
2025/09/01 12:23:51 fetching corpus: 500, signal 72607/86473 (executing program)
2025/09/01 12:23:51 fetching corpus: 550, signal 75946/90703 (executing program)
2025/09/01 12:23:51 fetching corpus: 600, signal 77684/93376 (executing program)
2025/09/01 12:23:51 fetching corpus: 650, signal 79638/96252 (executing program)
2025/09/01 12:23:51 fetching corpus: 700, signal 81646/99135 (executing program)
2025/09/01 12:23:52 fetching corpus: 750, signal 83207/101602 (executing program)
2025/09/01 12:23:52 fetching corpus: 800, signal 86298/105322 (executing program)
2025/09/01 12:23:52 fetching corpus: 850, signal 87845/107686 (executing program)
2025/09/01 12:23:52 fetching corpus: 900, signal 90202/110680 (executing program)
2025/09/01 12:23:52 fetching corpus: 950, signal 91515/112856 (executing program)
2025/09/01 12:23:52 fetching corpus: 1000, signal 92488/114654 (executing program)
2025/09/01 12:23:52 fetching corpus: 1050, signal 94824/117554 (executing program)
2025/09/01 12:23:52 fetching corpus: 1100, signal 97020/120263 (executing program)
2025/09/01 12:23:52 fetching corpus: 1150, signal 98359/122291 (executing program)
2025/09/01 12:23:52 fetching corpus: 1200, signal 99625/124212 (executing program)
2025/09/01 12:23:52 fetching corpus: 1250, signal 100497/125817 (executing program)
2025/09/01 12:23:53 fetching corpus: 1300, signal 101925/127864 (executing program)
2025/09/01 12:23:53 fetching corpus: 1350, signal 103693/130059 (executing program)
2025/09/01 12:23:53 fetching corpus: 1400, signal 105279/132093 (executing program)
2025/09/01 12:23:53 fetching corpus: 1450, signal 107463/134587 (executing program)
2025/09/01 12:23:53 fetching corpus: 1500, signal 108396/136136 (executing program)
2025/09/01 12:23:53 fetching corpus: 1550, signal 109416/137731 (executing program)
2025/09/01 12:23:53 fetching corpus: 1600, signal 111270/139811 (executing program)
2025/09/01 12:23:53 fetching corpus: 1650, signal 112201/141249 (executing program)
2025/09/01 12:23:54 fetching corpus: 1700, signal 112848/142520 (executing program)
2025/09/01 12:23:54 fetching corpus: 1750, signal 114292/144270 (executing program)
2025/09/01 12:23:54 fetching corpus: 1800, signal 115715/145966 (executing program)
2025/09/01 12:23:54 fetching corpus: 1850, signal 117914/148191 (executing program)
2025/09/01 12:23:54 fetching corpus: 1900, signal 119297/149834 (executing program)
2025/09/01 12:23:54 fetching corpus: 1950, signal 119994/151005 (executing program)
2025/09/01 12:23:54 fetching corpus: 2000, signal 120706/152189 (executing program)
2025/09/01 12:23:54 fetching corpus: 2050, signal 121504/153443 (executing program)
2025/09/01 12:23:54 fetching corpus: 2100, signal 122224/154654 (executing program)
2025/09/01 12:23:55 fetching corpus: 2150, signal 123173/155983 (executing program)
2025/09/01 12:23:55 fetching corpus: 2200, signal 124242/157347 (executing program)
2025/09/01 12:23:55 fetching corpus: 2250, signal 125245/158561 (executing program)
2025/09/01 12:23:55 fetching corpus: 2300, signal 125944/159679 (executing program)
2025/09/01 12:23:55 fetching corpus: 2350, signal 127190/161027 (executing program)
2025/09/01 12:23:55 fetching corpus: 2400, signal 128035/162166 (executing program)
2025/09/01 12:23:55 fetching corpus: 2450, signal 128959/163336 (executing program)
2025/09/01 12:23:55 fetching corpus: 2500, signal 129649/164380 (executing program)
2025/09/01 12:23:55 fetching corpus: 2550, signal 130400/165361 (executing program)
2025/09/01 12:23:56 fetching corpus: 2600, signal 131043/166407 (executing program)
2025/09/01 12:23:56 fetching corpus: 2650, signal 131777/167459 (executing program)
2025/09/01 12:23:56 fetching corpus: 2700, signal 132471/168432 (executing program)
2025/09/01 12:23:56 fetching corpus: 2750, signal 133041/169336 (executing program)
2025/09/01 12:23:56 fetching corpus: 2800, signal 133965/170386 (executing program)
2025/09/01 12:23:56 fetching corpus: 2850, signal 134695/171335 (executing program)
2025/09/01 12:23:56 fetching corpus: 2900, signal 135332/172202 (executing program)
2025/09/01 12:23:56 fetching corpus: 2950, signal 136020/173067 (executing program)
2025/09/01 12:23:56 fetching corpus: 3000, signal 136641/173898 (executing program)
2025/09/01 12:23:56 fetching corpus: 3050, signal 137977/175011 (executing program)
2025/09/01 12:23:56 fetching corpus: 3100, signal 138606/175826 (executing program)
2025/09/01 12:23:56 fetching corpus: 3150, signal 139265/176666 (executing program)
2025/09/01 12:23:57 fetching corpus: 3200, signal 140061/177484 (executing program)
2025/09/01 12:23:57 fetching corpus: 3250, signal 141841/178592 (executing program)
2025/09/01 12:23:57 fetching corpus: 3300, signal 142293/179308 (executing program)
2025/09/01 12:23:57 fetching corpus: 3350, signal 143159/180073 (executing program)
2025/09/01 12:23:57 fetching corpus: 3400, signal 143874/180861 (executing program)
2025/09/01 12:23:57 fetching corpus: 3450, signal 144797/181647 (executing program)
2025/09/01 12:23:57 fetching corpus: 3500, signal 145295/182339 (executing program)
2025/09/01 12:23:57 fetching corpus: 3550, signal 145771/182989 (executing program)
2025/09/01 12:23:57 fetching corpus: 3600, signal 146718/183753 (executing program)
2025/09/01 12:23:58 fetching corpus: 3650, signal 147533/184521 (executing program)
2025/09/01 12:23:58 fetching corpus: 3700, signal 148415/185228 (executing program)
2025/09/01 12:23:58 fetching corpus: 3750, signal 148842/185816 (executing program)
2025/09/01 12:23:58 fetching corpus: 3800, signal 149397/186448 (executing program)
2025/09/01 12:23:58 fetching corpus: 3850, signal 149968/187057 (executing program)
2025/09/01 12:23:58 fetching corpus: 3900, signal 150654/187663 (executing program)
2025/09/01 12:23:58 fetching corpus: 3950, signal 151135/188260 (executing program)
2025/09/01 12:23:58 fetching corpus: 4000, signal 151756/188835 (executing program)
2025/09/01 12:23:58 fetching corpus: 4050, signal 152311/189363 (executing program)
2025/09/01 12:23:58 fetching corpus: 4100, signal 153028/189905 (executing program)
2025/09/01 12:23:58 fetching corpus: 4150, signal 153511/190420 (executing program)
2025/09/01 12:23:59 fetching corpus: 4200, signal 154135/190941 (executing program)
2025/09/01 12:23:59 fetching corpus: 4250, signal 154637/191453 (executing program)
2025/09/01 12:23:59 fetching corpus: 4300, signal 154992/191912 (executing program)
2025/09/01 12:23:59 fetching corpus: 4350, signal 155687/192415 (executing program)
2025/09/01 12:23:59 fetching corpus: 4400, signal 156036/192860 (executing program)
2025/09/01 12:23:59 fetching corpus: 4450, signal 156387/193316 (executing program)
2025/09/01 12:23:59 fetching corpus: 4500, signal 157108/193806 (executing program)
2025/09/01 12:23:59 fetching corpus: 4550, signal 157745/194351 (executing program)
2025/09/01 12:23:59 fetching corpus: 4600, signal 158184/194812 (executing program)
2025/09/01 12:23:59 fetching corpus: 4650, signal 158755/195220 (executing program)
2025/09/01 12:23:59 fetching corpus: 4700, signal 159251/195646 (executing program)
2025/09/01 12:23:59 fetching corpus: 4750, signal 159627/196047 (executing program)
2025/09/01 12:24:00 fetching corpus: 4800, signal 160107/196393 (executing program)
2025/09/01 12:24:00 fetching corpus: 4850, signal 160735/196411 (executing program)
2025/09/01 12:24:00 fetching corpus: 4900, signal 161086/196411 (executing program)
2025/09/01 12:24:00 fetching corpus: 4950, signal 161447/196423 (executing program)
2025/09/01 12:24:00 fetching corpus: 5000, signal 161891/196462 (executing program)
2025/09/01 12:24:00 fetching corpus: 5050, signal 162292/196468 (executing program)
2025/09/01 12:24:00 fetching corpus: 5100, signal 162581/196480 (executing program)
2025/09/01 12:24:00 fetching corpus: 5150, signal 162981/196530 (executing program)
2025/09/01 12:24:00 fetching corpus: 5200, signal 163572/196597 (executing program)
2025/09/01 12:24:00 fetching corpus: 5250, signal 164020/196611 (executing program)
2025/09/01 12:24:00 fetching corpus: 5300, signal 165825/196612 (executing program)
2025/09/01 12:24:00 fetching corpus: 5350, signal 166133/196629 (executing program)
2025/09/01 12:24:01 fetching corpus: 5400, signal 166545/196640 (executing program)
2025/09/01 12:24:01 fetching corpus: 5450, signal 167069/196703 (executing program)
2025/09/01 12:24:01 fetching corpus: 5500, signal 167436/196703 (executing program)
2025/09/01 12:24:01 fetching corpus: 5550, signal 167845/196749 (executing program)
2025/09/01 12:24:01 fetching corpus: 5600, signal 168236/196754 (executing program)
2025/09/01 12:24:01 fetching corpus: 5650, signal 168552/196755 (executing program)
2025/09/01 12:24:01 fetching corpus: 5700, signal 168908/196758 (executing program)
2025/09/01 12:24:01 fetching corpus: 5750, signal 169196/196764 (executing program)
2025/09/01 12:24:01 fetching corpus: 5800, signal 169461/196770 (executing program)
2025/09/01 12:24:01 fetching corpus: 5850, signal 169793/196774 (executing program)
2025/09/01 12:24:01 fetching corpus: 5900, signal 170092/196777 (executing program)
2025/09/01 12:24:01 fetching corpus: 5950, signal 170490/196777 (executing program)
2025/09/01 12:24:02 fetching corpus: 6000, signal 170889/196780 (executing program)
2025/09/01 12:24:02 fetching corpus: 6050, signal 171173/196792 (executing program)
2025/09/01 12:24:02 fetching corpus: 6100, signal 171477/196798 (executing program)
2025/09/01 12:24:02 fetching corpus: 6150, signal 172020/196845 (executing program)
2025/09/01 12:24:02 fetching corpus: 6200, signal 172308/196847 (executing program)
2025/09/01 12:24:02 fetching corpus: 6250, signal 172635/196857 (executing program)
2025/09/01 12:24:02 fetching corpus: 6300, signal 172990/196866 (executing program)
2025/09/01 12:24:02 fetching corpus: 6350, signal 173292/196876 (executing program)
2025/09/01 12:24:02 fetching corpus: 6400, signal 173598/196879 (executing program)
2025/09/01 12:24:02 fetching corpus: 6450, signal 173885/196908 (executing program)
2025/09/01 12:24:03 fetching corpus: 6500, signal 174285/196930 (executing program)
2025/09/01 12:24:03 fetching corpus: 6550, signal 174513/196956 (executing program)
2025/09/01 12:24:03 fetching corpus: 6600, signal 174870/196957 (executing program)
2025/09/01 12:24:03 fetching corpus: 6650, signal 175145/196974 (executing program)
2025/09/01 12:24:03 fetching corpus: 6700, signal 175474/197004 (executing program)
2025/09/01 12:24:03 fetching corpus: 6750, signal 175755/197005 (executing program)
2025/09/01 12:24:03 fetching corpus: 6800, signal 176226/197009 (executing program)
2025/09/01 12:24:03 fetching corpus: 6850, signal 177076/197024 (executing program)
2025/09/01 12:24:03 fetching corpus: 6900, signal 177471/197024 (executing program)
2025/09/01 12:24:03 fetching corpus: 6950, signal 177866/197047 (executing program)
2025/09/01 12:24:03 fetching corpus: 7000, signal 178277/197048 (executing program)
2025/09/01 12:24:03 fetching corpus: 7050, signal 178773/197055 (executing program)
2025/09/01 12:24:03 fetching corpus: 7100, signal 179111/197064 (executing program)
2025/09/01 12:24:04 fetching corpus: 7150, signal 179526/197067 (executing program)
2025/09/01 12:24:04 fetching corpus: 7200, signal 180077/197082 (executing program)
2025/09/01 12:24:04 fetching corpus: 7250, signal 180289/197084 (executing program)
2025/09/01 12:24:04 fetching corpus: 7300, signal 180541/197105 (executing program)
2025/09/01 12:24:04 fetching corpus: 7350, signal 180772/197117 (executing program)
2025/09/01 12:24:04 fetching corpus: 7400, signal 181468/197125 (executing program)
2025/09/01 12:24:04 fetching corpus: 7450, signal 181713/197133 (executing program)
2025/09/01 12:24:04 fetching corpus: 7500, signal 182146/197135 (executing program)
2025/09/01 12:24:04 fetching corpus: 7550, signal 182487/197135 (executing program)
2025/09/01 12:24:04 fetching corpus: 7600, signal 182886/197135 (executing program)
2025/09/01 12:24:04 fetching corpus: 7650, signal 183112/197136 (executing program)
2025/09/01 12:24:04 fetching corpus: 7700, signal 183619/197199 (executing program)
2025/09/01 12:24:05 fetching corpus: 7750, signal 184101/197263 (executing program)
2025/09/01 12:24:05 fetching corpus: 7800, signal 184335/197264 (executing program)
2025/09/01 12:24:05 fetching corpus: 7850, signal 184658/197285 (executing program)
2025/09/01 12:24:05 fetching corpus: 7900, signal 184926/197285 (executing program)
2025/09/01 12:24:05 fetching corpus: 7950, signal 185504/197286 (executing program)
2025/09/01 12:24:05 fetching corpus: 8000, signal 185684/197288 (executing program)
2025/09/01 12:24:05 fetching corpus: 8050, signal 185926/197294 (executing program)
2025/09/01 12:24:05 fetching corpus: 8100, signal 186299/197296 (executing program)
2025/09/01 12:24:05 fetching corpus: 8150, signal 186831/197313 (executing program)
2025/09/01 12:24:05 fetching corpus: 8200, signal 187236/197322 (executing program)
2025/09/01 12:24:05 fetching corpus: 8250, signal 187479/197353 (executing program)
2025/09/01 12:24:06 fetching corpus: 8300, signal 187777/197354 (executing program)
2025/09/01 12:24:06 fetching corpus: 8350, signal 188185/197364 (executing program)
2025/09/01 12:24:06 fetching corpus: 8400, signal 188572/197371 (executing program)
2025/09/01 12:24:06 fetching corpus: 8450, signal 188964/197371 (executing program)
2025/09/01 12:24:06 fetching corpus: 8500, signal 189276/197371 (executing program)
2025/09/01 12:24:06 fetching corpus: 8550, signal 189533/197414 (executing program)
2025/09/01 12:24:06 fetching corpus: 8600, signal 189865/197414 (executing program)
2025/09/01 12:24:06 fetching corpus: 8650, signal 190074/197416 (executing program)
2025/09/01 12:24:06 fetching corpus: 8700, signal 190311/197421 (executing program)
2025/09/01 12:24:06 fetching corpus: 8750, signal 190592/197423 (executing program)
2025/09/01 12:24:06 fetching corpus: 8800, signal 190782/197442 (executing program)
2025/09/01 12:24:06 fetching corpus: 8850, signal 190997/197449 (executing program)
2025/09/01 12:24:07 fetching corpus: 8900, signal 191181/197458 (executing program)
2025/09/01 12:24:07 fetching corpus: 8950, signal 191417/197468 (executing program)
2025/09/01 12:24:07 fetching corpus: 9000, signal 191734/197480 (executing program)
2025/09/01 12:24:07 fetching corpus: 9050, signal 192039/197481 (executing program)
2025/09/01 12:24:07 fetching corpus: 9100, signal 192288/197489 (executing program)
2025/09/01 12:24:07 fetching corpus: 9150, signal 192480/197496 (executing program)
2025/09/01 12:24:07 fetching corpus: 9200, signal 192771/197498 (executing program)
2025/09/01 12:24:07 fetching corpus: 9250, signal 193173/197507 (executing program)
2025/09/01 12:24:07 fetching corpus: 9300, signal 193375/197521 (executing program)
2025/09/01 12:24:07 fetching corpus: 9350, signal 193713/197522 (executing program)
2025/09/01 12:24:07 fetching corpus: 9400, signal 193942/197525 (executing program)
2025/09/01 12:24:07 fetching corpus: 9450, signal 194125/197525 (executing program)
2025/09/01 12:24:07 fetching corpus: 9460, signal 194216/197525 (executing program)
2025/09/01 12:24:07 fetching corpus: 9460, signal 194216/197525 (executing program)
2025/09/01 12:24:09 starting 8 fuzzer processes
12:24:09 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x4b, &(0x7f0000000000)="a94a128f", 0x4)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000700)=[@pktinfo={{0x24, 0x29, 0x32, {@private1}}}], 0x28}, 0x0)

12:24:10 executing program 7:
time(0xffffffffffffffff)

12:24:10 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed}, 0xe)
r1 = dup(r0)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4)

12:24:10 executing program 2:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_timeval(r0, 0x1, 0x43, 0x0, &(0x7f00000002c0))

12:24:10 executing program 3:
timer_create(0x3, 0x0, &(0x7f0000000040))
timer_delete(0x0)

12:24:10 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000840)={0x18, 0x1, 0x1, 0x401, 0x0, 0x0, {}, [@CTA_LABELS={0x4}]}, 0x18}}, 0x0)

[   79.931529] audit: type=1400 audit(1756729450.118:7): avc:  denied  { execmem } for  pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:24:10 executing program 5:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000440), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f00000004c0)={{0x20}})

12:24:10 executing program 6:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score_adj\x00')
writev(r0, &(0x7f00000004c0)=[{&(0x7f0000000040)="a5", 0x1}], 0x1)

[   81.104657] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   81.108153] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   81.111982] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   81.114598] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   81.116857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   81.119877] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   81.120959] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   81.124634] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   81.128124] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   81.130646] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   81.166848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   81.179636] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   81.184549] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   81.186420] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   81.186579] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   81.189965] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   81.195708] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   81.201906] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   81.211536] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   81.215845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   81.244582] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   81.259596] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   81.270159] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   81.273227] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   81.275659] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   81.280052] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   81.282391] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   81.284146] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   81.288219] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   81.291756] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   81.296869] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   81.303803] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   81.310011] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   81.312729] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   81.315241] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   81.316986] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   81.318861] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   81.326908] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   81.330948] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   81.339856] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   83.199234] Bluetooth: hci1: command tx timeout
[   83.199392] Bluetooth: hci0: command tx timeout
[   83.264397] Bluetooth: hci3: command tx timeout
[   83.264892] Bluetooth: hci2: command tx timeout
[   83.390498] Bluetooth: hci5: command tx timeout
[   83.391074] Bluetooth: hci4: command tx timeout
[   83.392035] Bluetooth: hci7: command tx timeout
[   83.392320] Bluetooth: hci6: command tx timeout
[   85.246343] Bluetooth: hci0: command tx timeout
[   85.246745] Bluetooth: hci1: command tx timeout
[   85.310687] Bluetooth: hci2: command tx timeout
[   85.311098] Bluetooth: hci3: command tx timeout
[   85.438369] Bluetooth: hci6: command tx timeout
[   85.438764] Bluetooth: hci7: command tx timeout
[   85.439118] Bluetooth: hci4: command tx timeout
[   85.439543] Bluetooth: hci5: command tx timeout
[   87.294313] Bluetooth: hci1: command tx timeout
[   87.294720] Bluetooth: hci0: command tx timeout
[   87.358335] Bluetooth: hci3: command tx timeout
[   87.358712] Bluetooth: hci2: command tx timeout
[   87.486338] Bluetooth: hci5: command tx timeout
[   87.486729] Bluetooth: hci7: command tx timeout
[   87.487086] Bluetooth: hci6: command tx timeout
[   87.487496] Bluetooth: hci4: command tx timeout
[   89.342462] Bluetooth: hci0: command tx timeout
[   89.342874] Bluetooth: hci1: command tx timeout
[   89.406954] Bluetooth: hci2: command tx timeout
[   89.407761] Bluetooth: hci3: command tx timeout
[   89.534453] Bluetooth: hci4: command tx timeout
[   89.534874] Bluetooth: hci6: command tx timeout
[   89.535894] Bluetooth: hci7: command tx timeout
[   89.536398] Bluetooth: hci5: command tx timeout
[  118.896622] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.897998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.077675] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.078427] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.492301] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.492915] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:24:49 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x34, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1101}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x63, 0x0, 0x0, @ipv6=@local}]}]}, 0x34}], 0x1}, 0x0)

[  119.649104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.649720] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.706528] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.6'.
[  119.711900] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.6'.
12:24:49 executing program 6:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
connect$inet6(r0, &(0x7f0000000b00)={0x2, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c)

[  119.780319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.780927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.827773] audit: type=1400 audit(1756729490.015:8): avc:  denied  { open } for  pid=3831 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  119.830486] audit: type=1400 audit(1756729490.015:9): avc:  denied  { kernel } for  pid=3831 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  119.843361] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
12:24:50 executing program 6:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
connect$inet6(r0, &(0x7f0000000b00)={0x2, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c)

[  119.965578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.966186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:24:50 executing program 7:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x1, 0xffffffe0}, 0x8)

[  120.014390] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.015043] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:24:50 executing program 6:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
connect$inet6(r0, &(0x7f0000000b00)={0x2, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c)

12:24:50 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
open_by_handle_at(r0, &(0x7f0000000000)=@FILEID_INO32_GEN_PARENT={0x10, 0x2, {{0x80000}}}, 0x0)

12:24:50 executing program 6:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
connect$inet6(r0, &(0x7f0000000b00)={0x2, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c)

[  120.108329] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.108935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:24:50 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
open_by_handle_at(r0, &(0x7f0000000000)=@FILEID_INO32_GEN_PARENT={0x10, 0x2, {{0x80000}}}, 0x0)

[  120.227315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.227954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.333487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.334088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.443327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.443924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.512477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.513054] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.626446] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.627123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.690980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.691636] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.726126] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.727176] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.771611] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.772461] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:24:51 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f00000000c0)=0x100, 0x4)

12:24:51 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed}, 0xe)
r1 = dup(r0)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4)

12:24:51 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
open_by_handle_at(r0, &(0x7f0000000000)=@FILEID_INO32_GEN_PARENT={0x10, 0x2, {{0x80000}}}, 0x0)

12:24:51 executing program 6:
timer_create(0x7, &(0x7f00000002c0)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000300))
clock_gettime(0x0, &(0x7f00000003c0)={0x0, <r0=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, r0+10000000}, {0x77359400}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340), &(0x7f0000000380))

12:24:51 executing program 5:
munmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000)
msync(&(0x7f0000806000/0x3000)=nil, 0x3000, 0x1)

12:24:51 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x8, 0x0, &(0x7f0000000280))

12:24:51 executing program 2:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_timeval(r0, 0x1, 0x43, 0x0, &(0x7f00000002c0))

12:24:51 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x4b, &(0x7f0000000000)="a94a128f", 0x4)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000700)=[@pktinfo={{0x24, 0x29, 0x32, {@private1}}}], 0x28}, 0x0)

12:24:51 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed}, 0xe)
r1 = dup(r0)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4)

12:24:51 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
open_by_handle_at(r0, &(0x7f0000000000)=@FILEID_INO32_GEN_PARENT={0x10, 0x2, {{0x80000}}}, 0x0)

12:24:51 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x4b, &(0x7f0000000000)="a94a128f", 0x4)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000700)=[@pktinfo={{0x24, 0x29, 0x32, {@private1}}}], 0x28}, 0x0)

12:24:51 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x4b, &(0x7f0000000000)="a94a128f", 0x4)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000700)=[@pktinfo={{0x24, 0x29, 0x32, {@private1}}}], 0x28}, 0x0)

12:24:51 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0)

[  121.134900] kmemleak: Found object by alias at 0x607f1a63e1d0
[  121.134922] CPU: 1 UID: 0 PID: 3924 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  121.134941] Tainted: [W]=WARN
[  121.134945] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  121.134953] Call Trace:
[  121.134957]  <TASK>
[  121.134962]  dump_stack_lvl+0xca/0x120
[  121.134995]  __lookup_object+0x94/0xb0
[  121.135014]  delete_object_full+0x27/0x70
[  121.135031]  free_percpu+0x30/0x1160
[  121.135049]  ? arch_uprobe_clear_state+0x16/0x140
[  121.135070]  futex_hash_free+0x38/0xc0
[  121.135086]  mmput+0x2d3/0x390
[  121.135105]  do_exit+0x79d/0x2970
[  121.135120]  ? signal_wake_up_state+0x85/0x120
[  121.135136]  ? zap_other_threads+0x2b9/0x3a0
[  121.135152]  ? __pfx_do_exit+0x10/0x10
[  121.135166]  ? do_group_exit+0x1c3/0x2a0
[  121.135179]  ? lock_release+0xc8/0x290
[  121.135198]  do_group_exit+0xd3/0x2a0
[  121.135213]  __x64_sys_exit_group+0x3e/0x50
[  121.135233]  x64_sys_call+0x18c5/0x18d0
[  121.135250]  do_syscall_64+0xbf/0x360
[  121.135263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.135275] RIP: 0033:0x7f19023e8b19
[  121.135285] Code: Unable to access opcode bytes at 0x7f19023e8aef.
[  121.135290] RSP: 002b:00007ffe125e81e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  121.135302] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f19023e8b19
[  121.135310] RDX: 00007f190239b72b RSI: ffffffffffffffbc RDI: 0000000000000000
[  121.135318] RBP: 0000000000000000 R08: 0000001b2d421a00 R09: 0000000000000000
[  121.135326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  121.135332] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe125e82d0
[  121.135348]  </TASK>
[  121.135352] kmemleak: Object (percpu) 0x607f1a63e1c8 (size 16):
[  121.135359] kmemleak:   comm "systemd-udevd", pid 113, jiffies 4294788004
[  121.135366] kmemleak:   min_count = 1
[  121.135370] kmemleak:   count = 0
[  121.135374] kmemleak:   flags = 0x21
[  121.135378] kmemleak:   checksum = 0
[  121.135382] kmemleak:   backtrace:
[  121.135386]  pcpu_alloc_noprof+0x87a/0x1170
[  121.135402]  mm_init+0x99b/0x1170
[  121.135410]  copy_process+0x3ab7/0x73c0
[  121.135421]  kernel_clone+0xea/0x7f0
[  121.135431]  __do_sys_clone+0xce/0x120
[  121.135441]  do_syscall_64+0xbf/0x360
[  121.135451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.157944] kmemleak: Cannot insert 0x607f1a63e1d0 into the object search tree (overlaps existing)
[  121.157959] CPU: 1 UID: 0 PID: 3928 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  121.157977] Tainted: [W]=WARN
[  121.157981] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  121.157989] Call Trace:
[  121.157992]  <TASK>
[  121.157997]  dump_stack_lvl+0xca/0x120
[  121.158023]  __link_object+0x190/0x210
[  121.158042]  __create_object+0x48/0x80
[  121.158061]  pcpu_alloc_noprof+0x87a/0x1170
[  121.158085]  perf_trace_event_init+0x366/0xa10
[  121.158101]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  121.158126]  perf_trace_init+0x1a4/0x2f0
[  121.158142]  perf_tp_event_init+0xa6/0x120
[  121.158160]  perf_try_init_event+0x140/0x9f0
[  121.158178]  perf_event_alloc.part.0+0x118e/0x45f0
[  121.158197]  ? perf_event_alloc.part.0+0x1074/0x45f0
[  121.158219]  ? __fget_files+0x203/0x3b0
[  121.158235]  ? __pfx_perf_event_alloc.part.0+0x10/0x10
[  121.158259]  ? find_held_lock+0x2b/0x80
[  121.158278]  ? __do_sys_perf_event_open+0x11df/0x2c20
[  121.158296]  __do_sys_perf_event_open+0x719/0x2c20
[  121.158315]  ? __pfx_do_futex+0x10/0x10
[  121.158329]  ? __pfx___do_sys_perf_event_open+0x10/0x10
[  121.158344]  ? __pfx___schedule+0x10/0x10
[  121.158368]  ? xfd_validate_state+0x55/0x180
[  121.158393]  do_syscall_64+0xbf/0x360
[  121.158406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.158418] RIP: 0033:0x7f931832cb19
[  121.158429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  121.158441] RSP: 002b:00007f93158a2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  121.158452] RAX: ffffffffffffffda RBX: 00007f931843ff60 RCX: 00007f931832cb19
[  121.158460] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000340
[  121.158467] RBP: 00007f9318386f6d R08: 0000000000000000 R09: 0000000000000000
[  121.158474] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  121.158493] R13: 00007ffdc3e8853f R14: 00007f93158a2300 R15: 0000000000022000
[  121.158510]  </TASK>
[  121.159274] kmemleak: Kernel memory leak detector disabled
[  121.159279] kmemleak: Object (percpu) 0x607f1a63e1c8 (size 16):
[  121.159286] kmemleak:   comm "systemd-udevd", pid 113, jiffies 4294788004
[  121.159294] kmemleak:   min_count = 1
[  121.159298] kmemleak:   count = 0
[  121.159302] kmemleak:   flags = 0x21
[  121.159306] kmemleak:   checksum = 0
[  121.159310] kmemleak:   backtrace:
[  121.159314]  pcpu_alloc_noprof+0x87a/0x1170
[  121.159330]  mm_init+0x99b/0x1170
[  121.159340]  copy_process+0x3ab7/0x73c0
[  121.159351]  kernel_clone+0xea/0x7f0
[  121.159361]  __do_sys_clone+0xce/0x120
[  121.159371]  do_syscall_64+0xbf/0x360
[  121.159381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
12:24:51 executing program 2:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_timeval(r0, 0x1, 0x43, 0x0, &(0x7f00000002c0))

12:24:51 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x8, 0x0, &(0x7f0000000280))

12:24:51 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x4b, &(0x7f0000000000)="a94a128f", 0x4)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000700)=[@pktinfo={{0x24, 0x29, 0x32, {@private1}}}], 0x28}, 0x0)

12:24:51 executing program 7:
syz_io_uring_setup(0x78ad, &(0x7f0000000100), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x0, &(0x7f00000005c0), 0x0, 0x4)
r0 = syz_io_uring_complete(0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000006c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'})

12:24:51 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed}, 0xe)
r1 = dup(r0)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4)

12:24:51 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f00000000c0)=0x100, 0x4)

12:24:51 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0)

12:24:51 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x4b, &(0x7f0000000000)="a94a128f", 0x4)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000700)=[@pktinfo={{0x24, 0x29, 0x32, {@private1}}}], 0x28}, 0x0)

12:24:51 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0)

12:24:51 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0)

12:24:51 executing program 7:
r0 = syz_open_dev$vcsn(&(0x7f0000001200), 0x0, 0x0)
perf_event_open$cgroup(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)

12:24:51 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x8, 0x0, &(0x7f0000000280))

12:24:51 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x4b, &(0x7f0000000000)="a94a128f", 0x4)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000700)=[@pktinfo={{0x24, 0x29, 0x32, {@private1}}}], 0x28}, 0x0)

12:24:51 executing program 2:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_timeval(r0, 0x1, 0x43, 0x0, &(0x7f00000002c0))

12:24:51 executing program 0:
r0 = syz_io_uring_setup(0x6ed6, &(0x7f0000000280), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000300), &(0x7f0000000340))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/24, 0x18}, {0x0}], 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00')
pread64(r1, &(0x7f0000000040)=""/156, 0x9c, 0x0)

12:24:51 executing program 1:
munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffa000/0x1000)=nil)

12:24:51 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f00000000c0)=0x100, 0x4)

12:24:51 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setresuid(0x0, 0xee01, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0xc0045878, 0x0)

12:24:51 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r2=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000019300)={0x2c, r1, 0xd, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5}]}, 0x2c}}, 0x0)

12:24:51 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x8, 0x0, &(0x7f0000000280))

12:24:51 executing program 6:
socket$inet6(0xa, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000740), 0xffffffffffffffff)

12:24:51 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000100000005000000000004000040000020000000ddf4655fddf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000001000008000000d2", 0x61, 0x400}], 0x0, &(0x7f0000014100))

12:24:51 executing program 2:
prctl$PR_SET_MM(0x2, 0xf0ff1f00000000, &(0x7f0000ffc000/0x2000)=nil)

12:24:51 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f00000000c0)=0x100, 0x4)

12:24:51 executing program 0:
r0 = syz_io_uring_setup(0x6ed6, &(0x7f0000000280), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000300), &(0x7f0000000340))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/24, 0x18}, {0x0}], 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00')
pread64(r1, &(0x7f0000000040)=""/156, 0x9c, 0x0)

12:24:51 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x1a1840)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, 0x0)
r1 = dup2(r0, r0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
io_cancel(0x0, 0x0, 0x0)

[  121.513717] loop5: detected capacity change from 0 to 4
12:24:51 executing program 7:
r0 = socket$unix(0x1, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{0x48, 0x0, 0x0, 0xff}, {0x6}]}, 0x10)

12:24:51 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="0200000003", 0x5, 0x1000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00))

[  121.560041] EXT4-fs (loop5): unsupported descriptor size 0
[  121.586229] loop5: detected capacity change from 0 to 4
[  121.587655] loop2: detected capacity change from 0 to 2048
[  121.593666] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  121.594391] EXT4-fs (loop2): group descriptors corrupted!
[  121.597160] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
[  121.598922] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  121.600096] CPU: 1 UID: 0 PID: 3980 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  121.607463] Tainted: [W]=WARN
[  121.607958] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  121.609214] RIP: 0010:__queue_work+0x202/0x1240
[  121.609972] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24
[  121.612770] RSP: 0018:ffff888047e1f398 EFLAGS: 00010056
[  121.613605] RAX: 0000000000000000 RBX: ffff88800e044c18 RCX: ffffc9000bc6f000
[  121.614724] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005
[  121.615839] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f128f4
[  121.616950] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  121.618072] R13: 0000000000000001 R14: 0000000000000001 R15: ffff888047cd5000
[  121.619243] FS:  00007f93158a2700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  121.620482] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  121.621402] CR2: 00007f93158a3000 CR3: 000000000f036000 CR4: 0000000000350ef0
[  121.622521] Call Trace:
[  121.622955]  <TASK>
[  121.623318]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  121.624074]  queue_work_on+0xd0/0xe0
[  121.624661]  loop_queue_rq+0x5c8/0x1180
[  121.625303]  __blk_mq_issue_directly+0xd5/0x260
[  121.626058]  ? __pfx___blk_mq_issue_directly+0x10/0x10
[  121.626913]  ? bdev_count_inflight_rw.part.0+0x5f/0x380
[  121.627739]  blk_mq_request_issue_directly+0x11c/0x1e0
[  121.628563]  blk_mq_issue_direct+0x192/0x640
[  121.629266]  blk_mq_dispatch_queue_requests+0x4b0/0x7c0
[  121.630114]  blk_mq_flush_plug_list+0x1ec/0x5b0
[  121.630873]  ? read_tsc+0x9/0x20
[  121.631410]  ? ktime_get+0x16d/0x270
[  121.632006]  ? trace_block_plug+0x149/0x1b0
[  121.632676]  ? blk_add_rq_to_plug+0x234/0x550
[  121.633387]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[  121.634199]  ? blk_mq_submit_bio+0x4fd/0x2220
[  121.634932]  __blk_flush_plug+0x25c/0x460
[  121.635591]  ? __pfx___blk_flush_plug+0x10/0x10
[  121.636327]  ? bio_associate_blkg_from_css+0x4fe/0x1380
[  121.637176]  __submit_bio+0x480/0x5b0
[  121.637767]  ? __pfx___submit_bio+0x10/0x10
[  121.638444]  ? read_tsc+0x9/0x20
[  121.639023]  ? ktime_get+0x16d/0x270
[  121.639649]  submit_bio_noacct_nocheck+0x68e/0xcb0
[  121.640499]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[  121.641349]  submit_bio_noacct+0x359/0x1350
[  121.642027]  ? __pfx_end_buffer_read_sync+0x10/0x10
[  121.642816]  ext4_read_bh+0x15a/0x2e0
[  121.643436]  ext4_read_bh_lock+0x7a/0xd0
[  121.644097]  ext4_sb_bread_unmovable+0x172/0x260
[  121.644840]  ext4_fill_super+0x662/0xba20
[  121.645513]  ? wake_bit_function+0x210/0x240
[  121.646218]  ? snprintf+0xbe/0x100
[  121.646809]  ? __pfx_snprintf+0x10/0x10
[  121.647460]  ? __pfx_ext4_fill_super+0x10/0x10
[  121.648188]  ? find_held_lock+0x2b/0x80
[  121.648821]  ? setup_bdev_super+0x2ed/0x6e0
[  121.649533]  ? set_blocksize+0x1b4/0x470
[  121.650176]  ? lock_release+0xc8/0x290
[  121.650798]  ? sb_set_blocksize+0x177/0x1c0
[  121.651484]  ? setup_bdev_super+0x31f/0x6e0
[  121.652180]  get_tree_bdev_flags+0x38a/0x620
[  121.652887]  ? __pfx_ext4_fill_super+0x10/0x10
[  121.653624]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  121.654392]  ? cap_capable+0xdb/0x3b0
[  121.655020]  ? security_capable+0x2f/0x90
[  121.655679]  vfs_get_tree+0x93/0x340
[  121.656288]  path_mount+0x132d/0x1dd0
[  121.656924]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  121.657730]  ? __pfx_path_mount+0x10/0x10
[  121.658387]  ? kmem_cache_free+0x2a1/0x540
[  121.659078]  ? putname.part.0+0x11b/0x160
[  121.659726]  ? getname_flags.part.0+0x1c6/0x540
[  121.660478]  ? putname.part.0+0x11b/0x160
[  121.661156]  __x64_sys_mount+0x27b/0x300
[  121.661794]  ? __pfx___x64_sys_mount+0x10/0x10
[  121.662549]  do_syscall_64+0xbf/0x360
[  121.663155]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.663969] RIP: 0033:0x7f931832e04a
[  121.664542] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  121.667368] RSP: 002b:00007f93158a1fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  121.668551] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f931832e04a
[  121.669646] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f93158a2000
[  121.670752] RBP: 00007f93158a2040 R08: 00007f93158a2040 R09: 0000000020000000
[  121.671870] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
[  121.672954] R13: 0000000020000100 R14: 00007f93158a2000 R15: 0000000020014100
[  121.674059]  </TASK>
[  121.674424] Modules linked in:
[  121.674959] ---[ end trace 0000000000000000 ]---
[  121.675679] RIP: 0010:__queue_work+0x202/0x1240
[  121.676423] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24
[  121.679210] RSP: 0018:ffff888047e1f398 EFLAGS: 00010056
[  121.680053] RAX: 0000000000000000 RBX: ffff88800e044c18 RCX: ffffc9000bc6f000
[  121.681158] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005
[  121.682265] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f128f4
[  121.683372] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  121.684464] R13: 0000000000000001 R14: 0000000000000001 R15: ffff888047cd5000
[  121.685559] FS:  00007f93158a2700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  121.686824] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  121.687732] CR2: 00007f93158a3000 CR3: 000000000f036000 CR4: 0000000000350ef0
[  121.688850] note: syz-executor.5[3980] exited with irqs disabled
[  121.690723] note: syz-executor.5[3980] exited with preempt_count 1
[  121.692788] ------------[ cut here ]------------
[  121.693736] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#1: syz-executor.5/3980
[  121.695383] Modules linked in:
[  121.696038] CPU: 1 UID: 0 PID: 3980 Comm: syz-executor.5 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  121.698242] Tainted: [D]=DIE, [W]=WARN
[  121.698902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  121.700218] RIP: 0010:do_exit+0x1c36/0x2970
[  121.700945] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 ef b3 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 db b3 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 cd b3 38 00 4c 89 e6 bf 05 06 00 00 e8
[  121.703810] RSP: 0018:ffff888047e1fe40 EFLAGS: 00010216
[  121.704684] RAX: 000000000003e7e3 RBX: 0000000000000200 RCX: ffffc9000bc6f000
[  121.705820] RDX: 0000000000040000 RSI: ffffffff813b42d5 RDI: ffff88801b19ad68
[  121.707019] RBP: ffff88801b199b80 R08: 0000000000000001 R09: fffffbfff0f126d8
[  121.708168] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b
[  121.709320] R13: 0000000000002710 R14: dffffc0000000000 R15: 0000000000000000
[  121.710472] FS:  00007f93158a2700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  121.711782] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  121.712740] CR2: 00007f93158a3000 CR3: 000000000f036000 CR4: 0000000000350ef0
[  121.713935] Call Trace:
[  121.714392]  <TASK>
[  121.714774]  ? _printk+0xbe/0xf0
[  121.715372]  ? __pfx__printk+0x10/0x10
[  121.716012]  ? __pfx_do_exit+0x10/0x10
[  121.716662]  make_task_dead+0x174/0x3b0
[  121.717339]  ? do_syscall_64+0xbf/0x360
[  121.717994]  rewind_stack_and_make_dead+0x16/0x20
[  121.718819] RIP: 0033:0x7f931832e04a
[  121.719446] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  121.722317] RSP: 002b:00007f93158a1fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  121.723572] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f931832e04a
[  121.724911] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f93158a2000
[  121.726074] RBP: 00007f93158a2040 R08: 00007f93158a2040 R09: 0000000020000000
[  121.727227] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
[  121.728401] R13: 0000000020000100 R14: 00007f93158a2000 R15: 0000000020014100
[  121.729535]  </TASK>
[  121.729923] irq event stamp: 1584
[  121.730491] hardirqs last  enabled at (1583): [<ffffffff816263b7>] ktime_get+0x1c7/0x270
12:24:51 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000480)={0x28, 0x2, 0x1, 0x3, 0x0, 0x0, {}, [@CTA_STATUS={0x8}, @CTA_LABELS_MASK={0x4}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x171}]}, 0x28}}, 0x0)

12:24:51 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x1a1840)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, 0x0)
r1 = dup2(r0, r0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
io_cancel(0x0, 0x0, 0x0)

[  121.731784] hardirqs last disabled at (1584): [<ffffffff84be30a2>] _raw_spin_lock_irq+0x42/0x50
[  121.733388] softirqs last  enabled at (1440): [<ffffffff813bafcc>] handle_softirqs+0x50c/0x770
[  121.734801] softirqs last disabled at (1421): [<ffffffff813bb364>] __irq_exit_rcu+0xc4/0x100
[  121.736185] ---[ end trace 0000000000000000 ]---
[  121.736957] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51
[  121.738367] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3980, name: syz-executor.5
[  121.739931] preempt_count: 0, expected: 0
12:24:51 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4)
recvfrom(r0, 0x0, 0x0, 0x42, 0x0, 0x0)

[  121.740778] RCU nest depth: 2, expected: 0
[  121.741558] INFO: lockdep is turned off.
[  121.742201] CPU: 1 UID: 0 PID: 3980 Comm: syz-executor.5 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  121.742240] Tainted: [D]=DIE, [W]=WARN
[  121.742255] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  121.742268] Call Trace:
[  121.742276]  <TASK>
[  121.742288]  dump_stack_lvl+0xfa/0x120
[  121.742331]  __might_resched+0x2f3/0x510
[  121.742358]  exit_signals+0x25/0x940
[  121.742393]  do_exit+0x2db/0x2970
[  121.742419]  ? _printk+0xbe/0xf0
[  121.742444]  ? __pfx__printk+0x10/0x10
[  121.742471]  ? __pfx_do_exit+0x10/0x10
[  121.742516]  make_task_dead+0x174/0x3b0
[  121.742543]  ? do_syscall_64+0xbf/0x360
[  121.742565]  rewind_stack_and_make_dead+0x16/0x20
[  121.742597] RIP: 0033:0x7f931832e04a
[  121.742613] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  121.742635] RSP: 002b:00007f93158a1fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  121.742658] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f931832e04a
[  121.742673] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f93158a2000
[  121.742688] RBP: 00007f93158a2040 R08: 00007f93158a2040 R09: 0000000020000000
[  121.742702] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
[  121.742716] R13: 0000000020000100 R14: 00007f93158a2000 R15: 0000000020014100
[  121.742738]  </TASK>
[  121.778211] loop2: detected capacity change from 0 to 2048
[  121.786397] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  121.787325] EXT4-fs (loop2): group descriptors corrupted!
[  121.845540] journal-offline (4005) used greatest stack depth: 24352 bytes left
12:24:52 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4)
recvfrom(r0, 0x0, 0x0, 0x42, 0x0, 0x0)

12:24:52 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x1a1840)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, 0x0)
r1 = dup2(r0, r0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
io_cancel(0x0, 0x0, 0x0)

12:24:52 executing program 7:
r0 = socket$unix(0x1, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{0x48, 0x0, 0x0, 0xff}, {0x6}]}, 0x10)

12:24:52 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="0200000003", 0x5, 0x1000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00))

12:24:52 executing program 0:
r0 = syz_io_uring_setup(0x6ed6, &(0x7f0000000280), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000300), &(0x7f0000000340))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/24, 0x18}, {0x0}], 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00')
pread64(r1, &(0x7f0000000040)=""/156, 0x9c, 0x0)

12:24:52 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000480)={0x28, 0x2, 0x1, 0x3, 0x0, 0x0, {}, [@CTA_STATUS={0x8}, @CTA_LABELS_MASK={0x4}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x171}]}, 0x28}}, 0x0)

12:24:52 executing program 5:
futex(&(0x7f0000000000), 0x5, 0x0, 0x0, &(0x7f0000000080), 0x0)

[  121.916319] loop2: detected capacity change from 0 to 2048
12:24:52 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)

[  121.927916] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  121.928700] EXT4-fs (loop2): group descriptors corrupted!
12:24:52 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4)
recvfrom(r0, 0x0, 0x0, 0x42, 0x0, 0x0)

12:24:52 executing program 0:
r0 = syz_io_uring_setup(0x6ed6, &(0x7f0000000280), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000300), &(0x7f0000000340))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/24, 0x18}, {0x0}], 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00')
pread64(r1, &(0x7f0000000040)=""/156, 0x9c, 0x0)

12:24:52 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000480)={0x28, 0x2, 0x1, 0x3, 0x0, 0x0, {}, [@CTA_STATUS={0x8}, @CTA_LABELS_MASK={0x4}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x171}]}, 0x28}}, 0x0)

12:24:52 executing program 5:
futex(&(0x7f0000000000), 0x5, 0x0, 0x0, &(0x7f0000000080), 0x0)

12:24:52 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x1a1840)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, 0x0)
r1 = dup2(r0, r0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
io_cancel(0x0, 0x0, 0x0)

12:24:52 executing program 7:
r0 = socket$unix(0x1, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{0x48, 0x0, 0x0, 0xff}, {0x6}]}, 0x10)

12:24:52 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="0200000003", 0x5, 0x1000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00))

12:24:52 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4)
recvfrom(r0, 0x0, 0x0, 0x42, 0x0, 0x0)

12:24:52 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)

[  122.022532] loop2: detected capacity change from 0 to 2048
[  122.038519] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  122.039990] EXT4-fs (loop2): group descriptors corrupted!
12:24:52 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)

12:24:52 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/dev\x00')
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
lseek(r0, 0xfcb, 0x0)

12:24:52 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000480)={0x28, 0x2, 0x1, 0x3, 0x0, 0x0, {}, [@CTA_STATUS={0x8}, @CTA_LABELS_MASK={0x4}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x171}]}, 0x28}}, 0x0)

12:24:52 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)

12:24:52 executing program 5:
futex(&(0x7f0000000000), 0x5, 0x0, 0x0, &(0x7f0000000080), 0x0)

12:24:52 executing program 7:
r0 = socket$unix(0x1, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{0x48, 0x0, 0x0, 0xff}, {0x6}]}, 0x10)

12:24:52 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)

12:24:52 executing program 3:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$inet(r0, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000400)='?', 0x1}], 0x2, &(0x7f0000000480)=[@ip_tos_int={{0x14}}, @ip_retopts={{0x10}}], 0x28}}], 0x1, 0x0)

12:24:52 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="0200000003", 0x5, 0x1000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00))

12:24:52 executing program 6:
prlimit64(0x0, 0x7, &(0x7f0000000180), 0x0)
mq_open(&(0x7f0000000000)='${\x00', 0x0, 0x0, 0x0)

[  122.183143] loop2: detected capacity change from 0 to 2048
[  122.184939] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  122.185694] EXT4-fs (loop2): group descriptors corrupted!
12:24:52 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000007d80)=0xffffffffffffffff, 0x4)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)
shutdown(0xffffffffffffffff, 0x0)

12:24:52 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)

12:24:52 executing program 5:
futex(&(0x7f0000000000), 0x5, 0x0, 0x0, &(0x7f0000000080), 0x0)

12:24:52 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/dev\x00')
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
lseek(r0, 0xfcb, 0x0)

12:24:52 executing program 6:
prlimit64(0x0, 0x7, &(0x7f0000000180), 0x0)
mq_open(&(0x7f0000000000)='${\x00', 0x0, 0x0, 0x0)

12:24:52 executing program 7:
prlimit64(0x0, 0x7, &(0x7f0000000180), 0x0)
mq_open(&(0x7f0000000000)='${\x00', 0x0, 0x0, 0x0)

12:24:52 executing program 3:
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)='^', 0x1)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfdef)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000100))

12:24:52 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)

12:24:52 executing program 7:
prlimit64(0x0, 0x7, &(0x7f0000000180), 0x0)
mq_open(&(0x7f0000000000)='${\x00', 0x0, 0x0, 0x0)

12:24:52 executing program 1:
fspick(0xffffffffffffffff, 0x0, 0x0)

12:24:52 executing program 7:
prlimit64(0x0, 0x7, &(0x7f0000000180), 0x0)
mq_open(&(0x7f0000000000)='${\x00', 0x0, 0x0, 0x0)


VM DIAGNOSIS:
12:24:51  Registers:
info registers vcpu 0
RAX=0000000000000001 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=0000000000000001
RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88800f94f8f8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=ffff88801b1014d0
R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff8173f010 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f25927d2700 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe2300000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb4a54c17a3 CR3=000000000f001000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888047e1ecf0
R8 =0000000000000000 R9 =ffffed100134c046 R10=000000000000002d R11=552031203a555043
R12=000000000000002d R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f93158a2700 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe5100000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f93158a3000 CR3=000000000f036000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=65756e69746e6f633d73726f7272652c XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=ffffffffffffffffffffffffffffffff XMM05=000000000100000000000000005f65f4
XMM06=da000000010001ef53ffff00015f65f4 XMM07=dd5f65f4dd0000002000004000000400
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000